dcerpc: move dcepayload unit tests to SV

Ticket: 8391

diff --git a/tests/dcerpc/dcerpc-dcepayload-15/input.pcap b/tests/dcerpc/dcerpc-dcepayload-15/input.pcap
new file mode 100644 (file)
index 0000000..93cc986
Binary files /dev/null and b/tests/dcerpc/dcerpc-dcepayload-15/input.pcap differ

diff --git a/tests/dcerpc/dcerpc-dcepayload-15/test.rules b/tests/dcerpc/dcerpc-dcepayload-15/test.rules
new file mode 100644 (file)
index 0000000..6ca6019
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-15/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"DcePayloadTest15 sig1"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_test:2,=,14080,0,relative,dce; sid:1;)
+alert tcp any any -> any any (msg:"DcePayloadTest15 sig2"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_test:2,=,46,5,relative,dce; sid:2;)

diff --git a/tests/dcerpc/dcerpc-dcepayload-15/test.yaml b/tests/dcerpc/dcerpc-dcepayload-15/test.yaml
new file mode 100644 (file)
index 0000000..1b2592a
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-15/test.yaml
@@ -0,0 +1,16 @@
+args:
+- -k none --set stream.inline=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      pcap_cnt: 4
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+      pcap_cnt: 4

diff --git a/tests/dcerpc/dcerpc-dcepayload-16/input.pcap b/tests/dcerpc/dcerpc-dcepayload-16/input.pcap
new file mode 100644 (file)
index 0000000..2818006
Binary files /dev/null and b/tests/dcerpc/dcerpc-dcepayload-16/input.pcap differ

diff --git a/tests/dcerpc/dcerpc-dcepayload-16/test.rules b/tests/dcerpc/dcerpc-dcepayload-16/test.rules
new file mode 100644 (file)
index 0000000..ec7f4e1
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-16/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"DcePayloadTest16 sig1"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_test:2,=,55,0,relative; sid:1;)
+alert tcp any any -> any any (msg:"DcePayloadTest16 sig2"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_test:2,=,11776,5,relative; sid:2;)

diff --git a/tests/dcerpc/dcerpc-dcepayload-16/test.yaml b/tests/dcerpc/dcerpc-dcepayload-16/test.yaml
new file mode 100644 (file)
index 0000000..1b2592a
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-16/test.yaml
@@ -0,0 +1,16 @@
+args:
+- -k none --set stream.inline=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      pcap_cnt: 4
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+      pcap_cnt: 4

diff --git a/tests/dcerpc/dcerpc-dcepayload-17/input.pcap b/tests/dcerpc/dcerpc-dcepayload-17/input.pcap
new file mode 100644 (file)
index 0000000..bb89de9
Binary files /dev/null and b/tests/dcerpc/dcerpc-dcepayload-17/input.pcap differ

diff --git a/tests/dcerpc/dcerpc-dcepayload-17/test.rules b/tests/dcerpc/dcerpc-dcepayload-17/test.rules
new file mode 100644 (file)
index 0000000..cb55526
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-17/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"DcePayloadTest17 sig1"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_test:2,=,55,0,relative,big; sid:1;)
+alert tcp any any -> any any (msg:"DcePayloadTest17 sig2"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_test:2,=,46,5,relative,little; sid:2;)

diff --git a/tests/dcerpc/dcerpc-dcepayload-17/test.yaml b/tests/dcerpc/dcerpc-dcepayload-17/test.yaml
new file mode 100644 (file)
index 0000000..1b2592a
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-17/test.yaml
@@ -0,0 +1,16 @@
+args:
+- -k none --set stream.inline=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      pcap_cnt: 4
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+      pcap_cnt: 4

diff --git a/tests/dcerpc/dcerpc-dcepayload-18/input.pcap b/tests/dcerpc/dcerpc-dcepayload-18/input.pcap
new file mode 100644 (file)
index 0000000..38f1493
Binary files /dev/null and b/tests/dcerpc/dcerpc-dcepayload-18/input.pcap differ

