]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e779393)
tests: add issue 7657 tests
authorVictor Julien <victor@inliniac.net>
Fri, 5 Sep 2025 05:40:01 +0000 (07:40 +0200)
committerVictor Julien <victor@inliniac.net>
Sat, 18 Oct 2025 16:36:50 +0000 (18:36 +0200)
tests/bug-7657-01/input.pcap [new file with mode: 0644] patch | blob
tests/bug-7657-01/test.rules [new file with mode: 0644] patch | blob
tests/bug-7657-01/test.yaml [new file with mode: 0644] patch | blob
tests/bug-7657-02-ips/input.pcap [new file with mode: 0644] patch | blob
tests/bug-7657-02-ips/test.rules [new file with mode: 0644] patch | blob
tests/bug-7657-02-ips/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/bug-7657-01/input.pcap b/tests/bug-7657-01/input.pcap
new file mode 100644 (file)
index 0000000..4d6eb20
Binary files /dev/null and b/tests/bug-7657-01/input.pcap differ
diff --git a/tests/bug-7657-01/test.rules b/tests/bug-7657-01/test.rules
new file mode 100644 (file)
index 0000000..629620a
--- /dev/null
+++ b/tests/bug-7657-01/test.rules
@@ -0,0 +1,3 @@
+alert http any any -> any any (http.method; content:"POST"; sid:1;)
+# w/o threshold to track each event
+alert tcp any any -> any any (msg:"SURICATA STREAM 3way handshake excessive different SYNs"; stream-event:3whs_syn_flood; classtype:protocol-command-decode; sid:2210063; rev:2;)
diff --git a/tests/bug-7657-01/test.yaml b/tests/bug-7657-01/test.yaml
new file mode 100644 (file)
index 0000000..9a1890b
--- /dev/null
+++ b/tests/bug-7657-01/test.yaml
@@ -0,0 +1,23 @@
+args:
+  - -k none
+
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.http_method: POST
+      http.http_user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.2792.79
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+- filter:
+    count: 13
+    match:
+      event_type: alert
+      alert.signature_id: 2210063
diff --git a/tests/bug-7657-02-ips/input.pcap b/tests/bug-7657-02-ips/input.pcap
new file mode 100644 (file)
index 0000000..4d6eb20
Binary files /dev/null and b/tests/bug-7657-02-ips/input.pcap differ
diff --git a/tests/bug-7657-02-ips/test.rules b/tests/bug-7657-02-ips/test.rules
new file mode 100644 (file)
index 0000000..629620a
--- /dev/null
+++ b/tests/bug-7657-02-ips/test.rules
@@ -0,0 +1,3 @@
+alert http any any -> any any (http.method; content:"POST"; sid:1;)
+# w/o threshold to track each event
+alert tcp any any -> any any (msg:"SURICATA STREAM 3way handshake excessive different SYNs"; stream-event:3whs_syn_flood; classtype:protocol-command-decode; sid:2210063; rev:2;)
diff --git a/tests/bug-7657-02-ips/test.yaml b/tests/bug-7657-02-ips/test.yaml
new file mode 100644 (file)
index 0000000..9a1890b
--- /dev/null
+++ b/tests/bug-7657-02-ips/test.yaml
@@ -0,0 +1,23 @@
+args:
+  - -k none
+
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.http_method: POST
+      http.http_user_agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36 Edg/129.0.2792.79
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+- filter:
+    count: 13
+    match:
+      event_type: alert
+      alert.signature_id: 2210063
Mirror of https://github.com/OISF/suricata-verify.git