From: Philippe Antoine <pantoine@oisf.net>
Date: Sat, 5 Apr 2025 20:54:12 +0000 (+0200)
Subject: ssh: adds test for lua
X-Git-Tag: suricata-7.0.11~80
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b51e4785627ab2cf1e82f945df62a2ddddbcd300;p=thirdparty%2Fsuricata-verify.git

ssh: adds test for lua

Ticket: 7607
---

diff --git a/tests/ssh-lua-rules/test-ssh.lua b/tests/ssh-lua-rules/test-ssh.lua
new file mode 100644
index 000000000..95666ee9b
--- /dev/null
+++ b/tests/ssh-lua-rules/test-ssh.lua
@@ -0,0 +1,17 @@
+local ssh = require("suricata.ssh")
+
+function init (args)
+   return {}
+end
+
+function match(args)
+   local tx = ssh.get_tx()
+   local proto = tx:server_proto()
+   if proto == "2.0" then
+      local soft = tx:server_software()
+      if soft == "OpenSSH_7.4" then
+         return 1
+      end
+   end
+   return 0
+end
diff --git a/tests/ssh-lua-rules/test.rules b/tests/ssh-lua-rules/test.rules
new file mode 100644
index 000000000..3306a9b2e
--- /dev/null
+++ b/tests/ssh-lua-rules/test.rules
@@ -0,0 +1 @@
+alert ssh:response_banner_done any any -> any any (msg:"TEST SSH LUA"; lua:test-ssh.lua; sid:1; rev:1;)
diff --git a/tests/ssh-lua-rules/test.yaml b/tests/ssh-lua-rules/test.yaml
new file mode 100644
index 000000000..f4a73ccc0
--- /dev/null
+++ b/tests/ssh-lua-rules/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../ssh-banner-only/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - -k none --set default-rule-path=. --simulate-ips
+
+checks:
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+        pcap_cnt: 13