From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 11 Mar 2024 10:14:36 +0000 (+0100)
Subject: http: adds test with HTTP not being 0.9
X-Git-Tag: suricata-6.0.20~62
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=edd0f6d513fb2af30db026aca40d064ed9b6e2ef;p=thirdparty%2Fsuricata-verify.git

http: adds test with HTTP not being 0.9

Ticket: 6757

In the case we have too many whitespaces after the request
---

diff --git a/tests/http-not09-spaces/README.md b/tests/http-not09-spaces/README.md
new file mode 100644
index 000000000..c7f7a8e47
--- /dev/null
+++ b/tests/http-not09-spaces/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Test that we parse weird HTTP (adding lots of whitespaces) not as HTTP/0.9
+
+## PCAP
+
+Crafted by running server `python3 -m http.server 8000` and a dummy client sending hardcoded data
+
+## Related issues
+
+https://redmine.openinfosecfoundation.org/issues/6757
diff --git a/tests/http-not09-spaces/input.pcap b/tests/http-not09-spaces/input.pcap
new file mode 100644
index 000000000..908836c94
Binary files /dev/null and b/tests/http-not09-spaces/input.pcap differ
diff --git a/tests/http-not09-spaces/test.yaml b/tests/http-not09-spaces/test.yaml
new file mode 100644
index 000000000..c3173e5c9
--- /dev/null
+++ b/tests/http-not09-spaces/test.yaml
@@ -0,0 +1,12 @@
+requires:
+  min-version: 8
+
+args:
+  - -k none
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: anomaly
+        anomaly.event: REQUEST_LINE_MISSING_PROTOCOL