detect: move http uri unit tests to SV

Ticket: 3725

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md
new file mode 100644 (file)
index 0000000..26e55da
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest01

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap
new file mode 100644 (file)
index 0000000..5e029d5
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.rules
new file mode 100644 (file)
index 0000000..f32f9a0
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"../c/./d"; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md
new file mode 100644 (file)
index 0000000..c79fe4b
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest02

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap
new file mode 100644 (file)
index 0000000..20b15f2
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules
new file mode 100644 (file)
index 0000000..1674e81
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"/c/./d"; http_raw_uri; offset:5; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md
new file mode 100644 (file)
index 0000000..8817feb
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest03

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap
new file mode 100644 (file)
index 0000000..be91e76
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules
new file mode 100644 (file)
index 0000000..93e2e88
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"/a/b"; http_raw_uri; offset:10; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md
new file mode 100644 (file)
index 0000000..6365631
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest04

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap
new file mode 100644 (file)
index 0000000..be91e76
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules
new file mode 100644 (file)
index 0000000..d06f2ef
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:!"/a/b"; http_raw_uri; offset:10; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md
new file mode 100644 (file)
index 0000000..a264b22
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest05

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap
new file mode 100644 (file)
index 0000000..f21839e
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules
new file mode 100644 (file)
index 0000000..d00585c
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"a/b"; http_raw_uri; depth:10; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md
new file mode 100644 (file)
index 0000000..09dae06
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest06

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap
new file mode 100644 (file)
index 0000000..f21839e
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules
new file mode 100644 (file)
index 0000000..2adcc71
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:!"/a/b"; http_raw_uri; depth:25; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md
new file mode 100644 (file)
index 0000000..b235484
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest07

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap
new file mode 100644 (file)
index 0000000..f21839e
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules
new file mode 100644 (file)
index 0000000..7561f00
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:!"/c/./d"; http_raw_uri; depth:12; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md
new file mode 100644 (file)
index 0000000..8941b0f
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest08

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap
new file mode 100644 (file)
index 0000000..e0b9c22
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules
new file mode 100644 (file)
index 0000000..79f367b
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:!"/c/./d"; http_raw_uri; depth:18; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md
new file mode 100644 (file)
index 0000000..ed77b8b
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest09

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules
new file mode 100644 (file)
index 0000000..518ab6c
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"/a"; http_raw_uri; content:"./c/."; http_raw_uri; within:9; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md
new file mode 100644 (file)
index 0000000..85eb1f6
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest10

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules
new file mode 100644 (file)
index 0000000..eed792e
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"/a"; http_raw_uri; content:!"boom"; http_raw_uri; within:5; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md
new file mode 100644 (file)
index 0000000..cfe6dbc
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest11

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules
new file mode 100644 (file)
index 0000000..9de7cbf
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"boom"; http_raw_uri; within:5; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md
new file mode 100644 (file)
index 0000000..8a6dbf3
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest12

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules
new file mode 100644 (file)
index 0000000..1b13730
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"/b/.."; http_raw_uri; within:5; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md
new file mode 100644 (file)
index 0000000..2a021b6
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest13

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules
new file mode 100644 (file)
index 0000000..f71c538
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"/c/."; http_raw_uri; distance:5; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md
new file mode 100644 (file)
index 0000000..1bacf16
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest14

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules
new file mode 100644 (file)
index 0000000..36d2073
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"b/.."; http_raw_uri; distance:5; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md
new file mode 100644 (file)
index 0000000..00fc887
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest15

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules
new file mode 100644 (file)
index 0000000..c68b962
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"/c/"; http_raw_uri; distance:7; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md
new file mode 100644 (file)
index 0000000..54cf012
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest16

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules
new file mode 100644 (file)
index 0000000..af6503d
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"/c/"; http_raw_uri; distance:4; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md
new file mode 100644 (file)
index 0000000..c7c1409
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest21

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules
new file mode 100644 (file)
index 0000000..71e377c
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; http_raw_uri; within:5; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md
new file mode 100644 (file)
index 0000000..a9a7712
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest22

