From: Philippe Antoine Date: Fri, 14 Jun 2024 08:24:00 +0000 (+0200) Subject: detect: move http uri unit tests to SV X-Git-Tag: suricata-6.0.20~7 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1919%2Fhead;p=thirdparty%2Fsuricata-verify.git detect: move http uri unit tests to SV Ticket: 3725 --- diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md new file mode 100644 index 000000000..26e55dafd --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest01 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap new file mode 100644 index 000000000..5e029d577 Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.rules new file mode 100644 index 000000000..f32f9a03c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"../c/./d"; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md new file mode 100644 index 000000000..c79fe4b7e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest02 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap new file mode 100644 index 000000000..20b15f2b1 Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules new file mode 100644 index 000000000..1674e81f1 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/c/./d"; http_raw_uri; offset:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md new file mode 100644 index 000000000..8817feb5d --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest03 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap new file mode 100644 index 000000000..be91e7644 Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules new file mode 100644 index 000000000..93e2e880e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/a/b"; http_raw_uri; offset:10; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md new file mode 100644 index 000000000..6365631e5 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest04 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap new file mode 100644 index 000000000..be91e7644 Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules new file mode 100644 index 000000000..d06f2efe8 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/a/b"; http_raw_uri; offset:10; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md new file mode 100644 index 000000000..a264b220c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest05 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap new file mode 100644 index 000000000..f21839ebb Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules new file mode 100644 index 000000000..d00585c1b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"a/b"; http_raw_uri; depth:10; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md new file mode 100644 index 000000000..09dae06b4 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest06 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap new file mode 100644 index 000000000..f21839ebb Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules new file mode 100644 index 000000000..2adcc7112 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/a/b"; http_raw_uri; depth:25; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md new file mode 100644 index 000000000..b23548403 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest07 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap new file mode 100644 index 000000000..f21839ebb Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules new file mode 100644 index 000000000..7561f001b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/c/./d"; http_raw_uri; depth:12; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md new file mode 100644 index 000000000..8941b0fad --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest08 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap new file mode 100644 index 000000000..e0b9c22c5 Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules new file mode 100644 index 000000000..79f367b92 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/c/./d"; http_raw_uri; depth:18; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md new file mode 100644 index 000000000..ed77b8bc8 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest09 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules new file mode 100644 index 000000000..518ab6c8f --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/a"; http_raw_uri; content:"./c/."; http_raw_uri; within:9; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md new file mode 100644 index 000000000..85eb1f6ad --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest10 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules new file mode 100644 index 000000000..eed792e41 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/a"; http_raw_uri; content:!"boom"; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md new file mode 100644 index 000000000..cfe6dbc81 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest11 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules new file mode 100644 index 000000000..9de7cbfe3 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"boom"; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md new file mode 100644 index 000000000..8a6dbf317 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest12 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules new file mode 100644 index 000000000..1b1373031 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"/b/.."; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md new file mode 100644 index 000000000..2a021b624 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest13 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules new file mode 100644 index 000000000..f71c53818 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"/c/."; http_raw_uri; distance:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md