From: Philippe Antoine Date: Tue, 8 Sep 2020 07:21:18 +0000 (+0200) Subject: http: adds test for connect and protocol change X-Git-Tag: suricata-6.0.4~232 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d76bf2b8618b89cf725febea85f93b613c65c527;p=thirdparty%2Fsuricata-verify.git http: adds test for connect and protocol change --- diff --git a/tests/http-connect/http-connect-fragmented/README.md b/tests/http-connect/http-connect-fragmented/README.md new file mode 100644 index 000000000..fd9a3e1de --- /dev/null +++ b/tests/http-connect/http-connect-fragmented/README.md @@ -0,0 +1,7 @@ +# Description + +Test HTTP CONNECT followed by HTTP + +# PCAP + +The pcap comes from running txt2pcap.py with input.txt diff --git a/tests/http-connect/http-connect-fragmented/input.pcap b/tests/http-connect/http-connect-fragmented/input.pcap new file mode 100644 index 000000000..c102a813b Binary files /dev/null and b/tests/http-connect/http-connect-fragmented/input.pcap differ diff --git a/tests/http-connect/http-connect-fragmented/input.txt b/tests/http-connect/http-connect-fragmented/input.txt new file mode 100644 index 000000000..de079e153 --- /dev/null +++ b/tests/http-connect/http-connect-fragmented/input.txt @@ -0,0 +1,5 @@ +c2s CONNECT abc:443 HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n +s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n +c2s GE +c2s T / HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n +s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n diff --git a/tests/http-connect/http-connect-fragmented/test.yaml b/tests/http-connect/http-connect-fragmented/test.yaml new file mode 100644 index 000000000..d33f4398b --- /dev/null +++ b/tests/http-connect/http-connect-fragmented/test.yaml @@ -0,0 +1,28 @@ +requires: + features: + - HAVE_LIBJANSSON + +# disables checksum verification +args: + - -k none + +checks: + + # Check that there is one file event with content range. + - filter: + count: 1 + match: + event_type: http + tx_id: 0 + http.http_method: CONNECT + http.protocol: HTTP/1.1 + http.status: 200 + - filter: + count: 1 + match: + event_type: http + # new transaction id as we reset after CONNECT + tx_id: 0 + http.http_method: GET + http.protocol: HTTP/1.1 + http.status: 200 diff --git a/tests/http-connect/http-connect-simple/README.md b/tests/http-connect/http-connect-simple/README.md new file mode 100644 index 000000000..fd9a3e1de --- /dev/null +++ b/tests/http-connect/http-connect-simple/README.md @@ -0,0 +1,7 @@ +# Description + +Test HTTP CONNECT followed by HTTP + +# PCAP + +The pcap comes from running txt2pcap.py with input.txt diff --git a/tests/http-connect/http-connect-simple/input.pcap b/tests/http-connect/http-connect-simple/input.pcap new file mode 100644 index 000000000..a5b7981eb Binary files /dev/null and b/tests/http-connect/http-connect-simple/input.pcap differ diff --git a/tests/http-connect/http-connect-simple/input.txt b/tests/http-connect/http-connect-simple/input.txt new file mode 100644 index 000000000..bae5ed5d1 --- /dev/null +++ b/tests/http-connect/http-connect-simple/input.txt @@ -0,0 +1,4 @@ +c2s CONNECT abc:443 HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n +s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n +c2s GET / HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n +s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n \ No newline at end of file diff --git a/tests/http-connect/http-connect-simple/test.yaml b/tests/http-connect/http-connect-simple/test.yaml new file mode 100644 index 000000000..d33f4398b --- /dev/null +++ b/tests/http-connect/http-connect-simple/test.yaml @@ -0,0 +1,28 @@ +requires: + features: + - HAVE_LIBJANSSON + +# disables checksum verification +args: + - -k none + +checks: + + # Check that there is one file event with content range. + - filter: + count: 1 + match: + event_type: http + tx_id: 0 + http.http_method: CONNECT + http.protocol: HTTP/1.1 + http.status: 200 + - filter: + count: 1 + match: + event_type: http + # new transaction id as we reset after CONNECT + tx_id: 0 + http.http_method: GET + http.protocol: HTTP/1.1 + http.status: 200 diff --git a/tests/http-connect/http-connect-tls/README.md b/tests/http-connect/http-connect-tls/README.md new file mode 100644 index 000000000..fd9a3e1de --- /dev/null +++ b/tests/http-connect/http-connect-tls/README.md @@ -0,0 +1,7 @@ +# Description + +Test HTTP CONNECT followed by HTTP + +# PCAP + +The pcap comes from running txt2pcap.py with input.txt diff --git a/tests/http-connect/http-connect-tls/input.pcap b/tests/http-connect/http-connect-tls/input.pcap new file mode 100644 index 000000000..0e78004bc Binary files /dev/null and b/tests/http-connect/http-connect-tls/input.pcap differ diff --git a/tests/http-connect/http-connect-tls/input.txt b/tests/http-connect/http-connect-tls/input.txt new file mode 100644 index 000000000..273a81b89 --- /dev/null +++ b/tests/http-connect/http-connect-tls/input.txt @@ -0,0 +1,3 @@ +c2s CONNECT abc:443 HTTP/1.1\r\nUser-Agent: Victor/1.0\r\n\r\n +s2c HTTP/1.1 200 OK\r\nServer: VictorServer/1.0\r\n\r\n +c2s \x16\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \ No newline at end of file diff --git a/tests/http-connect/http-connect-tls/test.yaml b/tests/http-connect/http-connect-tls/test.yaml new file mode 100644 index 000000000..b577aed13 --- /dev/null +++ b/tests/http-connect/http-connect-tls/test.yaml @@ -0,0 +1,25 @@ +requires: + features: + - HAVE_LIBJANSSON + +# disables checksum verification +args: + - -k none + +checks: + + # Check that there is one file event with content range. + - filter: + count: 1 + match: + event_type: http + tx_id: 0 + http.http_method: CONNECT + http.protocol: HTTP/1.1 + http.status: 200 + - filter: + count: 1 + match: + event_type: flow + app_proto: tls + app_proto_orig: http