From 4309798e0d3d6d1c90d898c642b789d064e3c670 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Fri, 14 Jun 2024 10:24:00 +0200 Subject: [PATCH] detect: move http uri unit tests to SV Ticket: 3725 --- .../DetectEngineHttpRawUriTest01/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 600 bytes .../DetectEngineHttpRawUriTest01/test.rules | 1 + .../DetectEngineHttpRawUriTest01/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest02/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 513 bytes .../DetectEngineHttpRawUriTest02/test.rules | 1 + .../DetectEngineHttpRawUriTest02/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest03/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 600 bytes .../DetectEngineHttpRawUriTest03/test.rules | 1 + .../DetectEngineHttpRawUriTest03/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest04/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 600 bytes .../DetectEngineHttpRawUriTest04/test.rules | 1 + .../DetectEngineHttpRawUriTest04/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest05/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest05/test.rules | 1 + .../DetectEngineHttpRawUriTest05/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest06/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest06/test.rules | 1 + .../DetectEngineHttpRawUriTest06/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest07/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest07/test.rules | 1 + .../DetectEngineHttpRawUriTest07/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest08/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest08/test.rules | 1 + .../DetectEngineHttpRawUriTest08/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest09/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest09/test.rules | 1 + .../DetectEngineHttpRawUriTest09/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest10/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest10/test.rules | 1 + .../DetectEngineHttpRawUriTest10/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest11/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest11/test.rules | 1 + .../DetectEngineHttpRawUriTest11/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest12/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest12/test.rules | 1 + .../DetectEngineHttpRawUriTest12/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest13/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest13/test.rules | 1 + .../DetectEngineHttpRawUriTest13/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest14/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest14/test.rules | 1 + .../DetectEngineHttpRawUriTest14/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest15/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest15/test.rules | 1 + .../DetectEngineHttpRawUriTest15/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest16/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest16/test.rules | 1 + .../DetectEngineHttpRawUriTest16/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest21/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest21/test.rules | 1 + .../DetectEngineHttpRawUriTest21/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest22/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest22/test.rules | 1 + .../DetectEngineHttpRawUriTest22/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest23/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest23/test.rules | 1 + .../DetectEngineHttpRawUriTest23/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest24/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest24/test.rules | 1 + .../DetectEngineHttpRawUriTest24/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest25/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest25/test.rules | 1 + .../DetectEngineHttpRawUriTest25/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest26/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest26/test.rules | 1 + .../DetectEngineHttpRawUriTest26/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest27/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest27/test.rules | 1 + .../DetectEngineHttpRawUriTest27/test.yaml | 13 ++++++++++++ .../DetectEngineHttpRawUriTest28/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 506 bytes .../DetectEngineHttpRawUriTest28/test.rules | 1 + .../DetectEngineHttpRawUriTest28/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest29/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 342 bytes .../DetectEngineHttpRawUriTest29/test.rules | 1 + .../DetectEngineHttpRawUriTest29/test.yaml | 12 +++++++++++ .../DetectEngineHttpRawUriTest30/README.md | 3 +++ .../test.fpc.pcap | Bin 0 -> 342 bytes .../DetectEngineHttpRawUriTest30/test.rules | 1 + .../DetectEngineHttpRawUriTest30/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig01/README.md | 3 +++ .../UriTestSig01/test.fpc.pcap | Bin 0 -> 478 bytes tests/detect-http-uri/UriTestSig01/test.rules | 1 + tests/detect-http-uri/UriTestSig01/test.yaml | 19 ++++++++++++++++++ tests/detect-http-uri/UriTestSig02/README.md | 3 +++ .../UriTestSig02/test.fpc.pcap | Bin 0 -> 473 bytes tests/detect-http-uri/UriTestSig02/test.rules | 1 + tests/detect-http-uri/UriTestSig02/test.yaml | 13 ++++++++++++ tests/detect-http-uri/UriTestSig03/README.md | 3 +++ .../UriTestSig03/test.fpc.pcap | Bin 0 -> 478 bytes tests/detect-http-uri/UriTestSig03/test.rules | 1 + tests/detect-http-uri/UriTestSig03/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig04/README.md | 3 +++ .../UriTestSig04/test.fpc.pcap | Bin 0 -> 478 bytes tests/detect-http-uri/UriTestSig04/test.rules | 1 + tests/detect-http-uri/UriTestSig04/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig05/README.md | 3 +++ .../UriTestSig05/test.fpc.pcap | Bin 0 -> 478 bytes tests/detect-http-uri/UriTestSig05/test.rules | 1 + tests/detect-http-uri/UriTestSig05/test.yaml | 13 ++++++++++++ tests/detect-http-uri/UriTestSig06/README.md | 3 +++ .../UriTestSig06/test.fpc.pcap | Bin 0 -> 487 bytes tests/detect-http-uri/UriTestSig06/test.rules | 1 + tests/detect-http-uri/UriTestSig06/test.yaml | 13 ++++++++++++ tests/detect-http-uri/UriTestSig07/README.md | 3 +++ .../UriTestSig07/test.fpc.pcap | Bin 0 -> 490 bytes tests/detect-http-uri/UriTestSig07/test.rules | 1 + tests/detect-http-uri/UriTestSig07/test.yaml | 19 ++++++++++++++++++ tests/detect-http-uri/UriTestSig08/README.md | 3 +++ .../UriTestSig08/test.fpc.pcap | Bin 0 -> 490 bytes tests/detect-http-uri/UriTestSig08/test.rules | 1 + tests/detect-http-uri/UriTestSig08/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig09/README.md | 3 +++ .../UriTestSig09/test.fpc.pcap | Bin 0 -> 490 bytes tests/detect-http-uri/UriTestSig09/test.rules | 1 + tests/detect-http-uri/UriTestSig09/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig12/README.md | 3 +++ .../UriTestSig12/test.fpc.pcap | Bin 0 -> 490 bytes tests/detect-http-uri/UriTestSig12/test.rules | 1 + tests/detect-http-uri/UriTestSig12/test.yaml | 13 ++++++++++++ tests/detect-http-uri/UriTestSig13/README.md | 3 +++ .../UriTestSig13/test.fpc.pcap | Bin 0 -> 478 bytes tests/detect-http-uri/UriTestSig13/test.rules | 1 + tests/detect-http-uri/UriTestSig13/test.yaml | 19 ++++++++++++++++++ tests/detect-http-uri/UriTestSig14/README.md | 3 +++ .../UriTestSig14/test.fpc.pcap | Bin 0 -> 478 bytes tests/detect-http-uri/UriTestSig14/test.rules | 1 + tests/detect-http-uri/UriTestSig14/test.yaml | 19 ++++++++++++++++++ tests/detect-http-uri/UriTestSig15/README.md | 3 +++ .../UriTestSig15/test.fpc.pcap | Bin 0 -> 478 bytes tests/detect-http-uri/UriTestSig15/test.rules | 1 + tests/detect-http-uri/UriTestSig15/test.yaml | 19 ++++++++++++++++++ tests/detect-http-uri/UriTestSig16/README.md | 3 +++ .../UriTestSig16/test.fpc.pcap | Bin 0 -> 514 bytes tests/detect-http-uri/UriTestSig16/test.rules | 1 + tests/detect-http-uri/UriTestSig16/test.yaml | 13 ++++++++++++ tests/detect-http-uri/UriTestSig17/README.md | 3 +++ .../UriTestSig17/test.fpc.pcap | Bin 0 -> 355 bytes tests/detect-http-uri/UriTestSig17/test.rules | 1 + tests/detect-http-uri/UriTestSig17/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig18/README.md | 3 +++ .../UriTestSig18/test.fpc.pcap | Bin 0 -> 362 bytes tests/detect-http-uri/UriTestSig18/test.rules | 1 + tests/detect-http-uri/UriTestSig18/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig19/README.md | 3 +++ .../UriTestSig19/test.fpc.pcap | Bin 0 -> 360 bytes tests/detect-http-uri/UriTestSig19/test.rules | 1 + tests/detect-http-uri/UriTestSig19/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig20/README.md | 3 +++ .../UriTestSig20/test.fpc.pcap | Bin 0 -> 349 bytes tests/detect-http-uri/UriTestSig20/test.rules | 1 + tests/detect-http-uri/UriTestSig20/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig21/README.md | 3 +++ .../UriTestSig21/test.fpc.pcap | Bin 0 -> 362 bytes tests/detect-http-uri/UriTestSig21/test.rules | 1 + tests/detect-http-uri/UriTestSig21/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig22/README.md | 3 +++ .../UriTestSig22/test.fpc.pcap | Bin 0 -> 366 bytes tests/detect-http-uri/UriTestSig22/test.rules | 1 + tests/detect-http-uri/UriTestSig22/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig23/README.md | 3 +++ .../UriTestSig23/test.fpc.pcap | Bin 0 -> 362 bytes tests/detect-http-uri/UriTestSig23/test.rules | 1 + tests/detect-http-uri/UriTestSig23/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig24/README.md | 3 +++ .../UriTestSig24/test.fpc.pcap | Bin 0 -> 362 bytes tests/detect-http-uri/UriTestSig24/test.rules | 1 + tests/detect-http-uri/UriTestSig24/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig25/README.md | 3 +++ .../UriTestSig25/test.fpc.pcap | Bin 0 -> 338 bytes tests/detect-http-uri/UriTestSig25/test.rules | 1 + tests/detect-http-uri/UriTestSig25/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig26/README.md | 3 +++ .../UriTestSig26/test.fpc.pcap | Bin 0 -> 362 bytes tests/detect-http-uri/UriTestSig26/test.rules | 1 + tests/detect-http-uri/UriTestSig26/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig27/README.md | 3 +++ .../UriTestSig27/test.fpc.pcap | Bin 0 -> 362 bytes tests/detect-http-uri/UriTestSig27/test.rules | 1 + tests/detect-http-uri/UriTestSig27/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig28/README.md | 3 +++ .../UriTestSig28/test.fpc.pcap | Bin 0 -> 350 bytes tests/detect-http-uri/UriTestSig28/test.rules | 1 + tests/detect-http-uri/UriTestSig28/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig29/README.md | 3 +++ .../UriTestSig29/test.fpc.pcap | Bin 0 -> 350 bytes tests/detect-http-uri/UriTestSig29/test.rules | 1 + tests/detect-http-uri/UriTestSig29/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig30/README.md | 3 +++ .../UriTestSig30/test.fpc.pcap | Bin 0 -> 350 bytes tests/detect-http-uri/UriTestSig30/test.rules | 1 + tests/detect-http-uri/UriTestSig30/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig31/README.md | 3 +++ .../UriTestSig31/test.fpc.pcap | Bin 0 -> 350 bytes tests/detect-http-uri/UriTestSig31/test.rules | 1 + tests/detect-http-uri/UriTestSig31/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig32/README.md | 3 +++ .../UriTestSig32/test.fpc.pcap | Bin 0 -> 350 bytes tests/detect-http-uri/UriTestSig32/test.rules | 1 + tests/detect-http-uri/UriTestSig32/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig33/README.md | 3 +++ .../UriTestSig33/test.fpc.pcap | Bin 0 -> 338 bytes tests/detect-http-uri/UriTestSig33/test.rules | 1 + tests/detect-http-uri/UriTestSig33/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig34/README.md | 3 +++ .../UriTestSig34/test.fpc.pcap | Bin 0 -> 338 bytes tests/detect-http-uri/UriTestSig34/test.rules | 1 + tests/detect-http-uri/UriTestSig34/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig35/README.md | 3 +++ .../UriTestSig35/test.fpc.pcap | Bin 0 -> 338 bytes tests/detect-http-uri/UriTestSig35/test.rules | 1 + tests/detect-http-uri/UriTestSig35/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig36/README.md | 3 +++ .../UriTestSig36/test.fpc.pcap | Bin 0 -> 338 bytes tests/detect-http-uri/UriTestSig36/test.rules | 1 + tests/detect-http-uri/UriTestSig36/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig37/README.md | 3 +++ .../UriTestSig37/test.fpc.pcap | Bin 0 -> 338 bytes tests/detect-http-uri/UriTestSig37/test.rules | 1 + tests/detect-http-uri/UriTestSig37/test.yaml | 12 +++++++++++ tests/detect-http-uri/UriTestSig38/README.md | 3 +++ .../UriTestSig38/test.fpc.pcap | Bin 0 -> 338 bytes tests/detect-http-uri/UriTestSig38/test.rules | 1 + tests/detect-http-uri/UriTestSig38/test.yaml | 12 +++++++++++ 248 files changed, 1045 insertions(+) create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules create mode 100644 tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig01/README.md create mode 100644 tests/detect-http-uri/UriTestSig01/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig01/test.rules create mode 100644 tests/detect-http-uri/UriTestSig01/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig02/README.md create mode 100644 tests/detect-http-uri/UriTestSig02/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig02/test.rules create mode 100644 tests/detect-http-uri/UriTestSig02/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig03/README.md create mode 100644 tests/detect-http-uri/UriTestSig03/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig03/test.rules create mode 100644 tests/detect-http-uri/UriTestSig03/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig04/README.md create mode 100644 tests/detect-http-uri/UriTestSig04/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig04/test.rules create mode 100644 tests/detect-http-uri/UriTestSig04/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig05/README.md create mode 100644 tests/detect-http-uri/UriTestSig05/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig05/test.rules create mode 100644 tests/detect-http-uri/UriTestSig05/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig06/README.md create mode 100644 tests/detect-http-uri/UriTestSig06/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig06/test.rules create mode 100644 tests/detect-http-uri/UriTestSig06/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig07/README.md create mode 100644 tests/detect-http-uri/UriTestSig07/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig07/test.rules create mode 100644 tests/detect-http-uri/UriTestSig07/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig08/README.md create mode 100644 tests/detect-http-uri/UriTestSig08/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig08/test.rules create mode 100644 tests/detect-http-uri/UriTestSig08/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig09/README.md create mode 100644 tests/detect-http-uri/UriTestSig09/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig09/test.rules create mode 100644 tests/detect-http-uri/UriTestSig09/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig12/README.md create mode 100644 tests/detect-http-uri/UriTestSig12/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig12/test.rules create mode 100644 tests/detect-http-uri/UriTestSig12/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig13/README.md create mode 100644 tests/detect-http-uri/UriTestSig13/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig13/test.rules create mode 100644 tests/detect-http-uri/UriTestSig13/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig14/README.md create mode 100644 tests/detect-http-uri/UriTestSig14/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig14/test.rules create mode 100644 tests/detect-http-uri/UriTestSig14/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig15/README.md create mode 100644 tests/detect-http-uri/UriTestSig15/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig15/test.rules create mode 100644 tests/detect-http-uri/UriTestSig15/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig16/README.md create mode 100644 tests/detect-http-uri/UriTestSig16/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig16/test.rules create mode 100644 tests/detect-http-uri/UriTestSig16/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig17/README.md create mode 100644 tests/detect-http-uri/UriTestSig17/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig17/test.rules create mode 100644 tests/detect-http-uri/UriTestSig17/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig18/README.md create mode 100644 tests/detect-http-uri/UriTestSig18/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig18/test.rules create mode 100644 tests/detect-http-uri/UriTestSig18/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig19/README.md create mode 100644 tests/detect-http-uri/UriTestSig19/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig19/test.rules create mode 100644 tests/detect-http-uri/UriTestSig19/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig20/README.md create mode 100644 tests/detect-http-uri/UriTestSig20/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig20/test.rules create mode 100644 tests/detect-http-uri/UriTestSig20/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig21/README.md create mode 100644 tests/detect-http-uri/UriTestSig21/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig21/test.rules create mode 100644 tests/detect-http-uri/UriTestSig21/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig22/README.md create mode 100644 tests/detect-http-uri/UriTestSig22/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig22/test.rules create mode 100644 tests/detect-http-uri/UriTestSig22/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig23/README.md create mode 100644 tests/detect-http-uri/UriTestSig23/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig23/test.rules create mode 100644 tests/detect-http-uri/UriTestSig23/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig24/README.md create mode 100644 tests/detect-http-uri/UriTestSig24/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig24/test.rules create mode 100644 tests/detect-http-uri/UriTestSig24/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig25/README.md create mode 100644 tests/detect-http-uri/UriTestSig25/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig25/test.rules create mode 100644 tests/detect-http-uri/UriTestSig25/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig26/README.md create mode 100644 tests/detect-http-uri/UriTestSig26/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig26/test.rules create mode 100644 tests/detect-http-uri/UriTestSig26/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig27/README.md create mode 100644 tests/detect-http-uri/UriTestSig27/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig27/test.rules create mode 100644 tests/detect-http-uri/UriTestSig27/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig28/README.md create mode 100644 tests/detect-http-uri/UriTestSig28/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig28/test.rules create mode 100644 tests/detect-http-uri/UriTestSig28/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig29/README.md create mode 100644 tests/detect-http-uri/UriTestSig29/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig29/test.rules create