From: Victor Julien Date: Thu, 25 Apr 2024 15:29:54 +0000 (+0200) Subject: tests: add tests for iprep bug 6834 X-Git-Tag: suricata-6.0.20~64 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1811%2Fhead;p=thirdparty%2Fsuricata-verify.git tests: add tests for iprep bug 6834 --- diff --git a/tests/iprep-03-bug-6834/categories.txt b/tests/iprep-03-bug-6834/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-03-bug-6834/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-03-bug-6834/iprep.list b/tests/iprep-03-bug-6834/iprep.list new file mode 100644 index 000000000..4ffac5403 --- /dev/null +++ b/tests/iprep-03-bug-6834/iprep.list @@ -0,0 +1 @@ +192.168.0.13,1,0 diff --git a/tests/iprep-03-bug-6834/iprep.rules b/tests/iprep-03-bug-6834/iprep.rules new file mode 100644 index 000000000..a35116556 --- /dev/null +++ b/tests/iprep-03-bug-6834/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:src,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:src,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:src,test,!=,1; sid:3;) diff --git a/tests/iprep-03-bug-6834/suricata.yaml b/tests/iprep-03-bug-6834/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-03-bug-6834/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-03-bug-6834/test.yaml b/tests/iprep-03-bug-6834/test.yaml new file mode 100644 index 000000000..7aacf40da --- /dev/null +++ b/tests/iprep-03-bug-6834/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 10 + match: + alert.signature_id: 1 + - filter: + count: 10 + match: + alert.signature_id: 2 + - filter: + count: 10 + match: + alert.signature_id: 3 diff --git a/tests/iprep-04-bug-6834-any/categories.txt b/tests/iprep-04-bug-6834-any/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-04-bug-6834-any/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-04-bug-6834-any/iprep.list b/tests/iprep-04-bug-6834-any/iprep.list new file mode 100644 index 000000000..4ffac5403 --- /dev/null +++ b/tests/iprep-04-bug-6834-any/iprep.list @@ -0,0 +1 @@ +192.168.0.13,1,0 diff --git a/tests/iprep-04-bug-6834-any/iprep.rules b/tests/iprep-04-bug-6834-any/iprep.rules new file mode 100644 index 000000000..384dbc931 --- /dev/null +++ b/tests/iprep-04-bug-6834-any/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:any,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:any,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:any,test,!=,1; sid:3;) diff --git a/tests/iprep-04-bug-6834-any/suricata.yaml b/tests/iprep-04-bug-6834-any/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-04-bug-6834-any/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-04-bug-6834-any/test.yaml b/tests/iprep-04-bug-6834-any/test.yaml new file mode 100644 index 000000000..7aacf40da --- /dev/null +++ b/tests/iprep-04-bug-6834-any/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 10 + match: + alert.signature_id: 1 + - filter: + count: 10 + match: + alert.signature_id: 2 + - filter: + count: 10 + match: + alert.signature_id: 3 diff --git a/tests/iprep-05-bug-6834-both/categories.txt b/tests/iprep-05-bug-6834-both/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-05-bug-6834-both/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-05-bug-6834-both/iprep.list b/tests/iprep-05-bug-6834-both/iprep.list new file mode 100644 index 000000000..09b890cea --- /dev/null +++ b/tests/iprep-05-bug-6834-both/iprep.list @@ -0,0 +1,2 @@ +192.168.0.13,1,0 +8.8.8.8,1,0 diff --git a/tests/iprep-05-bug-6834-both/iprep.rules b/tests/iprep-05-bug-6834-both/iprep.rules new file mode 100644 index 000000000..b8a829ea4 --- /dev/null +++ b/tests/iprep-05-bug-6834-both/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:both,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:both,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:both,test,!