From a56568cd6cf296b58e35a3455c5894feab4e16a2 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Wed, 2 Oct 2024 11:06:09 +0200
Subject: [PATCH] sip: adds checks for stat code keyword

Ticket: 7295

Ensures that stat-code and method do not share the same buffer
in different directions
---
 tests/sip-method/test.rules    | 1 +
 tests/sip-method/test.yaml     | 6 ++++++
 tests/sip-stat-code/test.rules | 1 +
 tests/sip-stat-code/test.yaml  | 6 ++++++
 4 files changed, 14 insertions(+)

diff --git a/tests/sip-method/test.rules b/tests/sip-method/test.rules
index 1fd849f78..af25bc772 100644
--- a/tests/sip-method/test.rules
+++ b/tests/sip-method/test.rules
@@ -1 +1,2 @@
 alert sip any any -> any any (flow:to_server; sip.method; content:"REGISTER"; sid:1;)
+alert sip any any -> any any (sip.stat_code; content:"REGISTER"; sid:2;)
diff --git a/tests/sip-method/test.yaml b/tests/sip-method/test.yaml
index 53bcefc01..dc443f742 100644
--- a/tests/sip-method/test.yaml
+++ b/tests/sip-method/test.yaml
@@ -14,3 +14,9 @@ checks:
       count: 18
       match:
         event_type: alert
+  - filter:
+  # only sid 1 triggered the 7 alerts
+      count: 18
+      match:
+        event_type: alert
+        alert.signature_id: 1
\ No newline at end of file
diff --git a/tests/sip-stat-code/test.rules b/tests/sip-stat-code/test.rules
index 0a2e46c0f..609c74c23 100644
--- a/tests/sip-stat-code/test.rules
+++ b/tests/sip-stat-code/test.rules
@@ -1 +1,2 @@
 alert sip any any -> any any (flow:to_client; sip.stat_code; content:"100"; sid:1;)
+alert sip any any -> any any (sip.method; content:"100"; sid:2;)
diff --git a/tests/sip-stat-code/test.yaml b/tests/sip-stat-code/test.yaml
index 281716af9..a83e9dcc8 100644
--- a/tests/sip-stat-code/test.yaml
+++ b/tests/sip-stat-code/test.yaml
@@ -14,3 +14,9 @@ checks:
       count: 7
       match:
         event_type: alert
+  - filter:
+  # only sid 1 triggered the 7 alerts
+      count: 7
+      match:
+        event_type: alert
+        alert.signature_id: 1
\ No newline at end of file