detect/integers: test enum with negated strings

Ticket: #7513

diff --git a/tests/websocket-ping/test.rules b/tests/websocket-ping/test.rules
new file mode 100644 (file)
index 0000000..e81030f
--- /dev/null
+++ b/tests/websocket-ping/test.rules
@@ -0,0 +1,5 @@
+alert websocket any any -> any any (msg:"There is no text opcode in this packet"; websocket.opcode:!text; sid:1;)
+alert websocket any any -> any any (msg:"There is no ping opcode in this packet"; websocket.opcode:!ping; sid:2;)
+
+# should not match for pcap_cnt 11
+alert websocket any any -> any any (msg:"There is no pong opcode in this packet"; websocket.opcode:!pong; sid:3;)
\ No newline at end of file

diff --git a/tests/websocket-ping/test.yaml b/tests/websocket-ping/test.yaml
index 239e89744abffccbf28c85501f00458305a90460..853259bac12829e7bfaea4d3d7bcfc4c5e00a1b2 100644 (file)
--- a/tests/websocket-ping/test.yaml
+++ b/tests/websocket-ping/test.yaml
@@ -2,7 +2,7 @@ requires:
   min-version: 8
 
 args:
-- -k none
+- -k none --set stream.inline=true
 
 checks:
 - filter:
@@ -15,3 +15,24 @@ checks:
     match:
       event_type: websocket
       websocket.opcode: pong
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1
+      websocket.opcode: ping
+      pcap_cnt: 8
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2
+      websocket.opcode: pong
+      pcap_cnt: 11
+- filter:
+    count: 0
+    match:
+      event_type: alert
+      alert.signature_id: 3
+      websocket.opcode: pong
+      pcap_cnt: 11
\ No newline at end of file