diff --git a/tests/dcerpc/dcerpc-dcepayload-18/test.rules b/tests/dcerpc/dcerpc-dcepayload-18/test.rules
new file mode 100644 (file)
index 0000000..98ba33c
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-18/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"DcePayloadTest18 sig1"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_jump:2,0,relative,dce; byte_test:2,=,46,0,relative,dce; sid:1;)
+alert tcp any any -> any any (msg:"DcePayloadTest18 sig2"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_jump:2,2,relative,dce; byte_test:2,=,14080,0,relative; sid:2;)

diff --git a/tests/dcerpc/dcerpc-dcepayload-18/test.yaml b/tests/dcerpc/dcerpc-dcepayload-18/test.yaml
new file mode 100644 (file)
index 0000000..1b2592a
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-18/test.yaml
@@ -0,0 +1,16 @@
+args:
+- -k none --set stream.inline=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      pcap_cnt: 4
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+      pcap_cnt: 4

diff --git a/tests/dcerpc/dcerpc-dcepayload-19/input.pcap b/tests/dcerpc/dcerpc-dcepayload-19/input.pcap
new file mode 100644 (file)
index 0000000..031a733
Binary files /dev/null and b/tests/dcerpc/dcerpc-dcepayload-19/input.pcap differ

diff --git a/tests/dcerpc/dcerpc-dcepayload-19/test.rules b/tests/dcerpc/dcerpc-dcepayload-19/test.rules
new file mode 100644 (file)
index 0000000..c1aba2a
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-19/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"DcePayloadTest19 sig1"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_jump:2,0,relative; byte_test:2,=,46,0,relative,dce; sid:1;)
+alert tcp any any -> any any (msg:"DcePayloadTest19 sig2"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_jump:2,2,relative; byte_test:2,=,14080,0,relative; sid:2;)

diff --git a/tests/dcerpc/dcerpc-dcepayload-19/test.yaml b/tests/dcerpc/dcerpc-dcepayload-19/test.yaml
new file mode 100644 (file)
index 0000000..1b2592a
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-19/test.yaml
@@ -0,0 +1,16 @@
+args:
+- -k none --set stream.inline=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      pcap_cnt: 4
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+      pcap_cnt: 4

diff --git a/tests/dcerpc/dcerpc-dcepayload-20/input.pcap b/tests/dcerpc/dcerpc-dcepayload-20/input.pcap
new file mode 100644 (file)
index 0000000..b8c8d7f
Binary files /dev/null and b/tests/dcerpc/dcerpc-dcepayload-20/input.pcap differ

diff --git a/tests/dcerpc/dcerpc-dcepayload-20/test.rules b/tests/dcerpc/dcerpc-dcepayload-20/test.rules
new file mode 100644 (file)
index 0000000..e918b88
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-20/test.rules
@@ -0,0 +1,2 @@
+alert tcp any any -> any any (msg:"DcePayloadTest20 sig1"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_jump:2,0,relative,big; byte_test:2,=,46,0,relative,dce; sid:1;)
+alert tcp any any -> any any (msg:"DcePayloadTest20 sig2"; dce_stub_data; content:"|5c 00 5c 00 31|"; distance:0; byte_jump:2,2,little,relative; byte_test:2,=,14080,0,relative; sid:2;)

diff --git a/tests/dcerpc/dcerpc-dcepayload-20/test.yaml b/tests/dcerpc/dcerpc-dcepayload-20/test.yaml
new file mode 100644 (file)
index 0000000..1b2592a
--- /dev/null
+++ b/tests/dcerpc/dcerpc-dcepayload-20/test.yaml
@@ -0,0 +1,16 @@
+args:
+- -k none --set stream.inline=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      pcap_cnt: 4
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+      pcap_cnt: 4