Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tests/luaxform: Lua transform tests #2090

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

tests/luaxform: Lua transform tests #2090

wants to merge 2 commits into from

Conversation

jlucovsky
Copy link
Contributor

@jlucovsky jlucovsky commented Oct 10, 2024
edited
Loading

Continuation of #2044

This commit adds tests for new Lua transform luaxform

  • Basic transform operation
  • Ensure non-existent Lua scripts are detected
  • Ensure Lua scripts without transform functions are detected
  • Ensure Lua scripts properly receive optional transform arguments

Ticket

If your pull request is related to a Suricata ticket, please provide
the full URL to the ticket here so this pull request can monitor
changes to the ticket status:

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/2290
Suricata PR: OISF/suricata#11930

jufajardini and others added 2 commits October 10, 2024 09:46
@jufajardini @jlucovsky
rules/test: add app-layer-protocol negated test
8003c9f 
To complement bug-7241 tests.
@jlucovsky
tests/luaxform: Lua transform tests
738b145 
This commit adds tests for new Lua transform
- Basic transform operation
- Ensure non-existent Lua scripts are detected
- Ensure Lua scripts without transform functions are detected
- Ensure Lua scripts properly receive optional transform arguments
@jlucovsky jlucovsky added the requires suricata pr Depends on a PR in Suricata label Oct 10, 2024
This was referenced Oct 10, 2024
Closed
Closed
Closed
Closed
@jlucovsky jlucovsky mentioned this pull request Oct 18, 2024
Closed
jufajardini
jufajardini requested changes Oct 29, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that maybe during rebasing there was a mishap with this commit: 8003c9f

:P

jufajardini
jufajardini reviewed Oct 29, 2024
View reviewed changes
tests/lua/lua-transform-04/test.yaml
pcap: ../lua-transform-01/test.pcap

checks:

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe nit, but why not have a check for the alert, here, too?

tests/lua/lua-transform-06/test.yaml
Comment on lines +10 to +16
checks:
- filter:
count: 0
match:
event_type: alert
alert.signature_id: 1
http.url: /exec_post.php
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

won't there be a warning or error here that we could also check for?

@jlucovsky jlucovsky mentioned this pull request Nov 1, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini jufajardini requested changes

Assignees
No one assigned
Labels
requires suricata pr Depends on a PR in Suricata
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jlucovsky @jufajardini