frames: sip test update

author Victor Julien <victor@inliniac.net>

Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)

committer Victor Julien <victor@inliniac.net>

Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)
author Victor Julien <victor@inliniac.net>
Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)
committer Victor Julien <victor@inliniac.net>
Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)
diff --git a/tests/sip-body-frames/sip-frames.rules b/tests/sip-body-frames/sip-frames.rules

index d6e92c4bb44982b3bf8b76b0304bb7ab456439da..5a77abd6a2cddff6e7d6b960d2f9565672b0b8bf 100644 (file)
--- a/tests/sip-body-frames/sip-frames.rules
+++ b/tests/sip-body-frames/sip-frames.rules
@@ -13,3 +13,5 @@ alert sip any any -> any any (flow:to_client; frame:response.headers; content:"V
  alert sip any any -> any any (flow:to_client; frame:response.headers; content:"Via:"; startswith; content:"Content-Length: 0|0d 0a|"; endswith; sid:42;)
  
  alert sip any any -> any any (flow:to_server; frame:request.body; content:"v=0"; startswith; sid:51;)
+
+alert sip any any -> any any (flow:to_server; frame:request.body; strip_whitespace; content:"v=0o=Clarent1203"; startswith; sid:61;)
diff --git a/tests/sip-body-frames/test.yaml b/tests/sip-body-frames/test.yaml

index dd65cd7b4e8d3595e0def35be711da301d2cdf6f..fd08db6ad8429e9ad56da41c13b5be067a32c47b 100644 (file)
--- a/tests/sip-body-frames/test.yaml
+++ b/tests/sip-body-frames/test.yaml
@@ -40,6 +40,11 @@ checks:
      match:
        event_type: alert
        alert.signature_id: 42
+ - filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 61
   - filter:
      count: 2
      match:
author	Victor Julien <victor@inliniac.net>
	Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)
committer	Victor Julien <victor@inliniac.net>
	Fri, 27 Jan 2023 12:38:34 +0000 (13:38 +0100)
tests/sip-body-frames/sip-frames.rules		patch \| blob \| blame \| history
tests/sip-body-frames/test.yaml		patch \| blob \| blame \| history