From: Victor Julien Date: Mon, 18 Jan 2021 09:45:21 +0000 (+0100) Subject: tests: add bug 2736 tests X-Git-Tag: suricata-6.0.4~181 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed0632e8834cc861f77c8e9ef211414617dc3400;p=thirdparty%2Fsuricata-verify.git tests: add bug 2736 tests --- diff --git a/tests/bug-2736-01/23_6594.pcap b/tests/bug-2736-01/23_6594.pcap new file mode 100644 index 000000000..693cb8599 Binary files /dev/null and b/tests/bug-2736-01/23_6594.pcap differ diff --git a/tests/bug-2736-01/test.rules b/tests/bug-2736-01/test.rules new file mode 100644 index 000000000..1af4b7994 --- /dev/null +++ b/tests/bug-2736-01/test.rules @@ -0,0 +1,6 @@ +alert dns any any -> any 53 ( \ +msg:"DNS - Transaction ID problem, DDNS"; \ +content:"|04|ddns|03|net|00|"; \ +classtype:trojan-activity; \ +sid:1; rev:1;) + diff --git a/tests/bug-2736-01/test.yaml b/tests/bug-2736-01/test.yaml new file mode 100644 index 000000000..63f19ae40 --- /dev/null +++ b/tests/bug-2736-01/test.yaml @@ -0,0 +1,10 @@ +requires: + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/bug-2736-02/suricata.0400.pcap b/tests/bug-2736-02/suricata.0400.pcap new file mode 100644 index 000000000..57bafe284 Binary files /dev/null and b/tests/bug-2736-02/suricata.0400.pcap differ diff --git a/tests/bug-2736-02/test.rules b/tests/bug-2736-02/test.rules new file mode 100644 index 000000000..b47f3ad65 --- /dev/null +++ b/tests/bug-2736-02/test.rules @@ -0,0 +1,5 @@ +alert dns any any -> any 53 ( \ +msg:"DNS - Transaction ID problem, suricata"; \ +content:"suricata"; \ +classtype:trojan-activity; \ +sid:2; rev:1;) diff --git a/tests/bug-2736-02/test.yaml b/tests/bug-2736-02/test.yaml new file mode 100644 index 000000000..eb2358d37 --- /dev/null +++ b/tests/bug-2736-02/test.yaml @@ -0,0 +1,10 @@ +requires: + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2