From f8eaf95e1f13065470b36e189e56ba42e7adc843 Mon Sep 17 00:00:00 2001
From: Shivani Bhardwaj <shivanib134@gmail.com>
Date: Wed, 3 Apr 2024 12:43:40 +0530
Subject: [PATCH] add test for base64_data w fast_pattern

Bug 6859
---
 tests/bug-6859/README.md  |  9 +++++++++
 tests/bug-6859/test.rules |  1 +
 tests/bug-6859/test.yaml  | 11 +++++++++++
 3 files changed, 21 insertions(+)
 create mode 100644 tests/bug-6859/README.md
 create mode 100644 tests/bug-6859/test.rules
 create mode 100644 tests/bug-6859/test.yaml

diff --git a/tests/bug-6859/README.md b/tests/bug-6859/README.md
new file mode 100644
index 000000000..0ac927485
--- /dev/null
+++ b/tests/bug-6859/README.md
@@ -0,0 +1,9 @@
+# Test Description
+This test demonstrates that fast_pattern along with base64_data
+should lead to an Info message about it being an ineffective operation.
+
+## PCAP
+None
+
+## Related issues
+https://redmine.openinfosecfoundation.org/issues/6859
diff --git a/tests/bug-6859/test.rules b/tests/bug-6859/test.rules
new file mode 100644
index 000000000..4b72db7c8
--- /dev/null
+++ b/tests/bug-6859/test.rules
@@ -0,0 +1 @@
+alert http $HOME_NET any -> $EXTERNAL_NET any (flow:established,to_server; http.method; content:"POST"; http.request_body; base64_decode:bytes 28; base64_data; content:"something"; fast_pattern; classtype:bad-unknown; sid:123; rev:1;)
diff --git a/tests/bug-6859/test.yaml b/tests/bug-6859/test.yaml
new file mode 100644
index 000000000..a6e3fb6cb
--- /dev/null
+++ b/tests/bug-6859/test.yaml
@@ -0,0 +1,11 @@
+requires:
+  pcap: false
+  version: 7
+
+args:
+  - --engine-analysis
+
+checks:
+    - shell:
+        args: grep "fast_pattern is ineffective with base64_data" suricata.log | grep "Info" | wc -l
+        expect: 1
-- 
2.47.2