From: jason taylor <jtfas90@gmail.com>
Date: Tue, 14 Jun 2022 21:17:21 +0000 (+0000)
Subject: tests: add http.host nocase test
X-Git-Tag: suricata-6.0.8~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=516dd47015a2ba01d75d7e5e0037de4a0ea6a19a;p=thirdparty%2Fsuricata-verify.git

tests: add http.host nocase test

Signed-off-by: jason taylor <jtfas90@gmail.com>
---

diff --git a/tests/test-bad-http-host-rule-1/test.rules b/tests/test-bad-http-host-rule-1/test.rules
index 4a5ac697d..f9888467d 100644
--- a/tests/test-bad-http-host-rule-1/test.rules
+++ b/tests/test-bad-http-host-rule-1/test.rules
@@ -1 +1 @@
-alert http any any -> any any (msg:"TEST SUCCESFULL - http host capitalizaed "; http.host; content:"ALLCAPS.COM"; sid:1111; rev:1;)
+alert http any any -> any any (msg:"TEST SUCCESFULL - http host capitalizaed"; http.host; content:"ALLCAPS.COM"; sid:1111; rev:1;)
diff --git a/tests/test-bad-http-host-rule-2/suricata.yaml b/tests/test-bad-http-host-rule-2/suricata.yaml
new file mode 100644
index 000000000..dcaae57fe
--- /dev/null
+++ b/tests/test-bad-http-host-rule-2/suricata.yaml
@@ -0,0 +1,10 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: info
+  outputs:
+  - file:
+      enabled: yes
+      filename: eve.json
+      type: json
diff --git a/tests/test-bad-http-host-rule-2/test.rules b/tests/test-bad-http-host-rule-2/test.rules
new file mode 100644
index 000000000..94aa23c1f
--- /dev/null
+++ b/tests/test-bad-http-host-rule-2/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"TEST SUCCESFULL - http host nocase"; http.host; content:"somehost.com"; nocase; sid:123; rev:1;)
diff --git a/tests/test-bad-http-host-rule-2/test.yaml b/tests/test-bad-http-host-rule-2/test.yaml
new file mode 100644
index 000000000..32370d9a1
--- /dev/null
+++ b/tests/test-bad-http-host-rule-2/test.yaml
@@ -0,0 +1,17 @@
+requires:
+  min-version: 7.0.0
+
+checks:
+  # check that we have the following entres in eve.json
+  # match 1 specific rule load failure reason
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.message: "rule 123: http.host keyword specified along with \"nocase\". The hostname buffer is normalized to lowercase, specifying nocase is redundant."
+
+  - filter:
+      count: 1
+      match:
+        event_type: engine
+        engine.error: "SC_ERR_NO_RULES_LOADED"