From: Modupe Falodun Date: Tue, 25 Jan 2022 21:48:05 +0000 (+0100) Subject: http-request-line: add unittests X-Git-Tag: suricata-6.0.5~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4933efdd7ddf89333e2ff775daca7c3beca1f8ac;p=thirdparty%2Fsuricata-verify.git http-request-line: add unittests Task: 4911 --- diff --git a/tests/http-request-line/README.md b/tests/http-request-line/README.md new file mode 100644 index 000000000..bcb739241 --- /dev/null +++ b/tests/http-request-line/README.md @@ -0,0 +1 @@ +Test the http_request_line keyword diff --git a/tests/http-request-line/input.pcap b/tests/http-request-line/input.pcap new file mode 100644 index 000000000..a35f98b0f Binary files /dev/null and b/tests/http-request-line/input.pcap differ diff --git a/tests/http-request-line/test.rules b/tests/http-request-line/test.rules new file mode 100644 index 000000000..12c4f87c9 --- /dev/null +++ b/tests/http-request-line/test.rules @@ -0,0 +1,5 @@ +alert http any any -> any any (http_request_line; bsize:>10; sid:1;) +alert http any any -> any any (http_request_line; bsize:<100; sid:2;) +alert http any any -> any any (http_request_line; bsize:10<>100; sid:3;) +alert http any any -> any any (http_request_line; bsize:>100; sid:4;) +alert http any any -> any any (http_request_line; content:"GET /index.html HTTP/1.0"; sid:5;) diff --git a/tests/http-request-line/test.yaml b/tests/http-request-line/test.yaml new file mode 100644 index 000000000..6fb7055e9 --- /dev/null +++ b/tests/http-request-line/test.yaml @@ -0,0 +1,37 @@ +args: +- --set stream.midstream=true + +checks: +- filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 +- filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2 +- filter: + count: 1 + match: + event_type: alert + alert.signature_id: 3 +- filter: + count: 0 + match: + event_type: alert + alert.signature_id: 4 +- filter: + count: 1 + match: + event_type: alert + alert.signature_id: 5 +- filter: + count: 1 + match: + event_type: flow +- filter: + count: 1 + match: + event_type: stats diff --git a/tests/http-request-line/writepcap.py b/tests/http-request-line/writepcap.py new file mode 100644 index 000000000..a3e0b275e --- /dev/null +++ b/tests/http-request-line/writepcap.py @@ -0,0 +1,10 @@ +#!/usr/bin/env python +from scapy.all import * + +pkts = [] + +pkts += Ether(dst='ff:ff:ff:ff:ff:ff', src='00:01:02:03:04:05')/ \ + Dot1Q(vlan=6)/ \ + IP(dst='1.2.3.4', src='5.6.7.8')/TCP(sport=6666, dport=63, flags='P''A')/"GET /index.html HTTP/1.0\r\nHost: www.openinfosecfoundation.org\r\nUser-Agent: This is dummy message body\r\nContent-Type: text/html\r\n" + +wrpcap('input.pcap', pkts)