1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
|
#
# Wireshark tests
# By Gerald Combs <gerald@wireshark.org>
#
# Ported from a set of Bash scripts which were copyright 2005 Ulf Lamping
#
# SPDX-License-Identifier: GPL-2.0-or-later
#
'''Wireshark Lua scripting tests'''
import sys
import filecmp
import os.path
import shutil
import subprocess
import pytest
import logging
dhcp_pcap = 'dhcp.pcap'
dns_port_pcap = 'dns_port.pcap'
empty_pcap = 'empty.pcap'
segmented_fpm_pcap = 'segmented_fpm.pcap'
sip_pcapng = 'sip.pcapng'
sipmsg_log = 'sipmsg.log'
wpa_induction_pcap_gz = 'wpa-Induction.pcap.gz'
@pytest.fixture
def check_lua_script(cmd_tshark, features, dirs, capture_file, test_env):
if not features.have_lua:
pytest.skip('Test requires Lua scripting support.')
def check_lua_script_real(lua_script, cap_file, check_passed, *args):
tshark_cmd = [cmd_tshark,
'-r', capture_file(cap_file),
'-X', 'lua_script:' + os.path.join(dirs.lua_dir, lua_script)
]
tshark_cmd += args
tshark_proc = subprocess.run(tshark_cmd, check=True, capture_output=True, encoding='utf-8', env=test_env)
if check_passed:
logging.info(tshark_proc.stdout)
logging.info(tshark_proc.stderr)
if not 'All tests passed!' in tshark_proc.stdout:
pytest.fail("Some test failed, check the logs (eg: pytest --lf --log-cli-level=info)")
return tshark_proc
return check_lua_script_real
@pytest.fixture
def check_lua_script_verify(check_lua_script, result_file):
def check_lua_script_verify_real(lua_script, cap_file, check_stage_1=False, heur_regmode=None):
# First run tshark with the dissector script.
if heur_regmode is None:
tshark_proc = check_lua_script(lua_script, cap_file, check_stage_1,
'-V'
)
else:
tshark_proc = check_lua_script(lua_script, cap_file, check_stage_1,
'-V',
'-X', 'lua_script1:heur_regmode={}'.format(heur_regmode)
)
# then dump tshark's output to a verification file.
verify_file = result_file('testin.txt')
with open(verify_file, 'w', newline='\n') as f:
f.write(tshark_proc.stdout)
# finally run tshark again with the verification script and the verification file.
if heur_regmode is None:
check_lua_script('verify_dissector.lua', empty_pcap, True,
'-X', 'lua_script1:verify_file=' + verify_file,
)
else:
check_lua_script('verify_dissector.lua', empty_pcap, True,
'-X', 'lua_script1:verify_file=' + verify_file,
'-X', 'lua_script1:no_heur',
)
return check_lua_script_verify_real
class TestWslua:
def test_wslua_dir(self, check_lua_script):
'''wslua directory functions'''
check_lua_script('dir.lua', empty_pcap, True)
def test_wslua_util(self, check_lua_script):
'''wslua utility functions'''
check_lua_script('util.lua', empty_pcap, True)
# Mode_1, mode_2, and mode_3, and fpm were all under wslua_step_dissector_test
# in the Bash version.
def test_wslua_dissector_mode_1(self, check_lua_script_verify):
'''wslua dissector functions, mode 1'''
check_lua_script_verify('dissector.lua', dns_port_pcap)
def test_wslua_dissector_mode_2(self, check_lua_script_verify):
'''wslua dissector functions, mode 2'''
check_lua_script_verify('dissector.lua', dns_port_pcap, heur_regmode=2)
def test_wslua_dissector_mode_3(self, check_lua_script_verify):
'''wslua dissector functions, mode 3'''
check_lua_script_verify('dissector.lua', dns_port_pcap, heur_regmode=3)
def test_wslua_dissector_fpm(self, check_lua_script):
'''wslua dissector functions, fpm'''
tshark_fpm_tcp_proc = check_lua_script('dissectFPM.lua', segmented_fpm_pcap, False,
'-T', 'fields',
'-e', 'frame.number',
'-e', 'fpm',
'-e', 'fpm.version',
'-e', 'fpm.type',
'-e', 'fpm.length',
'-o', 'fpm.dissect_tcp:true'
)
tshark_fpm_no_tcp_proc = check_lua_script('dissectFPM.lua', segmented_fpm_pcap, False,
'-T', 'fields',
'-e', 'frame.number',
'-e', 'fpm',
'-e', 'fpm.version',
'-e', 'fpm.type',
'-e', 'fpm.length',
'-o', 'fpm.dissect_tcp:false'
)
assert tshark_fpm_tcp_proc.stdout == tshark_fpm_no_tcp_proc.stdout
def test_wslua_field(self, check_lua_script):
'''wslua fields'''
check_lua_script('field.lua', dhcp_pcap, True, '-q', '-c1')
