From 00260221d140c9bf5aec889b1a13d4c5ac8f070f Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Mon, 26 Sep 2022 10:37:48 +0200 Subject: [PATCH] tests: flowbit bad rules handling for 6.0.7 --- tests/flowbit-bad-rules-6-01/empty.pcap | Bin 0 -> 24 bytes tests/flowbit-bad-rules-6-01/test.rules | 1 + tests/flowbit-bad-rules-6-01/test.yaml | 7 +++++++ tests/flowbit-bad-rules-6-02/empty.pcap | Bin 0 -> 24 bytes tests/flowbit-bad-rules-6-02/test.rules | 1 + tests/flowbit-bad-rules-6-02/test.yaml | 8 ++++++++ tests/flowbit-bad-rules-6-03/empty.pcap | Bin 0 -> 24 bytes tests/flowbit-bad-rules-6-03/test.rules | 1 + tests/flowbit-bad-rules-6-03/test.yaml | 8 ++++++++ 9 files changed, 26 insertions(+) create mode 100644 tests/flowbit-bad-rules-6-01/empty.pcap create mode 100644 tests/flowbit-bad-rules-6-01/test.rules create mode 100644 tests/flowbit-bad-rules-6-01/test.yaml create mode 100644 tests/flowbit-bad-rules-6-02/empty.pcap create mode 100644 tests/flowbit-bad-rules-6-02/test.rules create mode 100644 tests/flowbit-bad-rules-6-02/test.yaml create mode 100644 tests/flowbit-bad-rules-6-03/empty.pcap create mode 100644 tests/flowbit-bad-rules-6-03/test.rules create mode 100644 tests/flowbit-bad-rules-6-03/test.yaml diff --git a/tests/flowbit-bad-rules-6-01/empty.pcap b/tests/flowbit-bad-rules-6-01/empty.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4f9600e90a64e3ed9c747268f5dcbdc29ad1a596 GIT binary patch literal 24 Vc-p&ic+)~A1{MYcU}0bck^n-A0`>p^ literal 0 Hc-jL100001 diff --git a/tests/flowbit-bad-rules-6-01/test.rules b/tests/flowbit-bad-rules-6-01/test.rules new file mode 100644 index 000000000..7100ba2cf --- /dev/null +++ b/tests/flowbit-bad-rules-6-01/test.rules @@ -0,0 +1 @@ +alert ip any any -> any any (msg:"BAD rule"; flowbits:isset,abc,noalert; sid:1;) diff --git a/tests/flowbit-bad-rules-6-01/test.yaml b/tests/flowbit-bad-rules-6-01/test.yaml new file mode 100644 index 000000000..512cd24ac --- /dev/null +++ b/tests/flowbit-bad-rules-6-01/test.yaml @@ -0,0 +1,7 @@ +requires: + lt-version: 7 + +args: + - --init-errors-fatal + +exit-code: 0 diff --git a/tests/flowbit-bad-rules-6-02/empty.pcap b/tests/flowbit-bad-rules-6-02/empty.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4f9600e90a64e3ed9c747268f5dcbdc29ad1a596 GIT binary patch literal 24 Vc-p&ic+)~A1{MYcU}0bck^n-A0`>p^ literal 0 Hc-jL100001 diff --git a/tests/flowbit-bad-rules-6-02/test.rules b/tests/flowbit-bad-rules-6-02/test.rules new file mode 100644 index 000000000..7100ba2cf --- /dev/null +++ b/tests/flowbit-bad-rules-6-02/test.rules @@ -0,0 +1 @@ +alert ip any any -> any any (msg:"BAD rule"; flowbits:isset,abc,noalert; sid:1;) diff --git a/tests/flowbit-bad-rules-6-02/test.yaml b/tests/flowbit-bad-rules-6-02/test.yaml new file mode 100644 index 000000000..767e19315 --- /dev/null +++ b/tests/flowbit-bad-rules-6-02/test.yaml @@ -0,0 +1,8 @@ +requires: + lt-version: 7 + +args: + - --init-errors-fatal + - --strict-rule-keywords=flowbits + +exit-code: 1 diff --git a/tests/flowbit-bad-rules-6-03/empty.pcap b/tests/flowbit-bad-rules-6-03/empty.pcap new file mode 100644 index 0000000000000000000000000000000000000000..4f9600e90a64e3ed9c747268f5dcbdc29ad1a596 GIT binary patch literal 24 Vc-p&ic+)~A1{MYcU}0bck^n-A0`>p^ literal 0 Hc-jL100001 diff --git a/tests/flowbit-bad-rules-6-03/test.rules b/tests/flowbit-bad-rules-6-03/test.rules new file mode 100644 index 000000000..7100ba2cf --- /dev/null +++ b/tests/flowbit-bad-rules-6-03/test.rules @@ -0,0 +1 @@ +alert ip any any -> any any (msg:"BAD rule"; flowbits:isset,abc,noalert; sid:1;) diff --git a/tests/flowbit-bad-rules-6-03/test.yaml b/tests/flowbit-bad-rules-6-03/test.yaml new file mode 100644 index 000000000..9805a7b8a --- /dev/null +++ b/tests/flowbit-bad-rules-6-03/test.yaml @@ -0,0 +1,8 @@ +requires: + lt-version: 7 + +args: + - --init-errors-fatal + - --strict-rule-keywords=all + +exit-code: 1 -- 2.47.2