From 1b201696401130e2c6a084760b35183925d939fa Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Wed, 11 Dec 2024 14:53:53 +0100
Subject: [PATCH] backport: for ticket 7199 and 7318

As these tickets impact some common tests
---
 tests/bug-7199/test.yaml                      |  1 -
 .../task-7018-dns-ips-stream-rule/test.yaml   |  2 ++
 .../task-7018-ids-dns-stream-rule/test.yaml   |  1 +
 .../firewall-06-tls-sni-enforce/test.yaml     | 32 +++++--------------
 tests/pgsql/pgsql-7000-ids/test.yaml          |  2 --
 tests/pgsql/pgsql-bug-6983-ips/test.yaml      |  3 --
 .../tls-extra-alert-engine-analysis/test.yaml |  1 +
 tests/tls-extra-alert/test.yaml               |  3 --
 8 files changed, 12 insertions(+), 33 deletions(-)

diff --git a/tests/bug-7199/test.yaml b/tests/bug-7199/test.yaml
index 510fe6017..60167babe 100644
--- a/tests/bug-7199/test.yaml
+++ b/tests/bug-7199/test.yaml
@@ -14,7 +14,6 @@ checks:
             event_type: alert
             alert.signature_id: 1
     - filter:
-        min-version: 8
         count: 1
         match:
             event_type: alert
diff --git a/tests/dns/task-7018-dns-ips-stream-rule/test.yaml b/tests/dns/task-7018-dns-ips-stream-rule/test.yaml
index d0167ca58..6dbcbd601 100644
--- a/tests/dns/task-7018-dns-ips-stream-rule/test.yaml
+++ b/tests/dns/task-7018-dns-ips-stream-rule/test.yaml
@@ -4,6 +4,8 @@ requires:
 
 args:
 - -k none
+- --set detect.guess-applayer-tx=true
+
 pcap: ../task-7018-ids-dns-keywords/input.pcap
 
 checks:
diff --git a/tests/dns/task-7018-ids-dns-stream-rule/test.yaml b/tests/dns/task-7018-ids-dns-stream-rule/test.yaml
index de3bd6958..a83e8f7ce 100644
--- a/tests/dns/task-7018-ids-dns-stream-rule/test.yaml
+++ b/tests/dns/task-7018-ids-dns-stream-rule/test.yaml
@@ -3,6 +3,7 @@ requires:
    lt-version: 8
 args:
 - -k none
+- --set detect.guess-applayer-tx=true
 
 pcap: ../task-7018-ids-dns-keywords/input.pcap
 checks:
diff --git a/tests/firewall/firewall-06-tls-sni-enforce/test.yaml b/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
index 7002fd186..4a1b7618c 100644
--- a/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
+++ b/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
@@ -6,31 +6,27 @@ args:
 
 checks:
 - filter:
-    min-version: 8
     count: 24
     match:
       event_type: alert
       alert.signature_id: 3
+      pkt_src: "wire/pcap"
 - filter:
-    min-version: 8
     count: 24
     match:
       event_type: alert
 - filter:
-    lt-version: 7
-    count: 26
+    # check for https://redmine.openinfosecfoundation.org/issues/7350
+    min-version: 8
+    count: 4
     match:
       event_type: alert
       alert.signature_id: 3
+      tls.sni: raw.githubusercontent.com
 - filter:
-    lt-version: 7
-    count: 26
-    match:
-      event_type: alert
-- filter:
-    min-version: 8
-    # check for https://redmine.openinfosecfoundation.org/issues/7350
-    count: 4
+    # version 7 does not use suricata.yaml stream-tx-log-limit
+    lt-version: 8
+    count: 24
     match:
       event_type: alert
       alert.signature_id: 3
@@ -51,18 +47,6 @@ checks:
     count: 26
     match:
       event_type: drop
-- filter:
-    min-version: 8
-    count: 0
-    match:
-      event_type: alert
-      pkt_src: "stream (flow timeout)"
-- filter:
-    lt-version: 7
-    count: 2
-    match:
-      event_type: alert
-      pkt_src: "stream (flow timeout)"
 - filter:
     count: 1
     match:
diff --git a/tests/pgsql/pgsql-7000-ids/test.yaml b/tests/pgsql/pgsql-7000-ids/test.yaml
index 8f680ae0e..e506dd0c3 100644
--- a/tests/pgsql/pgsql-7000-ids/test.yaml
+++ b/tests/pgsql/pgsql-7000-ids/test.yaml
@@ -1,5 +1,3 @@
-requires:
-    min-version: 8
 args:
 - -k none
 
diff --git a/tests/pgsql/pgsql-bug-6983-ips/test.yaml b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
index 956431bf0..6c833512e 100644
--- a/tests/pgsql/pgsql-bug-6983-ips/test.yaml
+++ b/tests/pgsql/pgsql-bug-6983-ips/test.yaml
@@ -1,6 +1,3 @@
-requires:
-  min-version: 8.0
-
 pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
 
 args:
diff --git a/tests/tls-extra-alert-engine-analysis/test.yaml b/tests/tls-extra-alert-engine-analysis/test.yaml
index f440d0bce..3fd75ea8e 100644
--- a/tests/tls-extra-alert-engine-analysis/test.yaml
+++ b/tests/tls-extra-alert-engine-analysis/test.yaml
@@ -1,3 +1,4 @@
+# starting version 8 with engine analysis for flowbits
 requires:
   min-version: 8
 
diff --git a/tests/tls-extra-alert/test.yaml b/tests/tls-extra-alert/test.yaml
index 19e010621..2710226c2 100644
--- a/tests/tls-extra-alert/test.yaml
+++ b/tests/tls-extra-alert/test.yaml
@@ -1,6 +1,3 @@
-requires:
-  min-version: 8
-
 args:
 - -k none
 - --simulate-ips