From 824739a4ff533916e362604bb08b47b7f7399b22 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Mon, 20 Jan 2025 15:58:54 -0600
Subject: [PATCH] test: test for lua hashing lib

Ticket: #7073
---
 tests/lua/lua-hashlib/README.md        |   5 +
 tests/lua/lua-hashlib/test-hashing.lua | 149 +++++++++++++++++++++++++
 tests/lua/lua-hashlib/test.rules       |   3 +
 tests/lua/lua-hashlib/test.yaml        |  14 +++
 4 files changed, 171 insertions(+)
 create mode 100644 tests/lua/lua-hashlib/README.md
 create mode 100644 tests/lua/lua-hashlib/test-hashing.lua
 create mode 100644 tests/lua/lua-hashlib/test.rules
 create mode 100644 tests/lua/lua-hashlib/test.yaml

diff --git a/tests/lua/lua-hashlib/README.md b/tests/lua/lua-hashlib/README.md
new file mode 100644
index 000000000..44266a221
--- /dev/null
+++ b/tests/lua/lua-hashlib/README.md
@@ -0,0 +1,5 @@
+Test Lua hashing lib:
+
+```
+local hashing = require("suricata.hashing")
+```
diff --git a/tests/lua/lua-hashlib/test-hashing.lua b/tests/lua/lua-hashlib/test-hashing.lua
new file mode 100644
index 000000000..df89e6976
--- /dev/null
+++ b/tests/lua/lua-hashlib/test-hashing.lua
@@ -0,0 +1,149 @@
+local hashlib = require("suricata.hashlib")
+
+local expected_sha256 = "080bdfdfcd8c2c7fce747f9be4603ced6253caac70894ad89d605309588c60f6"
+local expected_sha1 = "00f495ffd50c8b5ef3645f61486dae496db0fe2e"
+local expected_md5 = "27170ec0609347c6a158bb5b694822a5"
+
+function init (args)
+   local needs = {}
+   needs["dns.rrname"] = tostring(true)
+   return needs
+end
+
+local function tohex(str)
+    local hex = {}
+    for i = 1, #str do
+        hex[i] = string.format("%02x", string.byte(str, i))
+    end
+    return table.concat(hex)
+end
+
+function test_sha256(name)
+   -- Test one shot digest.
+   hash = hashlib.sha256_digest(name)
+   if tohex(hash) ~= expected_sha256 then
+      return false
+   end
+
+   -- Test one shot hex digest.
+   hash = hashlib.sha256_hexdigest(name)
+   if hash ~= expected_sha256 then
+      return false
+   end
+
+   -- Test hash with multiple updates.
+   hasher = hashlib.sha256()
+   hasher:update("www.")
+   hasher:update("suricata-ids.")
+   hasher:update("org")
+   hash = hasher:finalize()
+   if tohex(hash) ~= expected_sha256 then
+      return false
+   end
+
+   -- Test hash with multiple updates and hex finalization.
+   hasher = hashlib.sha256()
+   hasher:update("www.")
+   hasher:update("suricata-ids.")
+   hasher:update("org")
+   hash = hasher:finalize_to_hex()
+   if hash ~= expected_sha256 then
+      return false
+   end
+
+   return true
+end
+
+function test_sha1(name)
+   -- Test one shot digest.
+   hash = hashlib.sha1_digest(name)
+   if tohex(hash) ~= expected_sha1 then
+      return false
+   end
+
+   -- Test one shot hex digest.
+   hash = hashlib.sha1_hexdigest(name)
+   if hash ~= expected_sha1 then
+      return false
+   end
+
+   -- Test hash with multiple updates.
+   hasher = hashlib.sha1()
+   hasher:update("www.")
+   hasher:update("suricata-ids.")
+   hasher:update("org")
+   hash = hasher:finalize()
+   if tohex(hash) ~= expected_sha1 then
+      return false
+   end
+
+   -- Test hash with multiple updates and hex finalization.
+   hasher = hashlib.sha1()
+   hasher:update("www.")
+   hasher:update("suricata-ids.")
+   hasher:update("org")
+   hash = hasher:finalize_to_hex()
+   if hash ~= expected_sha1 then
+      return false
+   end
+
+   return true
+end
+
+function test_md5(name)
+   -- One shot digest.
+   hash = hashlib.md5_digest(name)
+   if tohex(hash) ~= expected_md5 then
+      return false
+   end
+
+   -- One shot hex digest.
+   hash = hashlib.md5_hexdigest(name)
+   if hash ~= expected_md5 then
+      return false
+   end
+
+   -- Test hash with multiple updates.
+   hasher = hashlib.md5()
+   hasher:update("www.")
+   hasher:update("suricata-ids.")
+   hasher:update("org")
+   hash = hasher:finalize()
+   if tohex(hash) ~= expected_md5 then
+      return false
+   end
+
+   -- Test hash with multiple updates and hex finalization.
+   hasher = hashlib.md5()
+   hasher:update("www.")
+   hasher:update("suricata-ids.")
+   hasher:update("org")
+   hash = hasher:finalize_to_hex()
+   if hash ~= expected_md5 then
+      return false
+   end
+
+   return true
+end
+
+function match(args)
+   rrname = tostring(args["dns.rrname"])
+
+   if not test_sha256(rrname) then
+      SCLogError("test_sha256 failed")
+      return 0
+   end
+
+   if not test_sha1(rrname) then
+      SCLogError("test_sha1 failed")
+      return 0
+   end
+
+   if not test_md5(rrname) then
+      SCLogError("test_md5 failed")
+      return 0
+   end
+
+   return 1
+end
+
diff --git a/tests/lua/lua-hashlib/test.rules b/tests/lua/lua-hashlib/test.rules
new file mode 100644
index 000000000..eef4c1fac
--- /dev/null
+++ b/tests/lua/lua-hashlib/test.rules
@@ -0,0 +1,3 @@
+alert dns any any -> any any (msg:"TEST DNS LUA dns.rrname"; \
+      dns.query.name; content: "www.suricata-ids.org"; \
+      lua:test-hashing.lua; sid:1; rev:1;)
diff --git a/tests/lua/lua-hashlib/test.yaml b/tests/lua/lua-hashlib/test.yaml
new file mode 100644
index 000000000..969e07cfe
--- /dev/null
+++ b/tests/lua/lua-hashlib/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../../cond-log-dns-dig/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - --set security.lua.allow-rules=true
+  - --set default-rule-path=.
+
+checks:
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
-- 
2.47.2