From: Juliana Fajardini <jufajardini@gmail.com>
Date: Wed, 11 Sep 2024 14:12:33 +0000 (-0300)
Subject: pgsql: update bug 6983 test
X-Git-Tag: suricata-7.0.7~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F2050%2Fhead;p=thirdparty%2Fsuricata-verify.git

pgsql: update bug 6983 test

With the tracking of transaction completion per-direction, in IPS mode,
the engine will match on the rule before it sees the response message,
so it won't log the full transaction with the alert.

Update the checks for the alert to keep it simpler and thus compatible
with both Suri-7 and Suri-8.

Related to
Bug #7113
---

diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.yaml b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
index e7f22f068..2ee0eaaf7 100644
--- a/tests/pgsql/pgsql-bug-6983-ips/test.yaml
+++ b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
@@ -13,7 +13,8 @@ checks:
     match:
       event_type: pgsql
 - filter:
-    # in ips mode, as this rule inspects the stream only (no pgsql keywords), we end up getting two alerts instead of one
+    # in ips mode, as this rule inspects the stream only (no pgsql keywords),
+    # we end up getting two alerts instead of one
     count: 2
     match:
       event_type: alert
@@ -24,4 +25,3 @@ checks:
       event_type: alert
       alert.signature_id: 1
       pgsql.request.simple_query: "select * from rules where sid = 2021701;"
-      pgsql.response.field_count: 10