tests: add test for lua's SCRuleIds function

diff --git a/tests/lua-scrule-ids/README.md b/tests/lua-scrule-ids/README.md
new file mode 100644 (file)
index 0000000..dad9c30
--- /dev/null
+++ b/tests/lua-scrule-ids/README.md
@@ -0,0 +1 @@
+Tests Lua's SCRuleIds output.

diff --git a/tests/lua-scrule-ids/expected/lua-scrule-ids.log b/tests/lua-scrule-ids/expected/lua-scrule-ids.log
new file mode 100644 (file)
index 0000000..731cab4
--- /dev/null
+++ b/tests/lua-scrule-ids/expected/lua-scrule-ids.log
@@ -0,0 +1,6 @@
+[**] 07/13/2016-22:42:07.573103
+SCRuleIds is
+[**]
+Signature id: 2100498
+revision: 7
+Group id: 1[**]
\ No newline at end of file

diff --git a/tests/lua-scrule-ids/input.pcap b/tests/lua-scrule-ids/input.pcap
new file mode 100644 (file)
index 0000000..8fb6832
Binary files /dev/null and b/tests/lua-scrule-ids/input.pcap differ

diff --git a/tests/lua-scrule-ids/lua-scrule-ids.lua b/tests/lua-scrule-ids/lua-scrule-ids.lua
new file mode 100644 (file)
index 0000000..3127321
--- /dev/null
+++ b/tests/lua-scrule-ids/lua-scrule-ids.lua
@@ -0,0 +1,27 @@
+-- lua_pushinteger output test for SCRuleIds and ...
+name = "lua-scrule-ids.log"
+
+function init(args)
+    local needs = {}
+    needs["type"] = "packet"
+    needs["filter"] = "alerts"
+    return needs
+end
+
+function setup(args)
+    filename = SCLogPath() .. "/" .. name
+    file = assert(io.open(filename, "a"))
+    SCLogInfo("lua SCRuleIds Log Filename " .. filename)
+end
+
+function log(args)
+    timestring = SCPacketTimeString()
+    sid, rev, gid = SCRuleIds()
+
+    file:write ("[**] " .. timestring .. "\nSCRuleIds is\n[**]\nSignature id: " .. sid .. "\nrevision: " .. rev .. "\nGroup id: " .. gid .. "[**]")
+    file:flush()
+end
+
+function deinit(args)
+    file:close(file)
+end

diff --git a/tests/lua-scrule-ids/suricata.yaml b/tests/lua-scrule-ids/suricata.yaml
new file mode 100644 (file)
index 0000000..9083c38
--- /dev/null
+++ b/tests/lua-scrule-ids/suricata.yaml
@@ -0,0 +1,45 @@
+%YAML 1.1
+---
+
+logging:
+  default-log-level: notice
+  default-output-filter:
+  outputs:
+  - console:
+      enabled: yes
+
+
+outputs:
+  - lua:
+      enabled: yes
+      scripts-dir: .
+      scripts:
+         - lua-scrule-ids.lua
+  - eve-log:
+      enabled: yes
+      filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
+      filename: eve.json
+      types:
+        - alert:
+            payload: yes
+            payload-buffer-size: 4kb
+            payload-printable: yes
+            packet: yes
+            http: yes
+            tls: yes
+            ssh: yes
+            smtp: yes
+            xff:
+              enabled: yes
+              mode: extra-data
+              deployment: reverse
+              header: X-Forwarded-For
+
+  - unified2-alert:
+      enabled: yes
+      filename: unified2.alert
+      xff:
+        enabled: yes
+        mode: extra-data
+        deployment: reverse
+        header: X-Forwarded-For

diff --git a/tests/lua-scrule-ids/test.rules b/tests/lua-scrule-ids/test.rules
new file mode 100644 (file)
index 0000000..9f1307b
--- /dev/null
+++ b/tests/lua-scrule-ids/test.rules
@@ -0,0 +1 @@
+alert ip any any -> any any (msg:"GPL ATTACK_RESPONSE id check returned root"; content:"uid=0|28|root|29|"; classtype:bad-unknown; sid:2100498; rev:7;)

diff --git a/tests/lua-scrule-ids/test.yaml b/tests/lua-scrule-ids/test.yaml
new file mode 100644 (file)
index 0000000..8e46670
--- /dev/null
+++ b/tests/lua-scrule-ids/test.yaml
@@ -0,0 +1,13 @@
+requires:
+  features:
+    - HAVE_LUA
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: alert
+  - file-compare:
+      # A check that compares two files
+      filename: lua-scrule-ids.log
+      expected: expected/lua-scrule-ids.log