From 9158a56e8fa9189a858f1ba506204ec4342fdcd9 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 23 Nov 2023 10:13:46 +0100
Subject: [PATCH] http2: check for http_response_line exact content

Ticket: 6547
---
 tests/http2-keywords2/test.rules | 1 +
 tests/http2-keywords2/test.yaml  | 7 +++++++
 2 files changed, 8 insertions(+)

diff --git a/tests/http2-keywords2/test.rules b/tests/http2-keywords2/test.rules
index a000d0d6f..a0ccb2766 100644
--- a/tests/http2-keywords2/test.rules
+++ b/tests/http2-keywords2/test.rules
@@ -17,3 +17,4 @@ alert http2 any any -> any any (http.response_body; content:"not found"; sid:36;
 alert http2 any any -> any any (http_request_line; content:"GET /humans.txt HTTP/2"; sid:37;)
 alert http2 any any -> any any (http.stat_msg; content:!"OK"; sid:38;)
 alert http2 any any -> any any (http.stat_msg; bsize:0; sid:39;)
+alert http2 any any -> any any (http_response_line; content:"HTTP/2 200|0d 0a|"; startswith; endswith; sid:40;)
diff --git a/tests/http2-keywords2/test.yaml b/tests/http2-keywords2/test.yaml
index c236443c7..6c6dd6bae 100644
--- a/tests/http2-keywords2/test.yaml
+++ b/tests/http2-keywords2/test.yaml
@@ -85,3 +85,10 @@ checks:
       match:
         event_type: alert
         alert.signature_id: 39
+  - filter:
+      # to remove when backport is merged
+      min-version: 8.0.0
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 40