From 84aa2e233c3708b025efebf1f8d0cb6f7d75e98a Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Sat, 11 Mar 2023 07:36:47 +0100
Subject: [PATCH] tests: add http2 multi-buf test for bug 5780

---
 .../http2_multiple_headers.pcap                  | Bin 0 -> 1743 bytes
 tests/bug-5780-01-http2-header/test.rules        |   1 +
 tests/bug-5780-01-http2-header/test.yaml         |  10 ++++++++++
 3 files changed, 11 insertions(+)
 create mode 100644 tests/bug-5780-01-http2-header/http2_multiple_headers.pcap
 create mode 100644 tests/bug-5780-01-http2-header/test.rules
 create mode 100644 tests/bug-5780-01-http2-header/test.yaml

diff --git a/tests/bug-5780-01-http2-header/http2_multiple_headers.pcap b/tests/bug-5780-01-http2-header/http2_multiple_headers.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..e549d266bbe3b9bb1c5827c7ff8c382c56732814
GIT binary patch
literal 1743
zc-p&ic+)~A1{MYw`2U}Qfe}bg%3hru&%n%J24tHtpaKpCR|W=+cbp6i4s2@T2Uf`S
zWQfYA9iGP!08<gb^q-;48DdH{ep9%>rig(|0GY%P05k^z7z2cWrWip?Da3CIH`o+W
zG`BE<O%VW^Vhl0m7SNP9pkN#}Qv%-cfJ{++gXR{9DH8t~?*9a-6@ms9GgyWNEX@iG
zH(<cAaDZj%|3hq3Vq|701M<tT*_QE+7i`;QEN<2W+4gG{&`Cj_3R(&tAt3?!MtTOk
zT)bStz916e3MMeg!r%ZT*%%gpIS^MkKw~i+=!!W&_8e@k=zGTpcEuVrS2)64VW0w1
z8_UQFa++gj-_7nM|D-3j_D!x6k`G++d}4E^Ldw&oeP+>5{dR}uZI?Y~O$%@N?Km}I
z(`{{&pQ;hLHowkt6z%!_cB@W`L+iU}f#j=A+z$hqXWv|1)qA9LxmR|?6p5{>je7hb
zxBflN%wP|+$sU_q4d3yDW0?cZt;=C<ZGoge7Elm^y<Sz%iqAL!uyO2Y(X9!@8^Ff7
zqZy|!#KCYB7~n^lFpXo{{!S2NoN@!2aYiuXX2*kqa5p0;;uw1qr`^x2n<Bg_UQ<MX
zMU_RnLG;+YV6oo+@l!o(mUdqDmCq6?ywS9bS>d(K=lnJD5nW5_!eov%=$bIpJ9Me6
z7D$=1T2a||1+#}|NGPL;L;HrU^Ny^U{Qtk-|G$5xt<<($<z+v6{%;`XcB=f@^Uq3_
zZHf8+kEi}W8{1yjg+&3?DbpHngr2CX|KBVow)w{V{|}Cr)gN&<nZf<HW>MV{-ru{o
zcs`5Fd$}O|kiEygqO=wBclxe7fBJ3V#=zKvv#zDx^f??75h{A^g45@0wSQ&tFKu-n
zf429DY~C+2BV)6seso>ej?l$@rmiKD#-DWmMLGRg{H9;*=hsGy-_^%g-M{@?H0}TA
z|L_0X?Vq{EcI$t0`$=9~T^IlS^)FL?M!RAC>^{cj4gCM>9hmb{b2b8fvFMV(3YVZ8
zMk>cw|J=d9{@I~x)xtvlfA0MA)VeCx|NQmOC3Q(MNB`wnu+3wz|6ASN(xRIg&FW&)
zwkp4@U6p;CXNGL6L#xW_2>bZ{(g$X@H*LDooO(T3>E^oEQJ}Qw&??IrDSLA9+!^+>
zdri)N{<c)P@wpU(-ITdgTmHzOJvJ--=kK722R`>Q$TKkPgcMKm-5k)8z_-tlyU9VM
z<^6B%xO<-?D{9^>4B<MXa?RO2J3cpH-OE{D-#fRyFgsIonCI-GzfrQECCsv>JH@TJ
z^j2z*<s-8&&ZH%aG$Vg8Ce5h~no!ukTjlW5X-#*|-i>T?<d|7H;l{d4Et54l+&lcj
z>f7!){WDBcWW5?B+155+c6*<xNV~`e{ku0as{eA%zt2;9(<xOprp@XG*PNYOFBE-#
zbWD9s`_96S0vnBe|39g_-G&veAUqYAsC)Z4@D;3y;NoFFT9(@YEO-tE2>xeiI?TWT
uGG!iqQ<A`@>_g2OOb3AqHiAt#1TkePep8acrtC#?%SNC{hd_lq$P@thrXhg<

literal 0
Hc-jL100001

diff --git a/tests/bug-5780-01-http2-header/test.rules b/tests/bug-5780-01-http2-header/test.rules
new file mode 100644
index 000000000..e78370fe5
--- /dev/null
+++ b/tests/bug-5780-01-http2-header/test.rules
@@ -0,0 +1 @@
+alert http2 any any -> any any (msg:"HTTP2 - Two Headers - Authority/Method"; flow:established,to_server; http.request_header; content:"method: GET"; http.request_header; content:"authority: bugertor.com"; sid:3;)
diff --git a/tests/bug-5780-01-http2-header/test.yaml b/tests/bug-5780-01-http2-header/test.yaml
new file mode 100644
index 000000000..ae8d2f465
--- /dev/null
+++ b/tests/bug-5780-01-http2-header/test.yaml
@@ -0,0 +1,10 @@
+requires:
+  min-version: 7
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 3
+
-- 
2.47.2