From: Philippe Antoine <pantoine@oisf.net>
Date: Sun, 24 Aug 2025 20:02:28 +0000 (+0200)
Subject: http: test no anomaly for identity Content encoding
X-Git-Tag: suricata-7.0.12~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2626%2Fhead;p=thirdparty%2Fsuricata-verify.git

http: test no anomaly for identity Content encoding

Ticket: 7843
---

diff --git a/tests/http-encoding-identity/README.md b/tests/http-encoding-identity/README.md
new file mode 100644
index 000000000..a9db9bc2e
--- /dev/null
+++ b/tests/http-encoding-identity/README.md
@@ -0,0 +1,13 @@
+# Test Description
+
+Test HTTP Content-encoding identity
+
+# Ticket
+
+https://redmine.openinfosecfoundation.org/issues/7843
+
+# Pcap
+
+Crafted with:
+- `go run server.go`
+- `curl -i -v 127.0.0.1:8080/`
diff --git a/tests/http-encoding-identity/server.go b/tests/http-encoding-identity/server.go
new file mode 100644
index 000000000..b2938896f
--- /dev/null
+++ b/tests/http-encoding-identity/server.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+)
+
+func main() {
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Header().Set("Server", "Jetty")
+		w.Header().Set("Content-encoding", "identity")
+		content := "identity content-encoding works"
+		_, _ = w.Write([]byte(content))
+	})
+
+	server := &http.Server{
+		Addr:    "0.0.0.0:8080",
+		Handler: handler,
+	}
+
+	fmt.Printf("Listening [0.0.0.0:8080]...\n")
+	err := server.ListenAndServe()
+	fmt.Printf("lol %s", err)
+}
diff --git a/tests/http-encoding-identity/test.pcap b/tests/http-encoding-identity/test.pcap
new file mode 100644
index 000000000..d8a9fb9d8
Binary files /dev/null and b/tests/http-encoding-identity/test.pcap differ
diff --git a/tests/http-encoding-identity/test.rules b/tests/http-encoding-identity/test.rules
new file mode 100644
index 000000000..eeabf8761
--- /dev/null
+++ b/tests/http-encoding-identity/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"identity"; file.data; content: "identity content-encoding works" ; sid:1;)
diff --git a/tests/http-encoding-identity/test.yaml b/tests/http-encoding-identity/test.yaml
new file mode 100644
index 000000000..da6cf35cb
--- /dev/null
+++ b/tests/http-encoding-identity/test.yaml
@@ -0,0 +1,16 @@
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      min-version: 8.0.1
+      count: 0
+      match:
+        event_type: anomaly
+        anomaly.event: ABNORMAL_CE_HEADER
+