http2: check for http_response_line exact content

author Philippe Antoine <pantoine@oisf.net>

Thu, 23 Nov 2023 09:13:46 +0000 (10:13 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 13 Dec 2023 05:59:28 +0000 (06:59 +0100)
author Philippe Antoine <pantoine@oisf.net>
Thu, 23 Nov 2023 09:13:46 +0000 (10:13 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 13 Dec 2023 05:59:28 +0000 (06:59 +0100)
diff --git a/tests/http2-keywords2/test.rules b/tests/http2-keywords2/test.rules

index a000d0d6fa30e526a3ddea78f24af34438c24a0b..a0ccb276650b95e75fdccb35c16261dfb5123c9a 100644 (file)
--- a/tests/http2-keywords2/test.rules
+++ b/tests/http2-keywords2/test.rules
@@ -17,3 +17,4 @@ alert http2 any any -> any any (http.response_body; content:"not found"; sid:36;
  alert http2 any any -> any any (http_request_line; content:"GET /humans.txt HTTP/2"; sid:37;)
  alert http2 any any -> any any (http.stat_msg; content:!"OK"; sid:38;)
  alert http2 any any -> any any (http.stat_msg; bsize:0; sid:39;)
+alert http2 any any -> any any (http_response_line; content:"HTTP/2 200|0d 0a|"; startswith; endswith; sid:40;)
diff --git a/tests/http2-keywords2/test.yaml b/tests/http2-keywords2/test.yaml

index c236443c7cc18b6f9ef84564fd4d2fac59575883..6c6dd6bae64ace20ce069989eccc42792b063d24 100644 (file)
--- a/tests/http2-keywords2/test.yaml
+++ b/tests/http2-keywords2/test.yaml
@@ -85,3 +85,10 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 39
+  - filter:
+      # to remove when backport is merged
+      min-version: 8.0.0
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 40
author	Philippe Antoine <pantoine@oisf.net>
	Thu, 23 Nov 2023 09:13:46 +0000 (10:13 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 13 Dec 2023 05:59:28 +0000 (06:59 +0100)
tests/http2-keywords2/test.rules		patch \| blob \| blame \| history
tests/http2-keywords2/test.yaml		patch \| blob \| blame \| history