From c799799c35cc785442a72ed9ea3c663711f9396e Mon Sep 17 00:00:00 2001
From: Juliana Fajardini <jufajardini@gmail.com>
Date: Thu, 1 Jul 2021 19:57:11 +0100
Subject: [PATCH] tests: add lua SCFlowTuple test

---
 tests/lua-scflowtuple/README.md               |   1 +
 .../lua-scflowtuple/expected/scflow-tuple.log |   4 +++
 tests/lua-scflowtuple/input.pcap              | Bin 0 -> 1323 bytes
 tests/lua-scflowtuple/scflowtuple.lua         |  30 ++++++++++++++++++
 tests/lua-scflowtuple/suricata.yaml           |   9 ++++++
 tests/lua-scflowtuple/test.yaml               |   9 ++++++
 6 files changed, 53 insertions(+)
 create mode 100644 tests/lua-scflowtuple/README.md
 create mode 100644 tests/lua-scflowtuple/expected/scflow-tuple.log
 create mode 100644 tests/lua-scflowtuple/input.pcap
 create mode 100644 tests/lua-scflowtuple/scflowtuple.lua
 create mode 100644 tests/lua-scflowtuple/suricata.yaml
 create mode 100644 tests/lua-scflowtuple/test.yaml

diff --git a/tests/lua-scflowtuple/README.md b/tests/lua-scflowtuple/README.md
new file mode 100644
index 000000000..874e325ab
--- /dev/null
+++ b/tests/lua-scflowtuple/README.md
@@ -0,0 +1 @@
+Tests Lua's SCFlowTuple output.
diff --git a/tests/lua-scflowtuple/expected/scflow-tuple.log b/tests/lua-scflowtuple/expected/scflow-tuple.log
new file mode 100644
index 000000000..78a3d8e17
--- /dev/null
+++ b/tests/lua-scflowtuple/expected/scflow-tuple.log
@@ -0,0 +1,4 @@
+{10/06/2015-15:16:43.136335 [**]
+SCFlowTuple is
+IP Version:  4
+Src: 10.16.1.11:59733 -> Dst: 104.131.202.103:80 [**] Protocol: http(6)}
diff --git a/tests/lua-scflowtuple/input.pcap b/tests/lua-scflowtuple/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..eded33a58e3758214b70fdd45a0bdce5280a85ef
GIT binary patch
literal 1323
zc-no_PfXKL90%~XF>!V@!M_mX@Fc-MXuFpE0UHnewNpkwDML9(y6w?5jCQmg+ioU$
z*PC7tyuiteF($HjAO<5`yr37rsBs5OJbCcq!S}i_+?;FDW_|DFv+w)8U$@>of9eD-
zaB#VR13$M5$0H9;IKg%No7~`J6J7tyeonc;AOKeuv>wn?KNX@H9iGI!O=WK!jIK>w
zT_%f{oJQlL2mnskp%*TvoARC8en-X~b#;e{JaDQ)o+|o982}>xeo0iKgVDY5E%)ke
ztgkE`>wcKg59Eu&;wz%>%NZ>9VYIJWX8(e2XCA4@yn^+~yN#f*Tfi9|cHRvl6Y)J3
z$)=X8iH{djM7;C8s@Mz)J!i{BaZrNZsBEI3pGlx(QfD%{k&Lre)`B5P8ujulPgCP2
zGMHWkX_f$EX(Q?FV*MP;(Nst`$&emLv${5ea;%0dn(B?kPzsNCcspo{rby~YQ$-#A
zuCTxTGfDmNQ$>X**Cs>{u7k1rvzQtuUM0zi2wR-s8Ey@7SBj3s_Af;IU{n>Gf${oG
zxwyYq*vWBlWQeB5kTH)80cwh>W${dq_0iOTY#{+kX><v4K{yh#@Nzx?`GCL&1s?~+
zVTq>tb<M(+Vx(LOFSbzD@}`oqsvXRPk)~J)0rFim6_!nl8P?<Kw2I>Yu>%6f7wthw
zRs`4<2=YD@=n61A-?m?F=BBJE$P{2SXCV`hD)`@d9Qqd1FUJ!2C3H=K(}q3^r!#C?
z%d#=KG|7Z@eI}i%wno6m98qO#;p&t|;dyf|t;W4R*2i{Vu(zh6n5F8P0A~<NF>+F!
zN96R!#E2OcyOl`i<y=&}k+$1GZK?TL%-NsCaCsApo-KEN9k;`eorY2qZ;}Hf;*--g
zMZ*@uRmG!N^!zJswAO6duXfAsls8y@9jgskG<NQn8Z1v#B7SSFnbEW}4pn4q!0KCj
K*GI}S=KlbvRb?{(

literal 0
Hc-jL100001

diff --git a/tests/lua-scflowtuple/scflowtuple.lua b/tests/lua-scflowtuple/scflowtuple.lua
new file mode 100644
index 000000000..0bd878ceb
--- /dev/null
+++ b/tests/lua-scflowtuple/scflowtuple.lua
@@ -0,0 +1,30 @@
+-- simple SCFlowTuple log test
+name = "scflow-tuple.log"
+
+function init(args)
+    local needs = {}
+    needs["type"] = "flow"
+    return needs
+end
+
+function setup(args)
+    filename = SCLogPath() .. "/" .. name
+    file = assert(io.open(filename, "a"))
+    SCLogInfo("Lua SCFlowTuple Log Filename " .. filename)
+    flow = 0
+end
+
+function log(args)
+    startts = SCFlowTimeString()
+    ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()
+    proto_string = SCFlowAppLayerProto()
+
+    file:write ("{" .. startts .. " [**]\nSCFlowTuple is\nIP Version:  " .. ipver .. "\nSrc: " .. srcip .. ":" .. sp .. " -> Dst: " .. dstip .. ":" .. dp .. " [**] Protocol: " .. proto_string .. "(" .. proto .. ")}\n")
+    file:flush()
+    flow = flow + 1
+end
+
+function deinit(args)
+    SCLogInfo ("Flow tuples logged: " .. flow);
+    file:close(file)
+end
diff --git a/tests/lua-scflowtuple/suricata.yaml b/tests/lua-scflowtuple/suricata.yaml
new file mode 100644
index 000000000..4245578af
--- /dev/null
+++ b/tests/lua-scflowtuple/suricata.yaml
@@ -0,0 +1,9 @@
+%YAML 1.1
+---
+
+outputs:
+  - lua:
+      enabled: yes
+      scripts-dir: .
+      scripts:
+        - scflowtuple.lua
diff --git a/tests/lua-scflowtuple/test.yaml b/tests/lua-scflowtuple/test.yaml
new file mode 100644
index 000000000..27e944587
--- /dev/null
+++ b/tests/lua-scflowtuple/test.yaml
@@ -0,0 +1,9 @@
+requires:
+  features:
+    - HAVE_LUA
+
+checks:
+  - file-compare:
+      # A check that compares two files
+      filename: scflow-tuple.log
+      expected: expected/scflow-tuple.log
-- 
2.47.2