Question on alert direction in suricata-verify

Not sure if this necessary belongs in “Developers” or more in the general help, but I’m asking in the context of fixing tests due to a change I’ve made so trying here first.

I’m wondering about the expectations of one of the tests (below).

I see there’s code in Suricata to correct the direction of a flow which Suricata only sees one side of (in this test case, it sees only server->client), so the fact that it notes that the dest port is 80 in the http record is showing this code working.

But why does the alert say the source port is 80?

% cat test.yaml
  min-version: 5.0.0
- --set stream.midstream=true
- --set stream.async-oneside=true


  # Check that we only have one alert event type in eve.
  - filter:
      count: 1
        event_type: alert
        src_port: 80

  - filter:
      count: 1
        event_type: http
        dest_port: 80

Could you please point to the test that you are referring to here?

Oh, sorry, I thought I had it in there.
It’s alert-testmyids-async