]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d54a3f3)
ssh: adds test for lua
authorPhilippe Antoine <pantoine@oisf.net>
Sat, 5 Apr 2025 20:54:12 +0000 (22:54 +0200)
committerVictor Julien <victor@inliniac.net>
Fri, 25 Apr 2025 07:51:48 +0000 (09:51 +0200)
Ticket: 7607

tests/ssh-lua-rules/test-ssh.lua [new file with mode: 0644] patch | blob
tests/ssh-lua-rules/test.rules [new file with mode: 0644] patch | blob
tests/ssh-lua-rules/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/ssh-lua-rules/test-ssh.lua b/tests/ssh-lua-rules/test-ssh.lua
new file mode 100644 (file)
index 0000000..95666ee
--- /dev/null
+++ b/tests/ssh-lua-rules/test-ssh.lua
@@ -0,0 +1,17 @@
+local ssh = require("suricata.ssh")
+
+function init (args)
+   return {}
+end
+
+function match(args)
+   local tx = ssh.get_tx()
+   local proto = tx:server_proto()
+   if proto == "2.0" then
+      local soft = tx:server_software()
+      if soft == "OpenSSH_7.4" then
+         return 1
+      end
+   end
+   return 0
+end
diff --git a/tests/ssh-lua-rules/test.rules b/tests/ssh-lua-rules/test.rules
new file mode 100644 (file)
index 0000000..3306a9b
--- /dev/null
+++ b/tests/ssh-lua-rules/test.rules
@@ -0,0 +1 @@
+alert ssh:response_banner_done any any -> any any (msg:"TEST SSH LUA"; lua:test-ssh.lua; sid:1; rev:1;)
diff --git a/tests/ssh-lua-rules/test.yaml b/tests/ssh-lua-rules/test.yaml
new file mode 100644 (file)
index 0000000..f4a73cc
--- /dev/null
+++ b/tests/ssh-lua-rules/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../ssh-banner-only/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - -k none --set default-rule-path=. --simulate-ips
+
+checks:
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+        pcap_cnt: 13
Mirror of https://github.com/OISF/suricata-verify.git