tests: add tests for issue 6269

diff --git a/tests/bug-6269-01/input.pcap b/tests/bug-6269-01/input.pcap
new file mode 100644 (file)
index 0000000..4f7e6e8
Binary files /dev/null and b/tests/bug-6269-01/input.pcap differ

diff --git a/tests/bug-6269-01/test.rules b/tests/bug-6269-01/test.rules
new file mode 100644 (file)
index 0000000..b369ec1
--- /dev/null
+++ b/tests/bug-6269-01/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.uri; content:"/test_lastline_blocking"; sid:1;)

diff --git a/tests/bug-6269-01/test.yaml b/tests/bug-6269-01/test.yaml
new file mode 100644 (file)
index 0000000..b108459
--- /dev/null
+++ b/tests/bug-6269-01/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.url: /test_lastline_blocking
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1

diff --git a/tests/bug-6269-02-ips/input.pcap b/tests/bug-6269-02-ips/input.pcap
new file mode 100644 (file)
index 0000000..4f7e6e8
Binary files /dev/null and b/tests/bug-6269-02-ips/input.pcap differ

diff --git a/tests/bug-6269-02-ips/test.rules b/tests/bug-6269-02-ips/test.rules
new file mode 100644 (file)
index 0000000..b369ec1
--- /dev/null
+++ b/tests/bug-6269-02-ips/test.rules
@@ -0,0 +1 @@
+alert http any any -> any any (http.uri; content:"/test_lastline_blocking"; sid:1;)

diff --git a/tests/bug-6269-02-ips/test.yaml b/tests/bug-6269-02-ips/test.yaml
new file mode 100644 (file)
index 0000000..b108459
--- /dev/null
+++ b/tests/bug-6269-02-ips/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 7
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.url: /test_lastline_blocking
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1