http2: adds more signature keywords test

Ticket: #4067

diff --git a/tests/http2-keywords2/test.rules b/tests/http2-keywords2/test.rules
index 518f85dc357cd0c26371f61538c84a4995065953..a000d0d6fa30e526a3ddea78f24af34438c24a0b 100644 (file)
--- a/tests/http2-keywords2/test.rules
+++ b/tests/http2-keywords2/test.rules
@@ -11,3 +11,9 @@ alert http2 any any -> any any (http.host.raw; content:"nghttp2.org"; sid:32;)
 
 alert http2 any any -> any any (http.header_names; content:"|0d 0a|user-agent|0d 0a|accept|0d 0a|"; sid:33;)
 alert http2 any any -> any any (http.header; content:"user-agent: curl/7.61.0|0d 0a|accept: */*|0d 0a|"; sid:34;)
+
+alert http2 any any -> any any (http.protocol; content:"HTTP/2"; sid:35;)
+alert http2 any any -> any any (http.response_body; content:"not found"; sid:36;)
+alert http2 any any -> any any (http_request_line; content:"GET /humans.txt HTTP/2"; sid:37;)
+alert http2 any any -> any any (http.stat_msg; content:!"OK"; sid:38;)
+alert http2 any any -> any any (http.stat_msg; bsize:0; sid:39;)

diff --git a/tests/http2-keywords2/test.yaml b/tests/http2-keywords2/test.yaml
index 9fde64b801654bd770eaf17cee2d36e003e3fbd0..c236443c7cc18b6f9ef84564fd4d2fac59575883 100644 (file)
--- a/tests/http2-keywords2/test.yaml
+++ b/tests/http2-keywords2/test.yaml
@@ -60,3 +60,28 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 34
+  - filter:
+      count: 12
+      match:
+        event_type: alert
+        alert.signature_id: 35
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 36
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 37
+  - filter:
+      count: 6
+      match:
+        event_type: alert
+        alert.signature_id: 38
+  - filter:
+      count: 6
+      match:
+        event_type: alert
+        alert.signature_id: 39