From 032fded85812d38ca809144e5129c311fe96e62d Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 20 Jun 2024 16:09:37 +0200
Subject: [PATCH] output: adds checks for payload_length field

Ticket: 7098
---
 tests/eve-payload-07-http-gap/suricata.yaml | 1 +
 tests/eve-payload-07-http-gap/test.yaml     | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/tests/eve-payload-07-http-gap/suricata.yaml b/tests/eve-payload-07-http-gap/suricata.yaml
index 2214ea86b..472f7d88b 100644
--- a/tests/eve-payload-07-http-gap/suricata.yaml
+++ b/tests/eve-payload-07-http-gap/suricata.yaml
@@ -11,4 +11,5 @@ outputs:
             payload: yes             # enable dumping payload in Base64
             payload-buffer-size: 4kb # max size of payload buffer to output in eve-log
             payload-printable: yes   # enable dumping payload in printable (lossy) format
+            payload-length: yes      # enable dumping payload length
             packet: yes              # enable dumping of packet (without stream segments)
diff --git a/tests/eve-payload-07-http-gap/test.yaml b/tests/eve-payload-07-http-gap/test.yaml
index bd361e2ea..92d5e50f3 100644
--- a/tests/eve-payload-07-http-gap/test.yaml
+++ b/tests/eve-payload-07-http-gap/test.yaml
@@ -18,30 +18,35 @@ checks:
       event_type: alert
       alert.signature_id: 1
       payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n"
+      payload_length: 40
 - filter:
     count: 1
     match:
       event_type: alert
       alert.signature_id: 1
       payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /2 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n"
+      payload_length: 80
 - filter:
     count: 1
     match:
       event_type: alert
       alert.signature_id: 1
       payload_printable: "GET /1 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /2 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\nGET /3 HTTP/1.0\r\nUser-Agent: Mozilla\r\n\r\n"
+      payload_length: 120
 - filter:
     count: 1
     match:
       event_type: alert
       alert.signature_id: 2
       payload_printable: "HTTP/1.0 200 OK\r\nDate: Mon, 31 Aug 2009 20:25:50 GMT\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\n"
+      payload_length: 136
 - filter:
     count: 1
     match:
       event_type: alert
       alert.signature_id: 3
       payload_printable: "HTTP/1.0 200 OK\r\nDate: Mon, 31 Aug 2009 20:25:50 GMT\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\n[127 bytes missing]AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTTP/1.0 200 OK\r\nServer: Apache\r\nConnection: close\r\nContent-Type: text/html\r\nContent-Length: 12\r\n\r\nHello People\r\n"
+      payload_length: 324
 - filter:
     count: 1
     match: