From: jason taylor <jtfas90@gmail.com>
Date: Mon, 28 Aug 2023 21:43:10 +0000 (+0000)
Subject: tests: update tests for smb.version keyword
X-Git-Tag: suricata-6.0.16~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0275e97dc3beee31680af7b44d92cf32f5f6296c;p=thirdparty%2Fsuricata-verify.git

tests: update tests for smb.version keyword

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/tests/smb-smb_version/test.rules b/tests/smb-smb_version/test.rules
deleted file mode 100644
index 466ffd712..000000000
--- a/tests/smb-smb_version/test.rules
+++ /dev/null
@@ -1,3 +0,0 @@
-
-alert tcp any any -> any any (msg:"SMB1 Request"; smb.version:1;sid:1;)
-alert tcp any any -> any any (msg:"SMB2 Request"; smb.version:2;sid:2;)
diff --git a/tests/smb-version-keyword-invalid/README.md b/tests/smb-version-keyword-invalid/README.md
new file mode 100644
index 000000000..5acc65322
--- /dev/null
+++ b/tests/smb-version-keyword-invalid/README.md
@@ -0,0 +1,4 @@
+TEST
+====
+
+Test invalid smb.version keyword syntax in signature
diff --git a/tests/smb-version-keyword-invalid/test.rules b/tests/smb-version-keyword-invalid/test.rules
new file mode 100644
index 000000000..3127cfb7a
--- /dev/null
+++ b/tests/smb-version-keyword-invalid/test.rules
@@ -0,0 +1 @@
+alert smb any any -> any any (msg:"Two smb version declarations"; flow:established; smb.version:2; smb.version:1; sid:1;)
diff --git a/tests/smb-version-keyword-invalid/test.yaml b/tests/smb-version-keyword-invalid/test.yaml
new file mode 100644
index 000000000..a59b32cba
--- /dev/null
+++ b/tests/smb-version-keyword-invalid/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+args:
+- -k none
+
+pcap: ../smb-version-keyword/input.pcap
+
+checks:
+- shell:
+    args: grep "Can't use 2 or more smb.version declarations" suricata.log | wc -l | xargs
+    expect: 1
+
+exit-code: 1
diff --git a/tests/smb-version-keyword/README.md b/tests/smb-version-keyword/README.md
new file mode 100644
index 000000000..6a0625c7d
--- /dev/null
+++ b/tests/smb-version-keyword/README.md
@@ -0,0 +1,14 @@
+Test
+====
+
+Test alerts with the smb.version keyword
+
+PCAP
+----
+
+The pcap is a sample of network traffic provided by the original author.
+
+Related Issues
+--------------
+
+https://redmine.openinfosecfoundation.org/issues/5075
diff --git a/tests/smb-smb_version/input.pcap b/tests/smb-version-keyword/input.pcap
similarity index 100%
rename from tests/smb-smb_version/input.pcap
rename to tests/smb-version-keyword/input.pcap
diff --git a/tests/smb-version-keyword/test.rules b/tests/smb-version-keyword/test.rules
new file mode 100644
index 000000000..02617e9a0
--- /dev/null
+++ b/tests/smb-version-keyword/test.rules
@@ -0,0 +1,2 @@
+alert smb any any -> any any (msg:"SMBv1 Request"; smb.version:1; sid:1;)
+alert smb any any -> any any (msg:"SMBv2 Request"; smb.version:2; sid:2;)
diff --git a/tests/smb-smb_version/test.yaml b/tests/smb-version-keyword/test.yaml
similarity index 100%
rename from tests/smb-smb_version/test.yaml
rename to tests/smb-version-keyword/test.yaml