tests: add tld tests

diff --git a/tests/domain-keyword/test.rules b/tests/domain-keyword/test.rules
index 7d612eb265ce5342ad2d4781dab88c7dd647c8c9..36f6da34abb9d076db095647d825c0cc0eb3a19a 100644 (file)
--- a/tests/domain-keyword/test.rules
+++ b/tests/domain-keyword/test.rules
@@ -1,2 +1,5 @@
 alert dns any any -> any any (msg:"dns suricata"; dns.query; domain; content:"suricata.io"; startswith; endswith; sid:1; rev:1;)
 alert dns any any -> any any (msg:"dns bbc"; dns.query; domain; content:"bbc.co.uk"; startswith; endswith; sid:2; rev:1;)
+
+alert dns any any -> any any (msg:"dns suricata"; dns.query; tld; content:"io"; startswith; endswith; sid:3; rev:1;)
+alert dns any any -> any any (msg:"dns bbc"; dns.query; tld; content:"co.uk"; startswith; endswith; sid:4; rev:1;)

diff --git a/tests/domain-keyword/test.yaml b/tests/domain-keyword/test.yaml
index 4832fedcfc0cf5c0637a00654c8f825b806ea5d3..67d0fb0b7d5b3759660b6668302da3707eac73ae 100644 (file)
--- a/tests/domain-keyword/test.yaml
+++ b/tests/domain-keyword/test.yaml
@@ -6,3 +6,15 @@ checks:
       count: 1
       match:
         alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 3
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 4