From: Philippe Antoine Date: Thu, 28 Nov 2024 12:37:47 +0000 (+0100) Subject: pgsql: use detect.guess-applayer-tx for content test X-Git-Tag: suricata-7.0.8~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0832c8ec43c0369a4a8e4dfcc757d2106af18c1c;p=thirdparty%2Fsuricata-verify.git pgsql: use detect.guess-applayer-tx for content test Ticket: 7199 --- diff --git a/tests/pgsql/pgsql-7000-ids/suricata.yaml b/tests/pgsql/pgsql-7000-ids/suricata.yaml index aac151f99..ce7444717 100644 --- a/tests/pgsql/pgsql-7000-ids/suricata.yaml +++ b/tests/pgsql/pgsql-7000-ids/suricata.yaml @@ -15,3 +15,6 @@ app-layer: protocols: pgsql: enabled: yes + +detect: + guess-applayer-tx: true \ No newline at end of file diff --git a/tests/pgsql/pgsql-7000-ids/test.yaml b/tests/pgsql/pgsql-7000-ids/test.yaml index 0e5d976c6..8f680ae0e 100644 --- a/tests/pgsql/pgsql-7000-ids/test.yaml +++ b/tests/pgsql/pgsql-7000-ids/test.yaml @@ -1,3 +1,5 @@ +requires: + min-version: 8 args: - -k none @@ -24,6 +26,7 @@ checks: pgsql.tx_id: 6 stream: 1 tx_id: 5 + tx_guessed: true # check 3 - filter: count: 1 @@ -40,6 +43,7 @@ checks: pgsql.tx_id: 7 stream: 1 tx_id: 6 + tx_guessed: true # check 4 - filter: count: 1 @@ -56,6 +60,7 @@ checks: pgsql.tx_id: 8 stream: 1 tx_id: 7 + tx_guessed: true # check 5 - filter: count: 1 @@ -72,6 +77,7 @@ checks: pgsql.tx_id: 9 stream: 1 tx_id: 8 + tx_guessed: true # check 6 - filter: count: 1 @@ -94,6 +100,7 @@ checks: pgsql.tx_id: 14 stream: 1 tx_id: 13 + tx_guessed: true # check 7 - filter: count: 1 @@ -117,6 +124,7 @@ checks: pgsql.tx_id: 17 stream: 1 tx_id: 16 + tx_guessed: true # check 8 - filter: count: 1 @@ -139,6 +147,7 @@ checks: pgsql.tx_id: 23 stream: 1 tx_id: 22 + tx_guessed: true # check 9 - filter: count: 1 @@ -158,6 +167,7 @@ checks: pgsql.tx_id: 26 stream: 1 tx_id: 25 + tx_guessed: true # check 10 - filter: count: 1 @@ -171,11 +181,4 @@ checks: Dumbledore....prof_dumbledore@gmail.comD...2.....\nMcGonagall....prof_mc.gonagall@gmail.comD...'......Rogue....prof_rogue@yahoo.comD...)......Hagrid....prof_hagrid@gmail.comD...,......Hermione....prof_gramger@gmail.comD...'......Remus....prof_lupin@gmail.comD...)......Maugre....prof_folloy@gmail.comD...-......Londubat....prof_londubat@gmail.comC...\r\ SELECT 8.Z....I" pcap_cnt: 87 - pgsql.request.simple_query: SELECT * FROM new_table; - pgsql.response.command_completed: SELECT 8 - pgsql.response.data_rows: 8 - pgsql.response.data_size: 236 - pgsql.response.field_count: 2 - pgsql.tx_id: 26 stream: 1 - tx_id: 25 diff --git a/tests/pgsql/pgsql-bug-6983-ips/suricata.yaml b/tests/pgsql/pgsql-bug-6983-ips/suricata.yaml index b1049819c..1c856f05f 100755 --- a/tests/pgsql/pgsql-bug-6983-ips/suricata.yaml +++ b/tests/pgsql/pgsql-bug-6983-ips/suricata.yaml @@ -16,3 +16,6 @@ app-layer: protocols: pgsql: enabled: yes + +detect: + guess-applayer-tx: true \ No newline at end of file diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.yaml b/tests/pgsql/pgsql-bug-6983-ips/test.yaml index 2ee0eaaf7..956431bf0 100644 --- a/tests/pgsql/pgsql-bug-6983-ips/test.yaml +++ b/tests/pgsql/pgsql-bug-6983-ips/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 7.0 + min-version: 8.0 pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap @@ -19,9 +19,11 @@ checks: match: event_type: alert alert.signature_id: 1 + tx_guessed: true - filter: count: 1 match: event_type: alert alert.signature_id: 1 + tx_guessed: true pgsql.request.simple_query: "select * from rules where sid = 2021701;"