From: Eric Leblond <eric@regit.org>
Date: Sat, 12 Oct 2019 15:37:20 +0000 (+0200)
Subject: doc/userguide: fix base64 example
X-Git-Tag: suricata-5.0.1~120
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=821d590f5b9fb646d3ca76624cc4c3f80de78f49;p=thirdparty%2Fsuricata.git

doc/userguide: fix base64 example

Add a sticky buffer example and fix the content modifier one.
---

diff --git a/doc/userguide/rules/base64-keywords.rst b/doc/userguide/rules/base64-keywords.rst
index 178fbe74d1..350fc236c0 100644
--- a/doc/userguide/rules/base64-keywords.rst
+++ b/doc/userguide/rules/base64-keywords.rst
@@ -47,5 +47,14 @@ Example::
     http_uri = "GET /en/somestring&dGVzdAo=&not_base64"
 
     Rule:
-    alert http any any -> any any (msg:"Example"; content:"somestring"; base64_decode:bytes 8, offset 1, relative; \
-        http_uri; base64_content; content:"test"; sid:10001; rev:1;)
+    alert http any any -> any any (msg:"Example"; http.uri; content:"somestring"; \
+         base64_decode:bytes 8, offset 1, relative; \
+         base64_data; content:"test"; sid:10001; rev:1;)
+
+    Buffer content:
+    http_uri = "GET /en/somestring&dGVzdAo=&not_base64"
+
+    Rule:
+    alert http any any -> any any (msg:"Example"; content:"somestring"; http_uri; \
+         base64_decode:bytes 8, offset 1, relative; \
+         base64_data; content:"test"; sid:10001; rev:1;)