From: Victor Julien <victor@inliniac.net>
Date: Mon, 13 Jun 2022 12:34:52 +0000 (+0200)
Subject: tests: add test for bug 5392
X-Git-Tag: suricata-5.0.10~12
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=768844f7735be2f0bc91c900d9956786daeb34c2;p=thirdparty%2Fsuricata-verify.git

tests: add test for bug 5392
---

diff --git a/tests/bug-5392/TPWhite-carved-out-7787-s1.pcap b/tests/bug-5392/TPWhite-carved-out-7787-s1.pcap
new file mode 100644
index 000000000..f9bad0e6c
Binary files /dev/null and b/tests/bug-5392/TPWhite-carved-out-7787-s1.pcap differ
diff --git a/tests/bug-5392/suricata.yaml b/tests/bug-5392/suricata.yaml
new file mode 100644
index 000000000..ecbf3b361
--- /dev/null
+++ b/tests/bug-5392/suricata.yaml
@@ -0,0 +1,73 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      pcap-file: true
+      types:
+        - http:
+            enabled: yes
+            extended: yes     # enable this for extended logging information
+            # custom allows additional HTTP fields to be included in eve-log.
+            # the example below adds three additional fields when uncommented
+            #custom: [Accept-Encoding, Accept-Language, Authorization]
+            # set this value to one and only one from {both, request, response}
+            # to dump all HTTP headers for every HTTP request and/or response
+            # dump-all-headers: none
+        - files:
+            force-magic: no   # force logging magic on all logged files
+            # force logging of checksums, available hash functions are md5,
+            # sha1 and sha256
+            #force-hash: [md5]
+
+  - file-store:
+      version: 2
+      enabled: yes
+      dir: filestore
+      write-fileinfo: yes
+      force-filestore: yes
+
+# Logging configuration.  This is not about logging IDS alerts/events, but
+# output about what Suricata is doing, like startup messages, errors, etc.
+logging:
+  default-log-level: notice
+  outputs:
+  - console:
+      enabled: yes
+      # type: json
+  - file:
+      enabled: yes
+      level: info
+      filename: suricata.json
+      type: json
+  - syslog:
+      enabled: no
+      facility: local5
+      format: "[%i] <%d> -- "
+      # type: json
+
+
+app-layer:
+  protocols:
+    http:
+      enabled: yes
+      libhtp:
+         default-config:
+           personality: IDS
+           request-body-limit: 100kb
+           response-body-limit: 100kb
+           request-body-minimal-inspect-size: 32kb
+           request-body-inspect-window: 4kb
+           response-body-minimal-inspect-size: 40kb
+           response-body-inspect-window: 16kb
+           response-body-decompress-layer-limit: 2
+           http-body-inline: auto
+           swf-decompression:
+             enabled: yes
+             type: both
+             compress-depth: 100kb
+             decompress-depth: 100kb
+           double-decode-path: no
+           double-decode-query: no
diff --git a/tests/bug-5392/test.yaml b/tests/bug-5392/test.yaml
new file mode 100644
index 000000000..58bfc672d
--- /dev/null
+++ b/tests/bug-5392/test.yaml
@@ -0,0 +1,19 @@
+requires:
+  min-version: 7
+
+args:
+- -k none
+- --no-random
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: http
+  - filter:
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.size: 59466
+        fileinfo.state: "TRUNCATED"
+        fileinfo.gaps: true