ssh: adds test with lua and hassh

Ticket: 7603

diff --git a/tests/ssh-lua-hassh/test-ssh-resp.lua b/tests/ssh-lua-hassh/test-ssh-resp.lua
new file mode 100644 (file)
index 0000000..8f0ea19
--- /dev/null
+++ b/tests/ssh-lua-hassh/test-ssh-resp.lua
@@ -0,0 +1,16 @@
+local ssh = require("suricata.ssh")
+
+function init (args)
+   ssh.enable_hassh()
+   return {}
+end
+
+function match(args)
+   local tx = ssh.get_tx()
+   local h = tx:server_hassh()
+   print(h)
+   if h == "6832f1ce43d4397c2c0a3e2f8c94334e" then
+      return 1
+   end
+   return 0
+end

diff --git a/tests/ssh-lua-hassh/test-ssh.lua b/tests/ssh-lua-hassh/test-ssh.lua
new file mode 100644 (file)
index 0000000..0eb4db2
--- /dev/null
+++ b/tests/ssh-lua-hassh/test-ssh.lua
@@ -0,0 +1,16 @@
+local ssh = require("suricata.ssh")
+
+function init (args)
+   ssh.enable_hassh()
+   return {}
+end
+
+function match(args)
+   local tx = ssh.get_tx()
+   local h = tx:client_hassh()
+   print(h)
+   if h == "2dd6531c7e89d3c925db9214711be76a" then
+      return 1
+   end
+   return 0
+end

diff --git a/tests/ssh-lua-hassh/test.rules b/tests/ssh-lua-hassh/test.rules
new file mode 100644 (file)
index 0000000..af85e1b
--- /dev/null
+++ b/tests/ssh-lua-hassh/test.rules
@@ -0,0 +1,2 @@
+alert ssh:request_finished any any -> any any (msg:"TEST SSH LUA"; lua:test-ssh.lua; sid:1; rev:1;)
+alert ssh:response_finished any any -> any any (msg:"TEST SSH LUA"; lua:test-ssh-resp.lua; sid:2; rev:1;)

diff --git a/tests/ssh-lua-hassh/test.yaml b/tests/ssh-lua-hassh/test.yaml
new file mode 100644 (file)
index 0000000..b75f122
--- /dev/null
+++ b/tests/ssh-lua-hassh/test.yaml
@@ -0,0 +1,18 @@
+pcap: ../ssh-hassh/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - -k none --set default-rule-path=. --simulate-ips
+  #we could do --set app-layer.protocols.ssh.hassh=yes
+
+checks:
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 2