From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 13 Jul 2020 12:29:56 +0000 (+0200)
Subject: ssh: adds regression test for hassh kex parsing
X-Git-Tag: suricata-6.0.4~268
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3ad83486e392b2bf926477a43b9cf35192badeee;p=thirdparty%2Fsuricata-verify.git

ssh: adds regression test for hassh kex parsing
---

diff --git a/tests/ssh-hassh-incomplete/README.md b/tests/ssh-hassh-incomplete/README.md
new file mode 100644
index 000000000..6c57712be
--- /dev/null
+++ b/tests/ssh-hassh-incomplete/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test regression against SSH kex parsing
+
+
+# PCAP
+
+The pcap comes from https://redmine.openinfosecfoundation.org/issues/3820
diff --git a/tests/ssh-hassh-incomplete/input.pcap b/tests/ssh-hassh-incomplete/input.pcap
new file mode 100644
index 000000000..62e773c03
Binary files /dev/null and b/tests/ssh-hassh-incomplete/input.pcap differ
diff --git a/tests/ssh-hassh-incomplete/test.yaml b/tests/ssh-hassh-incomplete/test.yaml
new file mode 100644
index 000000000..389a56bd2
--- /dev/null
+++ b/tests/ssh-hassh-incomplete/test.yaml
@@ -0,0 +1,15 @@
+requires:
+  min-version: 6.0.0
+features:
+    - RUST
+
+args:
+ - -k none --simulate-ips --set app-layer.protocols.ssh.hassh=yes
+
+checks:
+  # Check that we have the following events in eve.json
+  - filter:
+      count: 1
+      match:
+        event_type: ssh
+        ssh.client.hassh.hash: "46c5bd9748882f1a5d75753fb7d47a61"