From: David Beckett <david.beckett@netronome.com>
Date: Wed, 16 Nov 2022 16:55:34 +0000 (+0000)
Subject: Add test for brotli content encoding
X-Git-Tag: suricata-7.0.11~86
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2457%2Fhead;p=thirdparty%2Fsuricata-verify.git

Add test for brotli content encoding
---

diff --git a/tests/http-brotli-ce/README.md b/tests/http-brotli-ce/README.md
new file mode 100644
index 000000000..d5f136a5b
--- /dev/null
+++ b/tests/http-brotli-ce/README.md
@@ -0,0 +1,2 @@
+Chrome 107.0.5304.87 HTTPS decrypted via Mira ETO
+HTTP content encoding br (brotli)
diff --git a/tests/http-brotli-ce/input.pcap b/tests/http-brotli-ce/input.pcap
new file mode 100644
index 000000000..3eb24d46e
Binary files /dev/null and b/tests/http-brotli-ce/input.pcap differ
diff --git a/tests/http-brotli-ce/test.yaml b/tests/http-brotli-ce/test.yaml
new file mode 100644
index 000000000..1bfd70da9
--- /dev/null
+++ b/tests/http-brotli-ce/test.yaml
@@ -0,0 +1,33 @@
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 3
+    match:
+      # 2 RESPONSE_HEADER_REPETITION for Accept-CH and 1 RESPONSE_BODY_UNEXPECTED
+      event_type: anomaly
+- filter:
+    count: 3
+    match:
+      event_type: http
+- filter:
+    count: 2
+    match:
+      event_type: fileinfo
+- filter:
+    count: 1
+    match:
+      event_type: fileinfo
+      fileinfo.filename: f.txt
+      # compressed size is 95
+      fileinfo.size: 121
+- filter:
+    count: 1
+    match:
+      event_type: fileinfo
+      fileinfo.size: 1743
+- filter:
+    count: 1
+    match:
+      event_type: flow