new file mode 100644 index 000000000..1bacf167b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest14 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules new file mode 100644 index 000000000..36d207334 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"b/.."; http_raw_uri; distance:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md new file mode 100644 index 000000000..00fc88778 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest15 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules new file mode 100644 index 000000000..c68b962a0 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"/c/"; http_raw_uri; distance:7; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md new file mode 100644 index 000000000..54cf012cd --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest16 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules new file mode 100644 index 000000000..af6503d4a --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"/c/"; http_raw_uri; distance:4; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md new file mode 100644 index 000000000..c7c14099a --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest21 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules new file mode 100644 index 000000000..71e377c85 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md new file mode 100644 index 000000000..a9a7712d5 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest22 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules new file mode 100644 index 000000000..7c8241c6e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; within:5; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md new file mode 100644 index 000000000..0e05e2c6b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest23 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules new file mode 100644 index 000000000..f3a4779e3 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; distance:3; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md new file mode 100644 index 000000000..d328f8fe4 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest24 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules new file mode 100644 index 000000000..893366793 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; distance:10; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md new file mode 100644 index 000000000..f3ae6c0ab --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest25 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules new file mode 100644 index 000000000..97073c825 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; within:10; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md new file mode 100644 index 000000000..db7bc008e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest26 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules new file mode 100644 index 000000000..ce1546fbd --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; within:5; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md new file mode 100644 index 000000000..556953ec5 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest27 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules new file mode 100644 index 000000000..3893b8d90 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; distance:5; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md new file mode 100644 index 000000000..c8e165377 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest28 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap new file mode 100644 index 000000000..a7125d14d Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules new file mode 100644 index 000000000..1652561b0 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; distance:10; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md new file mode 100644 index 000000000..37e6540b4 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest29 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap new file mode 100644 index 000000000..b6bf894f2 Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules new file mode 100644 index 000000000..63e4a2d8d --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative raw uri contents"; content:"/c/"; http_raw_uri; isdataat:4,relative; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md new file mode 100644 index 000000000..33a3058e8 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest30 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap new file mode 100644 index 000000000..b6bf894f2 Binary files /dev/null and b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap differ diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules new file mode 100644 index 000000000..13d6b93b7 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative raw uri contents"; uricontent:"/c/"; isdataat:!10,relative; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig01/README.md b/tests/detect-http-uri/UriTestSig01/README.md new file mode 100644 index 000000000..ee62fbf9c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig01/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig01 diff --git a/tests/detect-http-uri/UriTestSig01/test.fpc.pcap b/tests/detect-http-uri/UriTestSig01/test.fpc.pcap new file mode 100644 index 000000000..4a5234184 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig01/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig01/test.rules b/tests/detect-http-uri/UriTestSig01/test.rules new file mode 100644 index 000000000..521cf8877 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig01/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig01/test.yaml b/tests/detect-http-uri/UriTestSig01/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig01/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig02/README.md