From 8b6501469613bf77b0162ee0c5722c668fb8b899 Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@gmail.com>
Date: Wed, 11 Sep 2024 11:12:33 -0300
Subject: [PATCH] pgsql: update bug 6983 test

With the tracking of transaction completion per-direction, in IPS mode,
the engine will match on the rule before it sees the response message,
so it won't log the full transaction with the alert.

Update the checks for the alert to keep it simpler and thus compatible
with both Suri-7 and Suri-8.

Related to
Bug #7113
---
 tests/pgsql/pgsql-bug-6983-ips/test.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.yaml b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
index e7f22f068..2ee0eaaf7 100644
--- a/tests/pgsql/pgsql-bug-6983-ips/test.yaml
+++ b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
@@ -13,7 +13,8 @@ checks:
     match:
       event_type: pgsql
 - filter:
-    # in ips mode, as this rule inspects the stream only (no pgsql keywords), we end up getting two alerts instead of one
+    # in ips mode, as this rule inspects the stream only (no pgsql keywords),
+    # we end up getting two alerts instead of one
     count: 2
     match:
       event_type: alert
@@ -24,4 +25,3 @@ checks:
       event_type: alert
       alert.signature_id: 1
       pgsql.request.simple_query: "select * from rules where sid = 2021701;"
-      pgsql.response.field_count: 10
-- 
2.47.2