From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 2 Jun 2025 20:32:28 +0000 (-0600)
Subject: tests/lua: update SCByteVar tests for suricata.bytevar lib
X-Git-Tag: suricata-7.0.11~47
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=47a69985bb03459d328f977f836e144f57e9455c;p=thirdparty%2Fsuricata-verify.git

tests/lua: update SCByteVar tests for suricata.bytevar lib
---

diff --git a/tests/lua-byte-extract-pre8/README.md b/tests/lua-byte-extract-pre8/README.md
new file mode 100644
index 000000000..dfcc27af7
--- /dev/null
+++ b/tests/lua-byte-extract-pre8/README.md
@@ -0,0 +1 @@
+Tests Lua's accessing variables from byte_extract and byte_math in lua match scripts.
diff --git a/tests/lua-byte-extract-pre8/lua-byte-extract.lua b/tests/lua-byte-extract-pre8/lua-byte-extract.lua
new file mode 100644
index 000000000..d8fd067e2
--- /dev/null
+++ b/tests/lua-byte-extract-pre8/lua-byte-extract.lua
@@ -0,0 +1,17 @@
+function init(args)
+    local needs = {}
+    needs["bytevar"] = {"var1", "var2"}
+    return needs
+end
+
+function match(args)
+    local var1 = SCByteVarGet(0)
+    local var2 = SCByteVarGet(1)
+
+    if var1 and var2 then
+        if var1 == 0x48545450 and var2 == 0x2f312e31 then
+            return 1
+        end
+    end
+    return 0
+end
diff --git a/tests/lua-byte-extract-pre8/lua-byte-math.lua b/tests/lua-byte-extract-pre8/lua-byte-math.lua
new file mode 100644
index 000000000..02cd4b1b0
--- /dev/null
+++ b/tests/lua-byte-extract-pre8/lua-byte-math.lua
@@ -0,0 +1,15 @@
+function init(args)
+    local needs = {}
+    needs["bytevar"] = {"var2"}
+    return needs
+end
+
+function match(args)
+    local var2 = SCByteVarGet(0)
+
+    if var2 and var2 == 0x48545450 then
+        return 1
+    end
+
+    return 0
+end
diff --git a/tests/lua-byte-extract-pre8/test.rules b/tests/lua-byte-extract-pre8/test.rules
new file mode 100644
index 000000000..5774d73a7
--- /dev/null
+++ b/tests/lua-byte-extract-pre8/test.rules
@@ -0,0 +1,2 @@
+alert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; byte_extract:4,0,var1; byte_extract:4,4,var2; lua:lua-byte-extract.lua; sid:1; rev:7;)
+alert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; byte_math: bytes 4, offset 0, oper +, rvalue 0, result var2; lua:lua-byte-math.lua; sid:2; rev:7;)
diff --git a/tests/lua-byte-extract-pre8/test.yaml b/tests/lua-byte-extract-pre8/test.yaml
new file mode 100644
index 000000000..3884648c4
--- /dev/null
+++ b/tests/lua-byte-extract-pre8/test.yaml
@@ -0,0 +1,22 @@
+pcap: ../flowbit-oring/input.pcap
+
+requires:
+  min-version: 7
+  lt-version: 8
+
+  features:
+    - HAVE_LUA
+
+args:
+   - --set default-rule-path=${TEST_DIR}
+   - --set security.lua.allow-rules=true
+
+checks:
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 2
diff --git a/tests/lua-byte-extract/lua-byte-extract.lua b/tests/lua-byte-extract/lua-byte-extract.lua
index d8fd067e2..16a982670 100644
--- a/tests/lua-byte-extract/lua-byte-extract.lua
+++ b/tests/lua-byte-extract/lua-byte-extract.lua
@@ -1,12 +1,19 @@
-function init(args)
-    local needs = {}
-    needs["bytevar"] = {"var1", "var2"}
-    return needs
+local bytevars = require("suricata.bytevar")
+
+function init(sig)
+    bytevars.map(sig, "var1")
+    bytevars.map(sig, "var2")
+    return {}
+end
+
+function thread_init()
+    bv0 = bytevars.get("var1")
+    bv1 = bytevars.get("var2")
 end
 
 function match(args)
-    local var1 = SCByteVarGet(0)
-    local var2 = SCByteVarGet(1)
+    local var1 = bv0:value()
+    local var2 = bv1:value()
 
     if var1 and var2 then
         if var1 == 0x48545450 and var2 == 0x2f312e31 then
diff --git a/tests/lua-byte-extract/lua-byte-math.lua b/tests/lua-byte-extract/lua-byte-math.lua
index 02cd4b1b0..45216b603 100644
--- a/tests/lua-byte-extract/lua-byte-math.lua
+++ b/tests/lua-byte-extract/lua-byte-math.lua
@@ -1,11 +1,16 @@
-function init(args)
-    local needs = {}
-    needs["bytevar"] = {"var2"}
-    return needs
+local bytevars = require("suricata.bytevar")
+
+function init(sig)
+    bytevars.map(sig, "var2")
+    return {}
+end
+
+function thread_init()
+    bv2 = bytevars.get("var2")
 end
 
 function match(args)
-    local var2 = SCByteVarGet(0)
+    local var2 = bv2:value()
 
     if var2 and var2 == 0x48545450 then
         return 1
diff --git a/tests/lua-byte-extract/test.yaml b/tests/lua-byte-extract/test.yaml
index f94fcc70f..a0782c248 100644
--- a/tests/lua-byte-extract/test.yaml
+++ b/tests/lua-byte-extract/test.yaml
@@ -1,10 +1,7 @@
 pcap: ../flowbit-oring/input.pcap
 
 requires:
-  min-version: 7
-
-  features:
-    - HAVE_LUA
+  min-version: 8
 
 args:
    - --set default-rule-path=${TEST_DIR}