mode 100644 tests/detect-http-uri/UriTestSig29/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig30/README.md create mode 100644 tests/detect-http-uri/UriTestSig30/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig30/test.rules create mode 100644 tests/detect-http-uri/UriTestSig30/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig31/README.md create mode 100644 tests/detect-http-uri/UriTestSig31/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig31/test.rules create mode 100644 tests/detect-http-uri/UriTestSig31/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig32/README.md create mode 100644 tests/detect-http-uri/UriTestSig32/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig32/test.rules create mode 100644 tests/detect-http-uri/UriTestSig32/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig33/README.md create mode 100644 tests/detect-http-uri/UriTestSig33/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig33/test.rules create mode 100644 tests/detect-http-uri/UriTestSig33/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig34/README.md create mode 100644 tests/detect-http-uri/UriTestSig34/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig34/test.rules create mode 100644 tests/detect-http-uri/UriTestSig34/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig35/README.md create mode 100644 tests/detect-http-uri/UriTestSig35/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig35/test.rules create mode 100644 tests/detect-http-uri/UriTestSig35/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig36/README.md create mode 100644 tests/detect-http-uri/UriTestSig36/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig36/test.rules create mode 100644 tests/detect-http-uri/UriTestSig36/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig37/README.md create mode 100644 tests/detect-http-uri/UriTestSig37/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig37/test.rules create mode 100644 tests/detect-http-uri/UriTestSig37/test.yaml create mode 100644 tests/detect-http-uri/UriTestSig38/README.md create mode 100644 tests/detect-http-uri/UriTestSig38/test.fpc.pcap create mode 100644 tests/detect-http-uri/UriTestSig38/test.rules create mode 100644 tests/detect-http-uri/UriTestSig38/test.yaml diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md new file mode 100644 index 000000000..26e55dafd --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest01 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..5e029d577f4bc17aa900fef4a63c83c41f258a61 GIT binary patch literal 600 zc-oDS-%0{O7{zB+DOgxAFT;!P(jaFXTmQ7%g%PF~20|-znYyDcxijLfsonG}y+W_h zEA%Q|+f2Jr5rV@U4t!_MkB@nOdwnrb7JZ-XHu2++!o7Aom7&x^sEkk(H4hMaMhI)6 zUf#~7-MNvpjqG-dGnqrpznkr=!ckF=`2lsLbLw7UEFH)u5 z#y;J4%L7UX9nhh+k!I;%0-Pve;ld8q(Qg(d)F;z8oI%I)dXy1nnH?F$4y;xyBIjHL zVk{#*8q1~d2XP<;k&B6C_9MP1T~4@APjBQ?Fq;i%m6V})$CwL!7rKF1t|6#3YA$e5 z>fgGscyt&!Cydljpv^}Ql2*#)b5^M^xDFP4EZ6jmR7u@3ucU|-y5w!<+<};{W2%?@ n3A$WN;;936%`z?1n+6f6>o3D_14HR=*xymeqi8VUUs2@~w03 any any (msg:"http raw uri test"; content:"../c/./d"; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest01/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md new file mode 100644 index 000000000..c79fe4b7e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest02 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..20b15f2b1ec3c928b6862f7c66446206f3de2d6c GIT binary patch literal 513 zc-oDQ%}T>S6h>##q7VpZ!Hu}M%L;ZTQ~P6+O+{+Es1Ps(m$uEc9c*VplG@gd&*Cfi z3ciA`;yO-9#DxeQ?#H*da}M|O zi;wqV`#m2hA#_Y9SxqUS0a+xgB@BGuqm0;=IZ$!pz-F@{D&$hgnTq*zrq(hTCqhZ0 zqPb;`Vjk75=UnQqcj`qfmt)!_HdG%Nb7ADdP{{QbMC+>M0++SXy$jK^!$^lP(msbi zpFSyCx9twA*BRW3h|koPUXmthTjq_DiB{MAUC13s_%@;0k-v)}m-A%d0P9$$W%>&d PgPvf$TJ2z>f*tz?H^FPe literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules new file mode 100644 index 000000000..1674e81f1 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/c/./d"; http_raw_uri; offset:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest02/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md new file mode 100644 index 000000000..8817feb5d --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest03 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..be91e764417cbd59db500e5e2f60c2fac4b1c706 GIT binary patch literal 600 zc-oDS(MrQG7=@E=C=?1~m!c5wCb*=nb#v{_MCNuep+9EZu7=x@fCap zU%^-Lx+b=wB7=n-4*VzQ<0tQLuP+Lyg71^(g&%wz-b=SiDMCE}bO5@by9dBC08k3J zb*ol(W2I;-)jWrl%D!a49T;^BxJYDz1LOLChU}e|DjAI}dqBZ~ZmnR*Zbi6Ls_eFR z>GpdbA{Y~&jHOAG{G?-8s6fG^EvVXW)P!IX;90hqqk-qS#K5|y4tSc`Xti2l9#a;v zDNpHS%9kwgvxqaylTcGfDNUM}A!Xv}4S$N}bDx}J9X0L@!$Bhl4I{Q(qo{S!au8+B z(XE4$N87+1Y~c0@>eI;sC#J4<4AV5wb(GL4Uz0O@j@z1g#aSlMO>YxZ8)bBz5xL|~ nFr+NZW;U`~nyRVZEJ~5M!E&+KpfL|N#^2F`rl}v&ugLrap>2H% literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules new file mode 100644 index 000000000..93e2e880e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/a/b"; http_raw_uri; offset:10; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest03/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md new file mode 100644 index 000000000..6365631e5 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest04 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..be91e764417cbd59db500e5e2f60c2fac4b1c706 GIT binary patch literal 600 zc-oDS(MrQG7=@E=C=?1~m!c5wCb*=nb#v{_MCNuep+9EZu7=x@fCap zU%^-Lx+b=wB7=n-4*VzQ<0tQLuP+Lyg71^(g&%wz-b=SiDMCE}bO5@by9dBC08k3J zb*ol(W2I;-)jWrl%D!a49T;^BxJYDz1LOLChU}e|DjAI}dqBZ~ZmnR*Zbi6Ls_eFR z>GpdbA{Y~&jHOAG{G?-8s6fG^EvVXW)P!IX;90hqqk-qS#K5|y4tSc`Xti2l9#a;v zDNpHS%9kwgvxqaylTcGfDNUM}A!Xv}4S$N}bDx}J9X0L@!$Bhl4I{Q(qo{S!au8+B z(XE4$N87+1Y~c0@>eI;sC#J4<4AV5wb(GL4Uz0O@j@z1g#aSlMO>YxZ8)bBz5xL|~ nFr+NZW;U`~nyRVZEJ~5M!E&+KpfL|N#^2F`rl}v&ugLrap>2H% literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules new file mode 100644 index 000000000..d06f2efe8 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/a/b"; http_raw_uri; offset:10; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest04/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md new file mode 100644 index 000000000..a264b220c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest05 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f21839ebb3970ef41d30c9646b46f072752ec26d GIT binary patch literal 506 zc-oE7!Aiq07zgk#?NBHLMvvklM-ML9q=@u1kl_vJNwFEVC!fVv@DUVz z0$;^*O>AU}3>Nz5gMR#fgnYccJbN&LpVRllJo!Amvomt>OcnrBfH};M0G;wqn+?FZAx>oYy@L{_PlI%_z%gp{skco_KH9973+fr2vS;~!S#CoH) zGD~%-BvlVN4z88dLh1?cY7rAH9yPPfZgDGQu8WvNmpH%yFUp3PFWXjCM^-B9W`BQG MqG{4xe6KFP0L|NE?*IS* literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules new file mode 100644 index 000000000..d00585c1b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"a/b"; http_raw_uri; depth:10; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest05/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md new file mode 100644 index 000000000..09dae06b4 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest06 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f21839ebb3970ef41d30c9646b46f072752ec26d GIT binary patch literal 506 zc-oE7!Aiq07zgk#?NBHLMvvklM-ML9q=@u1kl_vJNwFEVC!fVv@DUVz z0$;^*O>AU}3>Nz5gMR#fgnYccJbN&LpVRllJo!Amvomt>OcnrBfH};M0G;wqn+?FZAx>oYy@L{_PlI%_z%gp{skco_KH9973+fr2vS;~!S#CoH) zGD~%-BvlVN4z88dLh1?cY7rAH9yPPfZgDGQu8WvNmpH%yFUp3PFWXjCM^-B9W`BQG MqG{4xe6KFP0L|NE?*IS* literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules new file mode 100644 index 000000000..2adcc7112 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/a/b"; http_raw_uri; depth:25; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest06/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md new file mode 100644 index 000000000..b23548403 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest07 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f21839ebb3970ef41d30c9646b46f072752ec26d GIT binary patch literal 506 zc-oE7!Aiq07zgk#?NBHLMvvklM-ML9q=@u1kl_vJNwFEVC!fVv@DUVz z0$;^*O>AU}3>Nz5gMR#fgnYccJbN&LpVRllJo!Amvomt>OcnrBfH};M0G;wqn+?FZAx>oYy@L{_PlI%_z%gp{skco_KH9973+fr2vS;~!S#CoH) zGD~%-BvlVN4z88dLh1?cY7rAH9yPPfZgDGQu8WvNmpH%yFUp3PFWXjCM^-B9W`BQG MqG{4xe6KFP0L|NE?*IS* literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules new file mode 100644 index 000000000..7561f001b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/c/./d"; http_raw_uri; depth:12; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest07/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md new file mode 100644 index 000000000..8941b0fad --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest08 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e0b9c22c568283ca231bfe9dc42ef46c5cfd2225 GIT binary patch literal 506 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s|=CE&4>AQ5J}00UYRVBDrf?&hk_0j$Szk{-MK7ZyH%GxE zBqTuJP|tvu%Ok(I#7d#Oyj(B8AT=*DFD<_~H90N6G%qEwBr`uxFTW_Am&-XnuOv0E zL^q_eAk|8tB(41eQH63- Mi;EM}Q^8V30J@=M?EnA( literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules new file mode 100644 index 000000000..79f367b92 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:!"