From: Shivani Bhardwaj Date: Sat, 5 Feb 2022 08:58:42 +0000 (+0530) Subject: nfs: add test for memleak w file_data X-Git-Tag: suricata-6.0.5~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=875895a3ec080b57fda0e4722d2a785b6771bb22;p=thirdparty%2Fsuricata-verify.git nfs: add test for memleak w file_data --- diff --git a/tests/nfs-file-data-4894/README b/tests/nfs-file-data-4894/README new file mode 100644 index 000000000..4f8cc352e --- /dev/null +++ b/tests/nfs-file-data-4894/README @@ -0,0 +1,14 @@ +Description +=========== +A test to demonstrate https://redmine.openinfosecfoundation.org/issues/4894 and +https://redmine.openinfosecfoundation.org/issues/4895. + +Rule +==== + +Faulty rule provided by Jeff Lucovsky. + +PCAP +==== + +Pcap from https://wiki.wireshark.org/SampleCaptures#NFS_Protocol_Family diff --git a/tests/nfs-file-data-4894/input.pcap b/tests/nfs-file-data-4894/input.pcap new file mode 100644 index 000000000..9a94efd9e Binary files /dev/null and b/tests/nfs-file-data-4894/input.pcap differ diff --git a/tests/nfs-file-data-4894/test.rules b/tests/nfs-file-data-4894/test.rules new file mode 100644 index 000000000..0521b3e3e --- /dev/null +++ b/tests/nfs-file-data-4894/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"NFS support";file.data;content:" ";nfs_procedure: < 14900000;sid:2;) diff --git a/tests/nfs-file-data-4894/test.yaml b/tests/nfs-file-data-4894/test.yaml new file mode 100644 index 000000000..d7095e56c --- /dev/null +++ b/tests/nfs-file-data-4894/test.yaml @@ -0,0 +1,15 @@ +requires: + lt-version: 7 + +exit-code: 0 + +command: | + ${SRCDIR}/src/suricata --set classification-file="${SRCDIR}/etc/classification.config" \ + --set reference-config-file="${SRCDIR}/etc/reference.config" -l ${OUTPUT_DIR} \ + --set threshold-file="${TEST_DIR}/threshold.config" \ + -c "${SRCDIR}/suricata.yaml" -r ${TEST_DIR}/input.pcap -S ${TEST_DIR}/test.rules + +checks: + - shell: + args: grep "Can't use file_data with NFS keywords" stderr | wc -l | xargs + expect: 1