b/tests/detect-http-uri/UriTestSig02/README.md new file mode 100644 index 000000000..ae733b230 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig02/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig02 diff --git a/tests/detect-http-uri/UriTestSig02/test.fpc.pcap b/tests/detect-http-uri/UriTestSig02/test.fpc.pcap new file mode 100644 index 000000000..f0080a87b Binary files /dev/null and b/tests/detect-http-uri/UriTestSig02/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig02/test.rules b/tests/detect-http-uri/UriTestSig02/test.rules new file mode 100644 index 000000000..55e1c391f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig02/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/one/U; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig02/test.yaml b/tests/detect-http-uri/UriTestSig02/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig02/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig03/README.md b/tests/detect-http-uri/UriTestSig03/README.md new file mode 100644 index 000000000..7f94fbf73 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig03/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig03 diff --git a/tests/detect-http-uri/UriTestSig03/test.fpc.pcap b/tests/detect-http-uri/UriTestSig03/test.fpc.pcap new file mode 100644 index 000000000..4a5234184 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig03/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig03/test.rules b/tests/detect-http-uri/UriTestSig03/test.rules new file mode 100644 index 000000000..ba6b90b84 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig03/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/blah/U; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig03/test.yaml b/tests/detect-http-uri/UriTestSig03/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig03/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig04/README.md b/tests/detect-http-uri/UriTestSig04/README.md new file mode 100644 index 000000000..f8cc96911 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig04/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig04 diff --git a/tests/detect-http-uri/UriTestSig04/test.fpc.pcap b/tests/detect-http-uri/UriTestSig04/test.fpc.pcap new file mode 100644 index 000000000..4a5234184 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig04/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig04/test.rules b/tests/detect-http-uri/UriTestSig04/test.rules new file mode 100644 index 000000000..b3b97b53f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig04/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test urilen option"; urilen:>20; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig04/test.yaml b/tests/detect-http-uri/UriTestSig04/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig04/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig05/README.md b/tests/detect-http-uri/UriTestSig05/README.md new file mode 100644 index 000000000..2a9557903 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig05/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig05 diff --git a/tests/detect-http-uri/UriTestSig05/test.fpc.pcap b/tests/detect-http-uri/UriTestSig05/test.fpc.pcap new file mode 100644 index 000000000..4a5234184 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig05/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig05/test.rules b/tests/detect-http-uri/UriTestSig05/test.rules new file mode 100644 index 000000000..a79400efb --- /dev/null +++ b/tests/detect-http-uri/UriTestSig05/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test urilen option"; urilen:>4; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig05/test.yaml b/tests/detect-http-uri/UriTestSig05/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig05/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig06/README.md b/tests/detect-http-uri/UriTestSig06/README.md new file mode 100644 index 000000000..db1e08826 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig06/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig06 diff --git a/tests/detect-http-uri/UriTestSig06/test.fpc.pcap b/tests/detect-http-uri/UriTestSig06/test.fpc.pcap new file mode 100644 index 000000000..44ea25f14 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig06/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig06/test.rules b/tests/detect-http-uri/UriTestSig06/test.rules new file mode 100644 index 000000000..02e11ac38 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig06/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/(oneself)+/U; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig06/test.yaml b/tests/detect-http-uri/UriTestSig06/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig06/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig07/README.md b/tests/detect-http-uri/UriTestSig07/README.md new file mode 100644 index 000000000..6d3fdf014 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig07/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig07 diff --git a/tests/detect-http-uri/UriTestSig07/test.fpc.pcap b/tests/detect-http-uri/UriTestSig07/test.fpc.pcap new file mode 100644 index 000000000..3ecb8fdce Binary files /dev/null and b/tests/detect-http-uri/UriTestSig07/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig07/test.rules b/tests/detect-http-uri/UriTestSig07/test.rules new file mode 100644 index 000000000..b3f742a4e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig07/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option with urilen "; pcre:/(one){2,}(self)?/U; urilen:3<>20; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig07/test.yaml b/tests/detect-http-uri/UriTestSig07/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig07/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig08/README.md b/tests/detect-http-uri/UriTestSig08/README.md new file mode 100644 index 000000000..81c991182 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig08/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig08 diff --git a/tests/detect-http-uri/UriTestSig08/test.fpc.pcap b/tests/detect-http-uri/UriTestSig08/test.fpc.pcap new file mode 100644 index 000000000..3ecb8fdce Binary files /dev/null and b/tests/detect-http-uri/UriTestSig08/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig08/test.rules b/tests/detect-http-uri/UriTestSig08/test.rules new file mode 100644 index 000000000..b55e67719 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig08/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option with urilen"; pcre:/(blabla){2,}(self)?/U; urilen:3<>20; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig08/test.yaml b/tests/detect-http-uri/UriTestSig08/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig08/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig09/README.md b/tests/detect-http-uri/UriTestSig09/README.md new file mode 100644 index 000000000..aed59446a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig09/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig09 diff --git a/tests/detect-http-uri/UriTestSig09/test.fpc.pcap b/tests/detect-http-uri/UriTestSig09/test.fpc.pcap new file mode 100644 index 000000000..3ecb8fdce Binary files /dev/null and b/tests/detect-http-uri/UriTestSig09/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig09/test.rules b/tests/detect-http-uri/UriTestSig09/test.rules new file mode 100644 index 000000000..3d74c8999 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig09/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option with urilen "; pcre:/(one){2,}(self)?/U; urilen:<2; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig09/test.yaml b/tests/detect-http-uri/UriTestSig09/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig09/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig12/README.md b/tests/detect-http-uri/UriTestSig12/README.md new file mode 100644 index 000000000..597b502f6 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig12/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig12 diff --git a/tests/detect-http-uri/UriTestSig12/test.fpc.pcap b/tests/detect-http-uri/UriTestSig12/test.fpc.pcap new file mode 100644 index 000000000..3ecb8fdce Binary files /dev/null and b/tests/detect-http-uri/UriTestSig12/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig12/test.rules b/tests/detect-http-uri/UriTestSig12/test.rules new file mode 100644 index 000000000..f7b41ff30 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig12/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U, uricontent and urilen option"; uricontent:"one"; pcre:/(one)+self/U; urilen:>2; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig12/test.yaml b/tests/detect-http-uri/UriTestSig12/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig12/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig13/README.md b/tests/detect-http-uri/UriTestSig13/README.md new file mode 100644 index 000000000..d4d3a8f17 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig13/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig13 diff --git a/tests/detect-http-uri/UriTestSig13/test.fpc.pcap b/tests/detect-http-uri/UriTestSig13/test.fpc.pcap new file mode 100644 index 000000000..4a5234184 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig13/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig13/test.rules b/tests/detect-http-uri/UriTestSig13/test.rules new file mode 100644 index 000000000..f08201049 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig13/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test urilen option"; urilen:>2; uricontent:"one"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig13/test.yaml b/tests/detect-http-uri/UriTestSig13/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig13/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig14/README.md b/tests/detect-http-uri/UriTestSig14/README.md new file mode 100644 index 000000000..a2c94238f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig14/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig14 diff --git a/tests/detect-http-uri/UriTestSig14/test.fpc.pcap b/tests/detect-http-uri/UriTestSig14/test.fpc.pcap new file mode 100644 index 000000000..4a5234184 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig14/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig14/test.rules b/tests/detect-http-uri/UriTestSig14/test.rules new file mode 100644 index 000000000..dfd8376f9 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig14/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; pcre:/one(self)?/U;sid:1;) diff --git a/tests/detect-http-uri/UriTestSig14/test.yaml b/tests/detect-http-uri/UriTestSig14/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig14/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig15/README.md b/tests/detect-http-uri/UriTestSig15/README.md new file mode 100644 index 000000000..1d1416d8a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig15/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig15 diff --git a/tests/detect-http-uri/UriTestSig15/test.fpc.pcap b/tests/detect-http-uri/UriTestSig15/test.fpc.pcap new file mode 100644 index 000000000..4a5234184 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig15/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig15/test.rules b/tests/detect-http-uri/UriTestSig15/test.rules new file mode 100644 index 000000000..6e700a35b --- /dev/null +++ b/tests/detect-http-uri/UriTestSig15/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; pcre:/^\/one(self)?