=,1; sid:3;) diff --git a/tests/iprep-05-bug-6834-both/suricata.yaml b/tests/iprep-05-bug-6834-both/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-05-bug-6834-both/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-05-bug-6834-both/test.yaml b/tests/iprep-05-bug-6834-both/test.yaml new file mode 100644 index 000000000..06b4785cc --- /dev/null +++ b/tests/iprep-05-bug-6834-both/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 5 + match: + alert.signature_id: 1 + - filter: + count: 5 + match: + alert.signature_id: 2 + - filter: + count: 5 + match: + alert.signature_id: 3 diff --git a/tests/iprep-06-bug-6834-dst/categories.txt b/tests/iprep-06-bug-6834-dst/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-06-bug-6834-dst/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-06-bug-6834-dst/iprep.list b/tests/iprep-06-bug-6834-dst/iprep.list new file mode 100644 index 000000000..b9a8f1d40 --- /dev/null +++ b/tests/iprep-06-bug-6834-dst/iprep.list @@ -0,0 +1 @@ +4.4.4.4,1,0 diff --git a/tests/iprep-06-bug-6834-dst/iprep.rules b/tests/iprep-06-bug-6834-dst/iprep.rules new file mode 100644 index 000000000..727d2c834 --- /dev/null +++ b/tests/iprep-06-bug-6834-dst/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:dst,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:dst,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:dst,test,!=,1; sid:3;) diff --git a/tests/iprep-06-bug-6834-dst/suricata.yaml b/tests/iprep-06-bug-6834-dst/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-06-bug-6834-dst/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-06-bug-6834-dst/test.yaml b/tests/iprep-06-bug-6834-dst/test.yaml new file mode 100644 index 000000000..ff29055ea --- /dev/null +++ b/tests/iprep-06-bug-6834-dst/test.yaml @@ -0,0 +1,28 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 5 + match: + alert.signature_id: 1 + dest_ip: "4.4.4.4" + - filter: + count: 5 + match: + alert.signature_id: 2 + dest_ip: "4.4.4.4" + - filter: + count: 5 + match: + alert.signature_id: 3 + dest_ip: "4.4.4.4" diff --git a/tests/iprep-07-bug-6834-src-cidr/categories.txt b/tests/iprep-07-bug-6834-src-cidr/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-07-bug-6834-src-cidr/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-07-bug-6834-src-cidr/iprep.list b/tests/iprep-07-bug-6834-src-cidr/iprep.list new file mode 100644 index 000000000..3877c495e --- /dev/null +++ b/tests/iprep-07-bug-6834-src-cidr/iprep.list @@ -0,0 +1 @@ +192.168.0.13/24,1,0 diff --git a/tests/iprep-07-bug-6834-src-cidr/iprep.rules b/tests/iprep-07-bug-6834-src-cidr/iprep.rules new file mode 100644 index 000000000..a35116556 --- /dev/null +++ b/tests/iprep-07-bug-6834-src-cidr/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:src,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:src,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:src,test,!=,1; sid:3;) diff --git a/tests/iprep-07-bug-6834-src-cidr/suricata.yaml b/tests/iprep-07-bug-6834-src-cidr/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-07-bug-6834-src-cidr/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-07-bug-6834-src-cidr/test.yaml b/tests/iprep-07-bug-6834-src-cidr/test.yaml new file mode 100644 index 000000000..7aacf40da --- /dev/null +++ b/tests/iprep-07-bug-6834-src-cidr/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 10 + match: + alert.signature_id: 1 + - filter: + count: 10 + match: + alert.signature_id: 2 + - filter: + count: 10 + match: + alert.signature_id: 3 diff --git a/tests/iprep-08-bug-6834-any-cidr/categories.txt b/tests/iprep-08-bug-6834-any-cidr/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-08-bug-6834-any-cidr/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-08-bug-6834-any-cidr/iprep.list b/tests/iprep-08-bug-6834-any-cidr/iprep.list new file mode 100644 index 000000000..3877c495e --- /dev/null +++ b/tests/iprep-08-bug-6834-any-cidr/iprep.list @@ -0,0 +1 @@ +192.168.0.13/24,1,0 diff --git a/tests/iprep-08-bug-6834-any-cidr/iprep.rules b/tests/iprep-08-bug-6834-any-cidr/iprep.rules new file mode 100644 index 000000000..384dbc931 --- /dev/null +++ b/tests/iprep-08-bug-6834-any-cidr/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:any,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:any,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:any,test,!