]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 694a2c7)
http2: move http.request_header keyword to new test 1238/head
authorPhilippe Antoine <contact@catenacyber.fr>
Thu, 23 Mar 2023 09:46:12 +0000 (10:46 +0100)
committerVictor Julien <victor@inliniac.net>
Fri, 9 Jun 2023 09:46:59 +0000 (11:46 +0200)
as it requires min version 7, and we do not want to mix it
with rules that already worked for version 6

tests/http2-basic/test.rules patch | blob | blame | history
tests/http2-basic/test.yaml patch | blob | blame | history
tests/http2-files/expected/fast.log patch | blob | blame | history
tests/http2-files/test.rules patch | blob | blame | history
tests/http2-files/test.yaml patch | blob | blame | history
tests/http2-header/README.md [new file with mode: 0644] patch | blob
tests/http2-header/suricata.yaml [new file with mode: 0644] patch | blob
tests/http2-header/test.rules [new file with mode: 0644] patch | blob
tests/http2-header/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/http2-basic/test.rules b/tests/http2-basic/test.rules
index d0866dadd512fa1ebcd52178239ee8862db5526b..3055f7fc536a56084db41c8014b87a0e29d2530d 100644 (file)
--- a/tests/http2-basic/test.rules
+++ b/tests/http2-basic/test.rules
@@ -1,4 +1,3 @@
-alert http2 any any -> any any (http2.header; content:"agent: nghttp2"; sid:1; rev:1;)
 alert http2 any any -> any any (http2.frametype:GOAWAY; sid:2; rev:1;)
 alert http2 any any -> any any (http2.settings:SETTINGS_HEADER_TABLE_SIZE>1000; sid:3; rev:1;)
 alert http2 any any -> any any (http2.window:34634; sid:4; rev:1;)
diff --git a/tests/http2-basic/test.yaml b/tests/http2-basic/test.yaml
index 0ffbc7e6ec83589609f7083d15512e05a8df7990..7579cff3f122eed25abeea42ed940a87d3a4c66f 100644 (file)
--- a/tests/http2-basic/test.yaml
+++ b/tests/http2-basic/test.yaml
@@ -49,11 +49,6 @@ checks:
         http.request_headers[2].value: "/doc/manual/html/index.html"
         http.response_headers[0].name: ":status"
         http.response_headers[0].value: "200"
-  - filter:
-      count: 6
-      match:
-        event_type: alert
-        alert.signature_id: 1
   - filter:
       count: 1
       match:
diff --git a/tests/http2-files/expected/fast.log b/tests/http2-files/expected/fast.log
index d0998bcc4074c43797b8900f87aa4fc5caa963ed..6152138dfd1810fe3b2842453eb7d7ae594541e9 100644 (file)
--- a/tests/http2-files/expected/fast.log
+++ b/tests/http2-files/expected/fast.log
@@ -1,12 +1,6 @@
-08/02/2014-10:50:25.816243  [**] [1:1:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
 08/02/2014-10:50:25.823699  [**] [1:6:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.823699  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.823699  [**] [1:8:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
-08/02/2014-10:50:25.828791  [**] [1:1:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
-08/02/2014-10:50:25.828791  [**] [1:1:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
-08/02/2014-10:50:25.828791  [**] [1:1:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
-08/02/2014-10:50:25.828791  [**] [1:1:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
-08/02/2014-10:50:25.828791  [**] [1:1:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
 08/02/2014-10:50:25.828791  [**] [1:3:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
 08/02/2014-10:50:25.828986  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
 08/02/2014-10:50:25.830473  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
diff --git a/tests/http2-files/test.rules b/tests/http2-files/test.rules
index 959a01593d4e94d4a5405454d58d5f161133f5a7..d1126b8b76b6c8a2548bb6ebc36792f4d3abe45c 100644 (file)
--- a/tests/http2-files/test.rules
+++ b/tests/http2-files/test.rules
@@ -1,4 +1,3 @@
-alert http2 any any -> any any (http2.header; content:"agent: nghttp2"; sid:1; rev:1;)
 alert http2 any any -> any any (http2.frametype:GOAWAY; sid:2; rev:1;)
 alert http2 any any -> any any (http2.settings:SETTINGS_HEADER_TABLE_SIZE>1000; sid:3; rev:1;)
 alert http2 any any -> any any (http2.window:34634; sid:4; rev:1;)
diff --git a/tests/http2-files/test.yaml b/tests/http2-files/test.yaml
index ef4e7b0cca5b0c38bb43a7f319f5492f46a9aae5..f61522bd52d89e2ba005049b4a2c715a306cc308 100644 (file)
--- a/tests/http2-files/test.yaml
+++ b/tests/http2-files/test.yaml
@@ -56,11 +56,6 @@ checks:
         http.request_headers[2].value: "/doc/manual/html/index.html"
         http.response_headers[0].name: ":status"
         http.response_headers[0].value: "200"
-  - filter:
-      count: 6
-      match:
-        event_type: alert
-        alert.signature_id: 1
   - filter:
       count: 1
       match:
diff --git a/tests/http2-header/README.md b/tests/http2-header/README.md
new file mode 100644 (file)
index 0000000..eff02bf
--- /dev/null
+++ b/tests/http2-header/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test http2 header keyword
+
+# PCAP
+
+The pcap comes from the http2-basic test
diff --git a/tests/http2-header/suricata.yaml b/tests/http2-header/suricata.yaml
new file mode 100644 (file)
index 0000000..eb2d079
--- /dev/null
+++ b/tests/http2-header/suricata.yaml
@@ -0,0 +1,15 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: true
+      types:
+        - alert
+        - http2
+        - files
+
+app-layer:
+  protocols:
+    http2:
+      enabled: true
diff --git a/tests/http2-header/test.rules b/tests/http2-header/test.rules
new file mode 100644 (file)
index 0000000..72699c0
--- /dev/null
+++ b/tests/http2-header/test.rules
@@ -0,0 +1 @@
+alert http2 any any -> any any (http.request_header; content:"agent: nghttp2"; sid:1; rev:2;)
diff --git a/tests/http2-header/test.yaml b/tests/http2-header/test.yaml
new file mode 100644 (file)
index 0000000..879261f
--- /dev/null
+++ b/tests/http2-header/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 7
+
+pcap: ../http2-basic/input.pcap
+
+# disables checksum verification
+args:
+  - -k none
+
+checks:
+
+  # Check that there is one file event with content range.
+  - filter:
+      count: 6
+      match:
+        event_type: alert
+        alert.signature_id: 1
Mirror of https://github.com/OISF/suricata-verify.git