From: Victor Julien <victor@inliniac.net>
Date: Thu, 23 Mar 2023 11:21:44 +0000 (+0100)
Subject: tests: add 5929 test for http2
X-Git-Tag: suricata-6.0.12~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5722f5bee14714cb17e3fd562c0b10fe49c95341;p=thirdparty%2Fsuricata-verify.git

tests: add 5929 test for http2
---

diff --git a/tests/bug-5929-02/http2_multiple_headers.pcap b/tests/bug-5929-02/http2_multiple_headers.pcap
new file mode 100644
index 000000000..e549d266b
Binary files /dev/null and b/tests/bug-5929-02/http2_multiple_headers.pcap differ
diff --git a/tests/bug-5929-02/test.rules b/tests/bug-5929-02/test.rules
new file mode 100644
index 000000000..f717a0135
--- /dev/null
+++ b/tests/bug-5929-02/test.rules
@@ -0,0 +1,4 @@
+alert http any any -> any any (flow:established,to_server; urilen:<70; http.uri; content:"dog/"; content:".exe"; distance:8; within:4; fast_pattern; sid:1;)
+alert http any any -> any any (flow:established,to_server; http.uri; bsize:<70; content:"dog/"; content:".exe"; distance:8; within:4; fast_pattern; sid:2;)
+alert http any any -> any any (flow:established,to_server; urilen:<70; http.uri; content:"dog/"; content:".exe"; distance:8; within:4; sid:3;)
+alert http any any -> any any (flow:established,to_server; http.uri; content:"dog/"; content:".exe"; distance:8; within:4; fast_pattern; sid:4;)
diff --git a/tests/bug-5929-02/test.yaml b/tests/bug-5929-02/test.yaml
new file mode 100644
index 000000000..2d563aca2
--- /dev/null
+++ b/tests/bug-5929-02/test.yaml
@@ -0,0 +1,11 @@
+args:
+- --set app-layer.protocols.http2.enabled=true
+- --set app-layer.protocols.http2.http1-rules=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3
+