From 7059dc0c232210357a248929ad1b9e31f3249583 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Thu, 16 Sep 2021 14:41:00 +0100 Subject: [PATCH] tests: add test for lua SCFileInfo Prep for using lua's pushinteger function in SCFileInfo callbacks --- tests/lua-scfileinfo/README.md | 1 + tests/lua-scfileinfo/expected/scfileinfo.log | 13 ++++++++ .../filecontainer-http-slice.pcap | Bin 0 -> 9818 bytes tests/lua-scfileinfo/scfileinfo.lua | 29 ++++++++++++++++++ tests/lua-scfileinfo/suricata.yaml | 15 +++++++++ tests/lua-scfileinfo/test.yaml | 9 ++++++ 6 files changed, 67 insertions(+) create mode 100644 tests/lua-scfileinfo/README.md create mode 100644 tests/lua-scfileinfo/expected/scfileinfo.log create mode 100644 tests/lua-scfileinfo/filecontainer-http-slice.pcap create mode 100644 tests/lua-scfileinfo/scfileinfo.lua create mode 100644 tests/lua-scfileinfo/suricata.yaml create mode 100644 tests/lua-scfileinfo/test.yaml diff --git a/tests/lua-scfileinfo/README.md b/tests/lua-scfileinfo/README.md new file mode 100644 index 0000000..c8bd87d --- /dev/null +++ b/tests/lua-scfileinfo/README.md @@ -0,0 +1 @@ +Tests Lua's SCFileInfo output. diff --git a/tests/lua-scfileinfo/expected/scfileinfo.log b/tests/lua-scfileinfo/expected/scfileinfo.log new file mode 100644 index 0000000..e320a47 --- /dev/null +++ b/tests/lua-scfileinfo/expected/scfileinfo.log @@ -0,0 +1,13 @@ +** SCFileInfo is: [**] fileid: 1 [**] txid: 0 +name: /en-US/static/@95063/css/print.css +size: 1054 [**] magic: nomagic +md5: c0b818de79d068db0a989ed35044cd62 +sha1: afb4fb1ad18223825cfb7ce5bf506e0f9dc47d5c +sha256: 57b43ee07432cf8a8b8a17d9d712138194e4564e4b36963a34c495b576b404fe + +** SCFileInfo is: [**] fileid: 2 [**] txid: 1 +name: /en-US/static/@95063/js/contrib/lowpro_for_jquery.js +size: 4096 [**] magic: nomagic +md5: 545507473518ecdb45600cd50252a3ae +sha1: 8d4c76eb9ebab67a3c5a8234f02bcece0a021019 +sha256: 20af0596a3ca657849ae0be5136fae338e5d0df57630890509a8d9ecccd855ac diff --git a/tests/lua-scfileinfo/filecontainer-http-slice.pcap b/tests/lua-scfileinfo/filecontainer-http-slice.pcap new file mode 100644 index 0000000000000000000000000000000000000000..e4e589a8a1525c3da42453e9530cb525babd2341 GIT binary patch literal 9818 zc-rk+d2kd}8lN1b*r|+C>MAJ8BL>nPXL@FmOpcC`JK#zHlPI`Dh@F`?nNH@SyC;Vb zMFkf`bQdj95e=y2vFs|Ygqy6;i^iL|PM_8YyfERpp}{LkoWzH`6RQHg@=|X|6ul{dPe=@U z2WB)j&hh#gzsorzDM~ExSCugS@=B%z{RB$cN}tc?a^4_9!8559CJ;eg@)kZ8IrNC(>PjFRv`G20{mmHW)t*ro&Ks(p%#5`_PXc)baw1B)hz1*X5iP3c(cO zCc!QVYveBW7FRE>iJjbK_LlnnEURu;70!l&FI3?ng4 zg4+I+C?