From: Gabriel L. Somlo <gsomlo@gmail.com>
Date: Mon, 23 Sep 2019 13:47:41 +0000 (-0400)
Subject: tests: file_data depth inspection should keep working with other rules
X-Git-Tag: suricata-6.0.4~331
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c2f5bb4e9bed8ebe95657b78394c1d2d5436a471;p=thirdparty%2Fsuricata-verify.git

tests: file_data depth inspection should keep working with other rules
---

diff --git a/tests/file-data-depth-inspection/test.rules b/tests/file-data-depth-inspection/test.rules
index d71730033..5e2c1674c 100644
--- a/tests/file-data-depth-inspection/test.rules
+++ b/tests/file-data-depth-inspection/test.rules
@@ -1 +1,4 @@
+# should match:
 alert tcp any any -> any 25 (msg:"VIRUS INBOUND bad file attachment"; flow:to_server,established; content:"content-disposition|3a| attachment|3b|"; nocase; content:".zip|22|"; nocase; within:128; file_data; content:".pdf.exe"; within:64; sid:13371339; rev:1;)
+# should match:
+alert tcp any any -> any any (msg:"ATTACK-RESPONSES directory listing"; flow:established; content:"Volume Serial Number"; sid:13371338; rev:1;)
diff --git a/tests/file-data-depth-inspection/test.yaml b/tests/file-data-depth-inspection/test.yaml
index 46db7af4c..93702a23b 100644
--- a/tests/file-data-depth-inspection/test.yaml
+++ b/tests/file-data-depth-inspection/test.yaml
@@ -8,3 +8,8 @@ checks:
         match:
             event_type: alert
             alert.signature_id: 13371339
+    - filter:
+        count: 1
+        match:
+            event_type: alert
+            alert.signature_id: 13371338