Merge remote-tracking branch 'origin/topic/awelzel/sqli-test-followup'

* origin/topic/awelzel/sqli-test-followup:
  btest: Add detect-sqli test script

CHANGES

@@ -1,3 +1,9 @@
+7.1.0-dev.461 | 2024-11-04 19:35:21 +0100
+
+  * btest: Add detect-sqli test script (Arne Welzel, Corelight)
+
+    ...I added the baselines during the merge, just not the test itself.
+
 7.1.0-dev.459 | 2024-11-04 18:47:02 +0100
 
   * switched CPPCompile::Canonicalize() to take std::string instead of const char* (Vern Paxson, Corelight)

VERSION

@@ -1 +1 @@
-7.1.0-dev.459
+7.1.0-dev.461

testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek

@@ -0,0 +1,13 @@
+# @TEST-EXEC: zeek -C -r $TRACES/http/cooper-grill-dvwa.pcapng -b %INPUT >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: zeek-cut -m uid method host uri tags < http.log > http.log.cut
+# @TEST-EXEC: btest-diff http.log.cut
+
+@load base/protocols/http
+@load protocols/http/detect-sqli
+
+event connection_state_remove(c: connection)
+	{
+	if ( c?$http )
+		print c$uid, c$id, cat(c$http$tags);
+	}