From cec72467981214dde0be4aad54d290ede96063d4 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 28 Jan 2025 16:38:53 -0600 Subject: [PATCH] dns-response-rrname-sticky-buffer: update for keyword rename And rename the test to match the keyword. Add ticket reference to README. --- tests/dns/dns-response-rrname-sticky-buffer/README.md | 6 ++++++ tests/dns/dns-response-rrname-sticky-buffer/test.rules | 5 +++++ .../test.yaml | 0 tests/dns/dns-response-sticky-buffer/README.md | 4 ---- tests/dns/dns-response-sticky-buffer/test.rules | 5 ----- 5 files changed, 11 insertions(+), 9 deletions(-) create mode 100644 tests/dns/dns-response-rrname-sticky-buffer/README.md create mode 100644 tests/dns/dns-response-rrname-sticky-buffer/test.rules rename tests/dns/{dns-response-sticky-buffer => dns-response-rrname-sticky-buffer}/test.yaml (100%) delete mode 100644 tests/dns/dns-response-sticky-buffer/README.md delete mode 100644 tests/dns/dns-response-sticky-buffer/test.rules diff --git a/tests/dns/dns-response-rrname-sticky-buffer/README.md b/tests/dns/dns-response-rrname-sticky-buffer/README.md new file mode 100644 index 000000000..57d34441c --- /dev/null +++ b/tests/dns/dns-response-rrname-sticky-buffer/README.md @@ -0,0 +1,6 @@ +Test the 'dns.response.rrname' sticky buffer. + +This test verifies that data in a name field or an rdata field +of a DNS response will trigger a signature. + +Ticket: https://redmine.openinfosecfoundation.org/issues/7012 diff --git a/tests/dns/dns-response-rrname-sticky-buffer/test.rules b/tests/dns/dns-response-rrname-sticky-buffer/test.rules new file mode 100644 index 000000000..688f5e602 --- /dev/null +++ b/tests/dns/dns-response-rrname-sticky-buffer/test.rules @@ -0,0 +1,5 @@ +# Will alert on name field of Query section in response +alert dns any any -> any any (dns.response.rrname; content: "dne.oisf.net"; sid:1; rev:1;) + +# Will alert on rdata field of Authority section in response +alert dns any any -> any any (dns.response.rrname; content: "ns-110.awsdns-13.com"; sid:2; rev:1;) diff --git a/tests/dns/dns-response-sticky-buffer/test.yaml b/tests/dns/dns-response-rrname-sticky-buffer/test.yaml similarity index 100% rename from tests/dns/dns-response-sticky-buffer/test.yaml rename to tests/dns/dns-response-rrname-sticky-buffer/test.yaml diff --git a/tests/dns/dns-response-sticky-buffer/README.md b/tests/dns/dns-response-sticky-buffer/README.md deleted file mode 100644 index 413a47f9b..000000000 --- a/tests/dns/dns-response-sticky-buffer/README.md +++ /dev/null @@ -1,4 +0,0 @@ -Test the 'dns.response' sticky buffer. - -This test verifies that data in a name field or an rdata field -of a DNS response will trigger a signature. \ No newline at end of file diff --git a/tests/dns/dns-response-sticky-buffer/test.rules b/tests/dns/dns-response-sticky-buffer/test.rules deleted file mode 100644 index 7b042d98b..000000000 --- a/tests/dns/dns-response-sticky-buffer/test.rules +++ /dev/null @@ -1,5 +0,0 @@ -# Will alert on name field of Query section in response -alert dns any any -> any any (dns.response; content: "dne.oisf.net"; sid:1; rev:1;) - -# Will alert on rdata field of Authority section in response -alert dns any any -> any any (dns.response; content: "ns-110.awsdns-13.com"; sid:2; rev:1;) -- 2.47.2