tests/pgsql: add test for bug 6983

Related to
Bug #6983

diff --git a/tests/pgsql/pgsql-bug-6983-ids/README.md b/tests/pgsql/pgsql-bug-6983-ids/README.md
new file mode 100644 (file)
index 0000000..f626417
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ids/README.md
@@ -0,0 +1,12 @@
+# Description
+
+Tests that alerts for the pgsql app-proto will include pgsql app-proto metadata.
+
+## PCAP
+
+Pcap file reused from pgsql-ssl-rejected-md5-auth-simple-query
+
+## Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/6983
+https://redmine.openinfosecfoundation.org/issues/7000

diff --git a/tests/pgsql/pgsql-bug-6983-ids/suricata.yaml b/tests/pgsql/pgsql-bug-6983-ids/suricata.yaml
new file mode 100755 (executable)
index 0000000..b104981
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ids/suricata.yaml
@@ -0,0 +1,18 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - pgsql:
+            enabled: yes
+            passwords: yes
+        - alert
+
+app-layer:
+  protocols:
+    pgsql:
+      enabled: yes

diff --git a/tests/pgsql/pgsql-bug-6983-ids/test.rules b/tests/pgsql/pgsql-bug-6983-ids/test.rules
new file mode 100644 (file)
index 0000000..a90b158
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ids/test.rules
@@ -0,0 +1 @@
+alert pgsql any any -> any any (msg:"PGSQL Test Rule"; content:"select * from"; sid:1; rev:1;)

diff --git a/tests/pgsql/pgsql-bug-6983-ids/test.yaml b/tests/pgsql/pgsql-bug-6983-ids/test.yaml
new file mode 100644 (file)
index 0000000..f1c6c43
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ids/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 7.0
+
+pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 7
+    match:
+      event_type: pgsql
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+- filter:
+    min-version: 8
+    count: 1
+    match:
+      event_type: alert
+      flow.pkts_toserver: 10
+      flow.pkts_toclient: 10

diff --git a/tests/pgsql/pgsql-bug-6983-ips/README.md b/tests/pgsql/pgsql-bug-6983-ips/README.md
new file mode 100644 (file)
index 0000000..458515d
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ips/README.md
@@ -0,0 +1,16 @@
+# Description
+
+Tests that alerts for the pgsql app-proto will include pgsql app-proto metadata,
+in IPS mode.
+
+As this test uses a stream rule, in IPS mode the engine generating two alerts is
+expected.
+
+## PCAP
+
+Pcap file reused from pgsql-ssl-rejected-md5-auth-simple-query
+
+## Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/6983
+https://redmine.openinfosecfoundation.org/issues/7000

diff --git a/tests/pgsql/pgsql-bug-6983-ips/suricata.yaml b/tests/pgsql/pgsql-bug-6983-ips/suricata.yaml
new file mode 100755 (executable)
index 0000000..b104981
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ips/suricata.yaml
@@ -0,0 +1,18 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - pgsql:
+            enabled: yes
+            passwords: yes
+        - alert
+
+app-layer:
+  protocols:
+    pgsql:
+      enabled: yes

diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.rules b/tests/pgsql/pgsql-bug-6983-ips/test.rules
new file mode 100644 (file)
index 0000000..a90b158
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ips/test.rules
@@ -0,0 +1 @@
+alert pgsql any any -> any any (msg:"PGSQL Test Rule"; content:"select * from"; sid:1; rev:1;)

diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.yaml b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
new file mode 100644 (file)
index 0000000..fd9277c
--- /dev/null
+++ b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 7.0
+
+pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
+
+args:
+- -k none
+- --simulate-ips
+
+checks:
+- filter:
+    count: 7
+    match:
+      event_type: pgsql
+- filter:
+    count: 2
+    match:
+      event_type: alert
+      alert.signature_id: 1