From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Thu, 15 May 2025 11:50:40 +0000 (-0400)
Subject: test/tlslib: Lua TLS library tests
X-Git-Tag: suricata-7.0.11~54
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F2516%2Fhead;p=thirdparty%2Fsuricata-verify.git

test/tlslib: Lua TLS library tests

Issue: 7608
---

diff --git a/tests/lua/lua-tlslib-01/README.md b/tests/lua/lua-tlslib-01/README.md
new file mode 100644
index 000000000..378a5f76e
--- /dev/null
+++ b/tests/lua/lua-tlslib-01/README.md
@@ -0,0 +1 @@
+Test Lua lib functions
diff --git a/tests/lua/lua-tlslib-01/expected/tlslib_lua.log b/tests/lua/lua-tlslib-01/expected/tlslib_lua.log
new file mode 100644
index 000000000..53b60501c
--- /dev/null
+++ b/tests/lua/lua-tlslib-01/expected/tlslib_lua.log
@@ -0,0 +1,5 @@
+client version: TLS 1.2  server_version: TLS 1.2
+client version: TLS 1.2  server_version: TLS 1.2
+client version: TLS 1.2  server_version: TLS 1.2
+client version: TLS 1.2  server_version: TLS 1.2
+client version: TLS 1.2  server_version: TLS 1.2
diff --git a/tests/lua/lua-tlslib-01/input.rules b/tests/lua/lua-tlslib-01/input.rules
new file mode 100644
index 000000000..db7eb2932
--- /dev/null
+++ b/tests/lua/lua-tlslib-01/input.rules
@@ -0,0 +1 @@
+alert http any any -> any any (msg:"HTTP GET"; http.method; content:"GET"; sid:1;)
diff --git a/tests/lua/lua-tlslib-01/lua-tlsfunctions.lua b/tests/lua/lua-tlslib-01/lua-tlsfunctions.lua
new file mode 100644
index 000000000..32436f0c5
--- /dev/null
+++ b/tests/lua/lua-tlslib-01/lua-tlsfunctions.lua
@@ -0,0 +1,40 @@
+-- simple output test for some lua flow lib functions
+name = "tlslib_lua.log"
+
+local tls = require("suricata.tls")
+
+function init (args)
+    local needs = {}
+    needs["protocol"] = "tls"
+    return needs
+end
+
+function setup (args)
+    filename = SCLogPath() .. "/" .. name
+    file = assert(io.open(filename, "a"))
+    SCLogInfo("Log Filename " .. filename)
+    http = 0
+end
+
+function ternary(var, T, F)
+    if var == nil then return T else return F end
+end
+
+function log(args)
+    local t, err = tls.get_tx()
+    if t == err then
+        print(err)
+    end
+    cl_version = t:get_client_version()
+    sv_version = t:get_server_version()
+    msg = string.format(
+        "client version: %s  server_version: %s\n",
+        ternary(cl_version, "na-cl-version", cl_version),
+        ternary(sv_version, "na-sv-version", sv_version))
+    file:write(msg)
+    file:flush()
+end
+
+function deinit (args)
+    file:close(file)
+end
diff --git a/tests/lua/lua-tlslib-01/suricata.yaml b/tests/lua/lua-tlslib-01/suricata.yaml
new file mode 100644
index 000000000..afc99f8ed
--- /dev/null
+++ b/tests/lua/lua-tlslib-01/suricata.yaml
@@ -0,0 +1,18 @@
+%YAML 1.1
+---
+
+outputs:
+  - lua:
+      enabled: yes
+      scripts-dir: .
+      scripts:
+         - lua-tlsfunctions.lua
+  - eve-log:
+      enabled: yes
+      filetype: regular
+      filename: eve.json
+      types:
+        - alert
+        - http
+        - flow
+        - tls
diff --git a/tests/lua/lua-tlslib-01/test.yaml b/tests/lua/lua-tlslib-01/test.yaml
new file mode 100644
index 000000000..1d504dded
--- /dev/null
+++ b/tests/lua/lua-tlslib-01/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../../ethernet-eve/test.pcap
+
+requires:
+  features:
+    - HAVE_LUA
+  min-version: 8
+
+args:
+  - -k none
+
+checks:
+  - file-compare:
+      filename: tlslib_lua.log
+      expected: expected/tlslib_lua.log
diff --git a/tests/lua/lua-tlslib-02/README.md b/tests/lua/lua-tlslib-02/README.md
new file mode 100644
index 000000000..7e63524a9
--- /dev/null
+++ b/tests/lua/lua-tlslib-02/README.md
@@ -0,0 +1 @@
+Test Lua lib functions with detection
diff --git a/tests/lua/lua-tlslib-02/input.pcap b/tests/lua/lua-tlslib-02/input.pcap
new file mode 100644
index 000000000..299850e18
Binary files /dev/null and b/tests/lua/lua-tlslib-02/input.pcap differ
diff --git a/tests/lua/lua-tlslib-02/input.rules b/tests/lua/lua-tlslib-02/input.rules
new file mode 100644
index 000000000..63b5ff9cf
--- /dev/null
+++ b/tests/lua/lua-tlslib-02/input.rules
@@ -0,0 +1 @@
+alert tls any any -> any any (msg:"HTTP GET"; flow:established, to_client; lua: lua-tlsfunctions.lua; sid:1;)
diff --git a/tests/lua/lua-tlslib-02/lua-tlsfunctions.lua b/tests/lua/lua-tlslib-02/lua-tlsfunctions.lua
new file mode 100644
index 000000000..e0250736b
--- /dev/null
+++ b/tests/lua/lua-tlslib-02/lua-tlsfunctions.lua
@@ -0,0 +1,25 @@
+local tls = require("suricata.tls")
+
+function init (args)
+    local needs = {}
+    -- needs["tls"] = true
+    return needs
+end
+
+function match(args)
+    local t, err = tls.get_tx()
+    if t == err then
+        print(err)
+    end
+
+    srv_serial = t:get_server_serial()
+    if srv_serial == "00:BB:2A:80:CC:14:FC:DD:BC:12:02:B2:A0:86:BD:1D:17" then
+        return 1
+    end
+    cl_version = t:get_client_version()
+    if cl_version == "TLS 1.2" then
+       return 1
+    end
+
+    return 0
+end
diff --git a/tests/lua/lua-tlslib-02/test.yaml b/tests/lua/lua-tlslib-02/test.yaml
new file mode 100644
index 000000000..57940b58f
--- /dev/null
+++ b/tests/lua/lua-tlslib-02/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  min-version: 8
+
+args:
+  - -k none
+  - --set security.lua.allow-rules=true
+  - --set default-rule-path=${TEST_DIR}
+
+checks:
+  - filter:
+      count: 27
+      match:
+        alert.signature_id: 1