Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests: add test for pgsql probe bug 6080 - v1 #1501

Closed
wants to merge 1 commit into from
Closed

tests: add test for pgsql probe bug 6080 - v1 #1501

wants to merge 1 commit into from

Conversation

jufajardini
Copy link
Contributor

Add test for pgsql probing function bug 6080.
Crafted pcap.

Related to
Bug #6080

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/6080

@jufajardini jufajardini added the requires suricata fix This PR requires an issue in Suricata to be fixed first label Nov 29, 2023
@jufajardini jufajardini force-pushed the pgsql-sv-6080/v1 branch 2 times, most recently from 257beb9 to ec9f8e3 Compare November 29, 2023 14:37
@jufajardini
Copy link
Contributor Author

jufajardini commented Nov 29, 2023
edited
Loading

Force-pushed to include the scapy script and suricata.yaml files, which weren't originally in the folder.

@jufajardini
tests: add test for pgsql probe bug 6080
e7cac68 
Add test for pgsql probing function bug 6080.
Crafted pcap.

Related to
Bug #6080
@jufajardini jufajardini mentioned this pull request Nov 29, 2023
Closed
catenacyber
catenacyber reviewed Nov 29, 2023
View reviewed changes
tests/pgsql-bug-6080-probe-test-01/test.yaml
- filter:
count: 0
match:
app_proto: pgsql
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do not want the flow to be recognized as pgsql, do we ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, it should be there is 1 event_type flow, and 0 with app_proto: pgsql and no other fields to test

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right! 🙇🏽

@jufajardini jufajardini mentioned this pull request Nov 29, 2023
Closed
jufajardini
jufajardini commented Nov 29, 2023
View reviewed changes
tests/pgsql-bug-6080-probe-test-01/test.yaml
Comment on lines +1 to +2
args:
- -k none
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add min-version check.

@jufajardini
Copy link
Contributor Author

Replaced by: #1502

@jufajardini jufajardini deleted the pgsql-sv-6080/v1 branch December 6, 2023 14:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

Assignees
No one assigned
Labels
requires suricata fix This PR requires an issue in Suricata to be fixed first
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jufajardini @catenacyber