/c/./d"; http_raw_uri; depth:18; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest08/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md new file mode 100644 index 000000000..ed77b8bc8 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest09 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules new file mode 100644 index 000000000..518ab6c8f --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/a"; http_raw_uri; content:"./c/."; http_raw_uri; within:9; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest09/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md new file mode 100644 index 000000000..85eb1f6ad --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest10 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules new file mode 100644 index 000000000..eed792e41 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"/a"; http_raw_uri; content:!"boom"; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest10/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md new file mode 100644 index 000000000..cfe6dbc81 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest11 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules new file mode 100644 index 000000000..9de7cbfe3 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"boom"; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest11/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md new file mode 100644 index 000000000..8a6dbf317 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest12 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules new file mode 100644 index 000000000..1b1373031 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"/b/.."; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest12/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md new file mode 100644 index 000000000..2a021b624 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest13 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules new file mode 100644 index 000000000..f71c53818 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"/c/."; http_raw_uri; distance:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest13/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md new file mode 100644 index 000000000..1bacf167b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest14 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules new file mode 100644 index 000000000..36d207334 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"b/.."; http_raw_uri; distance:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest14/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md new file mode 100644 index 000000000..00fc88778 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest15 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules new file mode 100644 index 000000000..c68b962a0 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:"/c/"; http_raw_uri; distance:7; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest15/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md new file mode 100644 index 000000000..54cf012cd --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest16 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules new file mode 100644 index 000000000..af6503d4a --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; content:"./a"; http_raw_uri; content:!"/c/"; http_raw_uri; distance:4; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest16/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md new file mode 100644 index 000000000..c7c14099a --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest21 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules new file mode 100644 index 000000000..71e377c85 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; http_raw_uri; within:5; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest21/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md new file mode 100644 index 000000000..a9a7712d5 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest22 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules new file mode 100644 index 000000000..7c8241c6e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; within:5; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest22/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md new file mode 100644 index 000000000..0e05e2c6b --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest23 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules new file mode 100644 index 000000000..f3a4779e3 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; distance:3; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest23/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md new file mode 100644 index 000000000..d328f8fe4 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest24 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules new file mode 100644 index 000000000..893366793 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:!"/c/"; distance:10; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest24/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md new file mode 100644 index 000000000..f3ae6c0ab --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest25 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules new file mode 100644 index 000000000..97073c825 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; within:10; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest25/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md new file mode 100644 index 000000000..db7bc008e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest26 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules new file mode 100644 index 000000000..ce1546fbd --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; within:5; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest26/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md new file mode 100644 index 000000000..556953ec5 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest27 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules new file mode 100644 index 000000000..3893b8d90 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; distance:5; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest27/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md new file mode 100644 index 000000000..c8e165377 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest28 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..a7125d14d1c211177f882c2f3673765658a49649 GIT binary patch literal 506 zc-oE7u}Z`+7zgk#?V(U89390Wqk|?_sSceE0U1w zri9SkBKCRSTpaSc0||a3bY+P(CA1)wZtn1sv5dxK76wbHbc(yKBeLb978|MfdLy@@ z$aO6Rk@sa7TuGt1&}Xb~d5SfE(9|+NiyJOVU8Oj=41+LWRjsi3ifz;McqNNI{`;%p LO64X0TAhCaw*+MD literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules new file mode 100644 index 000000000..1652561b0 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.rules @@ -0,0 +1 @@ +alert http any any -> any any (msg:"http raw uri test"; pcre:/\.\/a/I; content:"/c/"; distance:10; http_raw_uri; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest28/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md new file mode 100644 index 000000000..37e6540b4 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest29 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b6bf894f2b81a30c5a4acc1d95c8d2e7382bff7e GIT binary patch literal 342 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H|ilKVbh|wG19~`2fucxPDbG literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules new file mode 100644 index 000000000..63e4a2d8d --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative raw uri contents"; content:"/c/"; http_raw_uri; isdataat:4,relative; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest29/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md new file mode 100644 index 000000000..33a3058e8 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test DetectEngineHttpRawUriTest30 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b6bf894f2b81a30c5a4acc1d95c8d2e7382bff7e GIT binary patch literal 342 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H|ilKVbh|wG19~`2fucxPDbG literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules new file mode 100644 index 000000000..13d6b93b7 --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative raw uri contents"; uricontent:"/c/"; isdataat:!10,relative; sid:1;) diff --git a/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/DetectEngineHttpRawUriTest30/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig01/README.md b/tests/detect-http-uri/UriTestSig01/README.md new file mode 100644 index 000000000..ee62fbf9c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig01/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig01 diff --git a/tests/detect-http-uri/UriTestSig01/test.fpc.pcap b/tests/detect-http-uri/UriTestSig01/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4a52341845fc9abb9d4c33b733e570ac42707a22 GIT binary patch literal 478 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@IHilKV5iP0P29~`2fpP!ei;1LoMpl_&Wz{?d{oLZ#on4X$fVx{1lUzM4YlL(P; w&d<-zOtn(TNX^N~PfjdJ&fw+Z=9g03@SVZ2$lO literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig01/test.rules b/tests/detect-http-uri/UriTestSig01/test.rules new file mode 100644 index 000000000..521cf8877 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig01/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig01/test.yaml b/tests/detect-http-uri/UriTestSig01/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig01/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig02/README.md b/tests/detect-http-uri/UriTestSig02/README.md new file mode 100644 index 000000000..ae733b230 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig02/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig02 diff --git a/tests/detect-http-uri/UriTestSig02/test.fpc.pcap b/tests/detect-http-uri/UriTestSig02/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f0080a87b7e8f1fcd561682391bdf9a4c450007a GIT binary patch literal 473 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@I1ilKV5h|wG19~`2fpP#4T5fT!hZ>VR$%N1IjTBPfko|;!;rQn-im6?;12$68k s&(F?GwNl7P&B@76PAo~z;N{}w0@)4<*L*03+MbQWc4ut1r;=|y05U06P5=M^ literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig02/test.rules b/tests/detect-http-uri/UriTestSig02/test.rules new file mode 100644 index 