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules
new file mode 100644 (file)
index 0000000..7c8241c
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; within:5; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md
new file mode 100644 (file)
index 0000000..0e05e2c
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest23

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules
new file mode 100644 (file)
index 0000000..f3a4779
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; distance:3; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md
new file mode 100644 (file)
index 0000000..d328f8f
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest24

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules
new file mode 100644 (file)
index 0000000..8933667
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; distance:10; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md
new file mode 100644 (file)
index 0000000..f3ae6c0
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest25

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules
new file mode 100644 (file)
index 0000000..97073c8
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; within:10; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md
new file mode 100644 (file)
index 0000000..db7bc00
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest26

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules
new file mode 100644 (file)
index 0000000..ce1546f
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; within:5; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md
new file mode 100644 (file)
index 0000000..556953e
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest27

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules
new file mode 100644 (file)
index 0000000..3893b8d
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; distance:5; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md
new file mode 100644 (file)
index 0000000..c8e1653
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest28

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap
new file mode 100644 (file)
index 0000000..a7125d1
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules
new file mode 100644 (file)
index 0000000..1652561
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; distance:10; http_raw_uri; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md
new file mode 100644 (file)
index 0000000..37e6540
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest29

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap
new file mode 100644 (file)
index 0000000..b6bf894
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules
new file mode 100644 (file)
index 0000000..63e4a2d
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative raw uri contents"; content:"/c/"; http_raw_uri; isdataat:4,relative; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md
new file mode 100644 (file)
index 0000000..33a3058
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test DetectEngineHttpRawUriTest30

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap
new file mode 100644 (file)
index 0000000..b6bf894
Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules
new file mode 100644 (file)
index 0000000..13d6b93
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative raw uri contents"; uricontent:"/c/"; isdataat:!10,relative; sid:1;)

diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig01/README.md b/tests/detect-http-uri/UriTestSig01/README.md
new file mode 100644 (file)
index 0000000..ee62fbf
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig01/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig01

diff --git a/tests/detect-http-uri/UriTestSig01/test.fpc.pcap b/tests/detect-http-uri/UriTestSig01/test.fpc.pcap
new file mode 100644 (file)
index 0000000..4a52341
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig01/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig01/test.rules b/tests/detect-http-uri/UriTestSig01/test.rules
new file mode 100644 (file)
index 0000000..521cf88
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig01/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig01/test.yaml b/tests/detect-http-uri/UriTestSig01/test.yaml
new file mode 100644 (file)
index 0000000..7abb9db
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig01/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 4
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig02/README.md b/tests/detect-http-uri/UriTestSig02/README.md
new file mode 100644 (file)
index 0000000..ae733b2
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig02/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig02

diff --git a/tests/detect-http-uri/UriTestSig02/test.fpc.pcap b/tests/detect-http-uri/UriTestSig02/test.fpc.pcap
new file mode 100644 (file)
index 0000000..f0080a8
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig02/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig02/test.rules b/tests/detect-http-uri/UriTestSig02/test.rules
new file mode 100644 (file)
index 0000000..55e1c39
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig02/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/one/U; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig02/test.yaml b/tests/detect-http-uri/UriTestSig02/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig02/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig03/README.md b/tests/detect-http-uri/UriTestSig03/README.md
new file mode 100644 (file)
index 0000000..7f94fbf
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig03/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig03

diff --git a/tests/detect-http-uri/UriTestSig03/test.fpc.pcap b/tests/detect-http-uri/UriTestSig03/test.fpc.pcap
new file mode 100644 (file)
index 0000000..4a52341
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig03/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig03/test.rules b/tests/detect-http-uri/UriTestSig03/test.rules
new file mode 100644 (file)
index 0000000..ba6b90b
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig03/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/blah/U; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig03/test.yaml b/tests/detect-http-uri/UriTestSig03/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig03/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig04/README.md b/tests/detect-http-uri/UriTestSig04/README.md
new file mode 100644 (file)
index 0000000..f8cc969
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig04/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig04

