From: Victor Julien <victor@inliniac.net>
Date: Sun, 2 Jul 2023 08:12:16 +0000 (+0200)
Subject: tests: add mixed case tls.fingerprint tests
X-Git-Tag: suricata-7.0.0~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1288%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests: add mixed case tls.fingerprint tests
---

diff --git a/tests/tls/tls-fingerprint-alert/test.rules b/tests/tls/tls-fingerprint-alert/test.rules
index 2c337901a..0ef72e468 100644
--- a/tests/tls/tls-fingerprint-alert/test.rules
+++ b/tests/tls/tls-fingerprint-alert/test.rules
@@ -8,3 +8,13 @@ alert tls any any -> any any (msg:"TLS FINGERPRINT TEST"; \
 alert tls any any -> any any (msg:"TLS FINGERPRINT STICKY BUFFER TEST"; \
 	tls.cert_fingerprint; content:"90:86:a4:3b:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3f"; \
 	sid:2; rev:1;)
+
+alert tls any any -> any any (msg:"TLS FINGERPRINT TEST -- mixed case"; \
+	tls.fingerprint:"90:86:A4:3B:f5:cf:1b:2e:4e:f7:97:96:f9:de:ba:b9:66:35:86:3F"; \
+	sid:3; rev:1;)
+alert tls any any -> any any (msg:"TLS FINGERPRINT TEST -- mixed case"; \
+	tls.fingerprint:"90:86:A4:3B:F5:CF:1B:2E:4E:F7:97:96:f9:DE:BA:B9:66:35:86:3F"; \
+	sid:4; rev:1;)
+alert tls any any -> any any (msg:"TLS FINGERPRINT TEST -- mixed case - no match"; \
+	tls.fingerprint:"90:86:A4:3B:F5:CF:1B:2E:4E:F7:97:96:f9:DE:BA:B9:66:35:86:3E"; \
+	sid:5; rev:1;)
diff --git a/tests/tls/tls-fingerprint-alert/test.yaml b/tests/tls/tls-fingerprint-alert/test.yaml
index 56db381fa..b11acdf1e 100644
--- a/tests/tls/tls-fingerprint-alert/test.yaml
+++ b/tests/tls/tls-fingerprint-alert/test.yaml
@@ -13,3 +13,18 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 4
+  - filter:
+      count: 0
+      match:
+        event_type: alert
+        alert.signature_id: 5