000000000..55e1c391f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig02/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/one/U; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig02/test.yaml b/tests/detect-http-uri/UriTestSig02/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig02/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig03/README.md b/tests/detect-http-uri/UriTestSig03/README.md new file mode 100644 index 000000000..7f94fbf73 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig03/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig03 diff --git a/tests/detect-http-uri/UriTestSig03/test.fpc.pcap b/tests/detect-http-uri/UriTestSig03/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4a52341845fc9abb9d4c33b733e570ac42707a22 GIT binary patch literal 478 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@IHilKV5iP0P29~`2fpP!ei;1LoMpl_&Wz{?d{oLZ#on4X$fVx{1lUzM4YlL(P; w&d<-zOtn(TNX^N~PfjdJ&fw+Z=9g03@SVZ2$lO literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig03/test.rules b/tests/detect-http-uri/UriTestSig03/test.rules new file mode 100644 index 000000000..ba6b90b84 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig03/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option"; pcre:/blah/U; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig03/test.yaml b/tests/detect-http-uri/UriTestSig03/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig03/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig04/README.md b/tests/detect-http-uri/UriTestSig04/README.md new file mode 100644 index 000000000..f8cc96911 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig04/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig04 diff --git a/tests/detect-http-uri/UriTestSig04/test.fpc.pcap b/tests/detect-http-uri/UriTestSig04/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4a52341845fc9abb9d4c33b733e570ac42707a22 GIT binary patch literal 478 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@IHilKV5iP0P29~`2fpP!ei;1LoMpl_&Wz{?d{oLZ#on4X$fVx{1lUzM4YlL(P; w&d<-zOtn(TNX^N~PfjdJ&fw+Z=9g03@SVZ2$lO literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig04/test.rules b/tests/detect-http-uri/UriTestSig04/test.rules new file mode 100644 index 000000000..b3b97b53f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig04/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test urilen option"; urilen:>20; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig04/test.yaml b/tests/detect-http-uri/UriTestSig04/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig04/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig05/README.md b/tests/detect-http-uri/UriTestSig05/README.md new file mode 100644 index 000000000..2a9557903 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig05/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig05 diff --git a/tests/detect-http-uri/UriTestSig05/test.fpc.pcap b/tests/detect-http-uri/UriTestSig05/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4a52341845fc9abb9d4c33b733e570ac42707a22 GIT binary patch literal 478 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@IHilKV5iP0P29~`2fpP!ei;1LoMpl_&Wz{?d{oLZ#on4X$fVx{1lUzM4YlL(P; w&d<-zOtn(TNX^N~PfjdJ&fw+Z=9g03@SVZ2$lO literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig05/test.rules b/tests/detect-http-uri/UriTestSig05/test.rules new file mode 100644 index 000000000..a79400efb --- /dev/null +++ b/tests/detect-http-uri/UriTestSig05/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test urilen option"; urilen:>4; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig05/test.yaml b/tests/detect-http-uri/UriTestSig05/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig05/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig06/README.md b/tests/detect-http-uri/UriTestSig06/README.md new file mode 100644 index 000000000..db1e08826 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig06/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig06 diff --git a/tests/detect-http-uri/UriTestSig06/test.fpc.pcap b/tests/detect-http-uri/UriTestSig06/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..44ea25f141957fe350a6b5d5387f9af978007891 GIT binary patch literal 487 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#VilKT-h|wG19~`2fpP!csM+zPxAp!b^dIr2)p~b01x{m3oc_mf~zWG&|IXQ_C y3FrL$?95avg^bjkoc!d(lH?3tE?zE>J3t{^48>4) any any (msg:"Test pcre /U option"; pcre:/(oneself)+/U; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig06/test.yaml b/tests/detect-http-uri/UriTestSig06/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig06/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig07/README.md b/tests/detect-http-uri/UriTestSig07/README.md new file mode 100644 index 000000000..6d3fdf014 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig07/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig07 diff --git a/tests/detect-http-uri/UriTestSig07/test.fpc.pcap b/tests/detect-http-uri/UriTestSig07/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3ecb8fdce55a40a23c0aecdd1b894e9f582df8cf GIT binary patch literal 490 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#VilKT-h|wG19~`2fpP!csM+zPxAp!b^dIr2)p~b01x{m3oc_mf~zWG&|IXQ_C y3FrL$?95avg^bjkoc!d(lH?3tE?zE>J3t{^2E|Z!6yb1(FD`c!r{<)Q?+O6EDqNxf literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig07/test.rules b/tests/detect-http-uri/UriTestSig07/test.rules new file mode 100644 index 000000000..b3f742a4e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig07/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option with urilen "; pcre:/(one){2,}(self)?/U; urilen:3<>20; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig07/test.yaml b/tests/detect-http-uri/UriTestSig07/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig07/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig08/README.md b/tests/detect-http-uri/UriTestSig08/README.md new file mode 100644 index 000000000..81c991182 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig08/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig08 diff --git a/tests/detect-http-uri/UriTestSig08/test.fpc.pcap b/tests/detect-http-uri/UriTestSig08/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3ecb8fdce55a40a23c0aecdd1b894e9f582df8cf GIT binary patch literal 490 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#VilKT-h|wG19~`2fpP!csM+zPxAp!b^dIr2)p~b01x{m3oc_mf~zWG&|IXQ_C y3FrL$?95avg^bjkoc!d(lH?3tE?zE>J3t{^2E|Z!6yb1(FD`c!r{<)Q?+O6EDqNxf literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig08/test.rules b/tests/detect-http-uri/UriTestSig08/test.rules new file mode 100644 index 000000000..b55e67719 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig08/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option with urilen"; pcre:/(blabla){2,}(self)?/U; urilen:3<>20; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig08/test.yaml b/tests/detect-http-uri/UriTestSig08/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig08/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig09/README.md b/tests/detect-http-uri/UriTestSig09/README.md new file mode 100644 index 000000000..aed59446a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig09/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig09 diff --git a/tests/detect-http-uri/UriTestSig09/test.fpc.pcap b/tests/detect-http-uri/UriTestSig09/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3ecb8fdce55a40a23c0aecdd1b894e9f582df8cf GIT binary patch literal 490 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#VilKT-h|wG19~`2fpP!csM+zPxAp!b^dIr2)p~b01x{m3oc_mf~zWG&|IXQ_C y3FrL$?95avg^bjkoc!d(lH?3tE?zE>J3t{^2E|Z!6yb1(FD`c!r{<)Q?+O6EDqNxf literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig09/test.rules b/tests/detect-http-uri/UriTestSig09/test.rules new file mode 100644 index 000000000..3d74c8999 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig09/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U option with urilen "; pcre:/(one){2,}(self)?/U; urilen:<2; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig09/test.yaml b/tests/detect-http-uri/UriTestSig09/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig09/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig12/README.md b/tests/detect-http-uri/UriTestSig12/README.md new file mode 100644 index 000000000..597b502f6 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig12/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig12 diff --git a/tests/detect-http-uri/UriTestSig12/test.fpc.pcap b/tests/detect-http-uri/UriTestSig12/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..3ecb8fdce55a40a23c0aecdd1b894e9f582df8cf GIT binary patch literal 490 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#VilKT-h|wG19~`2fpP!csM+zPxAp!b^dIr2)p~b01x{m3oc_mf~zWG&|IXQ_C y3FrL$?95avg^bjkoc!d(lH?3tE?zE>J3t{^2E|Z!6yb1(FD`c!r{<)Q?