From: Victor Julien <victor@inliniac.net>
Date: Thu, 13 Jan 2022 14:44:53 +0000 (+0100)
Subject: tests: add bug 4953 test
X-Git-Tag: suricata-6.0.5~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F707%2Fhead;p=thirdparty%2Fsuricata-verify.git

tests: add bug 4953 test
---

diff --git a/tests/bug-4953/README.md b/tests/bug-4953/README.md
new file mode 100644
index 000000000..78bd69eaa
--- /dev/null
+++ b/tests/bug-4953/README.md
@@ -0,0 +1 @@
+Pcap from https://www.malware-traffic-analysis.net/
diff --git a/tests/bug-4953/file76.pcap b/tests/bug-4953/file76.pcap
new file mode 100644
index 000000000..c2ab339ce
Binary files /dev/null and b/tests/bug-4953/file76.pcap differ
diff --git a/tests/bug-4953/test.yaml b/tests/bug-4953/test.yaml
new file mode 100644
index 000000000..9e4577edc
--- /dev/null
+++ b/tests/bug-4953/test.yaml
@@ -0,0 +1,45 @@
+args:
+- -k none
+
+checks:
+  - filter:
+      min-version: 6
+      count: 3
+      match:
+        event_type: fileinfo
+  - filter:
+      min-version: 6
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.filename: "/IEyF/EN3GUkgHakZ3iVe/YBqssWlF8iWaHTr/"
+        fileinfo.gaps: true
+        fileinfo.state: TRUNCATED
+        fileinfo.size: 137708
+  - filter:
+      requires:
+        lt-version: 6
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.filename: "/IEyF/EN3GUkgHakZ3iVe/YBqssWlF8iWaHTr/"
+        fileinfo.gaps: false
+        fileinfo.state: TRUNCATED
+        fileinfo.size: 1176
+  - filter:
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.filename: "LVejnvdxqMoIu"
+        fileinfo.gaps: false
+        fileinfo.state: CLOSED
+        fileinfo.size: 676
+  - filter:
+      min-version: 6
+      count: 1
+      match:
+        event_type: fileinfo
+        fileinfo.filename: "BEemDNNWAKeCH"
+        fileinfo.gaps: false
+        fileinfo.state: CLOSED
+        fileinfo.size: 692