From 037040990c89a59971e3df691f843d8ae109b2f8 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <contact@catenacyber.fr>
Date: Mon, 26 Apr 2021 15:50:17 +0200
Subject: [PATCH] Adds check for http.cookie keyword on http2 traffic

---
 tests/http2-bugfixes/test.rules | 1 +
 tests/http2-bugfixes/test.yaml  | 5 +++++
 2 files changed, 6 insertions(+)
 create mode 100644 tests/http2-bugfixes/test.rules

diff --git a/tests/http2-bugfixes/test.rules b/tests/http2-bugfixes/test.rules
new file mode 100644
index 000000000..27a0f66a6
--- /dev/null
+++ b/tests/http2-bugfixes/test.rules
@@ -0,0 +1 @@
+alert http2 any any -> any any (http.cookie; content:"VISITOR"; sid:10;)
diff --git a/tests/http2-bugfixes/test.yaml b/tests/http2-bugfixes/test.yaml
index f868748a4..25c4a9c0d 100644
--- a/tests/http2-bugfixes/test.yaml
+++ b/tests/http2-bugfixes/test.yaml
@@ -28,3 +28,8 @@ checks:
       match:
         event_type: fileinfo
         fileinfo.size: 880
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 10
-- 
2.47.2