+O6EDqNxf literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig12/test.rules b/tests/detect-http-uri/UriTestSig12/test.rules new file mode 100644 index 000000000..f7b41ff30 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig12/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test pcre /U, uricontent and urilen option"; uricontent:"one"; pcre:/(one)+self/U; urilen:>2; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig12/test.yaml b/tests/detect-http-uri/UriTestSig12/test.yaml new file mode 100644 index 000000000..905eb726e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig12/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig13/README.md b/tests/detect-http-uri/UriTestSig13/README.md new file mode 100644 index 000000000..d4d3a8f17 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig13/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig13 diff --git a/tests/detect-http-uri/UriTestSig13/test.fpc.pcap b/tests/detect-http-uri/UriTestSig13/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4a52341845fc9abb9d4c33b733e570ac42707a22 GIT binary patch literal 478 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@IHilKV5iP0P29~`2fpP!ei;1LoMpl_&Wz{?d{oLZ#on4X$fVx{1lUzM4YlL(P; w&d<-zOtn(TNX^N~PfjdJ&fw+Z=9g03@SVZ2$lO literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig13/test.rules b/tests/detect-http-uri/UriTestSig13/test.rules new file mode 100644 index 000000000..f08201049 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig13/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test urilen option"; urilen:>2; uricontent:"one"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig13/test.yaml b/tests/detect-http-uri/UriTestSig13/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig13/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig14/README.md b/tests/detect-http-uri/UriTestSig14/README.md new file mode 100644 index 000000000..a2c94238f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig14/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig14 diff --git a/tests/detect-http-uri/UriTestSig14/test.fpc.pcap b/tests/detect-http-uri/UriTestSig14/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4a52341845fc9abb9d4c33b733e570ac42707a22 GIT binary patch literal 478 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@IHilKV5iP0P29~`2fpP!ei;1LoMpl_&Wz{?d{oLZ#on4X$fVx{1lUzM4YlL(P; w&d<-zOtn(TNX^N~PfjdJ&fw+Z=9g03@SVZ2$lO literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig14/test.rules b/tests/detect-http-uri/UriTestSig14/test.rules new file mode 100644 index 000000000..dfd8376f9 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig14/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; pcre:/one(self)?/U;sid:1;) diff --git a/tests/detect-http-uri/UriTestSig14/test.yaml b/tests/detect-http-uri/UriTestSig14/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig14/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig15/README.md b/tests/detect-http-uri/UriTestSig15/README.md new file mode 100644 index 000000000..1d1416d8a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig15/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig15 diff --git a/tests/detect-http-uri/UriTestSig15/test.fpc.pcap b/tests/detect-http-uri/UriTestSig15/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4a52341845fc9abb9d4c33b733e570ac42707a22 GIT binary patch literal 478 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@IHilKV5iP0P29~`2fpP!ei;1LoMpl_&Wz{?d{oLZ#on4X$fVx{1lUzM4YlL(P; w&d<-zOtn(TNX^N~PfjdJ&fw+Z=9g03@SVZ2$lO literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig15/test.rules b/tests/detect-http-uri/UriTestSig15/test.rules new file mode 100644 index 000000000..6e700a35b --- /dev/null +++ b/tests/detect-http-uri/UriTestSig15/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"Test uricontent option"; uricontent:"one"; pcre:/^\/one(self)?$/U;sid:1;) diff --git a/tests/detect-http-uri/UriTestSig15/test.yaml b/tests/detect-http-uri/UriTestSig15/test.yaml new file mode 100644 index 000000000..7abb9dbd0 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig15/test.yaml @@ -0,0 +1,19 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 4 + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 + pcap_cnt: 5 diff --git a/tests/detect-http-uri/UriTestSig16/README.md b/tests/detect-http-uri/UriTestSig16/README.md new file mode 100644 index 000000000..583227e0f --- /dev/null +++ b/tests/detect-http-uri/UriTestSig16/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig16 diff --git a/tests/detect-http-uri/UriTestSig16/test.fpc.pcap b/tests/detect-http-uri/UriTestSig16/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..794cd7c6f2bf2bf354a30a7a9b7a52546dc0d9ea GIT binary patch literal 514 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#kilKUIiP0P29~`2fU!0m)l$>E-XlrO>td>}4YYwCnlafusV?7gIE?zE>gFr#u3dK+dHR5nk e7*!p_%jKM(pPiX%rI3-DlarsESdyFpaufjdz+giF literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig16/test.rules b/tests/detect-http-uri/UriTestSig16/test.rules new file mode 100644 index 000000000..966d4650d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig16/test.rules @@ -0,0 +1 @@ +drop tcp any any -> any any (flow:to_server,established; uricontent:"/search?q="; pcre:"/^\/search\?q=[0-9]{1,3}(&aq=7(\?[0-9a-f]{8})?)?/U"; pcre:"/\x0d\x0aHost\: \d+\.\d+\.\d+\.\d+\x0d\x0a/"; sid:2009024; rev:9;) diff --git a/tests/detect-http-uri/UriTestSig16/test.yaml b/tests/detect-http-uri/UriTestSig16/test.yaml new file mode 100644 index 000000000..fadac05be --- /dev/null +++ b/tests/detect-http-uri/UriTestSig16/test.yaml @@ -0,0 +1,13 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 2009024 + pcap_cnt: 4 diff --git a/tests/detect-http-uri/UriTestSig17/README.md b/tests/detect-http-uri/UriTestSig17/README.md new file mode 100644 index 000000000..78ee7c665 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig17/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig17 diff --git a/tests/detect-http-uri/UriTestSig17/test.fpc.pcap b/tests/detect-http-uri/UriTestSig17/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..63b25f889cf65709ac1a7d03e41598c8b4bb579b GIT binary patch literal 355 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#vilKUoiP0P29~`2fpO;@AUy_ko91lTBndx9$TvC*ommUw4RqzN23D7sxGvMV4 ZElw@cbxcpqE3s1W&9BPL$w`Dr0088LKWhL0 literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig17/test.rules b/tests/detect-http-uri/UriTestSig17/test.rules new file mode 100644 index 000000000..6b55be1fe --- /dev/null +++ b/tests/detect-http-uri/UriTestSig17/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"this"; uricontent:"is"; within:6; uricontent:"big"; within:8; uricontent:"string"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig17/test.yaml b/tests/detect-http-uri/UriTestSig17/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig17/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig18/README.md b/tests/detect-http-uri/UriTestSig18/README.md new file mode 100644 index 000000000..2c605160a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig18/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig18 diff --git a/tests/detect-http-uri/UriTestSig18/test.fpc.pcap b/tests/detect-http-uri/UriTestSig18/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..55ec1bbf9b9a40cda22d67099dfdcaa4058a7353 GIT binary patch literal 362 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#hilKU|h|wG19~`2fpO;@AUy_ko91llHndxv`TvC*ommUvPq~H+}5}>zJOJS7N2$n_rcglamOM007gtLQDVv literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig18/test.rules b/tests/detect-http-uri/UriTestSig18/test.rules new file mode 100644 index 000000000..a91abd9b9 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig18/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"this"; uricontent:"is"; within:9; uricontent:"big"; within:12; uricontent:"string"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig18/test.yaml b/tests/detect-http-uri/UriTestSig18/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig18/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig19/README.md b/tests/detect-http-uri/UriTestSig19/README.md new file mode 100644 index 000000000..123c8df30 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig19/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig19 diff --git a/tests/detect-http-uri/UriTestSig19/test.fpc.pcap b/tests/detect-http-uri/UriTestSig19/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..57cc6513bbf22a056de0fab22e1e72d4d58858cf GIT binary patch literal 360 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#ZilKTdh|wG19~`2fUy_ko91kY)^2_6a6cB+xQf7L5aY<2TUOGrZ!6PIjK;KZ$ cfR`(@IJHREF+DY}#7e<8zbZ2)ClMk607VEvd;kCd literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig19/test.rules b/tests/detect-http-uri/UriTestSig19/test.rules new file mode 100644 index 000000000..36dbfa20d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig19/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"now"; uricontent:"this"; uricontent:"is"; within:12; uricontent:"big"; within:8; uricontent:"string"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig19/test.yaml b/tests/detect-http-uri/UriTestSig19/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig19/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig20/README.md b/tests/detect-http-uri/UriTestSig20/README.md new file mode 100644 index 000000000..35ff5f177 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig20/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig20 diff --git a/tests/detect-http-uri/UriTestSig20/test.fpc.pcap b/tests/detect-http-uri/UriTestSig20/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..f2a88ebe3e3b0c2ff687fdc2c6d5952d7930f6de GIT binary patch literal 349 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#jilKUQiP0P29~`2f9}fd18KuP#BC|L?F+M3XUBM$HBtYL#&w!UJv^cd$*D*ac Ruf$5hH@_+~Cnpgi0RS?