summaryrefslogtreecommitdiffstats
path: root/tests/test_signaturemap.py
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:43:34 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 17:43:34 +0000
commit0fcce96a175531ec6042cde1b11a0052aa261dd5 (patch)
tree898a1e161c4984b41e6a732866bd73b24f0f7b7a /tests/test_signaturemap.py
parentInitial commit. (diff)
downloadsuricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.tar.xz
suricata-update-0fcce96a175531ec6042cde1b11a0052aa261dd5.zip
Adding upstream version 1.3.2.upstream/1.3.2
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tests/test_signaturemap.py')
-rw-r--r--tests/test_signaturemap.py81
1 files changed, 81 insertions, 0 deletions
diff --git a/tests/test_signaturemap.py b/tests/test_signaturemap.py
new file mode 100644
index 0000000..f3c3b3e
--- /dev/null
+++ b/tests/test_signaturemap.py
@@ -0,0 +1,81 @@
+# Copyright (C) 2017 Open Information Security Foundation
+#
+# You can copy, redistribute or modify this Program under the terms of
+# the GNU General Public License version 2 as published by the Free
+# Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# version 2 along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
+import unittest
+
+from suricata.update import maps
+
+class SignatureMapTestCase(unittest.TestCase):
+
+ def test_load_generator_map(self):
+
+ sigmap = maps.SignatureMap()
+ sigmap.load_generator_map(open("tests/gen-msg.map"))
+
+ sig = sigmap.get(1, 1)
+ self.assertTrue(sig is not None)
+ self.assertEqual(1, sig["gid"])
+ self.assertEqual(1, sig["sid"])
+ self.assertEqual("snort general alert", sig["msg"])
+
+ sig = sigmap.get(139, 1)
+ self.assertTrue(sig is not None)
+ self.assertEqual(139, sig["gid"])
+ self.assertEqual(1, sig["sid"])
+ self.assertEqual(
+ "sensitive_data: sensitive data global threshold exceeded",
+ sig["msg"])
+
+ def test_load_signature_map(self):
+
+ sigmap = maps.SignatureMap()
+ sigmap.load_signature_map(open("tests/sid-msg.map"))
+
+ # Get a basic signature.
+ sig = sigmap.get(1, 2000356)
+ self.assertTrue(sig is not None)
+ self.assertEqual(1, sig["gid"])
+ self.assertEqual(2000356, sig["sid"])
+ self.assertEqual("ET POLICY IRC connection", sig["msg"])
+ self.assertEqual(len(sig["ref"]), 1)
+ self.assertEqual("url,doc.emergingthreats.net/2000356", sig["ref"][0])
+
+ # Try again but with a gid of 3.
+ self.assertEqual(sig, sigmap.get(3, 2000356))
+
+ # This signature has multiple refs.
+ sig = sigmap.get(1, 2000373)
+ self.assertEqual(3, len(sig["ref"]))
+
+ sig = sigmap.get(1, 71918985)
+ self.assertEqual(
+ "SN: Inbound TCP traffic from suspect network (AS29073 - NL)",
+ sig["msg"])
+
+ def test_load_signature_v2_map(self):
+
+ sigmap = maps.SignatureMap()
+ sigmap.load_signature_map(open("tests/sid-msg-v2.map"))
+
+ sig = sigmap.get(1, 2495)
+ self.assertEqual(1, sig["gid"])
+ self.assertEqual(2495, sig["sid"])
+ self.assertEqual("misc-attack", sig["classification"])
+ self.assertEqual(0, sig["priority"])
+ self.assertEqual(
+ "GPL NETBIOS SMB DCEPRC ORPCThis request flood attempt",
+ sig["msg"])
+ self.assertEqual(4, len(sig["ref"]))