$/U;sid:1;) diff --git a/tests/detect-http-uri/UriTestSig15/test.yaml b/tests/detect-http-uri/UriTestSig15/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig15/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig16/README.md b/tests/detect-http-uri/UriTestSig16/README.md new file mode 100644 index 000000000..583227e0f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig16/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig16 diff --git a/tests/detect-http-uri/UriTestSig16/test.fpc.pcap b/tests/detect-http-uri/UriTestSig16/test.fpc.pcap new file mode 100644 index 000000000..794cd7c6f Binary files /dev/null and b/tests/detect-http-uri/UriTestSig16/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig16/test.rules b/tests/detect-http-uri/UriTestSig16/test.rules new file mode 100644 index 000000000..966d4650d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig16/test.rules @@ -0,0 +1 @@ +drop tcp any any -> any any (flow:to_server,established; uricontent:"/search?q="; pcre:"/^\/search\?q=[0-9]{1,3}(&aq=7(\?[0-9a-f]{8})?)?/U"; pcre:"/\x0d\x0aHost\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; sid:2009024; rev:9;) diff --git a/tests/detect-http-uri/UriTestSig16/test.yaml b/tests/detect-http-uri/UriTestSig16/test.yaml new file mode 100644 index 000000000..fadac05be --- /dev/null +++ b/tests/detect-http-uri/UriTestSig16/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2009024 + pcap_cnt: 4 diff --git a/tests/detect-http-uri/UriTestSig17/README.md b/tests/detect-http-uri/UriTestSig17/README.md new file mode 100644 index 000000000..78ee7c665 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig17/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig17 diff --git a/tests/detect-http-uri/UriTestSig17/test.fpc.pcap b/tests/detect-http-uri/UriTestSig17/test.fpc.pcap new file mode 100644 index 000000000..63b25f889 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig17/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig17/test.rules b/tests/detect-http-uri/UriTestSig17/test.rules new file mode 100644 index 000000000..6b55be1fe --- /dev/null +++ b/tests/detect-http-uri/UriTestSig17/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"this"; uricontent:"is"; within:6; uricontent:"big"; within:8; uricontent:"string"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig17/test.yaml b/tests/detect-http-uri/UriTestSig17/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig17/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig18/README.md b/tests/detect-http-uri/UriTestSig18/README.md new file mode 100644 index 000000000..2c605160a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig18/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig18 diff --git a/tests/detect-http-uri/UriTestSig18/test.fpc.pcap b/tests/detect-http-uri/UriTestSig18/test.fpc.pcap new file mode 100644 index 000000000..55ec1bbf9 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig18/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig18/test.rules b/tests/detect-http-uri/UriTestSig18/test.rules new file mode 100644 index 000000000..a91abd9b9 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig18/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"this"; uricontent:"is"; within:9; uricontent:"big"; within:12; uricontent:"string"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig18/test.yaml b/tests/detect-http-uri/UriTestSig18/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig18/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig19/README.md b/tests/detect-http-uri/UriTestSig19/README.md new file mode 100644 index 000000000..123c8df30 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig19/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig19 diff --git a/tests/detect-http-uri/UriTestSig19/test.fpc.pcap b/tests/detect-http-uri/UriTestSig19/test.fpc.pcap new file mode 100644 index 000000000..57cc6513b Binary files /dev/null and b/tests/detect-http-uri/UriTestSig19/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig19/test.rules b/tests/detect-http-uri/UriTestSig19/test.rules new file mode 100644 index 000000000..36dbfa20d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig19/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"now"; uricontent:"this"; uricontent:"is"; within:12; uricontent:"big"; within:8; uricontent:"string"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig19/test.yaml b/tests/detect-http-uri/UriTestSig19/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig19/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig20/README.md b/tests/detect-http-uri/UriTestSig20/README.md new file mode 100644 index 000000000..35ff5f177 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig20/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig20 diff --git a/tests/detect-http-uri/UriTestSig20/test.fpc.pcap b/tests/detect-http-uri/UriTestSig20/test.fpc.pcap new file mode 100644 index 000000000..f2a88ebe3 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig20/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig20/test.rules b/tests/detect-http-uri/UriTestSig20/test.rules new file mode 100644 index 000000000..4f1ae7e49 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig20/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"thus"; offset:8; uricontent:"is"; within:6; uricontent:"big"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig20/test.yaml b/tests/detect-http-uri/UriTestSig20/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig20/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig21/README.md b/tests/detect-http-uri/UriTestSig21/README.md new file mode 100644 index 000000000..341d34f19 