From: Jason Ish <jason.ish@oisf.net>
Date: Tue, 25 Feb 2025 22:10:48 +0000 (-0600)
Subject: tests/tls: some sub tests require ja3
X-Git-Tag: suricata-7.0.9~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=369f802e1c169cdbbb5f11264cd74799412a2b59;p=thirdparty%2Fsuricata-verify.git

tests/tls: some sub tests require ja3
---

diff --git a/tests/tls/tls13-draft14/test.yaml b/tests/tls/tls13-draft14/test.yaml
index b9a6e2d8e..12efe5698 100644
--- a/tests/tls/tls13-draft14/test.yaml
+++ b/tests/tls/tls13-draft14/test.yaml
@@ -8,5 +8,13 @@ checks:
       match:
         event_type: tls
         tls.version: "TLS 1.3 draft-<16"
+  - filter:
+      requires:
+        features:
+          - HAVE_JA3
+      count: 1
+      match:
+        event_type: tls
+        tls.version: "TLS 1.3 draft-<16"
         tls.ja3.hash: "65825469c473e48f3ee2571129256ab0"
         tls.ja3.string: "772,49195-49199-52393-52392-49196-49200-49162-49161-49171-49172-51-57-47-53-10,0-23-65281-10-11-35-13172-16-5-65282-40-13,23-24-25-256-257-258-259-260,0"
diff --git a/tests/tls/tls13-draft18/test.yaml b/tests/tls/tls13-draft18/test.yaml
index 858eebfc2..cc173699a 100644
--- a/tests/tls/tls13-draft18/test.yaml
+++ b/tests/tls/tls13-draft18/test.yaml
@@ -8,5 +8,14 @@ checks:
       match:
         event_type: tls
         tls.version: "TLS 1.3 draft-18"
+
+  - filter:
+      requires:
+        features:
+          - HAVE_JA3
+      count: 1
+      match:
+        event_type: tls
+        tls.version: "TLS 1.3 draft-18"
         tls.ja3.hash: "23d254f72096d25c350e4a4a792f4948"
         tls.ja3.string: "771,4865-4866-4867-49195-49199-158-49196-49200-159-52393-52392-52244-52243-49161-49187-49171-49191-51-103-49162-49188-49172-49192-57-107-156-157-47-60-53-61-10,65281-23-35-13-11-40-45-43-10,29-23-24,0"
diff --git a/tests/tls/tls13-draft19/test.yaml b/tests/tls/tls13-draft19/test.yaml
index 431d00a33..e0cc1e003 100644
--- a/tests/tls/tls13-draft19/test.yaml
+++ b/tests/tls/tls13-draft19/test.yaml
@@ -4,6 +4,16 @@ args:
 checks:
 
   - filter:
+      count: 3
+      match:
+        event_type: tls
+        tls.sni: "localhost"
+        tls.version: "TLS 1.3 draft-19"
+
+  - filter:
+      requires:
+        features:
+          - HAVE_JA3
       count: 1
       match:
         event_type: tls
@@ -13,6 +23,9 @@ checks:
         tls.ja3.string: "771,4866-255,0-11-10-35-13-22-23-43-45-40,29-23-25-24,0-1-2"
 
   - filter:
+      requires:
+        features:
+          - HAVE_JA3
       count: 1
       match:
         event_type: tls
@@ -22,6 +35,9 @@ checks:
         tls.ja3.string: "771,4866-255,0-11-10-35-13-22-23-43-45-40-42-41,29-23-25-24,0-1-2"
 
   - filter:
+      requires:
+        features:
+          - HAVE_JA3
       count: 1
       match:
         event_type: tls
diff --git a/tests/tls/tls13-draft22/test.yaml b/tests/tls/tls13-draft22/test.yaml
index c2d640d35..983fcc95a 100644
--- a/tests/tls/tls13-draft22/test.yaml
+++ b/tests/tls/tls13-draft22/test.yaml
@@ -9,5 +9,15 @@ checks:
         event_type: tls
         tls.sni: "localhost"
         tls.version: "TLS 1.3 draft-22"
+
+  - filter:
+      requires:
+        features:
+          - HAVE_JA3
+      count: 1
+      match:
+        event_type: tls
+        tls.sni: "localhost"
+        tls.version: "TLS 1.3 draft-22"
         tls.ja3.hash: "786468211b4d23f9b725987b0de9d090"
         tls.ja3.string: "771,4865-4867,0-43-13-10-40,23,"
diff --git a/tests/tls/tls13-draft23/test.yaml b/tests/tls/tls13-draft23/test.yaml
index 0ba22891b..d58f51c49 100644
--- a/tests/tls/tls13-draft23/test.yaml
+++ b/tests/tls/tls13-draft23/test.yaml
@@ -8,5 +8,14 @@ checks:
       match:
         event_type: tls
         tls.version: "TLS 1.3 draft-23"
+
+  - filter:
+      requires:
+        features:
+          - HAVE_JA3
+      count: 1
+      match:
+        event_type: tls
+        tls.version: "TLS 1.3 draft-23"
         tls.ja3.hash: "0558cf38ebac58d332d7f39308fcd006"
         tls.ja3.string: "771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49161-49187-49171-49191-49162-49188-49172-49192-156-157-47-60-53-61-10,65281-23-35-13-11-51-45-43-10,29-23-24,0"
diff --git a/tests/tls/tls13-draft28-frames/test.yaml b/tests/tls/tls13-draft28-frames/test.yaml
index 4ff3cc98e..e6f416d1e 100644
--- a/tests/tls/tls13-draft28-frames/test.yaml
+++ b/tests/tls/tls13-draft28-frames/test.yaml
@@ -9,6 +9,9 @@ args:
 checks:
 
   - filter:
+      requires:
+        features:
+          - HAVE_JA3
       count: 1
       match:
         event_type: tls
@@ -18,6 +21,9 @@ checks:
         tls.ja3.string: "771,4866-4867-4865-4868-49196-52393-49325-49162-49195-49324-49161-49200-52392-49172-49199-49171-157-49309-53-156-49308-47-159-52394-49311-57-158-49310-51,5-10-11-13-22-23-35-51-43-65281-0-45-41,23,0"
 
   - filter:
+      requires:
+        features:
+          - HAVE_JA3
       count: 1
       match:
         event_type: tls
diff --git a/tests/tls/tls13-draft28/test.yaml b/tests/tls/tls13-draft28/test.yaml
index d408d44cd..909d5dff5 100644
--- a/tests/tls/tls13-draft28/test.yaml
+++ b/tests/tls/tls13-draft28/test.yaml
@@ -4,6 +4,16 @@ args:
 checks:
 
   - filter:
+      count: 2
+      match:
+        event_type: tls
+        tls.sni: "localhost"
+        tls.version: "TLS 1.3 draft-28"
+
+  - filter:
+      requires:
+        features:
+          - HAVE_JA3
       count: 1
       match:
         event_type: tls
@@ -13,6 +23,9 @@ checks:
         tls.ja3.string: "771,4866-4867-4865-4868-49196-52393-49325-49162-49195-49324-49161-49200-52392-49172-49199-49171-157-49309-53-156-49308-47-159-52394-49311-57-158-49310-51,5-10-11-13-22-23-35-51-43-65281-0-45-41,23,0"
 
   - filter:
+      requires:
+        features:
+          - HAVE_JA3
       count: 1
       match:
         event_type: tls