From ed0632e8834cc861f77c8e9ef211414617dc3400 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 18 Jan 2021 10:45:21 +0100 Subject: [PATCH] tests: add bug 2736 tests --- tests/bug-2736-01/23_6594.pcap | Bin 0 -> 123 bytes tests/bug-2736-01/test.rules | 6 ++++++ tests/bug-2736-01/test.yaml | 10 ++++++++++ tests/bug-2736-02/suricata.0400.pcap | Bin 0 -> 132 bytes tests/bug-2736-02/test.rules | 5 +++++ tests/bug-2736-02/test.yaml | 10 ++++++++++ 6 files changed, 31 insertions(+) create mode 100644 tests/bug-2736-01/23_6594.pcap create mode 100644 tests/bug-2736-01/test.rules create mode 100644 tests/bug-2736-01/test.yaml create mode 100644 tests/bug-2736-02/suricata.0400.pcap create mode 100644 tests/bug-2736-02/test.rules create mode 100644 tests/bug-2736-02/test.yaml diff --git a/tests/bug-2736-01/23_6594.pcap b/tests/bug-2736-01/23_6594.pcap new file mode 100644 index 0000000000000000000000000000000000000000..693cb8599b65e3455ac82fa9afd46c0e96f9c07a GIT binary patch literal 123 zc-p&ic+)~A1{MYcU}0bcl1zqgqu+_}G6VzJAk4*}4kR}nD%(G&gM-19fx(rHlYyZ@ zF!AYu6--PVKyZ(X!IZ)9P*Um?pngV(S$rw^dFdI6*@?-CDXF=YEGa2@#msrBB_IWi E0NooJOaK4? literal 0 Hc-jL100001 diff --git a/tests/bug-2736-01/test.rules b/tests/bug-2736-01/test.rules new file mode 100644 index 000000000..1af4b7994 --- /dev/null +++ b/tests/bug-2736-01/test.rules @@ -0,0 +1,6 @@ +alert dns any any -> any 53 ( \ +msg:"DNS - Transaction ID problem, DDNS"; \ +content:"|04|ddns|03|net|00|"; \ +classtype:trojan-activity; \ +sid:1; rev:1;) + diff --git a/tests/bug-2736-01/test.yaml b/tests/bug-2736-01/test.yaml new file mode 100644 index 000000000..63f19ae40 --- /dev/null +++ b/tests/bug-2736-01/test.yaml @@ -0,0 +1,10 @@ +requires: + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/bug-2736-02/suricata.0400.pcap b/tests/bug-2736-02/suricata.0400.pcap new file mode 100644 index 0000000000000000000000000000000000000000..57bafe2842f94ce5ed6fb0d9bb20a53768505798 GIT binary patch literal 132 zc-p&ic+)~A1{MYw`2U}Qfe}daT;-4XdYF+R2FM0sm#%25`6hE>`a0}tI2c?R82sv9 zGcYs=wrZ~ttV-tqf}7$DrVLga*0O-~GeS(`DK0I_OinCG)XhvOX3j54=Lt?t1`3r_ RCg-Q5G8L6FFvu`40sxPpA(a3C literal 0 Hc-jL100001 diff --git a/tests/bug-2736-02/test.rules b/tests/bug-2736-02/test.rules new file mode 100644 index 000000000..b47f3ad65 --- /dev/null +++ b/tests/bug-2736-02/test.rules @@ -0,0 +1,5 @@ +alert dns any any -> any 53 ( \ +msg:"DNS - Transaction ID problem, suricata"; \ +content:"suricata"; \ +classtype:trojan-activity; \ +sid:2; rev:1;) diff --git a/tests/bug-2736-02/test.yaml b/tests/bug-2736-02/test.yaml new file mode 100644 index 000000000..eb2358d37 --- /dev/null +++ b/tests/bug-2736-02/test.yaml @@ -0,0 +1,10 @@ +requires: + features: + - HAVE_LIBJANSSON + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2 -- 2.47.2