]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 82ac963)
tests: add http.host nocase test 909/head
authorjason taylor <jtfas90@gmail.com>
Tue, 14 Jun 2022 21:17:21 +0000 (21:17 +0000)
committerVictor Julien <victor@inliniac.net>
Thu, 18 Aug 2022 11:56:34 +0000 (13:56 +0200)
Signed-off-by: jason taylor <jtfas90@gmail.com>
tests/test-bad-http-host-rule-1/test.rules patch | blob | blame | history
tests/test-bad-http-host-rule-2/suricata.yaml [new file with mode: 0644] patch | blob
tests/test-bad-http-host-rule-2/test.rules [new file with mode: 0644] patch | blob
tests/test-bad-http-host-rule-2/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/test-bad-http-host-rule-1/test.rules b/tests/test-bad-http-host-rule-1/test.rules
index 4a5ac697d460dd4fffe56b0647b29cbb7cacd6d2..f9888467dff6a4f9abf982f38db5b4581c866725 100644 (file)
--- a/tests/test-bad-http-host-rule-1/test.rules
+++ b/tests/test-bad-http-host-rule-1/test.rules
@@ -1 +1 @@
-alert http any any -> any any (msg:"TEST SUCCESFULL - http host capitalizaed "; http.host; content:"ALLCAPS.COM"; sid:1111; rev:1;)
+alert http any any -> any any (msg:"TEST SUCCESFULL - http host capitalizaed"; http.host; content:"ALLCAPS.COM"; sid:1111; rev:1;)
diff --git a/tests/test-bad-http-host-rule-2/suricata.yaml b/tests/test-bad-http-host-rule-2/suricata.yaml
new file mode 100644 (file)
index 0000000..dcaae57
--- /dev/null
+++ b/tests/test-bad-http-host-rule-2/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: info
+  outputs:
+  - file:
+      enabled: yes
+      filename: eve.json
+      type: json
diff --git a/tests/test-bad-http-host-rule-2/test.rules b/tests/test-bad-http-host-rule-2/test.rules
new file mode 100644 (file)
index 0000000..94aa23c
--- /dev/null
+++ b/tests/test-bad-http-host-rule-2/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"TEST SUCCESFULL - http host nocase"; http.host; content:"somehost.com"; nocase; sid:123; rev:1;)
diff --git a/tests/test-bad-http-host-rule-2/test.yaml b/tests/test-bad-http-host-rule-2/test.yaml
new file mode 100644 (file)
index 0000000..32370d9
--- /dev/null
+++ b/tests/test-bad-http-host-rule-2/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 7.0.0
+
+checks:
+  # check that we have the following entres in eve.json
+  # match 1 specific rule load failure reason
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "rule 123: http.host keyword specified along with \"nocase\". The hostname buffer is normalized to lowercase, specifying nocase is redundant."
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.error: "SC_ERR_NO_RULES_LOADED"
Mirror of https://github.com/OISF/suricata-verify.git