From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Tue, 5 Apr 2022 10:32:41 +0000 (+0530)
Subject: detect/flowbits: add test for bug 5154
X-Git-Tag: suricata-6.0.6~104
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c3f26ac44c071d08d6cbda4cd89202183082e116;p=thirdparty%2Fsuricata.git

detect/flowbits: add test for bug 5154
---

diff --git a/src/detect-flowbits.c b/src/detect-flowbits.c
index d8680220a6..6629064358 100644
--- a/src/detect-flowbits.c
+++ b/src/detect-flowbits.c
@@ -1371,6 +1371,35 @@ static int FlowBitsTestSig11(void)
     PASS;
 }
 
+/**
+ * \test FlowBitsTestSig12 is a test to check random arguments to
+ *  flowbits keyword are rejected
+ *  See https://redmine.openinfosecfoundation.org/issues/5154
+ *  \retval 1 on succces
+ *  \retval 0 on failure
+ */
+
+static int FlowBitsTestSig12(void)
+{
+    Signature *s = NULL;
+    DetectEngineCtx *de_ctx = NULL;
+
+    de_ctx = DetectEngineCtxInit();
+    FAIL_IF_NULL(de_ctx);
+
+    de_ctx->flags |= DE_QUIET;
+
+    s = DetectEngineAppendSig(de_ctx,
+            "alert http any any -> any any (msg:\"flowbits with noalert option\"; "
+            "flow:established,to_server; http.method; content:\"POST\"; "
+            "flowbits:set,ET.whatever,asdfasdf; sid:7;)");
+    FAIL_IF_NOT_NULL(s);
+
+    SigGroupBuild(de_ctx);
+    DetectEngineCtxFree(de_ctx);
+    PASS;
+}
+
 /**
  * \brief this function registers unit tests for FlowBits
  */
@@ -1388,5 +1417,6 @@ void FlowBitsRegisterTests(void)
     UtRegisterTest("FlowBitsTestSig09", FlowBitsTestSig09);
     UtRegisterTest("FlowBitsTestSig10", FlowBitsTestSig10);
     UtRegisterTest("FlowBitsTestSig11", FlowBitsTestSig11);
+    UtRegisterTest("FlowBitsTestSig12", FlowBitsTestSig12);
 }
 #endif /* UNITTESTS */