From 2ea995926cae720588fa55eb167ecc463f56afd4 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Thu, 15 Aug 2024 10:58:34 -0400 Subject: [PATCH] tests: Updates for 6555 This commit provides updates needed for issue 6555. Previously, the gap handling was restricted to master; 6555 adds those changes to main-7.0.x Most of the changes are to extend the version; the eve-payload-07-http-gap tests adds version-based checks as a new output value payload_length is not available in main-7.0.x --- tests/eve-overlap-payload-01/test.yaml | 2 +- .../test.yaml | 2 +- tests/eve-overlap-payload-03-ips/test.yaml | 2 +- .../test.yaml | 2 +- tests/eve-overlap-payload-05-gap/test.yaml | 2 +- .../test.yaml | 2 +- .../test.yaml | 2 +- .../test.yaml | 2 +- .../eve-payload-04-partial-overlap/test.yaml | 2 +- tests/eve-payload-05-tcp-data-gap/test.yaml | 2 +- .../test.yaml | 2 +- tests/eve-payload-07-http-gap/test.yaml | 35 ++++++++++++++++++- .../test.yaml | 2 +- .../smb2-frames-gap-payload-logging/test.yaml | 2 +- 14 files changed, 47 insertions(+), 14 deletions(-) diff --git a/tests/eve-overlap-payload-01/test.yaml b/tests/eve-overlap-payload-01/test.yaml index 4dfe9c6a1..6e3b373a7 100644 --- a/tests/eve-overlap-payload-01/test.yaml +++ b/tests/eve-overlap-payload-01/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - -k none diff --git a/tests/eve-overlap-payload-02-policy-oldlinux/test.yaml b/tests/eve-overlap-payload-02-policy-oldlinux/test.yaml index d641ebbad..7baaedd76 100644 --- a/tests/eve-overlap-payload-02-policy-oldlinux/test.yaml +++ b/tests/eve-overlap-payload-02-policy-oldlinux/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - -k none diff --git a/tests/eve-overlap-payload-03-ips/test.yaml b/tests/eve-overlap-payload-03-ips/test.yaml index 0da9f7dbb..d0e0d3495 100644 --- a/tests/eve-overlap-payload-03-ips/test.yaml +++ b/tests/eve-overlap-payload-03-ips/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - -k none diff --git a/tests/eve-overlap-payload-04-partial-overlap/test.yaml b/tests/eve-overlap-payload-04-partial-overlap/test.yaml index 2a8ef3cf0..f8a174dfc 100644 --- a/tests/eve-overlap-payload-04-partial-overlap/test.yaml +++ b/tests/eve-overlap-payload-04-partial-overlap/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: diff --git a/tests/eve-overlap-payload-05-gap/test.yaml b/tests/eve-overlap-payload-05-gap/test.yaml index 20c901199..a873a7889 100644 --- a/tests/eve-overlap-payload-05-gap/test.yaml +++ b/tests/eve-overlap-payload-05-gap/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: diff --git a/tests/eve-payload-01-tcp-exact-overlap/test.yaml b/tests/eve-payload-01-tcp-exact-overlap/test.yaml index 4dfe9c6a1..6e3b373a7 100644 --- a/tests/eve-payload-01-tcp-exact-overlap/test.yaml +++ b/tests/eve-payload-01-tcp-exact-overlap/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - -k none diff --git a/tests/eve-payload-02-tcp-exact-overlap-policy-oldlinux/test.yaml b/tests/eve-payload-02-tcp-exact-overlap-policy-oldlinux/test.yaml index d641ebbad..7baaedd76 100644 --- a/tests/eve-payload-02-tcp-exact-overlap-policy-oldlinux/test.yaml +++ b/tests/eve-payload-02-tcp-exact-overlap-policy-oldlinux/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - -k none diff --git a/tests/eve-payload-03-tcp-exact-overlap-ips/test.yaml b/tests/eve-payload-03-tcp-exact-overlap-ips/test.yaml index 0da9f7dbb..d0e0d3495 100644 --- a/tests/eve-payload-03-tcp-exact-overlap-ips/test.yaml +++ b/tests/eve-payload-03-tcp-exact-overlap-ips/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - -k none diff --git a/tests/eve-payload-04-partial-overlap/test.yaml b/tests/eve-payload-04-partial-overlap/test.yaml