diff --git a/tests/detect-http-uri/UriTestSig04/test.fpc.pcap b/tests/detect-http-uri/UriTestSig04/test.fpc.pcap
new file mode 100644 (file)
index 0000000..4a52341
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig04/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig04/test.rules b/tests/detect-http-uri/UriTestSig04/test.rules
new file mode 100644 (file)
index 0000000..b3b97b5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig04/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test urilen option"; urilen:>20; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig04/test.yaml b/tests/detect-http-uri/UriTestSig04/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig04/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig05/README.md b/tests/detect-http-uri/UriTestSig05/README.md
new file mode 100644 (file)
index 0000000..2a95579
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig05/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig05

diff --git a/tests/detect-http-uri/UriTestSig05/test.fpc.pcap b/tests/detect-http-uri/UriTestSig05/test.fpc.pcap
new file mode 100644 (file)
index 0000000..4a52341
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig05/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig05/test.rules b/tests/detect-http-uri/UriTestSig05/test.rules
new file mode 100644 (file)
index 0000000..a79400e
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig05/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test urilen option"; urilen:>4; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig05/test.yaml b/tests/detect-http-uri/UriTestSig05/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig05/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig06/README.md b/tests/detect-http-uri/UriTestSig06/README.md
new file mode 100644 (file)
index 0000000..db1e088
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig06/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig06

diff --git a/tests/detect-http-uri/UriTestSig06/test.fpc.pcap b/tests/detect-http-uri/UriTestSig06/test.fpc.pcap
new file mode 100644 (file)
index 0000000..44ea25f
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig06/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig06/test.rules b/tests/detect-http-uri/UriTestSig06/test.rules
new file mode 100644 (file)
index 0000000..02e11ac
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig06/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/(oneself)+/U; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig06/test.yaml b/tests/detect-http-uri/UriTestSig06/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig06/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig07/README.md b/tests/detect-http-uri/UriTestSig07/README.md
new file mode 100644 (file)
index 0000000..6d3fdf0
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig07/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig07

diff --git a/tests/detect-http-uri/UriTestSig07/test.fpc.pcap b/tests/detect-http-uri/UriTestSig07/test.fpc.pcap
new file mode 100644 (file)
index 0000000..3ecb8fd
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig07/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig07/test.rules b/tests/detect-http-uri/UriTestSig07/test.rules
new file mode 100644 (file)
index 0000000..b3f742a
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig07/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test pcre /U option with urilen "; pcre:/(one){2,}(self)?/U; urilen:3<>20; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig07/test.yaml b/tests/detect-http-uri/UriTestSig07/test.yaml
new file mode 100644 (file)
index 0000000..7abb9db
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig07/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 4
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig08/README.md b/tests/detect-http-uri/UriTestSig08/README.md
new file mode 100644 (file)
index 0000000..81c9911
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig08/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig08

diff --git a/tests/detect-http-uri/UriTestSig08/test.fpc.pcap b/tests/detect-http-uri/UriTestSig08/test.fpc.pcap
new file mode 100644 (file)
index 0000000..3ecb8fd
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig08/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig08/test.rules b/tests/detect-http-uri/UriTestSig08/test.rules
new file mode 100644 (file)
index 0000000..b55e677
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig08/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test pcre /U option with urilen"; pcre:/(blabla){2,}(self)?/U; urilen:3<>20; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig08/test.yaml b/tests/detect-http-uri/UriTestSig08/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig08/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig09/README.md b/tests/detect-http-uri/UriTestSig09/README.md
new file mode 100644 (file)
index 0000000..aed5944
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig09/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig09

diff --git a/tests/detect-http-uri/UriTestSig09/test.fpc.pcap b/tests/detect-http-uri/UriTestSig09/test.fpc.pcap
new file mode 100644 (file)
index 0000000..3ecb8fd
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig09/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig09/test.rules b/tests/detect-http-uri/UriTestSig09/test.rules
new file mode 100644 (file)
index 0000000..3d74c89
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig09/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test pcre /U option with urilen "; pcre:/(one){2,}(self)?/U; urilen:<2; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig09/test.yaml b/tests/detect-http-uri/UriTestSig09/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig09/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig12/README.md b/tests/detect-http-uri/UriTestSig12/README.md
new file mode 100644 (file)
index 0000000..597b502
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig12/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig12

