From: Victor Julien <victor@inliniac.net>
Date: Sat, 15 Jul 2023 13:27:59 +0000 (+0200)
Subject: tests/http2: add 6.0.x version of http2-files
X-Git-Tag: suricata-7.0.0^0
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1316%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests/http2: add 6.0.x version of http2-files
---

diff --git a/tests/http2-files-6/README.md b/tests/http2-files-6/README.md
new file mode 100644
index 000000000..e48b36be5
--- /dev/null
+++ b/tests/http2-files-6/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test http2 files functionality
+
+# PCAP
+
+The pcap comes from https://wiki.wireshark.org/HTTP2
diff --git a/tests/http2-files-6/expected/fast.log b/tests/http2-files-6/expected/fast.log
new file mode 100644
index 000000000..6152138df
--- /dev/null
+++ b/tests/http2-files-6/expected/fast.log
@@ -0,0 +1,13 @@
+08/02/2014-10:50:25.823699  [**] [1:6:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.823699  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.823699  [**] [1:8:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.828791  [**] [1:3:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
+08/02/2014-10:50:25.828986  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830473  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830473  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830719  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.830719  [**] [1:7:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.832311  [**] [1:4:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
+08/02/2014-10:50:25.833220  [**] [1:4:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
+08/02/2014-10:50:25.833365  [**] [1:5:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:3000 -> 0000:0000:0000:0000:0000:0000:0000:0001:56508
+08/02/2014-10:50:25.840964  [**] [1:2:1] (null) [**] [Classification: (null)] [Priority: 3] {TCP} 0000:0000:0000:0000:0000:0000:0000:0001:56508 -> 0000:0000:0000:0000:0000:0000:0000:0001:3000
diff --git a/tests/http2-files-6/input.pcap b/tests/http2-files-6/input.pcap
new file mode 100644
index 000000000..0e1ada852
Binary files /dev/null and b/tests/http2-files-6/input.pcap differ
diff --git a/tests/http2-files-6/suricata.yaml b/tests/http2-files-6/suricata.yaml
new file mode 100644
index 000000000..b4d53adc8
--- /dev/null
+++ b/tests/http2-files-6/suricata.yaml
@@ -0,0 +1,19 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: true
+      types:
+        - alert
+        - http2
+        - files:
+          force-magic: true
+          force-hash: [md5, sha1, sha256]
+  - fast:
+      enabled: yes
+
+app-layer:
+  protocols:
+    http2:
+      enabled: true
diff --git a/tests/http2-files-6/test.md5 b/tests/http2-files-6/test.md5
new file mode 100644
index 000000000..c7d859df8
--- /dev/null
+++ b/tests/http2-files-6/test.md5
@@ -0,0 +1 @@
+15560fc6a1e4845498d8d952691afb11
diff --git a/tests/http2-files-6/test.rules b/tests/http2-files-6/test.rules
new file mode 100644
index 000000000..d1126b8b7
--- /dev/null
+++ b/tests/http2-files-6/test.rules
@@ -0,0 +1,7 @@
+alert http2 any any -> any any (http2.frametype:GOAWAY; sid:2; rev:1;)
+alert http2 any any -> any any (http2.settings:SETTINGS_HEADER_TABLE_SIZE>1000; sid:3; rev:1;)
+alert http2 any any -> any any (http2.window:34634; sid:4; rev:1;)
+alert http2 any any -> any any (flow:established,to_client; filemd5:test.md5; sid:5; rev:1;)
+alert http2 any any -> any any (file.data; content:"nghttp2 - HTTP/2 C Library"; sid:6; rev:1;)
+alert http2 any any -> any any (file.data; content:!"html"; startswith; sid:7; rev:1;)
+alert http2 any any -> any any (file.data; content:"|0a 0a|<!DOCTYPE"; startswith; sid:8; rev:1;)
diff --git a/tests/http2-files-6/test.yaml b/tests/http2-files-6/test.yaml
new file mode 100644
index 000000000..f61522bd5
--- /dev/null
+++ b/tests/http2-files-6/test.yaml
@@ -0,0 +1,98 @@
+requires:
+  features:
+    - HAVE_NSS
+    - HAVE_LIBJANSSON
+  min-version: 6.0.0
+
+# disables checksum verification
+args:
+  - -k none
+
+checks:
+
+  # Check that the output order is always the same (we want to ensure that
+  # alerts are stored in the same order, and this check should cover that)
+  - file-compare:
+      filename: fast.log
+      expected: expected/fast.log
+
+  # Check that there is one file event with content range.
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.http2.stream_id: 0
+        http.http2.response.settings[0].settings_id: "SETTINGSMAXCONCURRENTSTREAMS"
+        http.http2.response.settings[0].settings_value: 100
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.http2.stream_id: 0
+        http.http2.request.settings[1].settings_id: "SETTINGSINITIALWINDOWSIZE"
+        http.http2.request.settings[1].settings_value: 65535
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.http2.stream_id: 0
+        http.http2.request.error_code: "NOERROR"
+  - filter:
+      count: 1
+      match:
+        event_type: http
+        http.length: 22617
+        http.status: 200
+        http.http_method: "GET"
+        http.url: "/doc/manual/html/index.html"
+        http.http_user_agent: "nghttp2/0.5.2-DEV"
+        http.version: "2"
+        http.http2.stream_id: 1
+        http.request_headers[0].name: ":authority"
+        http.request_headers[0].value: "localhost:3000"
+        http.request_headers[1].name: ":method"
+        http.request_headers[1].value: "GET"
+        http.request_headers[2].name: ":path"
+        http.request_headers[2].value: "/doc/manual/html/index.html"
+        http.response_headers[0].name: ":status"
+        http.response_headers[0].value: "200"
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 4
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 5
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 6
+  - filter:
+      count: 6
+      match:
+        event_type: alert
+        alert.signature_id: 7
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 8
+  - filter:
+      count: 6
+      match:
+        event_type: fileinfo
+        fileinfo.state: CLOSED