]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 574057e)
test/byte_math: Add nbyte variable name tests 1302/head 1303/head
authorJeff Lucovsky <jlucovsky@oisf.net>
Sun, 9 Jul 2023 14:41:11 +0000 (10:41 -0400)
committerVictor Julien <victor@inliniac.net>
Mon, 10 Jul 2023 07:27:05 +0000 (09:27 +0200)
Issue: 6145

Add tests related to nbyte variable name usage for byte_math

tests/detect-bytemath-05/input.pcap [new file with mode: 0644] patch | blob
tests/detect-bytemath-05/test.rules [new file with mode: 0644] patch | blob
tests/detect-bytemath-05/test.yaml [new file with mode: 0644] patch | blob
tests/detect-bytemath-06/test.rules [new file with mode: 0644] patch | blob
tests/detect-bytemath-06/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/detect-bytemath-05/input.pcap b/tests/detect-bytemath-05/input.pcap
new file mode 100644 (file)
index 0000000..4a18a07
Binary files /dev/null and b/tests/detect-bytemath-05/input.pcap differ
diff --git a/tests/detect-bytemath-05/test.rules b/tests/detect-bytemath-05/test.rules
new file mode 100644 (file)
index 0000000..bbaad29
--- /dev/null
+++ b/tests/detect-bytemath-05/test.rules
@@ -0,0 +1,5 @@
+alert tcp any any -> any any (msg:"byte_math varname test sig"; \
+    ipv4.hdr; byte_extract:1,5,rpkt_len,relative; \
+    byte_math:bytes rpkt_len, offset 1, oper +, rvalue 102, result result_val; \
+    tcp.hdr; byte_test: 1, =, result_val, 1, relative; \
+    sid:1;)
diff --git a/tests/detect-bytemath-05/test.yaml b/tests/detect-bytemath-05/test.yaml
new file mode 100644 (file)
index 0000000..f4edcce
--- /dev/null
+++ b/tests/detect-bytemath-05/test.yaml
@@ -0,0 +1,9 @@
+requires:
+  min-version: 7
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
diff --git a/tests/detect-bytemath-06/test.rules b/tests/detect-bytemath-06/test.rules
new file mode 100644 (file)
index 0000000..366e23f
--- /dev/null
+++ b/tests/detect-bytemath-06/test.rules
@@ -0,0 +1,5 @@
+alert tcp any any -> any any (msg:"byte_math bad varname test sig"; \
+    ipv4.hdr; byte_extract:1,5,rpkt_len,relative; \
+    byte_math:bytes no_var, offset 1, oper +, rvalue 102, result result_val; \
+    tcp.hdr; byte_test: 1, =, result_val, 1, relative; \
+    sid:1;)
diff --git a/tests/detect-bytemath-06/test.yaml b/tests/detect-bytemath-06/test.yaml
new file mode 100644 (file)
index 0000000..3f7a4f6
--- /dev/null
+++ b/tests/detect-bytemath-06/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+  pcap: false
+
+args:
+  - --engine-analysis
+
+checks:
+  - shell:
+     args: grep "unknown byte_ keyword var seen in byte_math - no_var" suricata.log | wc -l | xargs
+     expect: 1
+
+exit-code: 1
Mirror of https://github.com/OISF/suricata-verify.git