|*z3Awgmwx_Z(Q04Kv(^AA!N%&N_Wq}ng=agh30Yeg>Ot7FG!jy-L@g0ay zJ&ZsB3M`09Qi}C@ZG5A6m`kO+F)p15MWNu0CgTt@O}6t$c@c^t;@r%KoAH5~2=tY- z1S(3)!WDr~d7z}EwA5EtUgE24sS1>~l!ePGxp0}U6mf7l2jR^Q&1LK|jOGVdThJVw z-*@G9gtzxTe^*8ZLd8cI9hmFH-T97fC>`<3j%(H?_AbnI?I>HWBOULpouG033UgI~ z1WJ59F#9^!^Dogc6bL?EsXjjI9jUfGKk9n-%+$}XO+~UkIPzQirhkPe zFYW7Hc3#)IBaOjrdlvlh^mq4caE9KU^vH#K2EKj&=<~nWe8-xpe}A)iV_W3o<2&20 zId*_O5pAAaG;5LbqU9eI z-uP_&+IdyiKIgfuKl{-|t1ssZ-?{OFWZpLq?YwR6f-t@Dk^ECrn>=gZo;&l{!mZS< zHP_efXdL%h&ldyv{|Gn6UeCFF>ni@lvzmuv313P z&erX}pI*Gg^+x~lGxL`G^T-XKth&AT%OjsHeDqmqAapwQOznF;8w1DN#(uKtEPrANn`kLQ-Z|`H5K0o@_yHD@BZRxNr*B#H@P(Hfe z^M&Wob-{{*6>aQGKY#g~S$}$P($_Qk9-n&IsCmK#ACAtwb=%4F!y|K-U6Cs{Vho&f zG_!@InLTN4J6CSU;6cUZ+s|mN?L36RGeoWe;rhg2uB)~z8IhHDG+@uwg#hl#)FQv@ z7fFlUZ_9OLR^ILJn7L+bk!_+kglh)h;*BLcQ$n&ik`$WT7N()l&9wdGO%wIX|944q zm%Mq5%h88=Szo4p_GflEsenJ2E8wav^ZUlFKo#)hi?3@HZ~z13oc*laAMj~jtVdzM z?W?6*g5uEIS*E@QXa!utGdNr}>*euOTEVin^< z91gd)%hSenaAHW{Q_@e`=Wvw29OfV|yC@Ia&#u5xUVYdc<@;($lt(yDZp=1EnTjAd zVk48-EP@)K(TK^k5P~wHLYD|ZQA!HvV-1j^yvT^@6cj=+ z4$ao%$6J>eR7<3!ggjiWu|P{`TjC)WRmil%Zc!Cf?Icuu1W;p@okc)OHlWIc6Iv3| z5cJSYj3AOWaAHzvF-jGvqy=tJ(80yhaCW3XWr`{qps;)%iS@aG%mlqRaFN%l5y{m+ zdw8yEF$PXB9HMSgZP)9H!-EPH0WX5jJOW zaVRP~L0=Q7sR0Fr#JdH$P9%o9dT|m)qy;&qD^N#HB}go=6{nce<2Ibo z(UAEBqY|O59)minYU&yRtA zxCb>zXsARxfKLE&0#nI|M(;GO6$S97qL^FO%!C$$bo|CFK7lEe1UEQ|iE~mYN_iIq z=Zo{Hrec*tZ~^)-pQ4!J3G{s0O9%Z;jEKslM0wp{g4e1U;m)XeRRjDO%wx$a2JZx9 zHeh8cvjHu9B5cvy4a5+NhOWL1DxEfnRbWXDyHRxFTsxd32wXR%W7L8JRSTRIgS5bl z2oz>FHaBZYhN-HDuA;)ulsv&g20MUKxwiNIr52-n zM55H%t|S*}LN(^XphbWrJD=bs9?fyLzzp?EGhgFOxEi}$jiOMsg`kCOLvw!1o2Krn zf6!!L7syPFn87xwY^`P)%B)JFS29gSYx~tTGSVhsr^ZC5Q#j~$DHRESFrdU*$4GaT zJE&b_Ma|TriS7={)J|!Wcg9-OHbj!nWSW7-;y!D1^&==dL^NiEaEGpucQsnI0PB8I z(jyFGu$7FQnh+r!gJS0D1+8(G5CkE{cp(KD`2(%TLi4VOBoW?h_JPH+_NK_waUW&tb3nV_WlE^NS_qDEvSTR?j_D0M{AV@~Eb3vJuOkPE* z;3A{bRZ0eV0^23m@_N{cu0%|sANL@#V&&-8b+gu7Cs3>ZIUXuVls*1)?