Skip to content

Commit

Permalink
output: adds checks for payload_length field
Browse files Browse the repository at this point in the history 
Ticket: 7098
  • Loading branch information
@catenacyber @victorjulien
catenacyber authored and victorjulien committed Jun 22, 2024
1 parent ee526ed commit 032fded
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
1 change: 1 addition & 0 deletions tests/eve-payload-07-http-gap/suricata.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,5 @@ outputs:
payload: yes # enable dumping payload in Base64
payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
payload-printable: yes # enable dumping payload in printable (lossy) format
payload-length: yes # enable dumping payload length
packet: yes # enable dumping of packet (without stream segments)
5 changes: 5 additions & 0 deletions tests/eve-payload-07-http-gap/test.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,30 +18,35 @@ checks:
event_type: alert
alert.signature_id: 1
payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n"
payload_length: 40
- filter:
count: 1
match:
event_type: alert
alert.signature_id: 1
payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /2 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n"
payload_length: 80
- filter:
count: 1
match:
event_type: alert
alert.signature_id: 1
payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /2 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /3 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n"
payload_length: 120
- filter:
count: 1
match:
event_type: alert
alert.signature_id: 2
payload_printable: "HTTP/1.0 200 OK\r\nDate: Mon, 31 Aug 2009 20:25:50 GMT\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\n"
payload_length: 136
- filter:
count: 1
match:
event_type: alert
alert.signature_id: 3
payload_printable: "HTTP/1.0 200 OK\r\nDate: Mon, 31 Aug 2009 20:25:50 GMT\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\n[127 bytes missing]AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP/1.0 200 OK\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\nHello People\r\n"
payload_length: 324
- filter:
count: 1
match:
Expand Down

0 comments on commit 032fded

Please sign in to comment.