From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Wed, 7 Dec 2022 14:57:38 +0000 (-0500)
Subject: tests/content: Validate dist/with length checks
X-Git-Tag: suricata-6.0.13~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=39d1001b22a343ff73a5101c91b41616d252ad9f;p=thirdparty%2Fsuricata-verify.git

tests/content: Validate dist/with length checks

Ticket: 5740

This commit adds tests that validate the distance and within values are
constrained appropriately to the range [0, 1045876]
---

diff --git a/tests/test-content-limits-1/suricata.yaml b/tests/test-content-limits-1/suricata.yaml
new file mode 100644
index 000000000..dcaae57fe
--- /dev/null
+++ b/tests/test-content-limits-1/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: info
+  outputs:
+  - file:
+      enabled: yes
+      filename: eve.json
+      type: json
diff --git a/tests/test-content-limits-1/test.rules b/tests/test-content-limits-1/test.rules
new file mode 100644
index 000000000..ed4257b8f
--- /dev/null
+++ b/tests/test-content-limits-1/test.rules
@@ -0,0 +1,4 @@
+drop ip :: 0 <> :: 2 (msg:"Invalid within" ;content:" ";within:1048577;dsize:4; sid:1;)
+drop ip :: 0 <> :: 2 (msg:"Invalid within" ;content:" ";within:-1048577;dsize:4; sid:2;)
+drop ip :: 0 <> :: 2 (msg:"Invalid distance" ;content:" ";distance:1048577;dsize:4; sid:3;)
+drop ip :: 0 <> :: 2 (msg:"Invalid distance" ;content:" ";distance:-1048577;dsize:4; sid:4;)
diff --git a/tests/test-content-limits-1/test.yaml b/tests/test-content-limits-1/test.yaml
new file mode 100644
index 000000000..a645919dd
--- /dev/null
+++ b/tests/test-content-limits-1/test.yaml
@@ -0,0 +1,50 @@
+requires:
+  min-version: 7
+
+command: |
+  ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/classification.config" --set reference-config-file="${SRCDIR}/reference.config" -l ${OUTPUT_DIR} -c ${TEST_DIR}/suricata.yaml -r ${TEST_DIR}/ -S ${TEST_DIR}/test.rules
+
+checks:
+  # check that we have the following entries in eve.json
+  # match 1 specific rule load failure reason
+  - filter:
+      count: 2
+      match:
+        event_type: engine
+        engine.module: detect-within
+
+  - filter:
+      count: 2
+      match:
+        event_type: engine
+        engine.module: detect-distance
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for distance: 1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for distance: -1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for within: 1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "invalid value for within: -1048577"
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "1 rule files specified, but no rules were loaded!"