tests: Add a test for http2 authority mismatch event

catenacyber · catenacyber · commit 5e6e6d3ef38c · 2023-11-06T16:35:03.000+01:00
Ticket: #6425
diff --git a/tests/http2-authority-mismatch/README.md b/tests/http2-authority-mismatch/README.md
@@ -0,0 +1,7 @@
+# Description
+
+Test http2 event for mismatch between authority and host
+
+# PCAP
+
+The pcap comes from https://redmine.openinfosecfoundation.org/issues/6425
diff --git a/tests/http2-authority-mismatch/authority_and_host_2.pcap b/tests/http2-authority-mismatch/authority_and_host_2.pcap
diff --git a/tests/http2-authority-mismatch/test.rules b/tests/http2-authority-mismatch/test.rules
@@ -0,0 +1,2 @@
+alert http2 any any -> any any (msg:"SURICATA HTTP2 authority host mismatch"; flow:established,to_server; app-layer-event:http2.authority_host_mismatch; classtype:protocol-command-decode; sid:2290013; rev:1;)
+
diff --git a/tests/http2-authority-mismatch/test.yaml b/tests/http2-authority-mismatch/test.yaml
@@ -0,0 +1,14 @@
+requires:
+  min-version: 6.0.0
+
+# disables checksum verification
+args:
+  - -k none --set app-layer.protocols.http2.enabled=true
+
+checks:
+
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+        alert.signature_id: 2290013

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+alert http2 any any -> any any (msg:"SURICATA HTTP2 authority host mismatch"; flow:established,to_server; app-layer-event:http2.authority_host_mismatch; classtype:protocol-command-decode; sid:2290013; rev:1;)`
	`2`	`+`