From: Mats Klepsland <mats.klepsland@gmail.com>
Date: Mon, 31 May 2021 10:57:05 +0000 (+0200)
Subject: Add test for Bug #4503
X-Git-Tag: suricata-6.0.4~38
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a68810e539b0cd84d3028a4c207fbadb38406bee;p=thirdparty%2Fsuricata-verify.git

Add test for Bug #4503
---

diff --git a/tests/bug-4503/input.pcap b/tests/bug-4503/input.pcap
new file mode 100644
index 000000000..308913b79
Binary files /dev/null and b/tests/bug-4503/input.pcap differ
diff --git a/tests/bug-4503/test.rules b/tests/bug-4503/test.rules
new file mode 100644
index 000000000..95117dfba
--- /dev/null
+++ b/tests/bug-4503/test.rules
@@ -0,0 +1,4 @@
+alert ip any any -> 8.8.8.8 any (msg:"The first rule"; threshold: type limit, track by_rule, count 5, seconds 300; sid:1;)
+alert ip any any -> 4.3.2.1 any (msg:"The second rule"; priority:1; sid:2;)
+alert ip any any -> 1.2.3.4 any (msg:"The third rule"; priority:2; sid:3;)
+alert ip any any -> 5.6.7.8 any (msg:"The fourth rule"; priority:2; sid:4;)
diff --git a/tests/bug-4503/test.yaml b/tests/bug-4503/test.yaml
new file mode 100644
index 000000000..b03d47641
--- /dev/null
+++ b/tests/bug-4503/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+  min-version: 6
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1