test/entropy: Test with raw content

Test entropy w/out a sticky buffer.

Without the suricata fixes, the test will SEGV and thus fail.

With the suricata fixes, the calculated entropy value will be
matched with the value in the test specification.

diff --git a/tests/entropy/entropy-03/input.pcap b/tests/entropy/entropy-03/input.pcap
new file mode 100644 (file)
index 0000000..e0f1fbe
Binary files /dev/null and b/tests/entropy/entropy-03/input.pcap differ

diff --git a/tests/entropy/entropy-03/test.rules b/tests/entropy/entropy-03/test.rules
new file mode 100644 (file)
index 0000000..9193dec
--- /dev/null
+++ b/tests/entropy/entropy-03/test.rules
@@ -0,0 +1 @@
+alert tcp-pkt any any -> any any (msg:"Entropy segfault test"; entropy: value >= 6; sid:1;)

diff --git a/tests/entropy/entropy-03/test.yaml b/tests/entropy/entropy-03/test.yaml
new file mode 100644 (file)
index 0000000..6d86905
--- /dev/null
+++ b/tests/entropy/entropy-03/test.yaml
@@ -0,0 +1,11 @@
+requires:
+    min-version: 8.0.1
+
+pcap: ../entropy-01/input.pcap
+
+checks:
+    - filter:
+        count: 1
+        match:
+          event_type: http
+          metadata.entropy.content: 4.137370175000773