From: jason taylor <jtfas90@gmail.com>
Date: Sun, 19 May 2019 01:15:56 +0000 (-0400)
Subject: tests: add invalid hex usage
X-Git-Tag: suricata-6.0.4~429
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=30923bdb25bcd186125eb744af458448f8536246;p=thirdparty%2Fsuricata-verify.git

tests: add invalid hex usage

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/tests/test-bad-hex-rule-1/suricata.yaml b/tests/test-bad-hex-rule-1/suricata.yaml
new file mode 100644
index 000000000..dcaae57fe
--- /dev/null
+++ b/tests/test-bad-hex-rule-1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: info
+  outputs:
+  - file:
+      enabled: yes
+      filename: eve.json
+      type: json
diff --git a/tests/test-bad-hex-rule-1/test.rules b/tests/test-bad-hex-rule-1/test.rules
new file mode 100644
index 000000000..1c7917660
--- /dev/null
+++ b/tests/test-bad-hex-rule-1/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"invalid hex test rule"; content:"|l0 01 01|"; sid:12345; rev:1;)
diff --git a/tests/test-bad-hex-rule-1/test.yaml b/tests/test-bad-hex-rule-1/test.yaml
new file mode 100644
index 000000000..897827840
--- /dev/null
+++ b/tests/test-bad-hex-rule-1/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 5.0.0
+
+  features:
+    - HAVE_LIBJANSSON
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules
+
+checks:
+  # check that we have the following entres in eve.json
+  # match 1 specific rule load failure reason
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "Invalid hex code in content - |l0 01 01|, hex l. Invalidating signature."
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.error: "SC_ERR_NO_RULES_LOADED"
diff --git a/tests/test-bad-hex-rule-2/suricata.yaml b/tests/test-bad-hex-rule-2/suricata.yaml
new file mode 100644
index 000000000..dcaae57fe
--- /dev/null
+++ b/tests/test-bad-hex-rule-2/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: info
+  outputs:
+  - file:
+      enabled: yes
+      filename: eve.json
+      type: json
diff --git a/tests/test-bad-hex-rule-2/test.rules b/tests/test-bad-hex-rule-2/test.rules
new file mode 100644
index 000000000..4c38679f3
--- /dev/null
+++ b/tests/test-bad-hex-rule-2/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"invalid hex test rule"; content:"|01 10 0j|"; sid:12346; rev:1;)
diff --git a/tests/test-bad-hex-rule-2/test.yaml b/tests/test-bad-hex-rule-2/test.yaml
new file mode 100644
index 000000000..021eebad7
--- /dev/null
+++ b/tests/test-bad-hex-rule-2/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 5.0.0
+
+  features:
+    - HAVE_LIBJANSSON
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules
+
+checks:
+  # check that we have the following entres in eve.json
+  # match 1 specific rule load failure reason
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "Invalid hex code in content - \u0001\u00101 10 0j|, hex j. Invalidating signature."
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.error: "SC_ERR_NO_RULES_LOADED"
diff --git a/tests/test-bad-hex-rule-3/suricata.yaml b/tests/test-bad-hex-rule-3/suricata.yaml
new file mode 100644
index 000000000..dcaae57fe
--- /dev/null
+++ b/tests/test-bad-hex-rule-3/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: info
+  outputs:
+  - file:
+      enabled: yes
+      filename: eve.json
+      type: json
diff --git a/tests/test-bad-hex-rule-3/test.rules b/tests/test-bad-hex-rule-3/test.rules
new file mode 100644
index 000000000..0578171e2
--- /dev/null
+++ b/tests/test-bad-hex-rule-3/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"invalid hex test rule 3"; content:"|1"; sid:1232222; rev:1;)
diff --git a/tests/test-bad-hex-rule-3/test.yaml b/tests/test-bad-hex-rule-3/test.yaml
new file mode 100644
index 000000000..2f839a337
--- /dev/null
+++ b/tests/test-bad-hex-rule-3/test.yaml
@@ -0,0 +1,23 @@
+requires:
+  min-version: 5.0.0
+
+  features:
+    - HAVE_LIBJANSSON
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules
+
+checks:
+  # check that we have the following entres in eve.json
+  # match 1 specific rule load failure reason
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "Invalid hex code assembly in content - |1.  Invalidating signature."
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.error: "SC_ERR_NO_RULES_LOADED"