reputation: test reputation category with 0x0c 0x0a line

Ticket: 8500

diff --git a/tests/bug-8500/README.md b/tests/bug-8500/README.md
new file mode 100644 (file)
index 0000000..507966e
--- /dev/null
+++ b/tests/bug-8500/README.md
@@ -0,0 +1,8 @@
+# Test
+
+Attempt to trigger buffer underrun in reputation
+file loading.
+
+## Ticket
+
+https://redmine.openinfosecfoundation.org/issues/8500

diff --git a/tests/bug-8500/cats.txt b/tests/bug-8500/cats.txt
new file mode 100644 (file)
index 0000000..5070a56
--- /dev/null
+++ b/tests/bug-8500/cats.txt
@@ -0,0 +1,2 @@
+\f
+

diff --git a/tests/bug-8500/iprep.list b/tests/bug-8500/iprep.list
new file mode 100644 (file)
index 0000000..8adaa76
--- /dev/null
+++ b/tests/bug-8500/iprep.list
@@ -0,0 +1,2 @@
+#8.8.8.8,10,100
+4.4.4.4,10,100

diff --git a/tests/bug-8500/suricata.yaml b/tests/bug-8500/suricata.yaml
new file mode 100644 (file)
index 0000000..f5161d2
--- /dev/null
+++ b/tests/bug-8500/suricata.yaml
@@ -0,0 +1,11 @@
+%YAML 1.1
+---
+
+reputation-categories-file: cats.txt
+
+reputation-files:
+  - iprep.list
+
+engine-analysis:
+  # enables printing reports for each rule
+  rules: yes

diff --git a/tests/bug-8500/test.rules b/tests/bug-8500/test.rules
new file mode 100644 (file)
index 0000000..bb04e65
--- /dev/null
+++ b/tests/bug-8500/test.rules
@@ -0,0 +1 @@
+alert tcp any any -> any any (msg:"SURICATA STREAM Packet with invalid timestamp"; stream-event:pkt_invalid_timestamp; classtype:protocol-command-decode; sid:2210044; rev:2;)

diff --git a/tests/bug-8500/test.yaml b/tests/bug-8500/test.yaml
new file mode 100644 (file)
index 0000000..ca4b70b
--- /dev/null
+++ b/tests/bug-8500/test.yaml
@@ -0,0 +1,6 @@
+requires:
+  pcap: false
+  min-version: 9
+
+args:
+- --engine-analysis