From: Juliana Fajardini <jufajardini@gmail.com>
Date: Thu, 1 Jul 2021 18:57:11 +0000 (+0100)
Subject: tests: add lua SCFlowTuple test
X-Git-Tag: suricata-6.0.4~54
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c799799c35cc785442a72ed9ea3c663711f9396e;p=thirdparty%2Fsuricata-verify.git

tests: add lua SCFlowTuple test
---

diff --git a/tests/lua-scflowtuple/README.md b/tests/lua-scflowtuple/README.md
new file mode 100644
index 000000000..874e325ab
--- /dev/null
+++ b/tests/lua-scflowtuple/README.md
@@ -0,0 +1 @@
+Tests Lua's SCFlowTuple output.
diff --git a/tests/lua-scflowtuple/expected/scflow-tuple.log b/tests/lua-scflowtuple/expected/scflow-tuple.log
new file mode 100644
index 000000000..78a3d8e17
--- /dev/null
+++ b/tests/lua-scflowtuple/expected/scflow-tuple.log
@@ -0,0 +1,4 @@
+{10/06/2015-15:16:43.136335 [**]
+SCFlowTuple is
+IP Version:  4
+Src: 10.16.1.11:59733 -> Dst: 104.131.202.103:80 [**] Protocol: http(6)}
diff --git a/tests/lua-scflowtuple/input.pcap b/tests/lua-scflowtuple/input.pcap
new file mode 100644
index 000000000..eded33a58
Binary files /dev/null and b/tests/lua-scflowtuple/input.pcap differ
diff --git a/tests/lua-scflowtuple/scflowtuple.lua b/tests/lua-scflowtuple/scflowtuple.lua
new file mode 100644
index 000000000..0bd878ceb
--- /dev/null
+++ b/tests/lua-scflowtuple/scflowtuple.lua
@@ -0,0 +1,30 @@
+-- simple SCFlowTuple log test
+name = "scflow-tuple.log"
+
+function init(args)
+    local needs = {}
+    needs["type"] = "flow"
+    return needs
+end
+
+function setup(args)
+    filename = SCLogPath() .. "/" .. name
+    file = assert(io.open(filename, "a"))
+    SCLogInfo("Lua SCFlowTuple Log Filename " .. filename)
+    flow = 0
+end
+
+function log(args)
+    startts = SCFlowTimeString()
+    ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
+    proto_string = SCFlowAppLayerProto()
+
+    file:write ("{" .. startts .. " [**]\nSCFlowTuple is\nIP Version:  " .. ipver .. "\nSrc: " .. srcip .. ":" .. sp .. " -> Dst: " .. dstip .. ":" .. dp .. " [**] Protocol: " .. proto_string .. "(" .. proto .. ")}\n")
+    file:flush()
+    flow = flow + 1
+end
+
+function deinit(args)
+    SCLogInfo ("Flow tuples logged: " .. flow);
+    file:close(file)
+end
diff --git a/tests/lua-scflowtuple/suricata.yaml b/tests/lua-scflowtuple/suricata.yaml
new file mode 100644
index 000000000..4245578af
--- /dev/null
+++ b/tests/lua-scflowtuple/suricata.yaml
@@ -0,0 +1,9 @@
+%YAML 1.1
+---
+
+outputs:
+  - lua:
+      enabled: yes
+      scripts-dir: .
+      scripts:
+        - scflowtuple.lua
diff --git a/tests/lua-scflowtuple/test.yaml b/tests/lua-scflowtuple/test.yaml
new file mode 100644
index 000000000..27e944587
--- /dev/null
+++ b/tests/lua-scflowtuple/test.yaml
@@ -0,0 +1,9 @@
+requires:
+  features:
+    - HAVE_LUA
+
+checks:
+  - file-compare:
+      # A check that compares two files
+      filename: scflow-tuple.log
+      expected: expected/scflow-tuple.log