From: Victor Julien <victor@inliniac.net>
Date: Mon, 18 Jan 2021 07:21:47 +0000 (+0100)
Subject: tests: http.start add transform test
X-Git-Tag: suricata-6.0.4~195
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ea02dd503db4ea0f9ae2d37a8b6e494a582376c;p=thirdparty%2Fsuricata-verify.git

tests: http.start add transform test
---

diff --git a/tests/http-sticky-start/test.rules b/tests/http-sticky-start/test.rules
index accf51b7f..0236b8cf1 100644
--- a/tests/http-sticky-start/test.rules
+++ b/tests/http-sticky-start/test.rules
@@ -1 +1,2 @@
 alert http any any -> any any (flow:to_server; http.start; content:"GET"; depth:3; content:"Host:"; distance:0; sid:1;)
+alert http any any -> any any (flow:to_server; http.start; strip_whitespace; content:"GET"; depth:3; content:"Host:"; distance:0; sid:2;)
diff --git a/tests/http-sticky-start/test.yaml b/tests/http-sticky-start/test.yaml
index bc454bbcc..55d83ede4 100644
--- a/tests/http-sticky-start/test.yaml
+++ b/tests/http-sticky-start/test.yaml
@@ -9,3 +9,8 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 1
+  - filter:
+      count: 3
+      match:
+        event_type: alert
+        alert.signature_id: 2