Suricata-verify tests for http.{location,server}

Add test cases to suricata-verify for new HTTP sticky buffers: location and server

diff --git a/tests/http-sticky-location/http-sticky-location.pcap b/tests/http-sticky-location/http-sticky-location.pcap
new file mode 100644 (file)
index 0000000..d481876
Binary files /dev/null and b/tests/http-sticky-location/http-sticky-location.pcap differ

diff --git a/tests/http-sticky-location/http-sticky-location.rules b/tests/http-sticky-location/http-sticky-location.rules
new file mode 100644 (file)
index 0000000..4c89021
--- /dev/null
+++ b/tests/http-sticky-location/http-sticky-location.rules
@@ -0,0 +1 @@
+alert http any any -> any any (flow:to_client; http.location; content: "http://ca.msn.com";sid:1;)

diff --git a/tests/http-sticky-location/test.yaml b/tests/http-sticky-location/test.yaml
new file mode 100644 (file)
index 0000000..b7a7c55
--- /dev/null
+++ b/tests/http-sticky-location/test.yaml
@@ -0,0 +1,6 @@
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1

diff --git a/tests/http-sticky-server/http-sticky-server.pcap b/tests/http-sticky-server/http-sticky-server.pcap
new file mode 100644 (file)
index 0000000..d481876
Binary files /dev/null and b/tests/http-sticky-server/http-sticky-server.pcap differ

diff --git a/tests/http-sticky-server/http-sticky-server.rules b/tests/http-sticky-server/http-sticky-server.rules
new file mode 100644 (file)
index 0000000..f71748c
--- /dev/null
+++ b/tests/http-sticky-server/http-sticky-server.rules
@@ -0,0 +1 @@
+alert http any any -> any any (flow:to_client; http.server; content: "Omniture DC/2.0.0";sid:2;)

diff --git a/tests/http-sticky-server/test.yaml b/tests/http-sticky-server/test.yaml
new file mode 100644 (file)
index 0000000..15a366a
--- /dev/null
+++ b/tests/http-sticky-server/test.yaml
@@ -0,0 +1,6 @@
+checks:
+  - filter:
+      count: 28
+      match:
+        event_type: alert
+        alert.signature_id: 2