From: Victor Julien Date: Fri, 10 Jun 2022 12:20:34 +0000 (+0200) Subject: tests: add test for issue 4376 X-Git-Tag: suricata-5.0.10~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e6711fe45c79b28533dfb6600c17f7e05264134;p=thirdparty%2Fsuricata-verify.git tests: add test for issue 4376 --- diff --git a/tests/bug-4376/README.md b/tests/bug-4376/README.md new file mode 100644 index 000000000..d45f75308 --- /dev/null +++ b/tests/bug-4376/README.md @@ -0,0 +1 @@ +PCAP from https://redmine.openinfosecfoundation.org/issues/4376 diff --git a/tests/bug-4376/syn_retransmit_with_ts.pcap b/tests/bug-4376/syn_retransmit_with_ts.pcap new file mode 100644 index 000000000..346a35eb5 Binary files /dev/null and b/tests/bug-4376/syn_retransmit_with_ts.pcap differ diff --git a/tests/bug-4376/test.rules b/tests/bug-4376/test.rules new file mode 100644 index 000000000..46c6c6ef4 --- /dev/null +++ b/tests/bug-4376/test.rules @@ -0,0 +1,2 @@ +alert http any any -> any any (flow:to_server; http.host; content:"nx2500-242-4-server"; sid:1;) +alert http any any -> any any (flow:to_client; http.stat_code; content:"200"; sid:2;) diff --git a/tests/bug-4376/test.yaml b/tests/bug-4376/test.yaml new file mode 100644 index 000000000..6eab8969e --- /dev/null +++ b/tests/bug-4376/test.yaml @@ -0,0 +1,36 @@ +args: +- -k none +- --set vlan.use-for-tracking=false +- --set app-layer.protocols.http.libhtp.default-config.response-body-limit=200kb + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + vlan[0]: 3136 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2 + - filter: + count: 1 + match: + event_type: fileinfo + fileinfo.filename: "/malware/ppt/mal/51f14eb6c874686e5f593132cf0f742d.ppt" + fileinfo.state: CLOSED + - filter: + count: 1 + match: + event_type: http + http.hostname: "nx2500-242-4-server" + http.status: 200 + vlan[0]: 3136 + - filter: + count: 1 + match: + event_type: flow + tcp.state: closed + vlan[0]: 3136