{Ja+&9 literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig20/test.rules b/tests/detect-http-uri/UriTestSig20/test.rules new file mode 100644 index 000000000..4f1ae7e49 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig20/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; uricontent:"thus"; offset:8; uricontent:"is"; within:6; uricontent:"big"; within:8; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig20/test.yaml b/tests/detect-http-uri/UriTestSig20/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig20/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig21/README.md b/tests/detect-http-uri/UriTestSig21/README.md new file mode 100644 index 000000000..341d34f19 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig21/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig21 diff --git a/tests/detect-http-uri/UriTestSig21/test.fpc.pcap b/tests/detect-http-uri/UriTestSig21/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e7ae33f767a329be75d8480d016b8b18e08ca9f1 GIT binary patch literal 362 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#hilKU|h|wG19~`2fU!EGDmztUqUy>i6mRS*Bl95>)pO}{tUzu8r5Xj3fSMUf4 h3D7sxGvMV4Elw@cbxcpqE3s1W&9BPL$w`Dr007jULR any any (msg:"test multiple relative uricontents"; uricontent:"fix"; uricontent:"this"; within:6; uricontent:!"and"; distance:0; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig21/test.yaml b/tests/detect-http-uri/UriTestSig21/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig21/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig22/README.md b/tests/detect-http-uri/UriTestSig22/README.md new file mode 100644 index 000000000..535ec34a7 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig22/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig22 diff --git a/tests/detect-http-uri/UriTestSig22/test.fpc.pcap b/tests/detect-http-uri/UriTestSig22/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..8e2b2033b0f77890ca3d03d2c35b34c910d43782 GIT binary patch literal 366 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#cilKVzh|wG19~`2fUy_ko91lc^@x`SDsYUTAU@|YiEHOSa4=M)c<>i+vc!Y!m f=o{)8@N$I~rxxitrl;nWSSk4CS7qkpBtj$r2bn}Y literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig22/test.rules b/tests/detect-http-uri/UriTestSig22/test.rules new file mode 100644 index 000000000..46ba18889 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig22/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; pcre:/super/U; uricontent:"nova"; within:7; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig22/test.yaml b/tests/detect-http-uri/UriTestSig22/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig22/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig23/README.md b/tests/detect-http-uri/UriTestSig23/README.md new file mode 100644 index 000000000..35cc37cb7 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig23/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig23 diff --git a/tests/detect-http-uri/UriTestSig23/test.fpc.pcap b/tests/detect-http-uri/UriTestSig23/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e7ae33f767a329be75d8480d016b8b18e08ca9f1 GIT binary patch literal 362 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#hilKU|h|wG19~`2fU!EGDmztUqUy>i6mRS*Bl95>)pO}{tUzu8r5Xj3fSMUf4 h3D7sxGvMV4Elw@cbxcpqE3s1W&9BPL$w`Dr007jULR any any (msg:"test multiple relative uricontents"; uricontent:!"fix_this_now"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig23/test.yaml b/tests/detect-http-uri/UriTestSig23/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig23/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig24/README.md b/tests/detect-http-uri/UriTestSig24/README.md new file mode 100644 index 000000000..2c824e51c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig24/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig24 diff --git a/tests/detect-http-uri/UriTestSig24/test.fpc.pcap b/tests/detect-http-uri/UriTestSig24/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e7ae33f767a329be75d8480d016b8b18e08ca9f1 GIT binary patch literal 362 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#hilKU|h|wG19~`2fU!EGDmztUqUy>i6mRS*Bl95>)pO}{tUzu8r5Xj3fSMUf4 h3D7sxGvMV4Elw@cbxcpqE3s1W&9BPL$w`Dr007jULR any any (msg:"test multiple relative uricontents"; uricontent:"we_need_to"; uricontent:!"fix_this_now"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig24/test.yaml b/tests/detect-http-uri/UriTestSig24/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig24/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig25/README.md b/tests/detect-http-uri/UriTestSig25/README.md new file mode 100644 index 000000000..baadcdc7e --- /dev/null +++ b/tests/detect-http-uri/UriTestSig25/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig25 diff --git a/tests/detect-http-uri/UriTestSig25/test.fpc.pcap b/tests/detect-http-uri/UriTestSig25/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..738e7fa896bea4dffc09587a943905ce0e1a73ef GIT binary patch literal 338 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H~ilKUwh|wG19~`2fpO;^ho0yYXm71bzWKdd^so)V35}>zJOJ RS7N2$n_rcglamOM003rhH<$nb literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig25/test.rules b/tests/detect-http-uri/UriTestSig25/test.rules new file mode 100644 index 000000000..acdaca412 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig25/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; pcre:/normalized/U; uricontent:"normalized uri"; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig25/test.yaml b/tests/detect-http-uri/UriTestSig25/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig25/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig26/README.md b/tests/detect-http-uri/UriTestSig26/README.md new file mode 100644 index 000000000..fce57a2d1 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig26/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig26 diff --git a/tests/detect-http-uri/UriTestSig26/test.fpc.pcap b/tests/detect-http-uri/UriTestSig26/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e7ae33f767a329be75d8480d016b8b18e08ca9f1 GIT binary patch literal 362 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#hilKU|h|wG19~`2fU!EGDmztUqUy>i6mRS*Bl95>)pO}{tUzu8r5Xj3fSMUf4 h3D7sxGvMV4Elw@cbxcpqE3s1W&9BPL$w`Dr007jULR any any (msg:"test multiple relative uricontents"; uricontent:"fix_this"; isdataat:4,relative; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig26/test.yaml b/tests/detect-http-uri/UriTestSig26/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig26/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig27/README.md b/tests/detect-http-uri/UriTestSig27/README.md new file mode 100644 index 000000000..a7c19b9eb --- /dev/null +++ b/tests/detect-http-uri/UriTestSig27/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig27 diff --git a/tests/detect-http-uri/UriTestSig27/test.fpc.pcap b/tests/detect-http-uri/UriTestSig27/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e7ae33f767a329be75d8480d016b8b18e08ca9f1 GIT binary patch literal 362 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#hilKU|h|wG19~`2fU!EGDmztUqUy>i6mRS*Bl95>)pO}{tUzu8r5Xj3fSMUf4 h3D7sxGvMV4Elw@cbxcpqE3s1W&9BPL$w`Dr007jULR any any (uricontent:"fix_this"; isdataat:!10,relative; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig27/test.yaml b/tests/detect-http-uri/UriTestSig27/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig27/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig28/README.md b/tests/detect-http-uri/UriTestSig28/README.md new file mode 100644 index 000000000..e6f6b2a38 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig28/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig28 diff --git a/tests/detect-http-uri/UriTestSig28/test.fpc.pcap b/tests/detect-http-uri/UriTestSig28/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b51067c0ca44fe7e2d232364f2daf2702fa058b5 GIT binary patch literal 350 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#bilKV*h|wG19~`2fUy_ko9G_&GnI2zUQk0pO9-o(A9-o;PpHWg$px_Y_5}>zJOJS7N2$n_rcglamOM004vDJuCnK literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig28/test.rules b/tests/detect-http-uri/UriTestSig28/test.rules new file mode 100644 index 000000000..a48470d8d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig28/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"ring"; distance:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig28/test.yaml b/tests/detect-http-uri/UriTestSig28/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig28/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig29/README.md b/tests/detect-http-uri/UriTestSig29/README.md new file mode 100644 index 000000000..7c02bff62 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig29/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig29 diff --git a/tests/detect-http-uri/UriTestSig29/test.fpc.pcap b/tests/detect-http-uri/UriTestSig29/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b51067c0ca44fe7e2d232364f2daf2702fa058b5 GIT binary patch literal 350 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#bilKV*h|wG19~`2fUy_ko9G_&GnI2zUQk0pO9-o(A9-o;PpHWg$px_Y_5}>zJOJS7N2$n_rcglamOM004vDJuCnK literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig29/test.rules b/tests/detect-http-uri/UriTestSig29/test.rules new file mode 100644 index 000000000..a48470d8d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig29/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"ring"; distance:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig29/test.yaml b/tests/detect-http-uri/UriTestSig29/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig29/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig30/README.md b/tests/detect-http-uri/UriTestSig30/README.md new file mode 100644 index 000000000..5e71880be --- /dev/null +++ b/tests/detect-http-uri/UriTestSig30/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig30 diff --git a/tests/detect-http-uri/UriTestSig30/test.fpc.pcap b/tests/detect-http-uri/UriTestSig30/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b51067c0ca44fe7e2d232364f2daf2702fa058b5 GIT binary patch literal 350 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#bilKV*h|wG19~`2fUy_ko9G_&GnI2zUQk0pO9-o(A9-o;PpHWg$px_Y_5}>zJOJS7N2$n_rcglamOM004vDJuCnK literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig30/test.rules b/tests/detect-http-uri/UriTestSig30/test.rules new file mode 100644 index 000000000..dfcca6196 