From: Philippe Antoine <contact@catenacyber.fr>
Date: Fri, 26 Aug 2022 07:26:59 +0000 (+0200)
Subject: Adds test for http file to server
X-Git-Tag: suricata-6.0.8~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e8f00f583e87cd0f66f333c8e5039a93f846437a;p=thirdparty%2Fsuricata-verify.git

Adds test for http file to server
---

diff --git a/tests/http-post-file/README.md b/tests/http-post-file/README.md
new file mode 100644
index 000000000..51768825e
--- /dev/null
+++ b/tests/http-post-file/README.md
@@ -0,0 +1,10 @@
+# Description
+
+Test HTTP file to server.
+
+# PCAP
+
+The pcap comes from running server
+`docker run --name mattermost-preview -d --publish 8065:8065 mattermost/mattermost-preview -m=4G`
+
+And client from mm.go (you need to setup credentials and channel Id)
diff --git a/tests/http-post-file/input.pcap b/tests/http-post-file/input.pcap
new file mode 100644
index 000000000..1ba2be575
Binary files /dev/null and b/tests/http-post-file/input.pcap differ
diff --git a/tests/http-post-file/mm.go b/tests/http-post-file/mm.go
new file mode 100644
index 000000000..0e9ed86f8
--- /dev/null
+++ b/tests/http-post-file/mm.go
@@ -0,0 +1,23 @@
+package main
+
+import (
+	"bytes"
+	"encoding/hex"
+	"fmt"
+	"github.com/mattermost/mattermost-server/v5/model"
+)
+
+func main() {
+	Client := model.NewAPIv4Client("http://localhost:8065/")
+	Client.Login("toto", "tototo")
+	data, _ := hex.DecodeString("58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482a")
+	us := &model.UploadSession{
+		ChannelId: "7wynam16o38tbfgegi1qjr53oy",
+		Filename:  "eicar",
+		FileSize:  int64(len(data)),
+	}
+	us, response := Client.CreateUpload(us)
+	fmt.Printf("lol %s %#+v\n", us, response)
+	info, err2 := Client.UploadData(us.Id, bytes.NewReader(data))
+	fmt.Printf("lol %s %#+v\n", err2, info)
+}
diff --git a/tests/http-post-file/test.rules b/tests/http-post-file/test.rules
new file mode 100644
index 000000000..225de0dc5
--- /dev/null
+++ b/tests/http-post-file/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"EICAR file"; flow:to_server; file_data; content:"|58354f2150254041505b345c505a58353428505e2937434329377d2445494341522d5354414e444152442d414e544956495255532d544553542d46494c452124482b482a|"; sid:1; rev:1;)
diff --git a/tests/http-post-file/test.yaml b/tests/http-post-file/test.yaml
new file mode 100644
index 000000000..66335ef9d
--- /dev/null
+++ b/tests/http-post-file/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 7
+
+# disables checksum verification
+args:
+- -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1