diff --git a/tests/detect-http-uri/UriTestSig12/test.fpc.pcap b/tests/detect-http-uri/UriTestSig12/test.fpc.pcap
new file mode 100644 (file)
index 0000000..3ecb8fd
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig12/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig12/test.rules b/tests/detect-http-uri/UriTestSig12/test.rules
new file mode 100644 (file)
index 0000000..f7b41ff
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig12/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test pcre /U, uricontent and urilen option"; uricontent:"one"; pcre:/(one)+self/U; urilen:>2; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig12/test.yaml b/tests/detect-http-uri/UriTestSig12/test.yaml
new file mode 100644 (file)
index 0000000..905eb72
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig12/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig13/README.md b/tests/detect-http-uri/UriTestSig13/README.md
new file mode 100644 (file)
index 0000000..d4d3a8f
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig13/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig13

diff --git a/tests/detect-http-uri/UriTestSig13/test.fpc.pcap b/tests/detect-http-uri/UriTestSig13/test.fpc.pcap
new file mode 100644 (file)
index 0000000..4a52341
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig13/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig13/test.rules b/tests/detect-http-uri/UriTestSig13/test.rules
new file mode 100644 (file)
index 0000000..f082010
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig13/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test urilen option"; urilen:>2; uricontent:"one"; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig13/test.yaml b/tests/detect-http-uri/UriTestSig13/test.yaml
new file mode 100644 (file)
index 0000000..7abb9db
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig13/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 4
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig14/README.md b/tests/detect-http-uri/UriTestSig14/README.md
new file mode 100644 (file)
index 0000000..a2c9423
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig14/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig14

diff --git a/tests/detect-http-uri/UriTestSig14/test.fpc.pcap b/tests/detect-http-uri/UriTestSig14/test.fpc.pcap
new file mode 100644 (file)
index 0000000..4a52341
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig14/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig14/test.rules b/tests/detect-http-uri/UriTestSig14/test.rules
new file mode 100644 (file)
index 0000000..dfd8376
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig14/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; pcre:/one(self)?/U;sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig14/test.yaml b/tests/detect-http-uri/UriTestSig14/test.yaml
new file mode 100644 (file)
index 0000000..7abb9db
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig14/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 4
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig15/README.md b/tests/detect-http-uri/UriTestSig15/README.md
new file mode 100644 (file)
index 0000000..1d1416d
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig15/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig15

diff --git a/tests/detect-http-uri/UriTestSig15/test.fpc.pcap b/tests/detect-http-uri/UriTestSig15/test.fpc.pcap
new file mode 100644 (file)
index 0000000..4a52341
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig15/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig15/test.rules b/tests/detect-http-uri/UriTestSig15/test.rules
new file mode 100644 (file)
index 0000000..6e700a3
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig15/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; pcre:/^\/one(self)?$/U;sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig15/test.yaml b/tests/detect-http-uri/UriTestSig15/test.yaml
new file mode 100644 (file)
index 0000000..7abb9db
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig15/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 4
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+        pcap_cnt: 5

diff --git a/tests/detect-http-uri/UriTestSig16/README.md b/tests/detect-http-uri/UriTestSig16/README.md
new file mode 100644 (file)
index 0000000..583227e
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig16/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig16

diff --git a/tests/detect-http-uri/UriTestSig16/test.fpc.pcap b/tests/detect-http-uri/UriTestSig16/test.fpc.pcap
new file mode 100644 (file)
index 0000000..794cd7c
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig16/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig16/test.rules b/tests/detect-http-uri/UriTestSig16/test.rules
new file mode 100644 (file)
index 0000000..966d465
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig16/test.rules
@@ -0,0 +1 @@
+drop tcp any any -> any any (flow:to_server,established; uricontent:"/search?q="; pcre:"/^\/search\?q=[0-9]{1,3}(&aq=7(\?[0-9a-f]{8})?)?/U"; pcre:"/\x0d\x0aHost\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; sid:2009024; rev:9;)