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig21/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig21 diff --git a/tests/detect-http-uri/UriTestSig21/test.fpc.pcap b/tests/detect-http-uri/UriTestSig21/test.fpc.pcap new file mode 100644 index 000000000..e7ae33f76 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig21/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig21/test.rules b/tests/detect-http-uri/UriTestSig21/test.rules new file mode 100644 index 000000000..cec289714 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig21/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"fix"; uricontent:"this"; within:6; uricontent:!"and"; distance:0; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig21/test.yaml b/tests/detect-http-uri/UriTestSig21/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig21/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig22/README.md b/tests/detect-http-uri/UriTestSig22/README.md new file mode 100644 index 000000000..535ec34a7 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig22/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig22 diff --git a/tests/detect-http-uri/UriTestSig22/test.fpc.pcap b/tests/detect-http-uri/UriTestSig22/test.fpc.pcap new file mode 100644 index 000000000..8e2b2033b Binary files /dev/null and b/tests/detect-http-uri/UriTestSig22/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig22/test.rules b/tests/detect-http-uri/UriTestSig22/test.rules new file mode 100644 index 000000000..46ba18889 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig22/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; pcre:/super/U; uricontent:"nova"; within:7; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig22/test.yaml b/tests/detect-http-uri/UriTestSig22/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig22/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig23/README.md b/tests/detect-http-uri/UriTestSig23/README.md new file mode 100644 index 000000000..35cc37cb7 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig23/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig23 diff --git a/tests/detect-http-uri/UriTestSig23/test.fpc.pcap b/tests/detect-http-uri/UriTestSig23/test.fpc.pcap new file mode 100644 index 000000000..e7ae33f76 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig23/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig23/test.rules b/tests/detect-http-uri/UriTestSig23/test.rules new file mode 100644 index 000000000..9c1926b33 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig23/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:!"fix_this_now"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig23/test.yaml b/tests/detect-http-uri/UriTestSig23/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig23/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig24/README.md b/tests/detect-http-uri/UriTestSig24/README.md new file mode 100644 index 000000000..2c824e51c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig24/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig24 diff --git a/tests/detect-http-uri/UriTestSig24/test.fpc.pcap b/tests/detect-http-uri/UriTestSig24/test.fpc.pcap new file mode 100644 index 000000000..e7ae33f76 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig24/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig24/test.rules b/tests/detect-http-uri/UriTestSig24/test.rules new file mode 100644 index 000000000..f3f4af3e8 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig24/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"we_need_to"; uricontent:!"fix_this_now"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig24/test.yaml b/tests/detect-http-uri/UriTestSig24/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig24/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig25/README.md b/tests/detect-http-uri/UriTestSig25/README.md new file mode 100644 index 000000000..baadcdc7e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig25/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig25 diff --git a/tests/detect-http-uri/UriTestSig25/test.fpc.pcap b/tests/detect-http-uri/UriTestSig25/test.fpc.pcap new file mode 100644 index 000000000..738e7fa89 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig25/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig25/test.rules b/tests/detect-http-uri/UriTestSig25/test.rules new file mode 100644 index 000000000..acdaca412 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig25/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; pcre:/normalized/U; uricontent:"normalized uri"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig25/test.yaml b/tests/detect-http-uri/UriTestSig25/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig25/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig26/README.md b/tests/detect-http-uri/UriTestSig26/README.md new file mode 100644 index 000000000..fce57a2d1 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig26/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig26 diff --git a/tests/detect-http-uri/UriTestSig26/test.fpc.pcap b/tests/detect-http-uri/UriTestSig26/test.fpc.pcap new file mode 100644 index 000000000..e7ae33f76 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig26/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig26/test.rules b/tests/detect-http-uri/UriTestSig26/test.rules new file mode 100644 index 000000000..42cc64548 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig26/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"fix_this"; isdataat:4,relative; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig26/test.yaml b/tests/detect-http-uri/UriTestSig26/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig26/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig27/README.md