iprep: test reputation & category file newline handling

The commit
e7c0f0ad9 src: remove multiple uses of atoi
caused a regression in parsing of ip-rep reputation
config files.

Previously, due to the use of atoi() in parsing ip-rep values,
when the line was split by SRepSplitLine the \r at following the
reputation score was ignored.

Bug: #6243

diff --git a/tests/reputation-config/README.md b/tests/reputation-config/README.md
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/tests/reputation-config/iprep-categories.txt b/tests/reputation-config/iprep-categories.txt
new file mode 100644 (file)
index 0000000..0597ff4
--- /dev/null
+++ b/tests/reputation-config/iprep-categories.txt
@@ -0,0 +1,2 @@
+1,BadHosts,Known bad hosts
+2,Google,Known google host

diff --git a/tests/reputation-config/reputation-config-cr-lf/iprep-data.txt b/tests/reputation-config/reputation-config-cr-lf/iprep-data.txt
new file mode 100644 (file)
index 0000000..a9e6fb3
--- /dev/null
+++ b/tests/reputation-config/reputation-config-cr-lf/iprep-data.txt
@@ -0,0 +1,3 @@
+1.2.3.4,1,101\r
+1.2.3.5,1,101\r
+1.1.1.0/24,6,88\r

diff --git a/tests/reputation-config/reputation-config-cr-lf/test.yaml b/tests/reputation-config/reputation-config-cr-lf/test.yaml
new file mode 100644 (file)
index 0000000..d38fade
--- /dev/null
+++ b/tests/reputation-config/reputation-config-cr-lf/test.yaml
@@ -0,0 +1,24 @@
+command: |
+  ${SRCDIR}/src/suricata -c "${SRCDIR}/suricata.yaml" -l "${OUTPUT_DIR}" \
+   --set "threshold-file=${TEST_DIR}/../threshold.config" \
+   --set "classification-file="${SRCDIR}`[ -f ${SRCDIR}/etc/classification.config ] && printf '/etc'`/classification.config \
+   --set "reference-config-file="${SRCDIR}`[ -f ${SRCDIR}/etc/reference.config ] && printf '/etc'`/reference.config \
+   -S "${TEST_DIR}/../test.rules" \
+   --set "reputation-categories-file=${TEST_DIR}/../iprep-categories.txt" \
+   --set "default-reputation-path=$TEST_DIR" \
+   --set "reputation-files.0=${TEST_DIR}/iprep-data.txt" \
+   --engine-analysis
+
+checks:
+  - shell:
+      args: grep 'Loading reputation file' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep '1 rule files processed. 2 rules successfully loaded, 0 rules failed' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep '2 signatures processed' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep 'Error[:]' suricata.log | wc -l | xargs
+      expect: 0

diff --git a/tests/reputation-config/reputation-config-cr/iprep-data.txt b/tests/reputation-config/reputation-config-cr/iprep-data.txt
new file mode 100644 (file)
index 0000000..d133ba6
--- /dev/null
+++ b/tests/reputation-config/reputation-config-cr/iprep-data.txt
@@ -0,0 +1 @@
+1.2.3.4,1,101\r1.2.3.5,1,101\r1.1.1.0/24,6,88\r
\ No newline at end of file

diff --git a/tests/reputation-config/reputation-config-cr/test.yaml b/tests/reputation-config/reputation-config-cr/test.yaml
new file mode 100644 (file)
index 0000000..d38fade
--- /dev/null
+++ b/tests/reputation-config/reputation-config-cr/test.yaml
@@ -0,0 +1,24 @@
+command: |
+  ${SRCDIR}/src/suricata -c "${SRCDIR}/suricata.yaml" -l "${OUTPUT_DIR}" \
+   --set "threshold-file=${TEST_DIR}/../threshold.config" \
+   --set "classification-file="${SRCDIR}`[ -f ${SRCDIR}/etc/classification.config ] && printf '/etc'`/classification.config \
+   --set "reference-config-file="${SRCDIR}`[ -f ${SRCDIR}/etc/reference.config ] && printf '/etc'`/reference.config \
+   -S "${TEST_DIR}/../test.rules" \
+   --set "reputation-categories-file=${TEST_DIR}/../iprep-categories.txt" \
+   --set "default-reputation-path=$TEST_DIR" \
+   --set "reputation-files.0=${TEST_DIR}/iprep-data.txt" \
+   --engine-analysis
+
+checks:
+  - shell:
+      args: grep 'Loading reputation file' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep '1 rule files processed. 2 rules successfully loaded, 0 rules failed' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep '2 signatures processed' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep 'Error[:]' suricata.log | wc -l | xargs
+      expect: 0

