From: Mahmoud Maatuq <mahmoudmatook.mm@gmail.com>
Date: Thu, 13 Jun 2024 18:37:09 +0000 (+0400)
Subject: imap: add test for protocol detection
X-Git-Tag: suricata-7.0.7~40
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=eaf151ca3aadc1cdadf13757804f43f65187bbcc;p=thirdparty%2Fsuricata-verify.git

imap: add test for protocol detection

ticket #2886

Signed-off-by: mmmaatuq <mahmoudmatook.mm@gmail.com>
---

diff --git a/tests/imap-detection/README.md b/tests/imap-detection/README.md
new file mode 100644
index 000000000..294fe6089
--- /dev/null
+++ b/tests/imap-detection/README.md
@@ -0,0 +1,10 @@
+# Simple test for imap protocol detection.
+
+## PCAP
+
+URL: "Pcap imap.cap provided with redmine issue https://redmine.openinfosecfoundation.org/issues/2886"
+
+## Related issues
+
+Ticket #2886
+
diff --git a/tests/imap-detection/input.pcap b/tests/imap-detection/input.pcap
new file mode 100644
index 000000000..517936db7
Binary files /dev/null and b/tests/imap-detection/input.pcap differ
diff --git a/tests/imap-detection/test.yaml b/tests/imap-detection/test.yaml
new file mode 100644
index 000000000..c20df3c98
--- /dev/null
+++ b/tests/imap-detection/test.yaml
@@ -0,0 +1,25 @@
+requires:
+  min-version: 8
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 1
+    match:
+      app_proto: imap
+      dest_ip: 131.151.37.122
+      dest_port: 143
+      event_type: flow
+      flow.age: 26
+      flow.alerted: false
+      flow.bytes_toclient: 23493
+      flow.bytes_toserver: 3790
+      flow.pkts_toclient: 50
+      flow.pkts_toserver: 56
+      flow.reason: shutdown
+      flow.state: closed
+      proto: TCP
+      src_ip: 131.151.32.21
+      src_port: 4167