tests: add rule type check for tcp-window

author Nancy Enos <nicymimz@gmail.com>

Thu, 24 Oct 2024 07:38:47 +0000 (10:38 +0300)

committer Victor Julien <victor@inliniac.net>

Tue, 5 Nov 2024 10:39:51 +0000 (11:39 +0100)
author Nancy Enos <nicymimz@gmail.com>
Thu, 24 Oct 2024 07:38:47 +0000 (10:38 +0300)
committer Victor Julien <victor@inliniac.net>
Tue, 5 Nov 2024 10:39:51 +0000 (11:39 +0100)
diff --git a/tests/rules/tcp_window/test.rules b/tests/rules/tcp_window/test.rules

new file mode 100644 (file)

index 0000000..646a451
--- /dev/null
+++ b/tests/rules/tcp_window/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"TCP window size"; window:30336; sid:1;)
+alert tcp any any -> any any (msg:"TCP window size"; tcp.window:!1024; sid:2;)
+\ No newline at end of file
diff --git a/tests/rules/tcp_window/test.yaml b/tests/rules/tcp_window/test.yaml

new file mode 100644 (file)

index 0000000..49cabd1
--- /dev/null
+++ b/tests/rules/tcp_window/test.yaml
@@ -0,0 +1,25 @@
+requires:
+    min-version: 8.0
+    pcap: false
+
+args:
+    - --engine-analysis
+
+checks:
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 1
+      lists.packet.matches[0].name: "tcp.window"
+      lists.packet.matches[0].window.size: 30336
+      lists.packet.matches[0].window.negated: false
+
+- filter:
+    filename: rules.json
+    count: 1
+    match:
+      id: 2
+      lists.packet.matches[0].name: "tcp.window"
+      lists.packet.matches[0].window.size: 1024
+      lists.packet.matches[0].window.negated: true
+\ No newline at end of file
author	Nancy Enos <nicymimz@gmail.com>
	Thu, 24 Oct 2024 07:38:47 +0000 (10:38 +0300)
committer	Victor Julien <victor@inliniac.net>
	Tue, 5 Nov 2024 10:39:51 +0000 (11:39 +0100)
tests/rules/tcp_window/test.rules	[new file with mode: 0644]	patch \| blob
tests/rules/tcp_window/test.yaml	[new file with mode: 0644]	patch \| blob