From: Philippe Antoine <pantoine@oisf.net>
Date: Mon, 28 Apr 2025 12:22:17 +0000 (+0200)
Subject: ssh: adds test with lua and hassh
X-Git-Tag: suricata-7.0.11~76
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d5be473450c978f2100cb3687e3dbb7a2272714e;p=thirdparty%2Fsuricata-verify.git

ssh: adds test with lua and hassh

Ticket: 7603
---

diff --git a/tests/ssh-lua-hassh/test-ssh-resp.lua b/tests/ssh-lua-hassh/test-ssh-resp.lua
new file mode 100644
index 000000000..8f0ea1982
--- /dev/null
+++ b/tests/ssh-lua-hassh/test-ssh-resp.lua
@@ -0,0 +1,16 @@
+local ssh = require("suricata.ssh")
+
+function init (args)
+   ssh.enable_hassh()
+   return {}
+end
+
+function match(args)
+   local tx = ssh.get_tx()
+   local h = tx:server_hassh()
+   print(h)
+   if h == "6832f1ce43d4397c2c0a3e2f8c94334e" then
+      return 1
+   end
+   return 0
+end
diff --git a/tests/ssh-lua-hassh/test-ssh.lua b/tests/ssh-lua-hassh/test-ssh.lua
new file mode 100644
index 000000000..0eb4db2a0
--- /dev/null
+++ b/tests/ssh-lua-hassh/test-ssh.lua
@@ -0,0 +1,16 @@
+local ssh = require("suricata.ssh")
+
+function init (args)
+   ssh.enable_hassh()
+   return {}
+end
+
+function match(args)
+   local tx = ssh.get_tx()
+   local h = tx:client_hassh()
+   print(h)
+   if h == "2dd6531c7e89d3c925db9214711be76a" then
+      return 1
+   end
+   return 0
+end
diff --git a/tests/ssh-lua-hassh/test.rules b/tests/ssh-lua-hassh/test.rules
new file mode 100644
index 000000000..af85e1bd9
--- /dev/null
+++ b/tests/ssh-lua-hassh/test.rules
@@ -0,0 +1,2 @@
+alert ssh:request_finished any any -> any any (msg:"TEST SSH LUA"; lua:test-ssh.lua; sid:1; rev:1;)
+alert ssh:response_finished any any -> any any (msg:"TEST SSH LUA"; lua:test-ssh-resp.lua; sid:2; rev:1;)
diff --git a/tests/ssh-lua-hassh/test.yaml b/tests/ssh-lua-hassh/test.yaml
new file mode 100644
index 000000000..b75f12218
--- /dev/null
+++ b/tests/ssh-lua-hassh/test.yaml
@@ -0,0 +1,18 @@
+pcap: ../ssh-hassh/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - -k none --set default-rule-path=. --simulate-ips
+  #we could do --set app-layer.protocols.ssh.hassh=yes
+
+checks:
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 2