Skip to content

Commit

Permalink
test: check flowint isnotset support
Browse files Browse the repository at this point in the history
Related to
Task #7426
  • Loading branch information
jufajardini authored and victorjulien committed Dec 5, 2024
1 parent a8f3e14 commit 6b17551
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 0 deletions.
15 changes: 15 additions & 0 deletions tests/flowint-isnotset/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
Test
----

Simple test to check that the keyword ``flowint`` accepts both ``notset``
and ``isnotset``.

Pcap
----

From test tls-subjectaltname

Redmine Ticket
--------------

https://redmine.openinfosecfoundation.org/issues/7426
2 changes: 2 additions & 0 deletions tests/flowint-isnotset/test.rules
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
alert tls any any -> any any (msg:"test flowint isnotset"; flowint:flowtls1,isnotset; flowint:flowtls1,+,1; noalert; sid:1;)
alert tls any any -> any any (msg:"test flowint notset"; flowint:flowtls2,notset; flowint:flowtls2,+,1; sid:2;)
19 changes: 19 additions & 0 deletions tests/flowint-isnotset/test.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
requires:
min-version: 8

pcap: ../tls/tls-subjectaltname/input.pcap

args:
- -k none

checks:
- filter:
count: 0
match:
alert.signature_id: 1
event_type: alert
- filter:
count: 40
match:
alert.signature_id: 2
event_type: alert

0 comments on commit 6b17551

Please sign in to comment.