From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 20 Apr 2020 17:39:54 +0000 (-0600)
Subject: dns txt test: break into v1 and v2 tests
X-Git-Tag: suricata-6.0.4~299
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56bc760b37319d45ed0573c94c54af6c50d2ba16;p=thirdparty%2Fsuricata-verify.git

dns txt test: break into v1 and v2 tests

Eliminating the check.sh test at the same time.
---

diff --git a/tests/dns-udp-eve-log-txt/README.md b/tests/dns-udp-eve-log-txt/README.md
deleted file mode 100644
index 5a1c088f7..000000000
--- a/tests/dns-udp-eve-log-txt/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-Test that a TXT record is extracted and logged correctly to Eve.
-
diff --git a/tests/dns-udp-eve-log-txt/check.sh b/tests/dns-udp-eve-log-txt/check.sh
deleted file mode 100755
index e9ac4b790..000000000
--- a/tests/dns-udp-eve-log-txt/check.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#! /bin/sh
-
-set -e
-
-txt=$(cat eve.json | \
-	  jq -c 'select(.dns.type == "answer") | select(.dns.rrtype == "TXT") | .dns.rdata')
-test "${txt}" = '"v=spf1 include:_spf.google.com ~all"'
-
-
diff --git a/tests/dns-udp-eve-log-txt/test.yaml b/tests/dns-udp-eve-log-txt/test.yaml
deleted file mode 100644
index 56ea9b0d5..000000000
--- a/tests/dns-udp-eve-log-txt/test.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-requires:
-  features:
-    - HAVE_LIBJANSSON
diff --git a/tests/dns-udp-eve-log-txt/suricata.yaml b/tests/dns-udp-eve-v1-txt/suricata.yaml
similarity index 81%
rename from tests/dns-udp-eve-log-txt/suricata.yaml
rename to tests/dns-udp-eve-v1-txt/suricata.yaml
index 5f7eded22..beab613ba 100644
--- a/tests/dns-udp-eve-log-txt/suricata.yaml
+++ b/tests/dns-udp-eve-v1-txt/suricata.yaml
@@ -4,7 +4,6 @@
 outputs:
   - eve-log:
       enabled: yes
-      filename: eve.json
       types:
         - dns:
             version: 1
diff --git a/tests/dns-udp-eve-v1-txt/test.yaml b/tests/dns-udp-eve-v1-txt/test.yaml
new file mode 100644
index 000000000..bca727810
--- /dev/null
+++ b/tests/dns-udp-eve-v1-txt/test.yaml
@@ -0,0 +1,79 @@
+pcap: ../dns-udp-eve-v2-txt/input.pcap
+
+checks:
+- filter:
+    count: 4
+    match:
+      event_type: dns
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.id: 28243
+      dns.rrname: google.com
+      dns.rrtype: TXT
+      dns.tx_id: 0
+      dns.type: query
+      event_type: dns
+      pcap_cnt: 1
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.id: 39372
+      dns.rrname: textsecure-service-ca.whispersystems.org
+      dns.rrtype: A
+      dns.tx_id: 0
+      dns.type: query
+      event_type: dns
+      pcap_cnt: 3
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.flags: '8180'
+      dns.id: 28243
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.rdata: v=spf1 include:_spf.google.com ~all
+      dns.rrname: google.com
+      dns.rrtype: TXT
+      dns.ttl: 3217
+      dns.type: answer
+      event_type: dns
+      pcap_cnt: 2
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.flags: '8180'
+      dns.id: 39372
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.rdata: 34.197.178.240
+      dns.rrname: textsecure-service-ca.whispersystems.org
+      dns.rrtype: A
+      dns.ttl: 5
+      dns.type: answer
+      event_type: dns
+      pcap_cnt: 4
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
diff --git a/tests/dns-udp-eve-log-txt/dns-txt-google.com.pcap b/tests/dns-udp-eve-v2-txt/input.pcap
similarity index 100%
rename from tests/dns-udp-eve-log-txt/dns-txt-google.com.pcap
rename to tests/dns-udp-eve-v2-txt/input.pcap
diff --git a/tests/dns-udp-eve-v2-txt/test.yaml b/tests/dns-udp-eve-v2-txt/test.yaml
new file mode 100644
index 000000000..5f7461fc7
--- /dev/null
+++ b/tests/dns-udp-eve-v2-txt/test.yaml
@@ -0,0 +1,123 @@
+# *** Add configuration here ***
+
+checks:
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.id: 39372
+      dns.rrname: textsecure-service-ca.whispersystems.org
+      dns.rrtype: A
+      dns.tx_id: 0
+      dns.type: query
+      event_type: dns
+      pcap_cnt: 3
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.id: 28243
+      dns.rrname: google.com
+      dns.rrtype: TXT
+      dns.tx_id: 0
+      dns.type: query
+      event_type: dns
+      pcap_cnt: 1
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.answers[0].rdata: 34.197.178.240
+      dns.answers[0].rrname: textsecure-service-ca.whispersystems.org
+      dns.answers[0].rrtype: A
+      dns.answers[0].ttl: 5
+      dns.flags: '8180'
+      dns.grouped.A[0]: 34.197.178.240
+      dns.id: 39372
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.rrname: textsecure-service-ca.whispersystems.org
+      dns.rrtype: A
+      dns.type: answer
+      dns.version: 2
+      event_type: dns
+      pcap_cnt: 4
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
+- filter:
+    count: 1
+    match:
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      dns.answers[0].rdata: v=spf1 include:_spf.google.com ~all
+      dns.answers[0].rrname: google.com
+      dns.answers[0].rrtype: TXT
+      dns.answers[0].ttl: 3217
+      dns.flags: '8180'
+      dns.grouped.TXT[0]: v=spf1 include:_spf.google.com ~all
+      dns.id: 28243
+      dns.qr: true
+      dns.ra: true
+      dns.rcode: NOERROR
+      dns.rd: true
+      dns.rrname: google.com
+      dns.rrtype: TXT
+      dns.type: answer
+      dns.version: 2
+      event_type: dns
+      pcap_cnt: 2
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345
+- filter:
+    count: 1
+    match:
+      app_proto: dns
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 116
+      flow.bytes_toserver: 100
+      flow.end: 2017-06-08T15:45:58.525601+0000
+      flow.pkts_toclient: 1
+      flow.pkts_toserver: 1
+      flow.reason: shutdown
+      flow.start: 2017-06-08T15:45:58.520996+0000
+      flow.state: established
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 60922
+- filter:
+    count: 1
+    match:
+      app_proto: dns
+      dest_ip: 10.16.1.1
+      dest_port: 53
+      event_type: flow
+      flow.age: 0
+      flow.alerted: false
+      flow.bytes_toclient: 129
+      flow.bytes_toserver: 81
+      flow.end: 2017-06-08T15:45:57.833020+0000
+      flow.pkts_toclient: 1
+      flow.pkts_toserver: 1
+      flow.reason: shutdown
+      flow.start: 2017-06-08T15:45:57.828730+0000
+      flow.state: established
+      proto: UDP
+      src_ip: 10.16.1.11
+      src_port: 52345