b/tests/detect-http-uri/UriTestSig27/README.md new file mode 100644 index 000000000..a7c19b9eb --- /dev/null +++ b/tests/detect-http-uri/UriTestSig27/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig27 diff --git a/tests/detect-http-uri/UriTestSig27/test.fpc.pcap b/tests/detect-http-uri/UriTestSig27/test.fpc.pcap new file mode 100644 index 000000000..e7ae33f76 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig27/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig27/test.rules b/tests/detect-http-uri/UriTestSig27/test.rules new file mode 100644 index 000000000..d3633f61f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig27/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (uricontent:"fix_this"; isdataat:!10,relative; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig27/test.yaml b/tests/detect-http-uri/UriTestSig27/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig27/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig28/README.md b/tests/detect-http-uri/UriTestSig28/README.md new file mode 100644 index 000000000..e6f6b2a38 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig28/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig28 diff --git a/tests/detect-http-uri/UriTestSig28/test.fpc.pcap b/tests/detect-http-uri/UriTestSig28/test.fpc.pcap new file mode 100644 index 000000000..b51067c0c Binary files /dev/null and b/tests/detect-http-uri/UriTestSig28/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig28/test.rules b/tests/detect-http-uri/UriTestSig28/test.rules new file mode 100644 index 000000000..a48470d8d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig28/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"ring"; distance:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig28/test.yaml b/tests/detect-http-uri/UriTestSig28/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig28/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig29/README.md b/tests/detect-http-uri/UriTestSig29/README.md new file mode 100644 index 000000000..7c02bff62 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig29/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig29 diff --git a/tests/detect-http-uri/UriTestSig29/test.fpc.pcap b/tests/detect-http-uri/UriTestSig29/test.fpc.pcap new file mode 100644 index 000000000..b51067c0c Binary files /dev/null and b/tests/detect-http-uri/UriTestSig29/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig29/test.rules b/tests/detect-http-uri/UriTestSig29/test.rules new file mode 100644 index 000000000..a48470d8d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig29/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"ring"; distance:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig29/test.yaml b/tests/detect-http-uri/UriTestSig29/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig29/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig30/README.md b/tests/detect-http-uri/UriTestSig30/README.md new file mode 100644 index 000000000..5e71880be --- /dev/null +++ b/tests/detect-http-uri/UriTestSig30/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig30 diff --git a/tests/detect-http-uri/UriTestSig30/test.fpc.pcap b/tests/detect-http-uri/UriTestSig30/test.fpc.pcap new file mode 100644 index 000000000..b51067c0c Binary files /dev/null and b/tests/detect-http-uri/UriTestSig30/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig30/test.rules b/tests/detect-http-uri/UriTestSig30/test.rules new file mode 100644 index 000000000..dfcca6196 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig30/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"_b5ig"; offset:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig30/test.yaml b/tests/detect-http-uri/UriTestSig30/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig30/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig31/README.md b/tests/detect-http-uri/UriTestSig31/README.md new file mode 100644 index 000000000..851b7577d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig31/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig31 diff --git a/tests/detect-http-uri/UriTestSig31/test.fpc.pcap b/tests/detect-http-uri/UriTestSig31/test.fpc.pcap new file mode 100644 index 000000000..b51067c0c Binary files /dev/null and b/tests/detect-http-uri/UriTestSig31/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig31/test.rules b/tests/detect-http-uri/UriTestSig31/test.rules new file mode 100644 index 000000000..52450f968 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig31/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"his"; depth:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig31/test.yaml b/tests/detect-http-uri/UriTestSig31/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig31/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig32/README.md b/tests/detect-http-uri/UriTestSig32/README.md new file mode 100644 index 000000000..72780b0af --- /dev/null +++ b/tests/detect-http-uri/UriTestSig32/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig32 diff --git a/tests/detect-http-uri/UriTestSig32/test.fpc.pcap b/tests/detect-http-uri/UriTestSig32/test.fpc.pcap new file mode 100644 index 000000000..b51067c0c Binary files /dev/null and b/tests/detect-http-uri/UriTestSig32/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig32/test.rules b/tests/detect-http-uri/UriTestSig32/test.rules new file mode 100644 index 000000000..69a19b420 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig32/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"g_st"; within:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig32/test.yaml b/tests/detect-http-uri/UriTestSig32/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig32/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig33/README.md