From 8ce8f8ee1b69202da4df952710af21a027f8d1c9 Mon Sep 17 00:00:00 2001
From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Fri, 12 Jun 2020 09:04:04 -0400
Subject: [PATCH] tests: Add test for transform/content interaction

This commit adds a test case for issue 3661.
---
 .../detect-content-strip-whitespace-01/test.rules |  6 ++++++
 .../detect-content-strip-whitespace-01/test.yaml  | 15 +++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 tests/detect-content-strip-whitespace-01/test.rules
 create mode 100644 tests/detect-content-strip-whitespace-01/test.yaml

diff --git a/tests/detect-content-strip-whitespace-01/test.rules b/tests/detect-content-strip-whitespace-01/test.rules
new file mode 100644
index 000000000..c41dd06a0
--- /dev/null
+++ b/tests/detect-content-strip-whitespace-01/test.rules
@@ -0,0 +1,6 @@
+alert tcp any any -> any any (file.data; strip_whitespace; content:"has extra white   space"; sid:1;)
+alert tcp any any -> any any (file.data; strip_whitespace; content:"no-extra-whitespace"; sid:2;)
+alert tcp any any -> any any (file.data; strip_whitespace; content:"has-extra-whitespace-at-end "; sid:3;)
+alert tcp any any -> any any (file.data; strip_whitespace; content:" extra-whitespace-at-beginning"; sid:4;)
+alert tcp any any -> any any (file.data; strip_whitespace; content:"|53 75 72 69 63 61 74 61 0d|"; sid:5;)
+alert tcp any any -> any any (file.data; strip_whitespace; content:"|00 53 75 72 69 63 61 74 61|"; sid:6;)
diff --git a/tests/detect-content-strip-whitespace-01/test.yaml b/tests/detect-content-strip-whitespace-01/test.yaml
new file mode 100644
index 000000000..acd4e34f0
--- /dev/null
+++ b/tests/detect-content-strip-whitespace-01/test.yaml
@@ -0,0 +1,15 @@
+requires:
+  min-version: 6
+
+  # No pcap required.
+  pcap: false
+
+exit-code: 1
+
+args:
+  - --engine-analysis
+
+checks:
+    - shell:
+        args: grep "incompatible with strip_whitespace" suricata.log | wc -l | xargs
+        expect: 4
-- 
2.47.2