Add test for brotli content encoding

diff --git a/tests/http-brotli-ce/README.md b/tests/http-brotli-ce/README.md
new file mode 100644 (file)
index 0000000..d5f136a
--- /dev/null
+++ b/tests/http-brotli-ce/README.md
@@ -0,0 +1,2 @@
+Chrome 107.0.5304.87 HTTPS decrypted via Mira ETO
+HTTP content encoding br (brotli)

diff --git a/tests/http-brotli-ce/input.pcap b/tests/http-brotli-ce/input.pcap
new file mode 100644 (file)
index 0000000..3eb24d4
Binary files /dev/null and b/tests/http-brotli-ce/input.pcap differ

diff --git a/tests/http-brotli-ce/test.yaml b/tests/http-brotli-ce/test.yaml
new file mode 100644 (file)
index 0000000..1bfd70d
--- /dev/null
+++ b/tests/http-brotli-ce/test.yaml
@@ -0,0 +1,33 @@
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 3
+    match:
+      # 2 RESPONSE_HEADER_REPETITION for Accept-CH and 1 RESPONSE_BODY_UNEXPECTED
+      event_type: anomaly
+- filter:
+    count: 3
+    match:
+      event_type: http
+- filter:
+    count: 2
+    match:
+      event_type: fileinfo
+- filter:
+    count: 1
+    match:
+      event_type: fileinfo
+      fileinfo.filename: f.txt
+      # compressed size is 95
+      fileinfo.size: 121
+- filter:
+    count: 1
+    match:
+      event_type: fileinfo
+      fileinfo.size: 1743
+- filter:
+    count: 1
+    match:
+      event_type: flow