From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Tue, 2 Sep 2025 14:06:05 +0000 (-0400)
Subject: test/entropy: Test with raw content
X-Git-Tag: suricata-8.0.2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c6201f2ceb171e60c92f0e636188ee46d2cd6b4b;p=thirdparty%2Fsuricata-verify.git

test/entropy: Test with raw content

Test entropy w/out a sticky buffer.

Without the suricata fixes, the test will SEGV and thus fail.

With the suricata fixes, the calculated entropy value will be
matched with the value in the test specification.
---

diff --git a/tests/entropy/entropy-03/input.pcap b/tests/entropy/entropy-03/input.pcap
new file mode 100644
index 000000000..e0f1fbe63
Binary files /dev/null and b/tests/entropy/entropy-03/input.pcap differ
diff --git a/tests/entropy/entropy-03/test.rules b/tests/entropy/entropy-03/test.rules
new file mode 100644
index 000000000..9193decb6
--- /dev/null
+++ b/tests/entropy/entropy-03/test.rules
@@ -0,0 +1 @@
+alert tcp-pkt any any -> any any (msg:"Entropy segfault test"; entropy: value >= 6; sid:1;)
diff --git a/tests/entropy/entropy-03/test.yaml b/tests/entropy/entropy-03/test.yaml
new file mode 100644
index 000000000..6d8690576
--- /dev/null
+++ b/tests/entropy/entropy-03/test.yaml
@@ -0,0 +1,11 @@
+requires:
+    min-version: 8.0.1
+
+pcap: ../entropy-01/input.pcap
+
+checks:
+    - filter:
+        count: 1
+        match:
+          event_type: http
+          metadata.entropy.content: 4.137370175000773