From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 3 Oct 2024 12:51:35 +0000 (+0200)
Subject: transform/base64: adds test against UBSan
X-Git-Tag: suricata-7.0.8~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2075%2Fhead;p=thirdparty%2Fsuricata-verify.git

transform/base64: adds test against UBSan

Ticket: 7296
---

diff --git a/tests/transform-base64-7296/README.md b/tests/transform-base64-7296/README.md
new file mode 100644
index 000000000..0aae8a484
--- /dev/null
+++ b/tests/transform-base64-7296/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test base64 transform does not trigger UBSAN.
+https://redmine.openinfosecfoundation.org/issues/7296
+
+# PCAP
+
+The pcap comes from oss-fuzz reproducer
diff --git a/tests/transform-base64-7296/input.pcap b/tests/transform-base64-7296/input.pcap
new file mode 100644
index 000000000..6e8cd6afa
Binary files /dev/null and b/tests/transform-base64-7296/input.pcap differ
diff --git a/tests/transform-base64-7296/suricata.yaml b/tests/transform-base64-7296/suricata.yaml
new file mode 100644
index 000000000..85d27af7a
--- /dev/null
+++ b/tests/transform-base64-7296/suricata.yaml
@@ -0,0 +1,105 @@
+%YAML 1.1
+---
+pcap-file:
+
+  checksum-checks: no
+
+stream:
+
+  checksum-validation: no
+  midstream: true
+outputs:
+  - fast:
+      enabled: yes
+      filename: /dev/null
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      #filename: /dev/null
+      xff:
+        enabled: yes
+        mode: extra-data
+        deployment: reverse
+        header: X-Forwarded-For
+      types:
+        - alert:
+            payload: yes
+            payload-printable: yes
+            packet: yes
+            metadata: yes
+            http-body: yes
+            http-body-printable: yes
+            tagged-packets: yes
+        - anomaly:
+            enabled: yes
+            types:
+              decode: yes
+              stream: yes
+              applayer: yes
+            packethdr: yes
+        - http:
+            extended: yes
+            dump-all-headers: both
+        - dns
+        - tls:
+            extended: yes
+            session-resumption: yes
+        - files
+        - smtp:
+            extended: yes
+        - dnp3
+        - ftp
+        - rdp
+        - nfs
+        - smb
+        - tftp
+        - ike
+        - krb5
+        - snmp
+        - rfb
+        - sip
+        - dhcp:
+            enabled: yes
+            extended: yes
+        - ssh
+        - flow
+        - netflow
+        - metadata
+  - http-log:
+      enabled: yes
+      filename: /dev/null
+      extended: yes
+  - tls-log:
+      enabled: yes
+      filename: /dev/null
+      extended: yes
+  - file-store:
+      version: 2
+      enabled: yes
+      force-filestore: yes
+app-layer:
+  protocols:
+    rdp:
+      enabled: yes
+    modbus:
+      enabled: yes
+      detection-ports:
+        dp: 502
+    dnp3:
+      enabled: yes
+      detection-ports:
+        dp: 20000
+    enip:
+      enabled: yes
+      detection-ports:
+        dp: 44818
+        sp: 44818
+    sip:
+      enabled: yes
+    ssh:
+      enabled: yes
+      hassh: yes
+    mqtt:
+      enabled: yes
+    http2:
+      enabled: yes
diff --git a/tests/transform-base64-7296/test.rules b/tests/transform-base64-7296/test.rules
new file mode 100644
index 000000000..3a4bb3a26
--- /dev/null
+++ b/tests/transform-base64-7296/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"from_base64: offset #1 [mode rfc4648]"; http.uri; content:"/?arg=dGhpc2lzYXRlc3QK"; from_base64: offset 6 ; content:"thisisatest"; fast_pattern; sid:1; rev:1;)
diff --git a/tests/transform-base64-7296/test.yaml b/tests/transform-base64-7296/test.yaml
new file mode 100644
index 000000000..dfe0b0305
--- /dev/null
+++ b/tests/transform-base64-7296/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 8
+
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert