test/from_base64: Use transform with default values

This test uses default values for the parameters accepted by
from_base64:
- bytes
- offset
- decode type

Issue: 7853

diff --git a/tests/from_base64-04/README.md b/tests/from_base64-04/README.md
new file mode 100644 (file)
index 0000000..d0f9c13
--- /dev/null
+++ b/tests/from_base64-04/README.md
@@ -0,0 +1 @@
+from_base64 transform tests with default arguments

diff --git a/tests/from_base64-04/test.rules b/tests/from_base64-04/test.rules
new file mode 100644 (file)
index 0000000..84eef83
--- /dev/null
+++ b/tests/from_base64-04/test.rules
@@ -0,0 +1 @@
+alert smtp any any -> any any (msg:"Decode User value";frame:smtp.command_line; from_base64; content:"galunt"; sid:1;)

diff --git a/tests/from_base64-04/test.yaml b/tests/from_base64-04/test.yaml
new file mode 100644 (file)
index 0000000..bde3d89
--- /dev/null
+++ b/tests/from_base64-04/test.yaml
@@ -0,0 +1,22 @@
+requires:
+  min-version: 8.0.1
+
+pcap: ../smtp-long-DATA-line/input.pcap
+
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+         event_type: alert
+         alert.signature_id: 1
+         frame.payload: "WjJGc2RXNTANCg=="
+
+  - filter:
+      count: 1
+      match:
+         event_type: alert
+         alert.signature_id: 1
+         frame.payload: "WjJGc2RXNTA="