tests/pgsql: add test for bug 6983

Related to
Bug #6983

tests/pgsql/pgsql-bug-6983/README.md

@@ -0,0 +1,16 @@
+# Description
+
+Tests that alerts for the pgsql app-proto will include pgsql app-proto metadata.
+
+This shows what might be a bug - more investigation is needed: that we may be
+logging not the transaction that triggered the alert itself, but maybe the
+subsequent one - or none, if the alert was triggered with the last seen message
+for PGSQL.
+
+## PCAP
+
+Pcap file reused from pgsql-ssl-rejected-md5-auth-simple-query
+
+## Redmine ticket
+
+https://redmine.openinfosecfoundation.org/issues/6983

tests/pgsql/pgsql-bug-6983/suricata.yaml

@@ -0,0 +1,16 @@
+%YAML 1.1
+---
+
+outputs:
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - pgsql
+        - alert
+
+app-layer:
+  protocols:
+    pgsql:
+      enabled: yes

tests/pgsql/pgsql-bug-6983/test.rules

@@ -0,0 +1 @@
+alert pgsql any any -> any any (msg:"PGSQL Test Rule"; pkt_data; content:"|58|"; sid:1; rev:1;)

tests/pgsql/pgsql-bug-6983/test.yaml

@@ -0,0 +1,24 @@
+requires:
+  min-version: 7.0
+
+pcap: ../pgsql-ssl-rejected-md5-auth-simple-query/input.pcap
+
+args:
+- -k none
+
+checks:
+- filter:
+    count: 7
+    match:
+      event_type: pgsql
+- filter:
+    count: 2
+    match:
+      event_type: alert
+      alert.signature_id: 1
+- filter:
+    min-version: 8
+    count: 2
+    match:
+      event_type: alert
+      has-key: pgsql.request