diff --git a/tests/detect-http-uri/UriTestSig16/test.yaml b/tests/detect-http-uri/UriTestSig16/test.yaml
new file mode 100644 (file)
index 0000000..fadac05
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig16/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2009024
+        pcap_cnt: 4

diff --git a/tests/detect-http-uri/UriTestSig17/README.md b/tests/detect-http-uri/UriTestSig17/README.md
new file mode 100644 (file)
index 0000000..78ee7c6
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig17/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig17

diff --git a/tests/detect-http-uri/UriTestSig17/test.fpc.pcap b/tests/detect-http-uri/UriTestSig17/test.fpc.pcap
new file mode 100644 (file)
index 0000000..63b25f8
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig17/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig17/test.rules b/tests/detect-http-uri/UriTestSig17/test.rules
new file mode 100644 (file)
index 0000000..6b55be1
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig17/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"this"; uricontent:"is"; within:6; uricontent:"big"; within:8; uricontent:"string"; within:8; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig17/test.yaml b/tests/detect-http-uri/UriTestSig17/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig17/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig18/README.md b/tests/detect-http-uri/UriTestSig18/README.md
new file mode 100644 (file)
index 0000000..2c60516
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig18/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig18

diff --git a/tests/detect-http-uri/UriTestSig18/test.fpc.pcap b/tests/detect-http-uri/UriTestSig18/test.fpc.pcap
new file mode 100644 (file)
index 0000000..55ec1bb
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig18/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig18/test.rules b/tests/detect-http-uri/UriTestSig18/test.rules
new file mode 100644 (file)
index 0000000..a91abd9
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig18/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"this"; uricontent:"is"; within:9; uricontent:"big"; within:12; uricontent:"string"; within:8; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig18/test.yaml b/tests/detect-http-uri/UriTestSig18/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig18/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig19/README.md b/tests/detect-http-uri/UriTestSig19/README.md
new file mode 100644 (file)
index 0000000..123c8df
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig19/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig19

diff --git a/tests/detect-http-uri/UriTestSig19/test.fpc.pcap b/tests/detect-http-uri/UriTestSig19/test.fpc.pcap
new file mode 100644 (file)
index 0000000..57cc651
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig19/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig19/test.rules b/tests/detect-http-uri/UriTestSig19/test.rules
new file mode 100644 (file)
index 0000000..36dbfa2
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig19/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"now"; uricontent:"this"; uricontent:"is"; within:12; uricontent:"big"; within:8; uricontent:"string"; within:8; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig19/test.yaml b/tests/detect-http-uri/UriTestSig19/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig19/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig20/README.md b/tests/detect-http-uri/UriTestSig20/README.md
new file mode 100644 (file)
index 0000000..35ff5f1
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig20/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig20

diff --git a/tests/detect-http-uri/UriTestSig20/test.fpc.pcap b/tests/detect-http-uri/UriTestSig20/test.fpc.pcap
new file mode 100644 (file)
index 0000000..f2a88eb
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig20/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig20/test.rules b/tests/detect-http-uri/UriTestSig20/test.rules
new file mode 100644 (file)
index 0000000..4f1ae7e
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig20/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"thus"; offset:8; uricontent:"is"; within:6; uricontent:"big"; within:8; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig20/test.yaml b/tests/detect-http-uri/UriTestSig20/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig20/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig21/README.md b/tests/detect-http-uri/UriTestSig21/README.md
new file mode 100644 (file)
index 0000000..341d34f
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig21/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig21

diff --git a/tests/detect-http-uri/UriTestSig21/test.fpc.pcap b/tests/detect-http-uri/UriTestSig21/test.fpc.pcap
new file mode 100644 (file)
index 0000000..e7ae33f
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig21/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig21/test.rules b/tests/detect-http-uri/UriTestSig21/test.rules
new file mode 100644 (file)
index 0000000..cec2897
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig21/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"fix"; uricontent:"this"; within:6; uricontent:!"and"; distance:0; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig21/test.yaml b/tests/detect-http-uri/UriTestSig21/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig21/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig22/README.md b/tests/detect-http-uri/UriTestSig22/README.md
new file mode 100644 (file)
index 0000000..535ec34
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig22/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig22

diff --git a/tests/detect-http-uri/UriTestSig22/test.fpc.pcap b/tests/detect-http-uri/UriTestSig22/test.fpc.pcap
new file mode 100644 (file)
index 0000000..8e2b203
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig22/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig22/test.rules b/tests/detect-http-uri/UriTestSig22/test.rules
new file mode 100644 (file)
index 0000000..46ba188
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig22/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; pcre:/super/U; uricontent:"nova"; within:7; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig22/test.yaml b/tests/detect-http-uri/UriTestSig22/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig22/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig23/README.md b/tests/detect-http-uri/UriTestSig23/README.md
new file mode 100644 (file)
index 0000000..35cc37c
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig23/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig23

diff --git a/tests/detect-http-uri/UriTestSig23/test.fpc.pcap b/tests/detect-http-uri/UriTestSig23/test.fpc.pcap
new file mode 100644 (file)
index 0000000..e7ae33f
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig23/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig23/test.rules b/tests/detect-http-uri/UriTestSig23/test.rules
new file mode 100644 (file)
index 0000000..9c1926b
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig23/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:!"fix_this_now"; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig23/test.yaml b/tests/detect-http-uri/UriTestSig23/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig23/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig24/README.md b/tests/detect-http-uri/UriTestSig24/README.md
new file mode 100644 (file)
index 0000000..2c824e5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig24/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig24

diff --git a/tests/detect-http-uri/UriTestSig24/test.fpc.pcap b/tests/detect-http-uri/UriTestSig24/test.fpc.pcap
new file mode 100644 (file)
index 0000000..e7ae33f
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig24/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig24/test.rules b/tests/detect-http-uri/UriTestSig24/test.rules
new file mode 100644 (file)
index 0000000..f3f4af3
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig24/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"we_need_to"; uricontent:!"fix_this_now"; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig24/test.yaml b/tests/detect-http-uri/UriTestSig24/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig24/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig25/README.md b/tests/detect-http-uri/UriTestSig25/README.md
new file mode 100644 (file)
index 0000000..baadcdc
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig25/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig25

diff --git a/tests/detect-http-uri/UriTestSig25/test.fpc.pcap b/tests/detect-http-uri/UriTestSig25/test.fpc.pcap
new file mode 100644 (file)
index 0000000..738e7fa
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig25/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig25/test.rules b/tests/detect-http-uri/UriTestSig25/test.rules
new file mode 100644 (file)
index 0000000..acdaca4
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig25/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; pcre:/normalized/U; uricontent:"normalized uri"; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig25/test.yaml b/tests/detect-http-uri/UriTestSig25/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig25/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig26/README.md b/tests/detect-http-uri/UriTestSig26/README.md
new file mode 100644 (file)
index 0000000..fce57a2
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig26/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig26

diff --git a/tests/detect-http-uri/UriTestSig26/test.fpc.pcap b/tests/detect-http-uri/UriTestSig26/test.fpc.pcap
new file mode 100644 (file)
index 0000000..e7ae33f
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig26/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig26/test.rules b/tests/detect-http-uri/UriTestSig26/test.rules
new file mode 100644 (file)
index 0000000..42cc645
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig26/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"fix_this"; isdataat:4,relative; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig26/test.yaml b/tests/detect-http-uri/UriTestSig26/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig26/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig27/README.md b/tests/detect-http-uri/UriTestSig27/README.md
new file mode 100644 (file)
index 0000000..a7c19b9
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig27/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig27