index 2a8ef3cf0..f8a174dfc 100644 --- a/tests/eve-payload-04-partial-overlap/test.yaml +++ b/tests/eve-payload-04-partial-overlap/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: diff --git a/tests/eve-payload-05-tcp-data-gap/test.yaml b/tests/eve-payload-05-tcp-data-gap/test.yaml index 20c901199..a873a7889 100644 --- a/tests/eve-payload-05-tcp-data-gap/test.yaml +++ b/tests/eve-payload-05-tcp-data-gap/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: diff --git a/tests/eve-payload-06-tcp-data-leading-gap/test.yaml b/tests/eve-payload-06-tcp-data-leading-gap/test.yaml index 557aa1b05..126a66dfa 100644 --- a/tests/eve-payload-06-tcp-data-leading-gap/test.yaml +++ b/tests/eve-payload-06-tcp-data-leading-gap/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: diff --git a/tests/eve-payload-07-http-gap/test.yaml b/tests/eve-payload-07-http-gap/test.yaml index b469a94fc..e6fbb9077 100644 --- a/tests/eve-payload-07-http-gap/test.yaml +++ b/tests/eve-payload-07-http-gap/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 pcap: ../http-gap-beyond-body/input.pcap @@ -14,6 +14,7 @@ checks: alert.signature_id: 1 - filter: count: 1 + min-version: 8 match: event_type: alert alert.signature_id: 1 @@ -21,6 +22,14 @@ checks: payload_length: 40 - filter: count: 1 + min-version: 7.0.7 + match: + event_type: alert + alert.signature_id: 1 + payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n" +- filter: + count: 1 + min-version: 8 match: event_type: alert alert.signature_id: 1 @@ -28,6 +37,14 @@ checks: payload_length: 80 - filter: count: 1 + min-version: 7.0.7 + match: + event_type: alert + alert.signature_id: 1 + payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /2 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n" +- filter: + count: 1 + min-version: 8 match: event_type: alert alert.signature_id: 1 @@ -35,11 +52,26 @@ checks: payload_length: 120 - filter: count: 1 + min-version: 7.0.7 + match: + event_type: alert + alert.signature_id: 1 + payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /2 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /3 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n" +- filter: + count: 1 + min-version: 8 match: event_type: alert alert.signature_id: 2 payload_printable: "HTTP/1.0 200 OK\r\nDate: Mon, 31 Aug 2009 20:25:50 GMT\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\n" payload_length: 136 +- filter: + count: 1 + min-version: 7.0.7 + match: + event_type: alert + alert.signature_id: 2 + payload_printable: "HTTP/1.0 200 OK\r\nDate: Mon, 31 Aug 2009 20:25:50 GMT\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\n" - filter: count: 1 match: @@ -48,6 +80,7 @@ checks: payload_printable: "HTTP/1.0 200 OK\r\nDate: Mon, 31 Aug 2009 20:25:50 GMT\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\n[127 bytes missing]AAAAAAAAAAAAAAAAAAAAAAAAAAAA" - filter: count: 1 + min-version: 8 match: event_type: alert alert.signature_id: 4 diff --git a/tests/smb2-frames-gap-payload-logging-02/test.yaml b/tests/smb2-frames-gap-payload-logging-02/test.yaml index f6a76271f..331567062 100644 --- a/tests/smb2-frames-gap-payload-logging-02/test.yaml +++ b/tests/smb2-frames-gap-payload-logging-02/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - --set stream.midstream=true diff --git a/tests/smb2-frames-gap-payload-logging/test.yaml b/tests/smb2-frames-gap-payload-logging/test.yaml index 67432e67d..89e385d67 100644 --- a/tests/smb2-frames-gap-payload-logging/test.yaml +++ b/tests/smb2-frames-gap-payload-logging/test.yaml @@ -1,5 +1,5 @@ requires: - min-version: 8 + min-version: 7.0.7 args: - --set stream.midstream=true