From f30f37f15617b56dda2bcf1b19fb40a55f2915d7 Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@gmail.com>
Date: Fri, 24 Jan 2025 15:27:42 -0300
Subject: [PATCH] tests: engine-analysis pkt_stream rule type tests

To accompany Rule Types documentation.

Related to
Task #7031
---
 tests/rules/rule-type-pkt-stream/test.rules |  3 +++
 tests/rules/rule-type-pkt-stream/test.yaml  | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 tests/rules/rule-type-pkt-stream/test.rules
 create mode 100644 tests/rules/rule-type-pkt-stream/test.yaml

diff --git a/tests/rules/rule-type-pkt-stream/test.rules b/tests/rules/rule-type-pkt-stream/test.rules
new file mode 100644
index 000000000..a185ac2df
--- /dev/null
+++ b/tests/rules/rule-type-pkt-stream/test.rules
@@ -0,0 +1,3 @@
+# Packet Stream rules
+alert tcp any any -> any any (msg:"tcp, anchored content"; content:"abc"; startswith; sid:303;)
+alert http any any -> any any (msg:"http, anchored content"; content:"abc"; depth:30; sid:603;)
diff --git a/tests/rules/rule-type-pkt-stream/test.yaml b/tests/rules/rule-type-pkt-stream/test.yaml
new file mode 100644
index 000000000..26644aa57
--- /dev/null
+++ b/tests/rules/rule-type-pkt-stream/test.yaml
@@ -0,0 +1,20 @@
+requires:
+    min-version: 7
+    pcap: false
+
+args:
+- --engine-analysis
+
+checks:
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 303
+            type: pkt_stream
+    - filter:
+        filename: rules.json
+        count: 1
+        match:
+            id: 603
+            type: pkt_stream