From cde493b2615d84e21d0293e4183d53082dfa68b4 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 2 Dec 2024 11:18:29 +0100
Subject: [PATCH] tls: add check for catch-all rule logging app-layer metadata

Ticket: 7530
---
 tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml | 4 ++++
 tests/firewall/firewall-06-tls-sni-enforce/test.yaml     | 8 ++++++++
 2 files changed, 12 insertions(+)

diff --git a/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml b/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml
index b67886b55..3770357fd 100644
--- a/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml
+++ b/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml
@@ -15,6 +15,10 @@ stats:
   # Add stream events as stats.
   #stream-events: false
 
+detect:
+  stream-tx-log-limit: 4
+  guess-applayer-tx: true
+
 # Configure the type of alert (and other) logging you would like.
 outputs:
   - eve-log:
diff --git a/tests/firewall/firewall-06-tls-sni-enforce/test.yaml b/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
index 0c54b3cba..b61b85c40 100644
--- a/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
+++ b/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
@@ -14,6 +14,14 @@ checks:
     count: 26
     match:
       event_type: alert
+- filter:
+    min-version: 8
+    # check for https://redmine.openinfosecfoundation.org/issues/7350
+    count: 4
+    match:
+      event_type: alert
+      alert.signature_id: 3
+      tls.sni: raw.githubusercontent.com
 - filter:
     count: 1
     match: