From b51e4785627ab2cf1e82f945df62a2ddddbcd300 Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Sat, 5 Apr 2025 22:54:12 +0200
Subject: [PATCH] ssh: adds test for lua

Ticket: 7607
---
 tests/ssh-lua-rules/test-ssh.lua | 17 +++++++++++++++++
 tests/ssh-lua-rules/test.rules   |  1 +
 tests/ssh-lua-rules/test.yaml    | 14 ++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 tests/ssh-lua-rules/test-ssh.lua
 create mode 100644 tests/ssh-lua-rules/test.rules
 create mode 100644 tests/ssh-lua-rules/test.yaml

diff --git a/tests/ssh-lua-rules/test-ssh.lua b/tests/ssh-lua-rules/test-ssh.lua
new file mode 100644
index 000000000..95666ee9b
--- /dev/null
+++ b/tests/ssh-lua-rules/test-ssh.lua
@@ -0,0 +1,17 @@
+local ssh = require("suricata.ssh")
+
+function init (args)
+   return {}
+end
+
+function match(args)
+   local tx = ssh.get_tx()
+   local proto = tx:server_proto()
+   if proto == "2.0" then
+      local soft = tx:server_software()
+      if soft == "OpenSSH_7.4" then
+         return 1
+      end
+   end
+   return 0
+end
diff --git a/tests/ssh-lua-rules/test.rules b/tests/ssh-lua-rules/test.rules
new file mode 100644
index 000000000..3306a9b2e
--- /dev/null
+++ b/tests/ssh-lua-rules/test.rules
@@ -0,0 +1 @@
+alert ssh:response_banner_done any any -> any any (msg:"TEST SSH LUA"; lua:test-ssh.lua; sid:1; rev:1;)
diff --git a/tests/ssh-lua-rules/test.yaml b/tests/ssh-lua-rules/test.yaml
new file mode 100644
index 000000000..f4a73ccc0
--- /dev/null
+++ b/tests/ssh-lua-rules/test.yaml
@@ -0,0 +1,14 @@
+pcap: ../ssh-banner-only/input.pcap
+
+requires:
+  min-version: 8
+
+args:
+  - -k none --set default-rule-path=. --simulate-ips
+
+checks:
+  - filter:
+      count: 1
+      match:
+        alert.signature_id: 1
+        pcap_cnt: 13
-- 
2.47.2