From f337ab05e0c48f827028fccbc639819da88e32b8 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 9 Nov 2023 10:40:02 +0100
Subject: [PATCH] test: adds test for header_lowercase transform

---
 tests/transform-header-lowercase/README.md  |  9 +++++
 tests/transform-header-lowercase/test.rules |  7 ++++
 tests/transform-header-lowercase/test.yaml  | 40 +++++++++++++++++++++
 3 files changed, 56 insertions(+)
 create mode 100644 tests/transform-header-lowercase/README.md
 create mode 100644 tests/transform-header-lowercase/test.rules
 create mode 100644 tests/transform-header-lowercase/test.yaml

diff --git a/tests/transform-header-lowercase/README.md b/tests/transform-header-lowercase/README.md
new file mode 100644
index 000000000..ba988275c
--- /dev/null
+++ b/tests/transform-header-lowercase/README.md
@@ -0,0 +1,9 @@
+# Description
+
+Test header_lowercase transform.
+https://redmine.openinfosecfoundation.org/issues/6290
+
+# PCAP
+
+The pcap comes from test http2-range.
+This pcap has both HTTP1 and HTTP2.
diff --git a/tests/transform-header-lowercase/test.rules b/tests/transform-header-lowercase/test.rules
new file mode 100644
index 000000000..0ed6bee41
--- /dev/null
+++ b/tests/transform-header-lowercase/test.rules
@@ -0,0 +1,7 @@
+alert http any any -> any any (http.header; header_lowercase; content: "accept-ranges:";sid:1; )
+alert http any any -> any any (http.header; content: "accept-ranges:";sid:2; )
+alert http any any -> any any (http.header; content: "Accept-Ranges:";sid:3; )
+alert http1 any any -> any any (http.header; content: "accept-ranges:";sid:4; )
+alert http1 any any -> any any (http.header; content: "Accept-Ranges:";sid:5; )
+alert http2 any any -> any any (http.header; content: "accept-ranges:";sid:6; )
+alert http2 any any -> any any (http.header; content: "Accept-Ranges:";sid:7; )
diff --git a/tests/transform-header-lowercase/test.yaml b/tests/transform-header-lowercase/test.yaml
new file mode 100644
index 000000000..3dfc576fe
--- /dev/null
+++ b/tests/transform-header-lowercase/test.yaml
@@ -0,0 +1,40 @@
+requires:
+  min-version: 8.0.0
+
+pcap: ../http2-range/http2-range.pcap
+
+# disables checksum verification
+args:
+  - -k none --set app-layer.protocols.http2.enabled=true
+
+checks:
+  - filter:
+      count: 5
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      count: 3
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 3
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 5
+  - filter:
+      count: 3
+      match:
+        event_type: alert
+        alert.signature_id: 6
+  # we counted all alerts
+  - filter:
+      count: 15
+      match:
+        event_type: alert
-- 
2.47.2