<~ zv|-{Sw;)MESJ26d&PFpK>V3K`X6^9FPR%nGU+E6g`l5mlr9vwwi3CMQg;389JtfS= zQ{~O5`$((7Yf9r%xenTw8-PKC>Gq)nRNW>XQ&O1B$&rM4RF-|1ah|{?W*i-KALD+C zDD`>3q?0^a;Kw%PQI>u|)hgql361P)Cn(!t4p;!7AjcB-YP*{ULaqoiNQH>y|6HK4 zPsvOsCBpSY>W}MtEy3gHvMK9p$PydRTTHacB+V%LT`&t@Pvn}tNYvTA((H0ZfikERJ8R2NyY zyBQaudR&f0>8$b!8Lo}%qO7h^M{f?fB(tH|AqGPY=BpD48f9aAs6AuRw6heXg%}HL z!W#D6B0iByOGR!_)RLAYG)gzo;2LycG~7JMHB1@J(d9GFON;q9 z*9yHfZJzR)<=x4Ik#?;yVF!7K&}0l+n3Fj5LADwp5ehQ8Ws~e?iox<}!b&b+i^wxB z)<#PPZzzvsZTIDewS$UWCVXiQK{x}pK;x7fi(36RWjV;p_B*48*;V9kAPUXZ|H;GZ zcSaAtVy^!BgIV$@!BzwLp;i&Ogc6|ZhluxC@=GrTwmD!dDQC$6YgfpW^m3_aKtw4@ zc|_C#(e)8FK+}`RuBf3!pbrQek|KEqI1!cNcwjev dyM!0W9(h;nEiO<~80bp&&{W&?cm$=Z{|&%+DV6{L literal 0 Hc-jL100001 diff --git a/tests/lua-scfileinfo/scfileinfo.lua b/tests/lua-scfileinfo/scfileinfo.lua new file mode 100644 index 0000000..09f83fa --- /dev/null +++ b/tests/lua-scfileinfo/scfileinfo.lua @@ -0,0 +1,29 @@ +-- Output test for SCFileInfo +file_name = "scfileinfo.log" + +function init (args) + local needs = {} + needs['type'] = 'file' + return needs +end + +function setup(args) + filename = SCLogPath() .. "/" .. file_name + file = assert(io.open(filename, "w")) + SCLogInfo("lua SCFileInfo Log Filename " .. filename) +end + +function log(args) + fileid, txid, name, size, magic, md5, sha1, sha256 = SCFileInfo() + if magic == nil then + magic = "nomagic" + end + + file:write ("** SCFileInfo is: [**] fileid: " .. fileid .. " [**] txid: " .. txid .. "\nname: " .. name .. "\nsize: " .. size .. " [**] magic: " .. magic .. "\nmd5: " .. md5 .. " \nsha1: " .. sha1 .. "\nsha256: " .. sha256 .. "\n\n") + file:flush() +end + +function deinit(args) + SCLogInfo ("SCFileInfo logging finished"); + file:close(file) +end diff --git a/tests/lua-scfileinfo/suricata.yaml b/tests/lua-scfileinfo/suricata.yaml new file mode 100644 index 0000000..042fb06 --- /dev/null +++ b/tests/lua-scfileinfo/suricata.yaml @@ -0,0 +1,15 @@ +%YAML 1.1 +--- + +outputs: + - lua: + enabled: yes + scripts-dir: . + scripts: + - scfileinfo.lua + + - file-store: + version: 2 + enabled: yes + force-filestore: yes + force-hash: [sha256, sha1, md5] diff --git a/tests/lua-scfileinfo/test.yaml b/tests/lua-scfileinfo/test.yaml new file mode 100644 index 0000000..874017e --- /dev/null +++ b/tests/lua-scfileinfo/test.yaml @@ -0,0 +1,9 @@ +requires: + features: + - HAVE_LUA + +checks: + - file-compare: + # Two files should be identical + filename: scfileinfo.log + expected: expected/scfileinfo.log -- 2.47.3