diff --git a/tests/detect-http-uri/UriTestSig27/test.fpc.pcap b/tests/detect-http-uri/UriTestSig27/test.fpc.pcap
new file mode 100644 (file)
index 0000000..e7ae33f
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig27/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig27/test.rules b/tests/detect-http-uri/UriTestSig27/test.rules
new file mode 100644 (file)
index 0000000..d3633f6
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig27/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (uricontent:"fix_this"; isdataat:!10,relative; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig27/test.yaml b/tests/detect-http-uri/UriTestSig27/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig27/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig28/README.md b/tests/detect-http-uri/UriTestSig28/README.md
new file mode 100644 (file)
index 0000000..e6f6b2a
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig28/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig28

diff --git a/tests/detect-http-uri/UriTestSig28/test.fpc.pcap b/tests/detect-http-uri/UriTestSig28/test.fpc.pcap
new file mode 100644 (file)
index 0000000..b51067c
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig28/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig28/test.rules b/tests/detect-http-uri/UriTestSig28/test.rules
new file mode 100644 (file)
index 0000000..a48470d
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig28/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"ring"; distance:one; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig28/test.yaml b/tests/detect-http-uri/UriTestSig28/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig28/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig29/README.md b/tests/detect-http-uri/UriTestSig29/README.md
new file mode 100644 (file)
index 0000000..7c02bff
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig29/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig29

diff --git a/tests/detect-http-uri/UriTestSig29/test.fpc.pcap b/tests/detect-http-uri/UriTestSig29/test.fpc.pcap
new file mode 100644 (file)
index 0000000..b51067c
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig29/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig29/test.rules b/tests/detect-http-uri/UriTestSig29/test.rules
new file mode 100644 (file)
index 0000000..a48470d
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig29/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"ring"; distance:one; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig29/test.yaml b/tests/detect-http-uri/UriTestSig29/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig29/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig30/README.md b/tests/detect-http-uri/UriTestSig30/README.md
new file mode 100644 (file)
index 0000000..5e71880
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig30/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig30

diff --git a/tests/detect-http-uri/UriTestSig30/test.fpc.pcap b/tests/detect-http-uri/UriTestSig30/test.fpc.pcap
new file mode 100644 (file)
index 0000000..b51067c
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig30/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig30/test.rules b/tests/detect-http-uri/UriTestSig30/test.rules
new file mode 100644 (file)
index 0000000..dfcca61
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig30/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"_b5ig"; offset:one; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig30/test.yaml b/tests/detect-http-uri/UriTestSig30/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig30/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig31/README.md b/tests/detect-http-uri/UriTestSig31/README.md
new file mode 100644 (file)
index 0000000..851b757
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig31/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig31

diff --git a/tests/detect-http-uri/UriTestSig31/test.fpc.pcap b/tests/detect-http-uri/UriTestSig31/test.fpc.pcap
new file mode 100644 (file)
index 0000000..b51067c
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig31/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig31/test.rules b/tests/detect-http-uri/UriTestSig31/test.rules
new file mode 100644 (file)
index 0000000..52450f9
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig31/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"his"; depth:one; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig31/test.yaml b/tests/detect-http-uri/UriTestSig31/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig31/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig32/README.md b/tests/detect-http-uri/UriTestSig32/README.md
new file mode 100644 (file)
index 0000000..72780b0
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig32/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig32

diff --git a/tests/detect-http-uri/UriTestSig32/test.fpc.pcap b/tests/detect-http-uri/UriTestSig32/test.fpc.pcap
new file mode 100644 (file)
index 0000000..b51067c
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig32/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig32/test.rules b/tests/detect-http-uri/UriTestSig32/test.rules
new file mode 100644 (file)
index 0000000..69a19b4
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig32/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"g_st"; within:one; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig32/test.yaml b/tests/detect-http-uri/UriTestSig32/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig32/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig33/README.md b/tests/detect-http-uri/UriTestSig33/README.md
new file mode 100644 (file)
index 0000000..6a20894
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig33/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig33