b/tests/detect-http-uri/UriTestSig33/README.md new file mode 100644 index 000000000..6a20894b6 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig33/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig33 diff --git a/tests/detect-http-uri/UriTestSig33/test.fpc.pcap b/tests/detect-http-uri/UriTestSig33/test.fpc.pcap new file mode 100644 index 000000000..738e7fa89 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig33/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig33/test.rules b/tests/detect-http-uri/UriTestSig33/test.rules new file mode 100644 index 000000000..a24d52a0b --- /dev/null +++ b/tests/detect-http-uri/UriTestSig33/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:15; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig33/test.yaml b/tests/detect-http-uri/UriTestSig33/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig33/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig34/README.md b/tests/detect-http-uri/UriTestSig34/README.md new file mode 100644 index 000000000..5bf51bcc6 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig34/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig34 diff --git a/tests/detect-http-uri/UriTestSig34/test.fpc.pcap b/tests/detect-http-uri/UriTestSig34/test.fpc.pcap new file mode 100644 index 000000000..738e7fa89 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig34/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig34/test.rules b/tests/detect-http-uri/UriTestSig34/test.rules new file mode 100644 index 000000000..a86c63ba3 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig34/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:15, norm; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig34/test.yaml b/tests/detect-http-uri/UriTestSig34/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig34/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig35/README.md b/tests/detect-http-uri/UriTestSig35/README.md new file mode 100644 index 000000000..9e1d5a409 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig35/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig35 diff --git a/tests/detect-http-uri/UriTestSig35/test.fpc.pcap b/tests/detect-http-uri/UriTestSig35/test.fpc.pcap new file mode 100644 index 000000000..738e7fa89 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig35/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig35/test.rules b/tests/detect-http-uri/UriTestSig35/test.rules new file mode 100644 index 000000000..44fc538f4 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig35/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:16; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig35/test.yaml b/tests/detect-http-uri/UriTestSig35/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig35/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig36/README.md b/tests/detect-http-uri/UriTestSig36/README.md new file mode 100644 index 000000000..675167442 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig36/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig36 diff --git a/tests/detect-http-uri/UriTestSig36/test.fpc.pcap b/tests/detect-http-uri/UriTestSig36/test.fpc.pcap new file mode 100644 index 000000000..738e7fa89 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig36/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig36/test.rules b/tests/detect-http-uri/UriTestSig36/test.rules new file mode 100644 index 000000000..b1760526c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig36/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:16, norm; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig36/test.yaml b/tests/detect-http-uri/UriTestSig36/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig36/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig37/README.md b/tests/detect-http-uri/UriTestSig37/README.md new file mode 100644 index 000000000..542e7a882 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig37/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig37 diff --git a/tests/detect-http-uri/UriTestSig37/test.fpc.pcap b/tests/detect-http-uri/UriTestSig37/test.fpc.pcap new file mode 100644 index 000000000..738e7fa89 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig37/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig37/test.rules b/tests/detect-http-uri/UriTestSig37/test.rules new file mode 100644 index 000000000..89cc02977 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig37/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:17, raw; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig37/test.yaml b/tests/detect-http-uri/UriTestSig37/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig37/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig38/README.md b/tests/detect-http-uri/UriTestSig38/README.md new file mode 100644 index 000000000..4f825476a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig38/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig38 diff --git a/tests/detect-http-uri/UriTestSig38/test.fpc.pcap b/tests/detect-http-uri/UriTestSig38/test.fpc.pcap new file mode 100644 index 000000000..738e7fa89 Binary files /dev/null and b/tests/detect-http-uri/UriTestSig38/test.fpc.pcap differ diff --git a/tests/detect-http-uri/UriTestSig38/test.rules b/tests/detect-http-uri/UriTestSig38/test.rules new file mode 100644 index 000000000..9f1672af1 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig38/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:18, raw; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig38/test.yaml b/tests/detect-http-uri/UriTestSig38/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig38/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1