WIP tests: http rule hooks test

tests/rule-hooks/http-body-hook-01/README.md

@@ -0,0 +1,4 @@
+PCAP
+====
+
+Pcap from https://redmine.openinfosecfoundation.org/issues/2369

tests/rule-hooks/http-body-hook-01/test.rules

@@ -0,0 +1,6 @@
+alert http1:response_not_started any any -> any any (sid:1;)
+alert http1:response_line any any -> any any (sid:2;)
+alert http1:response_headers any any -> any any (sid:3;)
+alert http1:response_body any any -> any any (sid:4;)
+alert http1:response_trailer any any -> any any (sid:5;)
+alert http1:response_complete any any -> any any (sid:6;)

tests/rule-hooks/http-body-hook-01/test.yaml

@@ -0,0 +1,39 @@
+requires:
+  min-version: 8
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: http
+      http.url: "/~regit/ids-suricata-esiea.pdf"
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 1 # not started
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 2 # request_line
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 3 # header
+- filter:
+    count: 443
+    match:
+      event_type: alert
+      alert.signature_id: 4 # body update
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 5 # trailer
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      alert.signature_id: 6 # complete