diff --git a/tests/reputation-config/reputation-config-lf/iprep-data.txt b/tests/reputation-config/reputation-config-lf/iprep-data.txt
new file mode 100644 (file)
index 0000000..352a689
--- /dev/null
+++ b/tests/reputation-config/reputation-config-lf/iprep-data.txt
@@ -0,0 +1,3 @@
+1.2.3.4,1,101
+1.2.3.5,1,101
+1.1.1.0/24,6,88

diff --git a/tests/reputation-config/reputation-config-lf/test.yaml b/tests/reputation-config/reputation-config-lf/test.yaml
new file mode 100644 (file)
index 0000000..d38fade
--- /dev/null
+++ b/tests/reputation-config/reputation-config-lf/test.yaml
@@ -0,0 +1,24 @@
+command: |
+  ${SRCDIR}/src/suricata -c "${SRCDIR}/suricata.yaml" -l "${OUTPUT_DIR}" \
+   --set "threshold-file=${TEST_DIR}/../threshold.config" \
+   --set "classification-file="${SRCDIR}`[ -f ${SRCDIR}/etc/classification.config ] && printf '/etc'`/classification.config \
+   --set "reference-config-file="${SRCDIR}`[ -f ${SRCDIR}/etc/reference.config ] && printf '/etc'`/reference.config \
+   -S "${TEST_DIR}/../test.rules" \
+   --set "reputation-categories-file=${TEST_DIR}/../iprep-categories.txt" \
+   --set "default-reputation-path=$TEST_DIR" \
+   --set "reputation-files.0=${TEST_DIR}/iprep-data.txt" \
+   --engine-analysis
+
+checks:
+  - shell:
+      args: grep 'Loading reputation file' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep '1 rule files processed. 2 rules successfully loaded, 0 rules failed' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep '2 signatures processed' suricata.log | wc -l | xargs
+      expect: 1
+  - shell:
+      args: grep 'Error[:]' suricata.log | wc -l | xargs
+      expect: 0

diff --git a/tests/reputation-config/test.py b/tests/reputation-config/test.py
new file mode 100644 (file)
index 0000000..db399ff
--- /dev/null
+++ b/tests/reputation-config/test.py
@@ -0,0 +1,20 @@
+from pathlib import Path
+
+# Create config files with a mix syntax
+test = 'reputation-config'
+test_options = [
+    { 'path': f'{test}-lf',    'eol': '\n' },
+    { 'path': f'{test}-cr',    'eol': '\r' },
+    { 'path': f'{test}-cr-lf', 'eol': '\r\n' },
+]
+
+# Categories and IPs from
+# https://docs.suricata.io/en/suricata-6.0.0/reputation/ipreputation/ip-reputation-format.html
+
+for test in test_options:
+    path, eol = Path(test['path']), test['eol']
+
+    with open(path / 'iprep-data.txt', 'w') as rep_cfg:
+        rep_cfg.write(f'1.2.3.4,1,101{eol}')
+        rep_cfg.write(f'1.2.3.5,1,101{eol}')
+        rep_cfg.write(f'1.1.1.0/24,6,88{eol}')

diff --git a/tests/reputation-config/test.rules b/tests/reputation-config/test.rules
new file mode 100644 (file)
index 0000000..3e2a37a
--- /dev/null
+++ b/tests/reputation-config/test.rules
@@ -0,0 +1,2 @@
+alert ip any any -> any any (msg:"BadHosts: Some bad hosts have been detected"; iprep:any,BadHosts,>,30; sid:1; rev:1;)
+alert ip any any -> any any (msg:"Google: Some google host has been detected"; iprep:any,Google,>,30; sid:2; rev:1;)
\ No newline at end of file

diff --git a/tests/reputation-config/threshold.config b/tests/reputation-config/threshold.config
new file mode 100644 (file)
index 0000000..e69de29