test: adds test for header_lowercase transform

tests/transform-header-lowercase/README.md

@@ -0,0 +1,9 @@
+# Description
+
+Test header_lowercase transform.
+https://redmine.openinfosecfoundation.org/issues/6290
+
+# PCAP
+
+The pcap comes from test http2-range.
+This pcap has both HTTP1 and HTTP2.

tests/transform-header-lowercase/test.rules

@@ -0,0 +1,7 @@
+alert http any any -> any any (http.header; header_lowercase; content: "accept-ranges:";sid:1; )
+alert http any any -> any any (http.header; content: "accept-ranges:";sid:2; )
+alert http any any -> any any (http.header; content: "Accept-Ranges:";sid:3; )
+alert http1 any any -> any any (http.header; content: "accept-ranges:";sid:4; )
+alert http1 any any -> any any (http.header; content: "Accept-Ranges:";sid:5; )
+alert http2 any any -> any any (http.header; content: "accept-ranges:";sid:6; )
+alert http2 any any -> any any (http.header; content: "Accept-Ranges:";sid:7; )

tests/transform-header-lowercase/test.yaml

@@ -0,0 +1,40 @@
+requires:
+  min-version: 8.0.0
+
+pcap: ../http2-range/http2-range.pcap
+
+# disables checksum verification
+args:
+  - -k none --set app-layer.protocols.http2.enabled=true
+
+checks:
+  - filter:
+      count: 5
+      match:
+        event_type: alert
+        alert.signature_id: 1
+  - filter:
+      count: 3
+      match:
+        event_type: alert
+        alert.signature_id: 2
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 3
+  - filter:
+      count: 2
+      match:
+        event_type: alert
+        alert.signature_id: 5
+  - filter:
+      count: 3
+      match:
+        event_type: alert
+        alert.signature_id: 6
+  # we counted all alerts
+  - filter:
+      count: 15
+      match:
+        event_type: alert