From: Jason Ish <jason.ish@oisf.net>
Date: Thu, 22 Sep 2022 18:03:09 +0000 (-0600)
Subject: incomplete-hex: -T tests for version 6 and 7
X-Git-Tag: suricata-6.0.8~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=79c64e005f799230928a4c0d57972511944e73e9;p=thirdparty%2Fsuricata-verify.git

incomplete-hex: -T tests for version 6 and 7

For version 7, incomplete hex should lead to a -T failure.  For
version 6, -T should pass.
---

diff --git a/tests/content-incomplete-hex-t-version-6/README.md b/tests/content-incomplete-hex-t-version-6/README.md
new file mode 100644
index 000000000..ef2785201
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-6/README.md
@@ -0,0 +1,6 @@
+Tests the behaviour of -T when a rule contains incomplete hex.
+
+For Suricata 6.0.x, -T should pass unless
+--strict-rule-keywords=content is provided.
+
+For Suricata 7.0+, -T should fail.
diff --git a/tests/content-incomplete-hex-t-version-6/suricata.yaml b/tests/content-incomplete-hex-t-version-6/suricata.yaml
new file mode 100644
index 000000000..6917d8538
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-6/suricata.yaml
@@ -0,0 +1,2 @@
+%YAML 1.1
+---
diff --git a/tests/content-incomplete-hex-t-version-6/test.rules b/tests/content-incomplete-hex-t-version-6/test.rules
new file mode 100644
index 000000000..397a5f1ce
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-6/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"incomplete hex test rule"; content:"|22 2 22|"; sid:12346; rev:1;)
diff --git a/tests/content-incomplete-hex-t-version-6/test.yaml b/tests/content-incomplete-hex-t-version-6/test.yaml
new file mode 100644
index 000000000..8da6517f4
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-6/test.yaml
@@ -0,0 +1,10 @@
+requires:
+  min-version: 6
+  lt-version: 7
+
+args:
+  - -T
+
+pcap: false
+
+exit-code: 0
diff --git a/tests/content-incomplete-hex-t-version-7-plus/README.md b/tests/content-incomplete-hex-t-version-7-plus/README.md
new file mode 100644
index 000000000..ef2785201
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-7-plus/README.md
@@ -0,0 +1,6 @@
+Tests the behaviour of -T when a rule contains incomplete hex.
+
+For Suricata 6.0.x, -T should pass unless
+--strict-rule-keywords=content is provided.
+
+For Suricata 7.0+, -T should fail.
diff --git a/tests/content-incomplete-hex-t-version-7-plus/suricata.yaml b/tests/content-incomplete-hex-t-version-7-plus/suricata.yaml
new file mode 100644
index 000000000..6917d8538
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-7-plus/suricata.yaml
@@ -0,0 +1,2 @@
+%YAML 1.1
+---
diff --git a/tests/content-incomplete-hex-t-version-7-plus/test.rules b/tests/content-incomplete-hex-t-version-7-plus/test.rules
new file mode 100644
index 000000000..397a5f1ce
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-7-plus/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"incomplete hex test rule"; content:"|22 2 22|"; sid:12346; rev:1;)
diff --git a/tests/content-incomplete-hex-t-version-7-plus/test.yaml b/tests/content-incomplete-hex-t-version-7-plus/test.yaml
new file mode 100644
index 000000000..9150403ce
--- /dev/null
+++ b/tests/content-incomplete-hex-t-version-7-plus/test.yaml
@@ -0,0 +1,9 @@
+requires:
+  min-version: 7.0.0
+
+args:
+  - -T
+
+pcap: false
+
+exit-code: 1