From f45c41bfc2fbade14ffebeb1fed98ee6fbed2cea Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Mon, 18 Jan 2021 10:38:54 +0100
Subject: [PATCH] tests: add bug 2511 test

---
 tests/bug-2511/1.rules                          |   1 +
 ...entity_identity_gzip_identity_gzip_gzip.pcap | Bin 0 -> 1567 bytes
 tests/bug-2511/test.yaml                        |  16 ++++++++++++++++
 3 files changed, 17 insertions(+)
 create mode 100644 tests/bug-2511/1.rules
 create mode 100644 tests/bug-2511/response_identity_identity_gzip_identity_gzip_gzip.pcap
 create mode 100644 tests/bug-2511/test.yaml

diff --git a/tests/bug-2511/1.rules b/tests/bug-2511/1.rules
new file mode 100644
index 000000000..7f308c0a4
--- /dev/null
+++ b/tests/bug-2511/1.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"SURICATA HTTP too many layers"; flow:to_server,established; app-layer-event:http.too_many_encoding_layers; flowint:http.anomaly.count,+,1; sid:1; rev:1;)
diff --git a/tests/bug-2511/response_identity_identity_gzip_identity_gzip_gzip.pcap b/tests/bug-2511/response_identity_identity_gzip_identity_gzip_gzip.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..0a25f6265e3be6fd9b8371db0ae164f5f6d3c9a2
GIT binary patch
literal 1567
zc-noGUu@e%9LIl-vn|SS)eZ^L?V%_3K-<NRoh%`BTd4y|J2j=DOV>@)3Z8RKt+{sU
zI3uZ`tq@{Dlc1<f6})UzlQtwk)9BWAJgfq?@^5>9Y3kz;(;k4bN+8~#+&K;HqAZcm
z{@wZRli%;Y-}CLSE`8(zHxz$sYXA&+UcXay<l-<3&ytunc&s7+&-)NRxCkx}v;*vo
zeclEWTMr&uyzm=C8eZ<In>@O@eV$I9a3MJT6M)OTWtL%C55u@!lxP~8hz_g3Ef4|P
zpl$0f+bNAw>n4}GYEM43lTa5Xc39P(9qU9wBh+n__}T~y5dw>p%dtK->*T1G<hVen
zyW-UhEc{id^n%60XQXV}N-50Q*kwvd{92acW8jTtfR6SA3ZTwJA|8+giSu@v8CynD
zQ&5m1Q6U%#3z8_wQ86lV-o6aB_<bpCkQv?PsHW>mAS{TezF#wv=BpX>Vgf~kP%|R^
z$lhj@qc`h>91#Vv0d-*YxETnFl1MHIy`Wim(98wsOU}DbRdJeNZJe_ML-w%lSJG)+
zQx#h?jX;i$?8%jm4(rV$t)kH6Zwxd#QM3r+V~UZ=Dk&@@E6exx`K@eWf*%`v-vK8M
zlh_GD|F3E{R5Pg=DH)|kwX`24@u05QnDaho8U|MBzsl%1#%W&BwG(8#FP*ZKB<A-U
z8LVb4%=hAvEY8>&vV~-oq7Gr6thFsum(j42<4H=bq+HHR)%)=+7FvjKE#+KQuU@CF
z8t*M})vlwfoD{EymHBsz-lwdpt1Ns#TtHhXi#es<psd&bD9iG}$`79a6g_}~qKJCB
z9=R#UEN4G#Vgo*rPvdpb(z>D<8*gIRNZCVV8$#iY!3~s_Bz?`!`!_`ed}*KFIq&mC
z1{w9^q#uPu)UD)6mQoZ+5jp&fOx)Dbop`iLoVV_j$J2VN>Ikr%Sl7)C!t62hykO^S
zAvL<`0aFj|-@Vwn^yJOO-{1RiYU;tj>BD!=Odt5TzxSn?>47aXKHrM3>fh<5Pv80Z
z&$lNZKY#0t=kL|qO<&0OzCPSjcQf<!oi|&QV~1w%Uz&BZ)k6c<2DhDKY8sxnYOD)2
zGv=;z@UJ)rUwQb*a#HQd-D5=bwYi-D-w}#_t)g|79P7j%mV5V@BX<p~%<U;!$6?*5
z_$iumGJ2&<M&nLKwFS!e-&CZ`JCv8pQfdgrSD@_wwo+XvMC<zUUP)c!gcPJlVy>}R
F*MAO*?Q#GB

literal 0
Hc-jL100001

diff --git a/tests/bug-2511/test.yaml b/tests/bug-2511/test.yaml
new file mode 100644
index 000000000..cc2507150
--- /dev/null
+++ b/tests/bug-2511/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  features:
+    - HAVE_LIBJANSSON
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 1
+
+
-- 
2.47.2