From ce6434df8f68ba6d4cc047e0ba8d417020330a80 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Fri, 16 Jan 2026 13:11:07 +0100
Subject: [PATCH] tests: add test for issue 8224

---
 tests/bug-8224-01/example-s0.pcap | Bin 0 -> 22978 bytes
 tests/bug-8224-01/test.rules      |   1 +
 tests/bug-8224-01/test.yaml       |  16 ++++++++++++++++
 3 files changed, 17 insertions(+)
 create mode 100644 tests/bug-8224-01/example-s0.pcap
 create mode 100644 tests/bug-8224-01/test.rules
 create mode 100644 tests/bug-8224-01/test.yaml

diff --git a/tests/bug-8224-01/example-s0.pcap b/tests/bug-8224-01/example-s0.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..cd227ea6462361e736451b2d92e14722d67160f3
GIT binary patch
literal 22978
zc-rlpZA=?w9Kf#y2D#9POJ;_|_&76Ph<DePQlQj^R|i@Kfs$-X_Tgxs(TnX}y<VXs
z(c#M+Y;H?T)Mb&#GW|dziJ0jZK4?P1hfU4mKoWJ%$y}B#!>PfSxDB7@Auz6Gm*}T8
z`TvqO^m_f}X}SKcy|&NH)W;|6Tt0V)e9lJBOSX0@b8qw9v*d4j;%`4tD*VAW&6Ho=
zQN%TKoPXlQI&Nu0-Pnf@^IJEb`uyGLAlFe{`gJjNjM^6qho?Bsp8u#V-(JLz&h~ss
zm)r943aR<<$u(x?T=p-UIj)Yoxnc1!YNd9rV>(zC;tvqJV{~Km!b2WvE;vQav-_g^
zshyaMsQDx@HxO&XdSmuXyu`-*QO1}Z#6C1wV!JjxNycbn<2_5w)cEcDJa@H#W2a1G
z!S@sUsIj*2ZpNcwvvFH<2uX?>!D%sS#AB!>6zY&%qRYXzXi39|!g3P3s=VGxPqnkc
z?Q}XlUZFAAAb4vkoNlMfTP4Z~LDh64ishssxI`T55#_i%ps8|yQVeTx2j88<x=`PX
zRq9LWF{xUt5S<RbJ{-mgvaDPxcknxepse>|p#{qktou+J0001>(DGljF8?4a{|0mU
z=RUbx`Qb4I006l6%Rg^j{+C(#3(Vy|zZ=RA005A?<-cTI{#RJ}^UdX-FM#p`0087}
z`7c|S|5aB0JahT4jI;7@hVlad0OVr%7p%+w8Y{ouT>gb_c+C$00Fb-o|HZoe`&s#I
z=JNl33(5}w0Fb-ozhPbe*ID^FbNT=N0Ll*l0Fb-o|JAzu2Wa_yOXl(~wL$p-0045g
z{J&Y3e~6X;wyFFN<}bo0yZ`_Ixm*6v#@GBRIP>?$o?SoC-y0wA$oReS5dBX7U<o%k
z#xIwjRDX!ppBksEjTe})J=?g@O^nm;eDR-+KQiO?EF;-Nk@qFVgO{_7XU8q~cf)Ld
zcgwuL<44wcr*n>4VM_u40J!(}cjv6je~^{`rn&qj%}{;-0D#;r|BQ9{53%z9V=n)u
z>rj3G0D#;r|12qgKdFBIdgWIp-eBKoikr({_SVX$8%J(H`2hd`{ud73!P5+1vp$S}
zksZcw%RY?HkB}GOodbVmAI2Z~)YAA9GX}Gbo30b%F>Uv%@gR*m`ykxfIM0mFWgF3H
zVjPQT*~W@Vo_pNRu~VkeUb^cNH6Fw38aLa<`u<!s9-_vTNl}r<=|l~31a;yUQaEWi
z_(n}NuxbdQy$S3?22L9iokq15g`={b#KzM~QWL7HD{BOogKv@zvQnF-K84&hs0oLW
z+v%=EPOq=h?IY%GZ6OEWh4nr<|7m?f4o9)%7CoZ35<OARrc^~iMNOrjMC}Qzc69}%
z3ehdP?~Edd)m|g&L++|-wot`kL(x<pdLHA1AjgzGOg9VvBTem%p`9Jgs3p`EL>=7?
z!PZ8!MUbS{=Fl^e)D&u3zQ!#&C8>G)mH_Xk_bT9zVmU%C7>W_Yfs6;kFD)<T{SsTv
z-=jtL(p$O$rnSgr-k%8U)KWU?(Y5|0)=`p-9?3{wUI!UbnVu<0as_=fP*_XFB1qK?
zlu{#DPa3is5&b<nk^+2}GJuh`XU)x{YzkSlN5SMqI330~vTBMcam5h*Qi6_?jnL2j
zV*&PLshPB#t@kjSt@niaH48dj7AlUD4e`pF*?PaBn+`SJ_m!pb2s4hZYrNlN{BFf4
z%~?KKer8XWR`aG^94FQ@#5mTIUfs0cq*iLIowFR{Q8vc+GRAm@Sk;VseV$tX1z_P*
AHvj+t

literal 0
Hc-jL100001

diff --git a/tests/bug-8224-01/test.rules b/tests/bug-8224-01/test.rules
new file mode 100644
index 000000000..62fdde82c
--- /dev/null
+++ b/tests/bug-8224-01/test.rules
@@ -0,0 +1 @@
+drop http 172.31.10.37 any -> 18.180.192.156 any (app-layer-event:http.request_field_too_long; flow:established; msg:"HTTP Dropped - Request too long"; priority:1; sid:2; gid:1; rev:1;)
diff --git a/tests/bug-8224-01/test.yaml b/tests/bug-8224-01/test.yaml
new file mode 100644
index 000000000..d231cb5b6
--- /dev/null
+++ b/tests/bug-8224-01/test.yaml
@@ -0,0 +1,16 @@
+requires:
+  min-version: 9
+
+args:
+  - --simulate-ips
+  - -k none
+  # disable exception policy to avoid dropping the flow before rules could match
+  - --set exception-policy=ignore
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2
+        pcap_cnt: 19
-- 
2.47.3