From f89e00c86a8a89a0a67dc1f0f78fe2ead4eb51a0 Mon Sep 17 00:00:00 2001
From: Alice Akaki <akakialice@gmail.com>
Date: Wed, 22 Jan 2025 18:58:21 -0400
Subject: [PATCH] detect/integers: test enum with negated strings

Ticket: #7513
---
 tests/detect-uint-enum/README.md  |  7 +++++++
 tests/detect-uint-enum/test.rules |  2 ++
 tests/detect-uint-enum/test.yaml  | 19 +++++++++++++++++++
 3 files changed, 28 insertions(+)
 create mode 100644 tests/detect-uint-enum/README.md
 create mode 100644 tests/detect-uint-enum/test.rules
 create mode 100644 tests/detect-uint-enum/test.yaml

diff --git a/tests/detect-uint-enum/README.md b/tests/detect-uint-enum/README.md
new file mode 100644
index 000000000..0572f3524
--- /dev/null
+++ b/tests/detect-uint-enum/README.md
@@ -0,0 +1,7 @@
+Test for checking the working of function detect_parse_uint_enum
+when passing negated strings.
+
+
+PCAP from ../websocket-ping/input.pcap
+
+redmine ticket: https://redmine.openinfosecfoundation.org/issues/7513
\ No newline at end of file
diff --git a/tests/detect-uint-enum/test.rules b/tests/detect-uint-enum/test.rules
new file mode 100644
index 000000000..006d6f3da
--- /dev/null
+++ b/tests/detect-uint-enum/test.rules
@@ -0,0 +1,2 @@
+alert websocket any any -> any any (msg:"There is no pong opcode in this packet"; websocket.opcode:!pong; sid:1;)
+alert websocket any any -> any any (msg:"There is no ping opcode in this packet"; websocket.opcode:!ping; sid:2;)
\ No newline at end of file
diff --git a/tests/detect-uint-enum/test.yaml b/tests/detect-uint-enum/test.yaml
new file mode 100644
index 000000000..c3e8d1aeb
--- /dev/null
+++ b/tests/detect-uint-enum/test.yaml
@@ -0,0 +1,19 @@
+requires:
+ min-version: 8
+
+pcap: ../websocket-ping/input.pcap
+
+args:
+  - -k none --set stream.inline=true
+
+checks:
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      pcap_cnt: 8
+- filter:
+    count: 1
+    match:
+      event_type: alert
+      pcap_cnt: 11
\ No newline at end of file