diff --git a/tests/detect-http-uri/UriTestSig33/test.fpc.pcap b/tests/detect-http-uri/UriTestSig33/test.fpc.pcap
new file mode 100644 (file)
index 0000000..738e7fa
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig33/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig33/test.rules b/tests/detect-http-uri/UriTestSig33/test.rules
new file mode 100644 (file)
index 0000000..a24d52a
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig33/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:15; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig33/test.yaml b/tests/detect-http-uri/UriTestSig33/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig33/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig34/README.md b/tests/detect-http-uri/UriTestSig34/README.md
new file mode 100644 (file)
index 0000000..5bf51bc
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig34/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig34

diff --git a/tests/detect-http-uri/UriTestSig34/test.fpc.pcap b/tests/detect-http-uri/UriTestSig34/test.fpc.pcap
new file mode 100644 (file)
index 0000000..738e7fa
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig34/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig34/test.rules b/tests/detect-http-uri/UriTestSig34/test.rules
new file mode 100644 (file)
index 0000000..a86c63b
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig34/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:15, norm; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig34/test.yaml b/tests/detect-http-uri/UriTestSig34/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig34/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig35/README.md b/tests/detect-http-uri/UriTestSig35/README.md
new file mode 100644 (file)
index 0000000..9e1d5a4
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig35/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig35

diff --git a/tests/detect-http-uri/UriTestSig35/test.fpc.pcap b/tests/detect-http-uri/UriTestSig35/test.fpc.pcap
new file mode 100644 (file)
index 0000000..738e7fa
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig35/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig35/test.rules b/tests/detect-http-uri/UriTestSig35/test.rules
new file mode 100644 (file)
index 0000000..44fc538
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig35/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:16; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig35/test.yaml b/tests/detect-http-uri/UriTestSig35/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig35/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig36/README.md b/tests/detect-http-uri/UriTestSig36/README.md
new file mode 100644 (file)
index 0000000..6751674
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig36/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig36

diff --git a/tests/detect-http-uri/UriTestSig36/test.fpc.pcap b/tests/detect-http-uri/UriTestSig36/test.fpc.pcap
new file mode 100644 (file)
index 0000000..738e7fa
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig36/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig36/test.rules b/tests/detect-http-uri/UriTestSig36/test.rules
new file mode 100644 (file)
index 0000000..b176052
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig36/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:16, norm; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig36/test.yaml b/tests/detect-http-uri/UriTestSig36/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig36/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig37/README.md b/tests/detect-http-uri/UriTestSig37/README.md
new file mode 100644 (file)
index 0000000..542e7a8
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig37/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig37

diff --git a/tests/detect-http-uri/UriTestSig37/test.fpc.pcap b/tests/detect-http-uri/UriTestSig37/test.fpc.pcap
new file mode 100644 (file)
index 0000000..738e7fa
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig37/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig37/test.rules b/tests/detect-http-uri/UriTestSig37/test.rules
new file mode 100644 (file)
index 0000000..89cc029
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig37/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:17, raw; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig37/test.yaml b/tests/detect-http-uri/UriTestSig37/test.yaml
new file mode 100644 (file)
index 0000000..d42ca02
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig37/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/detect-http-uri/UriTestSig38/README.md b/tests/detect-http-uri/UriTestSig38/README.md
new file mode 100644 (file)
index 0000000..4f82547
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig38/README.md
@@ -0,0 +1,3 @@
+# Description
+
+Translation of unit test UriTestSig38

diff --git a/tests/detect-http-uri/UriTestSig38/test.fpc.pcap b/tests/detect-http-uri/UriTestSig38/test.fpc.pcap
new file mode 100644 (file)
index 0000000..738e7fa
Binary files /dev/null and b/tests/detect-http-uri/UriTestSig38/test.fpc.pcap differ

diff --git a/tests/detect-http-uri/UriTestSig38/test.rules b/tests/detect-http-uri/UriTestSig38/test.rules
new file mode 100644 (file)
index 0000000..9f1672a
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig38/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:18, raw; sid:1;)

diff --git a/tests/detect-http-uri/UriTestSig38/test.yaml b/tests/detect-http-uri/UriTestSig38/test.yaml
new file mode 100644 (file)
index 0000000..1562fb5
--- /dev/null
+++ b/tests/detect-http-uri/UriTestSig38/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8.0.0
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 1