From: Philippe Antoine <pantoine@oisf.net>
Date: Sat, 19 Apr 2025 19:16:52 +0000 (+0200)
Subject: ssh: add test for lua output
X-Git-Tag: suricata-7.0.11~78
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2466%2Fhead;p=thirdparty%2Fsuricata-verify.git

ssh: add test for lua output

Ticket: 7607
---

diff --git a/tests/ssh-lua-output/README.md b/tests/ssh-lua-output/README.md
new file mode 100644
index 000000000..cdfbbbcae
--- /dev/null
+++ b/tests/ssh-lua-output/README.md
@@ -0,0 +1,11 @@
+# Test Description
+
+Test SSH lua output
+
+## Related issue
+
+https://redmine.openinfosecfoundation.org/issues/7603
+
+## PCAP
+
+Reused from another SSH test
diff --git a/tests/ssh-lua-output/output.lua b/tests/ssh-lua-output/output.lua
new file mode 100644
index 000000000..d4f70ec28
--- /dev/null
+++ b/tests/ssh-lua-output/output.lua
@@ -0,0 +1,31 @@
+local ssh = require("suricata.ssh")
+
+filename = "results.log"
+
+function init (args)
+    local needs = {}
+    needs["protocol"] = "ssh"
+    return needs
+end
+
+function setup (args)
+    SCLogNotice("lua: setup()")
+    file = assert(io.open(SCLogPath() .. "/" .. filename, "w"))
+end
+
+function log(args)
+    local tx = ssh.get_tx()
+    local proto = tx:server_proto()
+    if proto == "2.0" then
+       local msg = tx:client_software().." -> "..tx:server_software()
+       write(msg)
+    end
+end
+
+function deinit(args)
+    file:close(file)
+end
+
+function write(msg)
+    file:write(msg .. "\n")
+end
diff --git a/tests/ssh-lua-output/suricata.yaml b/tests/ssh-lua-output/suricata.yaml
new file mode 100644
index 000000000..7117b92d8
--- /dev/null
+++ b/tests/ssh-lua-output/suricata.yaml
@@ -0,0 +1,19 @@
+%YAML 1.1
+---
+
+outputs:
+
+  # Extensible Event Format (nicknamed EVE) event log in JSON format
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - ssh
+        - flow
+
+  - lua:
+      enabled: yes
+      scripts-dir: .
+      scripts:
+        - output.lua
diff --git a/tests/ssh-lua-output/test.yaml b/tests/ssh-lua-output/test.yaml
new file mode 100644
index 000000000..e92a14360
--- /dev/null
+++ b/tests/ssh-lua-output/test.yaml
@@ -0,0 +1,12 @@
+pcap: ../ssh-hassh/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - -k none
+
+checks:
+  - shell:
+      args: grep "OpenSSH_for_Windows_7.7 -> OpenSSH_7.4" results.log | wc -l
+      expect: 1