From: Eloy Pérez González <zer1t0ps@protonmail.com>
Date: Fri, 22 Oct 2021 09:35:43 +0000 (+0200)
Subject: smb: add dce_opnum tests
X-Git-Tag: suricata-6.0.5~30
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2b4712d943a090b044582d341e0bcb9659a4e80d;p=thirdparty%2Fsuricata-verify.git

smb: add dce_opnum tests
---

diff --git a/tests/smb-dce_opnum/input.pcap b/tests/smb-dce_opnum/input.pcap
new file mode 100644
index 000000000..1897e467c
Binary files /dev/null and b/tests/smb-dce_opnum/input.pcap differ
diff --git a/tests/smb-dce_opnum/test.rules b/tests/smb-dce_opnum/test.rules
new file mode 100644
index 000000000..b182b14ae
--- /dev/null
+++ b/tests/smb-dce_opnum/test.rules
@@ -0,0 +1,2 @@
+alert smb any any -> any any (msg: "smb dcerpc.opnum 10"; dcerpc.opnum: 10; sid: 10;)
+alert smb any any -> any any (msg: "smb dcerpc.opnum 89"; dcerpc.opnum: 89; sid: 89;)
\ No newline at end of file
diff --git a/tests/smb-dce_opnum/test.yaml b/tests/smb-dce_opnum/test.yaml
new file mode 100644
index 000000000..864d64fff
--- /dev/null
+++ b/tests/smb-dce_opnum/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 7
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 4
+    match:
+      event_type: alert
+      alert.signature_id: 10
+- filter:
+    count: 2
+    match:
+      event_type: alert
+      alert.signature_id: 89