From b69222d5f60b85a1ce600dd57addb7101a004376 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Mon, 4 Nov 2024 18:42:52 +0100
Subject: [PATCH] btest: Add detect-sqli test script

...I added the baselines during the merge, just not the test itself.
---
 .../protocols/http/sql-injection-plus-dvwa.zeek     | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek

diff --git a/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek b/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek
new file mode 100644
index 0000000000..ed24b32ff6
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek
@@ -0,0 +1,13 @@
+# @TEST-EXEC: zeek -C -r $TRACES/http/cooper-grill-dvwa.pcapng -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: zeek-cut -m uid method host uri tags < http.log > http.log.cut
+# @TEST-EXEC: btest-diff http.log.cut
+
+@load base/protocols/http
+@load protocols/http/detect-sqli
+
+event connection_state_remove(c: connection)
+	{
+	if ( c?$http )
+		print c$uid, c$id, cat(c$http$tags);
+	}