]> git.ipfire.org Git - thirdparty/suricata-verify.git/commitdiff
projects / thirdparty / suricata-verify.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c5fc77a)
ssh: add test for lua output 2466/head
authorPhilippe Antoine <pantoine@oisf.net>
Sat, 19 Apr 2025 19:16:52 +0000 (21:16 +0200)
committerVictor Julien <victor@inliniac.net>
Fri, 25 Apr 2025 07:51:48 +0000 (09:51 +0200)
Ticket: 7607

tests/ssh-lua-output/README.md [new file with mode: 0644] patch | blob
tests/ssh-lua-output/output.lua [new file with mode: 0644] patch | blob
tests/ssh-lua-output/suricata.yaml [new file with mode: 0644] patch | blob
tests/ssh-lua-output/test.yaml [new file with mode: 0644] patch | blob

diff --git a/tests/ssh-lua-output/README.md b/tests/ssh-lua-output/README.md
new file mode 100644 (file)
index 0000000..cdfbbbc
--- /dev/null
+++ b/tests/ssh-lua-output/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Test SSH lua output
+
+## Related issue
+
+https://redmine.openinfosecfoundation.org/issues/7603
+
+## PCAP
+
+Reused from another SSH test
diff --git a/tests/ssh-lua-output/output.lua b/tests/ssh-lua-output/output.lua
new file mode 100644 (file)
index 0000000..d4f70ec
--- /dev/null
+++ b/tests/ssh-lua-output/output.lua
@@ -0,0 +1,31 @@
+local ssh = require("suricata.ssh")
+
+filename = "results.log"
+
+function init (args)
+    local needs = {}
+    needs["protocol"] = "ssh"
+    return needs
+end
+
+function setup (args)
+    SCLogNotice("lua: setup()")
+    file = assert(io.open(SCLogPath() .. "/" .. filename, "w"))
+end
+
+function log(args)
+    local tx = ssh.get_tx()
+    local proto = tx:server_proto()
+    if proto == "2.0" then
+       local msg = tx:client_software().." -> "..tx:server_software()
+       write(msg)
+    end
+end
+
+function deinit(args)
+    file:close(file)
+end
+
+function write(msg)
+    file:write(msg .. "\n")
+end
diff --git a/tests/ssh-lua-output/suricata.yaml b/tests/ssh-lua-output/suricata.yaml
new file mode 100644 (file)
index 0000000..7117b92
--- /dev/null
+++ b/tests/ssh-lua-output/suricata.yaml
@@ -0,0 +1,19 @@
+%YAML 1.1
+---
+
+outputs:
+
+  # Extensible Event Format (nicknamed EVE) event log in JSON format
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - ssh
+        - flow
+
+  - lua:
+      enabled: yes
+      scripts-dir: .
+      scripts:
+        - output.lua
diff --git a/tests/ssh-lua-output/test.yaml b/tests/ssh-lua-output/test.yaml
new file mode 100644 (file)
index 0000000..e92a143
--- /dev/null
+++ b/tests/ssh-lua-output/test.yaml
@@ -0,0 +1,12 @@
+pcap: ../ssh-hassh/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - -k none
+
+checks:
+  - shell:
+      args: grep "OpenSSH_for_Windows_7.7 -> OpenSSH_7.4" results.log | wc -l
+      expect: 1
Mirror of https://github.com/OISF/suricata-verify.git