transform/base64: adds test against UBSan

Ticket: 7296
OISF · Oct 3, 2024 · 8af4214 · 8af4214
1 parent 3be0daf
commit 8af4214
Show file tree

Hide file tree

Showing 5 changed files with 125 additions and 0 deletions.
diff --git a/tests/transform-base64-7296/README.md b/tests/transform-base64-7296/README.md
@@ -0,0 +1,8 @@
+# Description
+
+Test base64 transform does not trigger UBSAN.
+https://redmine.openinfosecfoundation.org/issues/7296
+
+# PCAP
+
+The pcap comes from oss-fuzz reproducer
diff --git a/tests/transform-base64-7296/input.pcap b/tests/transform-base64-7296/input.pcap
diff --git a/tests/transform-base64-7296/suricata.yaml b/tests/transform-base64-7296/suricata.yaml
@@ -0,0 +1,105 @@
+%YAML 1.1
+---
+pcap-file:
+
+  checksum-checks: no
+
+stream:
+
+  checksum-validation: no
+  midstream: true
+outputs:
+  - fast:
+      enabled: yes
+      filename: /dev/null
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      #filename: /dev/null
+      xff:
+        enabled: yes
+        mode: extra-data
+        deployment: reverse
+        header: X-Forwarded-For
+      types:
+        - alert:
+            payload: yes
+            payload-printable: yes
+            packet: yes
+            metadata: yes
+            http-body: yes
+            http-body-printable: yes
+            tagged-packets: yes
+        - anomaly:
+            enabled: yes
+            types:
+              decode: yes
+              stream: yes
+              applayer: yes
+            packethdr: yes
+        - http:
+            extended: yes
+            dump-all-headers: both
+        - dns
+        - tls:
+            extended: yes
+            session-resumption: yes
+        - files
+        - smtp:
+            extended: yes
+        - dnp3
+        - ftp
+        - rdp
+        - nfs
+        - smb
+        - tftp
+        - ike
+        - krb5
+        - snmp
+        - rfb
+        - sip
+        - dhcp:
+            enabled: yes
+            extended: yes
+        - ssh
+        - flow
+        - netflow
+        - metadata
+  - http-log:
+      enabled: yes
+      filename: /dev/null
+      extended: yes
+  - tls-log:
+      enabled: yes
+      filename: /dev/null
+      extended: yes
+  - file-store:
+      version: 2
+      enabled: yes
+      force-filestore: yes
+app-layer:
+  protocols:
+    rdp:
+      enabled: yes
+    modbus:
+      enabled: yes
+      detection-ports:
+        dp: 502
+    dnp3:
+      enabled: yes
+      detection-ports:
+        dp: 20000
+    enip:
+      enabled: yes
+      detection-ports:
+        dp: 44818
+        sp: 44818
+    sip:
+      enabled: yes
+    ssh:
+      enabled: yes
+      hassh: yes
+    mqtt:
+      enabled: yes
+    http2:
+      enabled: yes
diff --git a/tests/transform-base64-7296/test.rules b/tests/transform-base64-7296/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"from_base64: offset #1 [mode rfc4648]"; http.uri; content:"/?arg=dGhpc2lzYXRlc3QK"; from_base64: offset 6 ; content:"thisisatest"; fast_pattern; sid:1; rev:1;)
diff --git a/tests/transform-base64-7296/test.yaml b/tests/transform-base64-7296/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  min-version: 8
+
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 0
+      match:
+        event_type: alert
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		alert http any any -> any any (msg:"from_base64: offset #1 [mode rfc4648]"; http.uri; content:"/?arg=dGhpc2lzYXRlc3QK"; from_base64: offset 6 ; content:"thisisatest"; fast_pattern; sid:1; rev:1;)