From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 13 Jul 2020 07:50:42 +0000 (+0200)
Subject: http: adds test with signle gap
X-Git-Tag: suricata-6.0.4~242
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0d13ec1f3faefa8efa3ad769b3b39297763f608;p=thirdparty%2Fsuricata-verify.git

http: adds test with signle gap
---

diff --git a/tests/http-gap-simple/README.md b/tests/http-gap-simple/README.md
new file mode 100644
index 000000000..73de7efbc
--- /dev/null
+++ b/tests/http-gap-simple/README.md
@@ -0,0 +1,13 @@
+# Description
+
+Test http gap handling
+
+This test case contains a single simple gap in response body with defined content-length
+
+# PCAP
+
+The pcap comes from running
+`python test/htptopcap.py toaddgap.txt`
+With the attached toaddgap.txt
+
+Then removing packet 17
diff --git a/tests/http-gap-simple/input.pcap b/tests/http-gap-simple/input.pcap
new file mode 100644
index 000000000..5edd0f198
Binary files /dev/null and b/tests/http-gap-simple/input.pcap differ
diff --git a/tests/http-gap-simple/test.yaml b/tests/http-gap-simple/test.yaml
new file mode 100644
index 000000000..c47eb7973
--- /dev/null
+++ b/tests/http-gap-simple/test.yaml
@@ -0,0 +1,44 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 6.0.0
+
+# disables checksum verification
+args:
+  - -k none
+
+checks:
+
+  # Check that there is one file event with content range.
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: "/1"
+        http.status: 200
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: "/2"
+        http.status: 200
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.url: "/3"
+        http.status: 200
+  - filter:
+      count: 2
+      match:
+        event_type: fileinfo
+        fileinfo.size: 14
+        fileinfo.state: "CLOSED"
+        fileinfo.gaps: false
+  - filter:
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.size: 70
+        fileinfo.state: "TRUNCATED"
+        fileinfo.gaps: true
diff --git a/tests/http-gap-simple/toaddgap.txt b/tests/http-gap-simple/toaddgap.txt
new file mode 100644
index 000000000..c6859edfa
--- /dev/null
+++ b/tests/http-gap-simple/toaddgap.txt
@@ -0,0 +1,53 @@
+>>>
+GET /1 HTTP/1.0
+User-Agent: Mozilla
+
+
+<<<
+HTTP/1.0 200 OK
+Date: Mon, 31 Aug 2009 20:25:50 GMT
+Server: Apache
+Connection: close
+Content-Type: text/html
+Content-Length: 12
+
+
+<<<
+Hello World!
+
+>>>
+GET /2 HTTP/1.0
+User-Agent: Mozilla
+
+
+<<<
+HTTP/1.0 200 OK
+Server: Apache
+Connection: close
+Content-Type: text/html
+Content-Length: 70
+
+
+<<<
+AAAAAAAAAAAAAA
+<<<
+AAAAAAAAAAAAAA
+<<<
+AAAAAAAAAAAAAA
+<<<
+AAAAAAAAAAAAAA
+<<<
+AAAAAAAAAAAAAA
+>>>
+GET /3 HTTP/1.0
+User-Agent: Mozilla
+
+
+<<<
+HTTP/1.0 200 OK
+Server: Apache
+Connection: close
+Content-Type: text/html
+Content-Length: 12
+
+Hello People