tests: add rule type check for iptops

author Juliana Fajardini <jufajardini@oisf.net>

Fri, 15 Sep 2023 01:30:48 +0000 (22:30 -0300)

committer Victor Julien <victor@inliniac.net>

Tue, 3 Oct 2023 07:29:29 +0000 (09:29 +0200)
author Juliana Fajardini <jufajardini@oisf.net>
Fri, 15 Sep 2023 01:30:48 +0000 (22:30 -0300)
committer Victor Julien <victor@inliniac.net>
Tue, 3 Oct 2023 07:29:29 +0000 (09:29 +0200)
diff --git a/tests/rules/ipopts/test.rules b/tests/rules/ipopts/test.rules

new file mode 100644 (file)

index 0000000..b012823
--- /dev/null
+++ b/tests/rules/ipopts/test.rules
@@ -0,0 +1,10 @@
+alert ip any any -> any any (msg:"source route rr"; ipopts:rr; sid:1;)
+alert ip any any -> any any (msg:"source route eol"; ipopts:eol; sid:2;)
+alert ip any any -> any any (msg:"source route nop"; ipopts:nop; sid:3;)
+alert ip any any -> any any (msg:"source route ts"; ipopts:ts; sid:4;)
+alert ip any any -> any any (msg:"source route sec"; ipopts:sec; sid:5;)
+alert ip any any -> any any (msg:"source route esec"; ipopts:esec; sid:6;)
+alert ip any any -> any any (msg:"source route lsrr"; ipopts:lsrr; sid:7;)
+alert ip any any -> any any (msg:"source route ssrr"; ipopts:ssrr; sid:8;)
+alert ip any any -> any any (msg:"source route satid"; ipopts:satid; sid:9;)
+alert ip any any -> any any (msg:"source route any"; ipopts:any; sid:10;)
diff --git a/tests/rules/ipopts/test.yaml b/tests/rules/ipopts/test.yaml

new file mode 100644 (file)

index 0000000..cabddca
--- /dev/null
+++ b/tests/rules/ipopts/test.yaml
@@ -0,0 +1,78 @@
+requires:
+    min-version: 7.0.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "rr"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 2
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "eol"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 3
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "nop"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 4
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "ts"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 5
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "sec"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 6
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "esec"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 7
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "lsrr"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 8
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "ssrr"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 9
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "satid"
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 10
+      lists.packet.matches[0].name: "ipopts"
+      lists.packet.matches[0].ipopts.option: "any"
author	Juliana Fajardini <jufajardini@oisf.net>
	Fri, 15 Sep 2023 01:30:48 +0000 (22:30 -0300)
committer	Victor Julien <victor@inliniac.net>
	Tue, 3 Oct 2023 07:29:29 +0000 (09:29 +0200)
tests/rules/ipopts/test.rules	[new file with mode: 0644]	patch \| blob
tests/rules/ipopts/test.yaml	[new file with mode: 0644]	patch \| blob