=,1; sid:3;) diff --git a/tests/iprep-08-bug-6834-any-cidr/suricata.yaml b/tests/iprep-08-bug-6834-any-cidr/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-08-bug-6834-any-cidr/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-08-bug-6834-any-cidr/test.yaml b/tests/iprep-08-bug-6834-any-cidr/test.yaml new file mode 100644 index 000000000..7aacf40da --- /dev/null +++ b/tests/iprep-08-bug-6834-any-cidr/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 10 + match: + alert.signature_id: 1 + - filter: + count: 10 + match: + alert.signature_id: 2 + - filter: + count: 10 + match: + alert.signature_id: 3 diff --git a/tests/iprep-09-bug-6834-both-cidr/categories.txt b/tests/iprep-09-bug-6834-both-cidr/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-09-bug-6834-both-cidr/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-09-bug-6834-both-cidr/iprep.list b/tests/iprep-09-bug-6834-both-cidr/iprep.list new file mode 100644 index 000000000..488cdcd22 --- /dev/null +++ b/tests/iprep-09-bug-6834-both-cidr/iprep.list @@ -0,0 +1,2 @@ +192.168.0.13/24,1,0 +8.8.8.8/8,1,0 diff --git a/tests/iprep-09-bug-6834-both-cidr/iprep.rules b/tests/iprep-09-bug-6834-both-cidr/iprep.rules new file mode 100644 index 000000000..b8a829ea4 --- /dev/null +++ b/tests/iprep-09-bug-6834-both-cidr/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:both,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:both,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:both,test,!=,1; sid:3;) diff --git a/tests/iprep-09-bug-6834-both-cidr/suricata.yaml b/tests/iprep-09-bug-6834-both-cidr/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-09-bug-6834-both-cidr/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-09-bug-6834-both-cidr/test.yaml b/tests/iprep-09-bug-6834-both-cidr/test.yaml new file mode 100644 index 000000000..06b4785cc --- /dev/null +++ b/tests/iprep-09-bug-6834-both-cidr/test.yaml @@ -0,0 +1,25 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 5 + match: + alert.signature_id: 1 + - filter: + count: 5 + match: + alert.signature_id: 2 + - filter: + count: 5 + match: + alert.signature_id: 3 diff --git a/tests/iprep-10-bug-6834-dst-cidr/categories.txt b/tests/iprep-10-bug-6834-dst-cidr/categories.txt new file mode 100644 index 000000000..a85fb88ae --- /dev/null +++ b/tests/iprep-10-bug-6834-dst-cidr/categories.txt @@ -0,0 +1 @@ +1,test,Testing diff --git a/tests/iprep-10-bug-6834-dst-cidr/iprep.list b/tests/iprep-10-bug-6834-dst-cidr/iprep.list new file mode 100644 index 000000000..24fdfadd5 --- /dev/null +++ b/tests/iprep-10-bug-6834-dst-cidr/iprep.list @@ -0,0 +1 @@ +4.4.4.4/16,1,0 diff --git a/tests/iprep-10-bug-6834-dst-cidr/iprep.rules b/tests/iprep-10-bug-6834-dst-cidr/iprep.rules new file mode 100644 index 000000000..727d2c834 --- /dev/null +++ b/tests/iprep-10-bug-6834-dst-cidr/iprep.rules @@ -0,0 +1,3 @@ +alert ip any any -> any any (itype:8; iprep:dst,test,=,0; sid:1;) +alert ip any any -> any any (itype:8; iprep:dst,test,<,10; sid:2;) +alert ip any any -> any any (itype:8; iprep:dst,test,!=,1; sid:3;) diff --git a/tests/iprep-10-bug-6834-dst-cidr/suricata.yaml b/tests/iprep-10-bug-6834-dst-cidr/suricata.yaml new file mode 100644 index 000000000..5f49bdba2 --- /dev/null +++ b/tests/iprep-10-bug-6834-dst-cidr/suricata.yaml @@ -0,0 +1,12 @@ +%YAML 1.1 +--- + +reputation-files: + - iprep.list + +outputs: + - eve-log: + enabled: yes + filetype: regular + types: + - alert diff --git a/tests/iprep-10-bug-6834-dst-cidr/test.yaml b/tests/iprep-10-bug-6834-dst-cidr/test.yaml new file mode 100644 index 000000000..ff29055ea --- /dev/null +++ b/tests/iprep-10-bug-6834-dst-cidr/test.yaml @@ -0,0 +1,28 @@ +requires: + min-version: 8 + +command: | + ${SRCDIR}/src/suricata -l ${OUTPUT_DIR} \ + -c ${TEST_DIR}/suricata.yaml \ + -r ../issue-4280-iprep/input.pcap -S ${TEST_DIR}/iprep.rules \ + --data-dir="${OUTPUT_DIR}" \ + --set default-reputation-path=${TEST_DIR} \ + --set reputation-categories-file=${TEST_DIR}/categories.txt \ + --set reputation-files=${TEST_DIR}/iprep.list + +checks: + - filter: + count: 5 + match: + alert.signature_id: 1 + dest_ip: "4.4.4.4" + - filter: + count: 5 + match: + alert.signature_id: 2 + dest_ip: "4.4.4.4" + - filter: + count: 5 + match: + alert.signature_id: 3 + dest_ip: "4.4.4.4"