# reader, writer, and acme_reader were all under wslua_step_file_test
# in the Bash version.
def test_wslua_file_reader(self, check_lua_script, cmd_tshark, capture_file, test_env):
'''wslua file reader'''
cap_file_1 = capture_file(dhcp_pcap)
cap_file_2 = capture_file(wpa_induction_pcap_gz)
# First run tshark with the pcap_file_reader script.
lua_proc_1 = check_lua_script('pcap_file.lua', cap_file_1, False)
lua_proc_2 = check_lua_script('pcap_file.lua', cap_file_2, False)
lua_out = lua_proc_1.stdout + lua_proc_2.stdout
# then run tshark again without the script
tshark_proc_1 = subprocess.run((cmd_tshark, '-r', cap_file_1), check=True, capture_output=True, encoding='utf-8', env=test_env)
tshark_proc_2 = subprocess.run((cmd_tshark, '-r', cap_file_2), check=True, capture_output=True, encoding='utf-8', env=test_env)
tshark_out = tshark_proc_1.stdout + tshark_proc_2.stdout
assert lua_out == tshark_out
def test_wslua_file_writer(self, check_lua_script, capture_file, result_file):
'''wslua file writer'''
cap_file_1 = capture_file(dhcp_pcap)
cap_file_2 = result_file('lua_writer.pcap')
# Generate a new capture file using the Lua writer.
check_lua_script('pcap_file.lua', cap_file_1, False,
'-w', cap_file_2,
'-F', 'lua_pcap2',
)
assert filecmp.cmp(cap_file_1, cap_file_2), cap_file_1 + ' differs from ' + cap_file_2
def test_wslua_file_acme_reader(self, check_lua_script, cmd_tshark, capture_file, result_file, test_env):
'''wslua acme file reader'''
cap_file = result_file('lua_acme_reader.pcap')
# Read an acme sipmsg.log using the acme Lua reader, writing it out as pcapng.
check_lua_script('acme_file.lua', sipmsg_log, False,
'-w', cap_file,
'-F', 'pcapng',
)
# Read lua_acme_reader.pcap and sip.pcapng and compare their verbose outputs.
tshark_proc_1 = subprocess.run((cmd_tshark,
'-r', cap_file,
'-V'
), check=True, capture_output=True, encoding='utf-8', env=test_env)
tshark_proc_2 = subprocess.run((cmd_tshark,
'-r', capture_file(sip_pcapng),
'-V'
), check=True, capture_output=True, encoding='utf-8', env=test_env)
assert tshark_proc_1.stdout == tshark_proc_2.stdout
def test_wslua_listener(self, check_lua_script):
'''wslua listener'''
check_lua_script('listener.lua', dhcp_pcap, True)
def test_wslua_nstime(self, check_lua_script):
'''wslua nstime'''
check_lua_script('nstime.lua', dhcp_pcap, True, '-q')
def test_wslua_pinfo(self, check_lua_script):
'''wslua pinfo'''
check_lua_script('pinfo.lua', dhcp_pcap, True)
def test_wslua_proto(self, check_lua_script):
'''wslua proto'''
check_lua_script('proto.lua', empty_pcap, True)
def test_wslua_byte_array(self, check_lua_script):
'''wslua byte_array'''
check_lua_script('byte_array.lua', empty_pcap, True)
def test_wslua_protofield_tree(self, check_lua_script):
'''wslua protofield with a tree'''
check_lua_script('protofield.lua', dns_port_pcap, True,
'-V',
'-Y', 'test.filtered==1',
)
def test_wslua_protofield_no_tree(self, check_lua_script):
'''wslua protofield without a tree'''
check_lua_script('protofield.lua', dns_port_pcap, True,
'-Y', 'test.filtered==1',
)
def test_wslua_int64(self, check_lua_script):
'''wslua int64'''
check_lua_script('int64.lua', empty_pcap, True)
def test_wslua_args_1(self, check_lua_script):
'''wslua args 1'''
check_lua_script('script_args.lua', empty_pcap, True,
'-X', 'lua_script1:1',
)
def test_wslua_args_2(self, check_lua_script):
'''wslua args 2'''
check_lua_script('script_args.lua', empty_pcap, True,
'-X', 'lua_script1:3',
'-X', 'lua_script1:foo',
'-X', 'lua_script1:bar',
)
def test_wslua_args_3(self, check_lua_script, dirs):
'''wslua args 3'''
check_lua_script('script_args.lua', empty_pcap, True,
'-X', 'lua_script:' + os.path.join(dirs.lua_dir, 'script_args.lua'),
'-X', 'lua_script1:3',
'-X', 'lua_script2:1',
'-X', 'lua_script1:foo',
'-X', 'lua_script1:bar',
)
def test_wslua_args_4(self, check_lua_script):
'''wslua args 4'''
tshark_proc = check_lua_script('script_args.lua', empty_pcap, False)
assert 'All tests passed!' not in tshark_proc.stdout
def test_wslua_args_5(self, check_lua_script):
'''wslua args 5'''
tshark_proc = check_lua_script('script_args.lua', empty_pcap, False,
'-X', 'lua_script1:3',
)
assert 'All tests passed!' not in tshark_proc.stdout
def test_wslua_globals(self, check_lua_script, dirs):
'''wslua globals'''
check_lua_script('verify_globals.lua', empty_pcap, True,
'-X', 'lua_script1:' + os.path.join(dirs.lua_dir, ''),
'-X', 'lua_script1:' + os.path.join(dirs.lua_dir, 'globals_2.2.txt'),
)
def test_wslua_struct(self, check_lua_script):
'''wslua struct'''
check_lua_script('struct.lua', empty_pcap, True)
def test_wslua_tvb_tree(self, check_lua_script):
'''wslua tvb with a tree'''
check_lua_script('tvb.lua', dns_port_pcap, True, '-c1', '-V')
def test_wslua_tvb_no_tree(self, check_lua_script):
'''wslua tvb without a tree'''
check_lua_script('tvb.lua', dns_port_pcap, True, '-c1')
def test_wslua_try_heuristics(self, check_lua_script):
'''wslua try_heuristics'''
check_lua_script('try_heuristics.lua', dns_port_pcap, True)
def test_wslua_add_packet_field(self, check_lua_script):
'''wslua add_packet_field'''
check_lua_script('add_packet_field.lua', dns_port_pcap, True)
class TestWsluaUnicode:
def test_wslua_unicode(self, cmd_tshark, features, dirs, capture_file, unicode_env):
'''Check handling of unicode paths.'''
if not features.have_lua:
pytest.skip('Test requires Lua scripting support.')
if sys.platform == 'win32' and not features.have_lua_unicode:
pytest.skip('Test requires a patched Lua build with UTF-8 support.')
# Prepare test environment, put files in the right places.
uni_script = os.path.join(unicode_env.pluginsdir, 'script-Ф-€-中.lua')
shutil.copy(os.path.join(dirs.lua_dir, 'unicode.lua'), uni_script)
with open(unicode_env.path('load-Ф-€-中.lua'), 'w', encoding='utf8') as f:
f.write('return "Contents of Ф-€-中"\n')
uni_pcap = unicode_env.path('file-Ф-€-中.pcap')
shutil.copy(capture_file('empty.pcap'), uni_pcap)
# Run process from a Unicode path as working directory.
proc = subprocess.Popen((cmd_tshark, '-r', uni_pcap), env=unicode_env.env,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
cwd=unicode_env.path())
stdout, stderr = proc.communicate(timeout=60)
stdout_str = stdout.decode('utf8', 'replace')
stderr_str = stderr.decode('utf8', 'replace')
assert 'All tests passed!' in stdout_str
assert stderr_str == ""
with open(unicode_env.path('written-by-lua-Ф-€-中.txt'), encoding='utf8') as f:
assert f.read() == 'Feedback from Lua: Ф-€-中\n'
|