From a8c79f8cec7457d17d7d33b2a3420c998bb76988 Mon Sep 17 00:00:00 2001
From: Eric Leblond <el@stamus-networks.com>
Date: Wed, 24 Aug 2022 20:50:38 +0200
Subject: [PATCH] tests: add tld tests

---
 tests/domain-keyword/test.rules |  3 +++
 tests/domain-keyword/test.yaml  | 12 ++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/tests/domain-keyword/test.rules b/tests/domain-keyword/test.rules
index 7d612eb26..36f6da34a 100644
--- a/tests/domain-keyword/test.rules
+++ b/tests/domain-keyword/test.rules
@@ -1,2 +1,5 @@
 alert dns any any -> any any (msg:"dns suricata"; dns.query; domain; content:"suricata.io"; startswith; endswith; sid:1; rev:1;)
 alert dns any any -> any any (msg:"dns bbc"; dns.query; domain; content:"bbc.co.uk"; startswith; endswith; sid:2; rev:1;)
+
+alert dns any any -> any any (msg:"dns suricata"; dns.query; tld; content:"io"; startswith; endswith; sid:3; rev:1;)
+alert dns any any -> any any (msg:"dns bbc"; dns.query; tld; content:"co.uk"; startswith; endswith; sid:4; rev:1;)
diff --git a/tests/domain-keyword/test.yaml b/tests/domain-keyword/test.yaml
index 4832fedcf..67d0fb0b7 100644
--- a/tests/domain-keyword/test.yaml
+++ b/tests/domain-keyword/test.yaml
@@ -6,3 +6,15 @@ checks:
       count: 1
       match:
         alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 2
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 3
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 4
-- 
2.47.2