Add test for Bug #4503

author Mats Klepsland <mats.klepsland@gmail.com>

Mon, 31 May 2021 10:57:05 +0000 (12:57 +0200)

committer Jason Ish <jason.ish@oisf.net>

Tue, 28 Sep 2021 16:21:35 +0000 (10:21 -0600)
author Mats Klepsland <mats.klepsland@gmail.com>
Mon, 31 May 2021 10:57:05 +0000 (12:57 +0200)
committer Jason Ish <jason.ish@oisf.net>
Tue, 28 Sep 2021 16:21:35 +0000 (10:21 -0600)
diff --git a/tests/bug-4503/input.pcap b/tests/bug-4503/input.pcap

new file mode 100644 (file)

index 0000000..308913b

Binary files /dev/null and b/tests/bug-4503/input.pcap differ
diff --git a/tests/bug-4503/test.rules b/tests/bug-4503/test.rules

new file mode 100644 (file)

index 0000000..95117df
--- /dev/null
+++ b/tests/bug-4503/test.rules
@@ -0,0 +1,4 @@
+alert ip any any -> 8.8.8.8 any (msg:"The first rule"; threshold: type limit, track by_rule, count 5, seconds 300; sid:1;)
+alert ip any any -> 4.3.2.1 any (msg:"The second rule"; priority:1; sid:2;)
+alert ip any any -> 1.2.3.4 any (msg:"The third rule"; priority:2; sid:3;)
+alert ip any any -> 5.6.7.8 any (msg:"The fourth rule"; priority:2; sid:4;)
diff --git a/tests/bug-4503/test.yaml b/tests/bug-4503/test.yaml

new file mode 100644 (file)

index 0000000..b03d476
--- /dev/null
+++ b/tests/bug-4503/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 6
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
author	Mats Klepsland <mats.klepsland@gmail.com>
	Mon, 31 May 2021 10:57:05 +0000 (12:57 +0200)
committer	Jason Ish <jason.ish@oisf.net>
	Tue, 28 Sep 2021 16:21:35 +0000 (10:21 -0600)
tests/bug-4503/input.pcap	[new file with mode: 0644]	patch \| blob
tests/bug-4503/test.rules	[new file with mode: 0644]	patch \| blob
tests/bug-4503/test.yaml	[new file with mode: 0644]	patch \| blob