Adds check for http.method keyword on http2 traffic

author Philippe Antoine <contact@catenacyber.fr>

Mon, 26 Apr 2021 13:16:24 +0000 (15:16 +0200)

committer Victor Julien <victor@inliniac.net>

Tue, 18 May 2021 10:14:15 +0000 (12:14 +0200)
author Philippe Antoine <contact@catenacyber.fr>
Mon, 26 Apr 2021 13:16:24 +0000 (15:16 +0200)
committer Victor Julien <victor@inliniac.net>
Tue, 18 May 2021 10:14:15 +0000 (12:14 +0200)
diff --git a/tests/http2-keywords2/test.rules b/tests/http2-keywords2/test.rules

index 50faf3ffb583a98f0a5c738f18f446200d007a75..83cbe026edef8b15e3f4eb9a7bff8778e9613e53 100644 (file)
--- a/tests/http2-keywords2/test.rules
+++ b/tests/http2-keywords2/test.rules
@@ -6,3 +6,4 @@ alert http2 any any -> any any (http.user_agent; content:"curl"; sid:20;)
  alert http2 any any -> any any (http.stat_code; content:"404"; sid:21;)
  
  alert http2 any any -> any any (http.server; content:"nghttpx"; sid:30;)
+alert http2 any any -> any any (http.method; content:"GET"; sid:31;)
diff --git a/tests/http2-keywords2/test.yaml b/tests/http2-keywords2/test.yaml

index 65d5a47a5298756ccb36aca6344da4bc95ef570f..b6f51bfab5edc2a161109426c44e2eedbe954c6d 100644 (file)
--- a/tests/http2-keywords2/test.yaml
+++ b/tests/http2-keywords2/test.yaml
@@ -40,3 +40,8 @@ checks:
        match:
          event_type: alert
          alert.signature_id: 30
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 31
author	Philippe Antoine <contact@catenacyber.fr>
	Mon, 26 Apr 2021 13:16:24 +0000 (15:16 +0200)
committer	Victor Julien <victor@inliniac.net>
	Tue, 18 May 2021 10:14:15 +0000 (12:14 +0200)
tests/http2-keywords2/test.rules		patch \| blob \| blame \| history
tests/http2-keywords2/test.yaml		patch \| blob \| blame \| history