From 7a2f2c92082c07a4849a929e5921c287cb709651 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Tue, 2 Sep 2025 09:50:15 +0200
Subject: [PATCH] tests: add tests for issue 6269

---
 tests/bug-6269-01/input.pcap     | Bin 0 -> 869 bytes
 tests/bug-6269-01/test.rules     |   1 +
 tests/bug-6269-01/test.yaml      |  14 ++++++++++++++
 tests/bug-6269-02-ips/input.pcap | Bin 0 -> 869 bytes
 tests/bug-6269-02-ips/test.rules |   1 +
 tests/bug-6269-02-ips/test.yaml  |  14 ++++++++++++++
 6 files changed, 30 insertions(+)
 create mode 100644 tests/bug-6269-01/input.pcap
 create mode 100644 tests/bug-6269-01/test.rules
 create mode 100644 tests/bug-6269-01/test.yaml
 create mode 100644 tests/bug-6269-02-ips/input.pcap
 create mode 100644 tests/bug-6269-02-ips/test.rules
 create mode 100644 tests/bug-6269-02-ips/test.yaml

diff --git a/tests/bug-6269-01/input.pcap b/tests/bug-6269-01/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..4f7e6e8450e5047515980f0f5d983bc0d7b2c4ba
GIT binary patch
literal 869
zc-p&ic+)~A1{MYcU}0bclIJ%ZOVM=ZW{3l_L6{*RY?AUS5UJhJb~k||bQyyNo5NoQ
zpkhY2Rwf{y37J2~j3I!{a<UnSvw-QZg1{%BAPegP7A6j^o{hEsAaO=!X7&p}+t>?m
z+Qu1OPmXOo|B-ELbb{G-5op_2V`dcFv>PCH0&QcHZ3o(Bi*7o)?F<2P%*yvnG6dRa
zzCh?Vi+wlPHU^Mw1=k{dLH>i;R%OD>5C+r~hTU%pMElJgXrobs0ORk3w?GYyAb&OU
zgKPuYa@qu^pLnH`$nsMcil6+D{dAo!eo8WBX4nZ-yc4@E%_Q0)!T5V!JE|@2t|1Eg
zC8@<F@i~dbB{`XSsqslU`N`RtdFcusAt3?!hI)p)TpszwB~}X2X(<K<Rz_BaR#rx_
syj-EhsYSYu>8W`@spQh49DQ>=6LUQSUM|Pv<kSM7pq9QCFBdNt0N3@wkN^Mx

literal 0
Hc-jL100001

diff --git a/tests/bug-6269-01/test.rules b/tests/bug-6269-01/test.rules
new file mode 100644
index 000000000..b369ec15d
--- /dev/null
+++ b/tests/bug-6269-01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.uri; content:"/test_lastline_blocking"; sid:1;)
diff --git a/tests/bug-6269-01/test.yaml b/tests/bug-6269-01/test.yaml
new file mode 100644
index 000000000..b10845943
--- /dev/null
+++ b/tests/bug-6269-01/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.url: /test_lastline_blocking
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
diff --git a/tests/bug-6269-02-ips/input.pcap b/tests/bug-6269-02-ips/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..4f7e6e8450e5047515980f0f5d983bc0d7b2c4ba
GIT binary patch
literal 869
zc-p&ic+)~A1{MYcU}0bclIJ%ZOVM=ZW{3l_L6{*RY?AUS5UJhJb~k||bQyyNo5NoQ
zpkhY2Rwf{y37J2~j3I!{a<UnSvw-QZg1{%BAPegP7A6j^o{hEsAaO=!X7&p}+t>?m
z+Qu1OPmXOo|B-ELbb{G-5op_2V`dcFv>PCH0&QcHZ3o(Bi*7o)?F<2P%*yvnG6dRa
zzCh?Vi+wlPHU^Mw1=k{dLH>i;R%OD>5C+r~hTU%pMElJgXrobs0ORk3w?GYyAb&OU
zgKPuYa@qu^pLnH`$nsMcil6+D{dAo!eo8WBX4nZ-yc4@E%_Q0)!T5V!JE|@2t|1Eg
zC8@<F@i~dbB{`XSsqslU`N`RtdFcusAt3?!hI)p)TpszwB~}X2X(<K<Rz_BaR#rx_
syj-EhsYSYu>8W`@spQh49DQ>=6LUQSUM|Pv<kSM7pq9QCFBdNt0N3@wkN^Mx

literal 0
Hc-jL100001

diff --git a/tests/bug-6269-02-ips/test.rules b/tests/bug-6269-02-ips/test.rules
new file mode 100644
index 000000000..b369ec15d
--- /dev/null
+++ b/tests/bug-6269-02-ips/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.uri; content:"/test_lastline_blocking"; sid:1;)
diff --git a/tests/bug-6269-02-ips/test.yaml b/tests/bug-6269-02-ips/test.yaml
new file mode 100644
index 000000000..b10845943
--- /dev/null
+++ b/tests/bug-6269-02-ips/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.url: /test_lastline_blocking
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
-- 
2.47.3