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig30/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"_b5ig"; offset:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig30/test.yaml b/tests/detect-http-uri/UriTestSig30/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig30/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig31/README.md b/tests/detect-http-uri/UriTestSig31/README.md new file mode 100644 index 000000000..851b7577d --- /dev/null +++ b/tests/detect-http-uri/UriTestSig31/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig31 diff --git a/tests/detect-http-uri/UriTestSig31/test.fpc.pcap b/tests/detect-http-uri/UriTestSig31/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b51067c0ca44fe7e2d232364f2daf2702fa058b5 GIT binary patch literal 350 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#bilKV*h|wG19~`2fUy_ko9G_&GnI2zUQk0pO9-o(A9-o;PpHWg$px_Y_5}>zJOJS7N2$n_rcglamOM004vDJuCnK literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig31/test.rules b/tests/detect-http-uri/UriTestSig31/test.rules new file mode 100644 index 000000000..52450f968 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig31/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"his"; depth:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig31/test.yaml b/tests/detect-http-uri/UriTestSig31/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig31/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig32/README.md b/tests/detect-http-uri/UriTestSig32/README.md new file mode 100644 index 000000000..72780b0af --- /dev/null +++ b/tests/detect-http-uri/UriTestSig32/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig32 diff --git a/tests/detect-http-uri/UriTestSig32/test.fpc.pcap b/tests/detect-http-uri/UriTestSig32/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..b51067c0ca44fe7e2d232364f2daf2702fa058b5 GIT binary patch literal 350 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s{#bilKV*h|wG19~`2fUy_ko9G_&GnI2zUQk0pO9-o(A9-o;PpHWg$px_Y_5}>zJOJS7N2$n_rcglamOM004vDJuCnK literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig32/test.rules b/tests/detect-http-uri/UriTestSig32/test.rules new file mode 100644 index 000000000..69a19b420 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig32/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"dummy"; uricontent:"this"; byte_extract:1,2,one,string,dec,relative; uricontent:"g_st"; within:one; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig32/test.yaml b/tests/detect-http-uri/UriTestSig32/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig32/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig33/README.md b/tests/detect-http-uri/UriTestSig33/README.md new file mode 100644 index 000000000..6a20894b6 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig33/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig33 diff --git a/tests/detect-http-uri/UriTestSig33/test.fpc.pcap b/tests/detect-http-uri/UriTestSig33/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..738e7fa896bea4dffc09587a943905ce0e1a73ef GIT binary patch literal 338 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H~ilKUwh|wG19~`2fpO;^ho0yYXm71bzWKdd^so)V35}>zJOJ RS7N2$n_rcglamOM003rhH<$nb literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig33/test.rules b/tests/detect-http-uri/UriTestSig33/test.rules new file mode 100644 index 000000000..a24d52a0b --- /dev/null +++ b/tests/detect-http-uri/UriTestSig33/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:15; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig33/test.yaml b/tests/detect-http-uri/UriTestSig33/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig33/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig34/README.md b/tests/detect-http-uri/UriTestSig34/README.md new file mode 100644 index 000000000..5bf51bcc6 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig34/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig34 diff --git a/tests/detect-http-uri/UriTestSig34/test.fpc.pcap b/tests/detect-http-uri/UriTestSig34/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..738e7fa896bea4dffc09587a943905ce0e1a73ef GIT binary patch literal 338 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H~ilKUwh|wG19~`2fpO;^ho0yYXm71bzWKdd^so)V35}>zJOJ RS7N2$n_rcglamOM003rhH<$nb literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig34/test.rules b/tests/detect-http-uri/UriTestSig34/test.rules new file mode 100644 index 000000000..a86c63ba3 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig34/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:15, norm; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig34/test.yaml b/tests/detect-http-uri/UriTestSig34/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig34/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig35/README.md b/tests/detect-http-uri/UriTestSig35/README.md new file mode 100644 index 000000000..9e1d5a409 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig35/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig35 diff --git a/tests/detect-http-uri/UriTestSig35/test.fpc.pcap b/tests/detect-http-uri/UriTestSig35/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..738e7fa896bea4dffc09587a943905ce0e1a73ef GIT binary patch literal 338 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H~ilKUwh|wG19~`2fpO;^ho0yYXm71bzWKdd^so)V35}>zJOJ RS7N2$n_rcglamOM003rhH<$nb literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig35/test.rules b/tests/detect-http-uri/UriTestSig35/test.rules new file mode 100644 index 000000000..44fc538f4 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig35/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:16; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig35/test.yaml b/tests/detect-http-uri/UriTestSig35/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig35/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig36/README.md b/tests/detect-http-uri/UriTestSig36/README.md new file mode 100644 index 000000000..675167442 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig36/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig36 diff --git a/tests/detect-http-uri/UriTestSig36/test.fpc.pcap b/tests/detect-http-uri/UriTestSig36/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..738e7fa896bea4dffc09587a943905ce0e1a73ef GIT binary patch literal 338 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H~ilKUwh|wG19~`2fpO;^ho0yYXm71bzWKdd^so)V35}>zJOJ RS7N2$n_rcglamOM003rhH<$nb literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig36/test.rules b/tests/detect-http-uri/UriTestSig36/test.rules new file mode 100644 index 000000000..b1760526c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig36/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:16, norm; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig36/test.yaml b/tests/detect-http-uri/UriTestSig36/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig36/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig37/README.md b/tests/detect-http-uri/UriTestSig37/README.md new file mode 100644 index 000000000..542e7a882 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig37/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig37 diff --git a/tests/detect-http-uri/UriTestSig37/test.fpc.pcap b/tests/detect-http-uri/UriTestSig37/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..738e7fa896bea4dffc09587a943905ce0e1a73ef GIT binary patch literal 338 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H~ilKUwh|wG19~`2fpO;^ho0yYXm71bzWKdd^so)V35}>zJOJ RS7N2$n_rcglamOM003rhH<$nb literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig37/test.rules b/tests/detect-http-uri/UriTestSig37/test.rules new file mode 100644 index 000000000..89cc02977 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig37/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:17, raw; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig37/test.yaml b/tests/detect-http-uri/UriTestSig37/test.yaml new file mode 100644 index 000000000..d42ca025c --- /dev/null +++ b/tests/detect-http-uri/UriTestSig37/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 1 + match: + event_type: alert + alert.signature_id: 1 diff --git a/tests/detect-http-uri/UriTestSig38/README.md b/tests/detect-http-uri/UriTestSig38/README.md new file mode 100644 index 000000000..4f825476a --- /dev/null +++ b/tests/detect-http-uri/UriTestSig38/README.md @@ -0,0 +1,3 @@ +# Description + +Translation of unit test UriTestSig38 diff --git a/tests/detect-http-uri/UriTestSig38/test.fpc.pcap b/tests/detect-http-uri/UriTestSig38/test.fpc.pcap new file mode 100644 index 0000000000000000000000000000000000000000..738e7fa896bea4dffc09587a943905ce0e1a73ef GIT binary patch literal 338 zc-p&ic+)~A1{MYw`2Qb5OMR6|0MRB;%ml=)3=9Sg3=RwqYzz$b3=E7Q%n%@CA^_D} zzy#6F#Pa_?BQrBQ$P7jz%n&kR2v7jZ0nK475W+MAq)!Kmp=M~{a0esM9L4|vh#4Tg z%s@H~ilKUwh|wG19~`2fpO;^ho0yYXm71bzWKdd^so)V35}>zJOJ RS7N2$n_rcglamOM003rhH<$nb literal 0 Hc-jL100001 diff --git a/tests/detect-http-uri/UriTestSig38/test.rules b/tests/detect-http-uri/UriTestSig38/test.rules new file mode 100644 index 000000000..9f1672af1 --- /dev/null +++ b/tests/detect-http-uri/UriTestSig38/test.rules @@ -0,0 +1 @@ +alert tcp any any -> any any (msg:"test multiple relative uricontents"; urilen:18, raw; sid:1;) diff --git a/tests/detect-http-uri/UriTestSig38/test.yaml b/tests/detect-http-uri/UriTestSig38/test.yaml new file mode 100644 index 000000000..1562fb5ec --- /dev/null +++ b/tests/detect-http-uri/UriTestSig38/test.yaml @@ -0,0 +1,12 @@ +requires: + min-version: 8.0.0 + +args: + - -k none --set stream.inline=true + +checks: + - filter: + count: 0 + match: + event_type: alert + alert.signature_id: 1 -- 2.47.2