From a8e848ed074475c166b2bdb73ead1439f6a84078 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Tue, 5 Dec 2023 09:26:39 +0100
Subject: [PATCH] exception-policy: fix test to be more robust

We do not want to test number of alerts on every pseudo-packets

Ticket: 6578
---
 tests/exception-policy-simulated-flow-memcap/test.rules | 4 +++-
 tests/exception-policy-simulated-flow-memcap/test.yaml  | 9 +++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/tests/exception-policy-simulated-flow-memcap/test.rules b/tests/exception-policy-simulated-flow-memcap/test.rules
index b9d1df2fb..97d3761b9 100644
--- a/tests/exception-policy-simulated-flow-memcap/test.rules
+++ b/tests/exception-policy-simulated-flow-memcap/test.rules
@@ -1 +1,3 @@
-alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+# do not test alert for every tls, as there can be additional pseudo-packets
+# alert tls any any -> any any (msg:"tls app-proto"; sid:1000001; rev:1;)
+alert tls any any -> any any (msg:"Stamus TLS"; tls_cert_issuer; content:"O=Stamus"; sid:1; rev:1;)
diff --git a/tests/exception-policy-simulated-flow-memcap/test.yaml b/tests/exception-policy-simulated-flow-memcap/test.yaml
index 11632c687..f3fce2ae5 100644
--- a/tests/exception-policy-simulated-flow-memcap/test.yaml
+++ b/tests/exception-policy-simulated-flow-memcap/test.yaml
@@ -12,10 +12,6 @@ args:
 - --set flow.memcap-policy=drop-flow
 
 checks:
-  - filter:
-      count: 97
-      match:
-        event_type: alert
   - filter:
       count: 1
       match:
@@ -30,3 +26,8 @@ checks:
       match:
         event_type: stats
         stats.tcp.midstream_pickups: 1
+  - filter:
+      count: 4
+      match:
+        event_type: alert
+        alert.signature_id: 1