detect/flowbits: add test for bug 5154

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index d8680220a65bfa737ee3936fbb25cb4e23a7b313..662906435802748d91d5de1a570d20e0a223ae03 100644 (file)
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -1371,6 +1371,35 @@ static int FlowBitsTestSig11(void)
     PASS;
 }
 
+/**
+ * \test FlowBitsTestSig12 is a test to check random arguments to
+ *  flowbits keyword are rejected
+ *  See https://redmine.openinfosecfoundation.org/issues/5154
+ *  \retval 1 on succces
+ *  \retval 0 on failure
+ */
+
+static int FlowBitsTestSig12(void)
+{
+    Signature *s = NULL;
+    DetectEngineCtx *de_ctx = NULL;
+
+    de_ctx = DetectEngineCtxInit();
+    FAIL_IF_NULL(de_ctx);
+
+    de_ctx->flags |= DE_QUIET;
+
+    s = DetectEngineAppendSig(de_ctx,
+            "alert http any any -> any any (msg:\"flowbits with noalert option\"; "
+            "flow:established,to_server; http.method; content:\"POST\"; "
+            "flowbits:set,ET.whatever,asdfasdf; sid:7;)");
+    FAIL_IF_NOT_NULL(s);
+
+    SigGroupBuild(de_ctx);
+    DetectEngineCtxFree(de_ctx);
+    PASS;
+}
+
 /**
  * \brief this function registers unit tests for FlowBits
  */
@@ -1388,5 +1417,6 @@ void FlowBitsRegisterTests(void)
     UtRegisterTest("FlowBitsTestSig09", FlowBitsTestSig09);
     UtRegisterTest("FlowBitsTestSig10", FlowBitsTestSig10);
     UtRegisterTest("FlowBitsTestSig11", FlowBitsTestSig11);
+    UtRegisterTest("FlowBitsTestSig12", FlowBitsTestSig12);
 }
 #endif /* UNITTESTS */