exception-policy: fix test to be more robust

We do not want to test number of alerts on every pseudo-packets Ticket: 6578
OISF · Dec 5, 2023 · b7a8ffd · b7a8ffd
1 parent 3a50df6
commit b7a8ffd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/tests/exception-policy-simulated-flow-memcap/test.rules b/tests/exception-policy-simulated-flow-memcap/test.rules
@@ -1 +1,3 @@
-alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+# do not test alert for every tls, as there can be additional pseudo-packets
+# alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_issuer; content:"O=Stamus"; sid:1; rev:1;)
diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -12,10 +12,6 @@ args:
 - --set flow.memcap-policy=drop-flow
 
 checks:
-  - filter:
-      count: 97
-      match:
-        event_type: alert
   - filter:
       count: 1
       match:
@@ -30,3 +26,8 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_pickups: 1
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 1