From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Wed, 3 Apr 2024 07:13:40 +0000 (+0530)
Subject: add test for base64_data w fast_pattern
X-Git-Tag: suricata-6.0.19~13
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F1767%2Fhead;p=thirdparty%2Fsuricata-verify.git

add test for base64_data w fast_pattern

Bug 6859
---

diff --git a/tests/bug-6859/README.md b/tests/bug-6859/README.md
new file mode 100644
index 000000000..0ac927485
--- /dev/null
+++ b/tests/bug-6859/README.md
@@ -0,0 +1,9 @@
+# Test Description
+This test demonstrates that fast_pattern along with base64_data
+should lead to an Info message about it being an ineffective operation.
+
+## PCAP
+None
+
+## Related issues
+https://redmine.openinfosecfoundation.org/issues/6859
diff --git a/tests/bug-6859/test.rules b/tests/bug-6859/test.rules
new file mode 100644
index 000000000..4b72db7c8
--- /dev/null
+++ b/tests/bug-6859/test.rules
@@ -0,0 +1 @@
+alert http $HOME_NET any -> $EXTERNAL_NET any (flow:established,to_server; http.method; content:"POST"; http.request_body; base64_decode:bytes 28; base64_data; content:"something"; fast_pattern; classtype:bad-unknown; sid:123; rev:1;)
diff --git a/tests/bug-6859/test.yaml b/tests/bug-6859/test.yaml
new file mode 100644
index 000000000..a6e3fb6cb
--- /dev/null
+++ b/tests/bug-6859/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  pcap: false
+  version: 7
+
+args:
+  - --engine-analysis
+
+checks:
+    - shell:
+        args: grep "fast_pattern is ineffective with base64_data" suricata.log | grep "Info" | wc -l
+        expect: 1