]> git.ipfire.org Git - people/stevee/suricata-verify.git/commitdiff
projects / people / stevee / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 013c389)
tests: add lua SCFlowTuple test
authorJuliana Fajardini <jufajardini@gmail.com>
Thu, 1 Jul 2021 18:57:11 +0000 (19:57 +0100)
committerVictor Julien <victor@inliniac.net>
Fri, 17 Sep 2021 09:05:37 +0000 (11:05 +0200)
tests/lua-scflowtuple/README.md [new file with mode: 0644] patch | blob
tests/lua-scflowtuple/expected/scflow-tuple.log [new file with mode: 0644] patch | blob
tests/lua-scflowtuple/input.pcap [new file with mode: 0644] patch | blob
tests/lua-scflowtuple/scflowtuple.lua [new file with mode: 0644] patch | blob
tests/lua-scflowtuple/suricata.yaml [new file with mode: 0644] patch | blob
tests/lua-scflowtuple/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/lua-scflowtuple/README.md b/tests/lua-scflowtuple/README.md
new file mode 100644 (file)
index 0000000..874e325
--- /dev/null
+++ b/tests/lua-scflowtuple/README.md
@@ -0,0 +1 @@
+Tests Lua's SCFlowTuple output.
diff --git a/tests/lua-scflowtuple/expected/scflow-tuple.log b/tests/lua-scflowtuple/expected/scflow-tuple.log
new file mode 100644 (file)
index 0000000..78a3d8e
--- /dev/null
+++ b/tests/lua-scflowtuple/expected/scflow-tuple.log
@@ -0,0 +1,4 @@
+{10/06/2015-15:16:43.136335 [**]
+SCFlowTuple is
+IP Version:  4
+Src: 10.16.1.11:59733 -> Dst: 104.131.202.103:80 [**] Protocol: http(6)}
diff --git a/tests/lua-scflowtuple/input.pcap b/tests/lua-scflowtuple/input.pcap
new file mode 100644 (file)
index 0000000..eded33a
Binary files /dev/null and b/tests/lua-scflowtuple/input.pcap differ
diff --git a/tests/lua-scflowtuple/scflowtuple.lua b/tests/lua-scflowtuple/scflowtuple.lua
new file mode 100644 (file)
index 0000000..0bd878c
--- /dev/null
+++ b/tests/lua-scflowtuple/scflowtuple.lua
@@ -0,0 +1,30 @@
+-- simple SCFlowTuple log test
+name = "scflow-tuple.log"
+
+function init(args)
+    local needs = {}
+    needs["type"] = "flow"
+    return needs
+end
+
+function setup(args)
+    filename = SCLogPath() .. "/" .. name
+    file = assert(io.open(filename, "a"))
+    SCLogInfo("Lua SCFlowTuple Log Filename " .. filename)
+    flow = 0
+end
+
+function log(args)
+    startts = SCFlowTimeString()
+    ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
+    proto_string = SCFlowAppLayerProto()
+
+    file:write ("{" .. startts .. " [**]\nSCFlowTuple is\nIP Version:  " .. ipver .. "\nSrc: " .. srcip .. ":" .. sp .. " -> Dst: " .. dstip .. ":" .. dp .. " [**] Protocol: " .. proto_string .. "(" .. proto .. ")}\n")
+    file:flush()
+    flow = flow + 1
+end
+
+function deinit(args)
+    SCLogInfo ("Flow tuples logged: " .. flow);
+    file:close(file)
+end
diff --git a/tests/lua-scflowtuple/suricata.yaml b/tests/lua-scflowtuple/suricata.yaml
new file mode 100644 (file)
index 0000000..4245578
--- /dev/null
+++ b/tests/lua-scflowtuple/suricata.yaml
@@ -0,0 +1,9 @@
+%YAML 1.1
+---
+
+outputs:
+  - lua:
+      enabled: yes
+      scripts-dir: .
+      scripts:
+        - scflowtuple.lua
diff --git a/tests/lua-scflowtuple/test.yaml b/tests/lua-scflowtuple/test.yaml
new file mode 100644 (file)
index 0000000..27e9445
--- /dev/null
+++ b/tests/lua-scflowtuple/test.yaml
@@ -0,0 +1,9 @@
+requires:
+  features:
+    - HAVE_LUA
+
+checks:
+  - file-compare:
+      # A check that compares two files
+      filename: scflow-tuple.log
+      expected: expected/scflow-tuple.log
Stefan's tree of suricata-verify.