From 2e3669f904886fc7cc9c27c088c83c9bdb5f4f0d Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 14 Jun 2022 11:49:36 +0200
Subject: [PATCH] tests: various dcerpc updates

---
 tests/bug-5162/test.yaml                     |  1 +
 tests/dcerpc-smb-fail/test.yaml              |  1 +
 tests/dcerpc/dcerpc-dce-iface-01/test.yaml   |  2 +-
 tests/dcerpc/dcerpc-dce-stub-data/test.rules |  4 ++++
 tests/dcerpc/dcerpc-dce-stub-data/test.yaml  | 17 +++++++++++++++++
 5 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/tests/bug-5162/test.yaml b/tests/bug-5162/test.yaml
index 0e9396bc3..169cd4101 100644
--- a/tests/bug-5162/test.yaml
+++ b/tests/bug-5162/test.yaml
@@ -3,6 +3,7 @@ args:
 
 checks:
 - filter:
+    min-version: 6
     count: 1445
     match:
       event_type: dcerpc
diff --git a/tests/dcerpc-smb-fail/test.yaml b/tests/dcerpc-smb-fail/test.yaml
index ef1c9171b..005930835 100644
--- a/tests/dcerpc-smb-fail/test.yaml
+++ b/tests/dcerpc-smb-fail/test.yaml
@@ -3,6 +3,7 @@ args:
 
 checks:
 - filter:
+    min-version: 6
     count: 1445
     match:
       event_type: dcerpc
diff --git a/tests/dcerpc/dcerpc-dce-iface-01/test.yaml b/tests/dcerpc/dcerpc-dce-iface-01/test.yaml
index 81d280773..8b8c969ed 100644
--- a/tests/dcerpc/dcerpc-dce-iface-01/test.yaml
+++ b/tests/dcerpc/dcerpc-dce-iface-01/test.yaml
@@ -1,5 +1,5 @@
 requires:
-  min-version: 7
+  min-version: 6
   features:
     - HAVE_LIBJANSSON
 
diff --git a/tests/dcerpc/dcerpc-dce-stub-data/test.rules b/tests/dcerpc/dcerpc-dce-stub-data/test.rules
index ba9609450..fbc992984 100644
--- a/tests/dcerpc/dcerpc-dce-stub-data/test.rules
+++ b/tests/dcerpc/dcerpc-dce-stub-data/test.rules
@@ -1,3 +1,7 @@
 alert tcp any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00 00 00 00 01 00 00|"; sid:1;)
 alert tcp any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00|"; sid:2;)
 alert tcp any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|01 09 00|"; sid:3;)
+
+alert dcerpc any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00 00 00 00 01 00 00|"; sid:11;)
+alert dcerpc any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|09 00|"; sid:12;)
+alert dcerpc any any -> any any (msg:"DCE stub data";flow:established,to_server; dcerpc.stub_data; content:"|01 09 00|"; sid:13;)
diff --git a/tests/dcerpc/dcerpc-dce-stub-data/test.yaml b/tests/dcerpc/dcerpc-dce-stub-data/test.yaml
index 389fbe9b3..92160925b 100644
--- a/tests/dcerpc/dcerpc-dce-stub-data/test.yaml
+++ b/tests/dcerpc/dcerpc-dce-stub-data/test.yaml
@@ -28,6 +28,23 @@ checks:
     match:
       event_type: alert
       alert.signature_id: 3
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 11
+      pcap_cnt: 10
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 12
+      pcap_cnt: 10
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 13
 - filter:
     count: 1
     match:
-- 
2.47.2