From f1775e95660b57330747c7a3e1ca5e5fab1e72fa Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sun, 19 Jan 2025 10:53:30 +0100 Subject: [PATCH 1/5] detect/lua: remove unused tls flag --- src/detect-lua.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/detect-lua.c b/src/detect-lua.c index 418e423d6ef1..6fd3d891c4ee 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -116,7 +116,6 @@ void DetectLuaRegister(void) #define FLAG_DATATYPE_DNS_RRNAME BIT_U32(15) #define FLAG_DATATYPE_DNS_REQUEST BIT_U32(16) #define FLAG_DATATYPE_DNS_RESPONSE BIT_U32(17) -#define FLAG_DATATYPE_TLS BIT_U32(18) #define FLAG_DATATYPE_SSH BIT_U32(19) #define FLAG_DATATYPE_SMTP BIT_U32(20) #define FLAG_DATATYPE_DNP3 BIT_U32(21) @@ -853,8 +852,6 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const ld->alproto = ALPROTO_TLS; - ld->flags |= FLAG_DATATYPE_TLS; - } else if (strncmp(k, "ssh", 3) == 0 && strcmp(v, "true") == 0) { ld->alproto = ALPROTO_SSH; From a168a26829cf8d0511a043d02a02f17abc7b2211 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Sun, 19 Jan 2025 10:53:54 +0100 Subject: [PATCH 2/5] detect/lua: minor code cleanup --- src/detect-lua.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/detect-lua.c b/src/detect-lua.c index 6fd3d891c4ee..b7c5c9f1b295 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -898,20 +898,18 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const */ static int DetectLuaSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str) { - DetectLuaData *lua = NULL; - /* First check if Lua rules are enabled, by default Lua in rules * is disabled. */ int enabled = 0; (void)ConfGetBool("security.lua.allow-rules", &enabled); if (!enabled) { SCLogError("Lua rules disabled by security configuration: security.lua.allow-rules"); - goto error; + return -1; } - lua = DetectLuaParse(de_ctx, str); + DetectLuaData *lua = DetectLuaParse(de_ctx, str); if (lua == NULL) - goto error; + return -1; /* Load lua sandbox configurations */ intmax_t lua_alloc_limit = DEFAULT_LUA_ALLOC_LIMIT; From 892cac2490f2082ebdf3bc131b9f36ba2e9929f9 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 21 Jan 2025 20:03:17 +0100 Subject: [PATCH 3/5] lua: add initial suricata.packet lib Example: ``` local packet = require "suricata.packet" function init (args) local needs = {} return needs end function match (args) p = packet.get() payload = p:payload() ts = p:timestring() for line in payload:gmatch("([^\r\n]*)[\r\n]+") do if line == "GET /index.html HTTP/1.0" then ipver, srcip, dstip, proto, sp, dp = p:tuple() SCLogNotice(string.format("%s %s->%s %d->%d (pcap_cnt:%d) match! %s", ts, srcip, dstip, sp, dp, p:pcap_cnt(), line)); return 1 end end return 0 end ``` Methods: `get` creates the packet object. `payload` returns the packet payload as a buffer `packet` returns the whole packet (includes headers) `pcap_cnt` returns the `pcap_cnt` (pcap file mode only) `tuple` returns various fields: srcip, dstip, proto, sp, dp `timestamp` returns time as 2 numbers: seconds and microseconds `timestring` returns a timestamp as a string Ticket: #7488. --- src/Makefile.am | 2 + src/util-lua-builtins.c | 2 + src/util-lua-packetlib.c | 265 +++++++++++++++++++++++++++++++++++++++ src/util-lua-packetlib.h | 25 ++++ 4 files changed, 294 insertions(+) create mode 100644 src/util-lua-packetlib.c create mode 100644 src/util-lua-packetlib.h diff --git a/src/Makefile.am b/src/Makefile.am index 1b1d8fca6144..605ce6a90ba1 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -519,6 +519,7 @@ noinst_HEADERS = \ util-lua-hassh.h \ util-lua-http.h \ util-lua-ja3.h \ + util-lua-packetlib.h \ util-lua-sandbox.h \ util-lua-smtp.h \ util-lua-ssh.h \ @@ -1071,6 +1072,7 @@ libsuricata_c_a_SOURCES = \ util-lua-hassh.c \ util-lua-http.c \ util-lua-ja3.c \ + util-lua-packetlib.c \ util-lua-sandbox.c \ util-lua-smtp.c \ util-lua-ssh.c \ diff --git a/src/util-lua-builtins.c b/src/util-lua-builtins.c index c826df4d9f6d..565eb98bee59 100644 --- a/src/util-lua-builtins.c +++ b/src/util-lua-builtins.c @@ -19,12 +19,14 @@ #include "util-lua-builtins.h" #include "util-lua-hashlib.h" #include "util-lua-dataset.h" +#include "util-lua-packetlib.h" #include "lauxlib.h" static const luaL_Reg builtins[] = { { "suricata.hashlib", SCLuaLoadHashlib }, { "suricata.dataset", LuaLoadDatasetLib }, + { "suricata.packet", LuaLoadPacketLib }, { NULL, NULL }, }; diff --git a/src/util-lua-packetlib.c b/src/util-lua-packetlib.c new file mode 100644 index 000000000000..952f61469003 --- /dev/null +++ b/src/util-lua-packetlib.c @@ -0,0 +1,265 @@ +/* Copyright (C) 2025 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file + * + * Packet API for Lua. + * + * local packet = require("suricata.packet") + */ + +#include "suricata-common.h" + +#include "util-lua-packetlib.h" + +#include "app-layer-protos.h" /* Required by util-lua-common. */ +#include "util-lua-common.h" +#include "util-lua.h" +#include "util-debug.h" +#include "util-print.h" + +/* key for p (packet) pointer */ +extern const char lua_ext_key_p[]; +static const char suricata_packet[] = "suricata:packet"; + +struct LuaPacket { + Packet *p; +}; + +static int LuaPacketGC(lua_State *luastate) +{ + SCLogDebug("gc:start"); + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + SCLogDebug("packet %p", s->p); + s->p = NULL; + SCLogDebug("gc:done"); + return 0; +} + +static int LuaPacketPayload(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + + LuaPushStringBuffer(luastate, (const uint8_t *)s->p->payload, (size_t)s->p->payload_len); + return 1; +} + +static int LuaPacketPacket(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + + LuaPushStringBuffer(luastate, (const uint8_t *)GET_PKT_DATA(s->p), (size_t)GET_PKT_LEN(s->p)); + return 1; +} + +static int LuaPacketPcapCnt(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + + lua_pushinteger(luastate, s->p->pcap_cnt); + return 1; +} + +static int LuaPacketTimestring(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + + char timebuf[64]; + CreateTimeString(s->p->ts, timebuf, sizeof(timebuf)); + lua_pushstring(luastate, timebuf); + return 1; +} + +static int LuaPacketTimestamp(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + + lua_pushnumber(luastate, (double)SCTIME_SECS(s->p->ts)); + lua_pushnumber(luastate, (double)SCTIME_USECS(s->p->ts)); + return 2; +} + +/** \internal + * \brief fill lua stack with header info + * \param luastate the lua state + * \retval cnt number of data items placed on the stack + * + * Places: ipver (number), src ip (string), dst ip (string), protocol (number), + * sp or icmp type (number), dp or icmp code (number). + */ +static int LuaPacketTuple(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + Packet *p = s->p; + + int ipver = 0; + if (PacketIsIPv4(p)) { + ipver = 4; + } else if (PacketIsIPv6(p)) { + ipver = 6; + } + lua_pushinteger(luastate, ipver); + if (ipver == 0) + return 1; + + char srcip[46] = "", dstip[46] = ""; + if (PacketIsIPv4(p)) { + PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip)); + PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip)); + } else if (PacketIsIPv6(p)) { + PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip)); + PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip)); + } + + lua_pushstring(luastate, srcip); + lua_pushstring(luastate, dstip); + + /* proto and ports (or type/code) */ + lua_pushinteger(luastate, p->proto); + if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) { + lua_pushinteger(luastate, p->sp); + lua_pushinteger(luastate, p->dp); + + } else if (p->proto == IPPROTO_ICMP || p->proto == IPPROTO_ICMPV6) { + lua_pushinteger(luastate, p->icmp_s.type); + lua_pushinteger(luastate, p->icmp_s.code); + } else { + lua_pushinteger(luastate, 0); + lua_pushinteger(luastate, 0); + } + + return 6; +} + +/** \internal + * \brief get tcp/udp/sctp source port + * \param luastate the lua state + */ +static int LuaPacketSport(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + Packet *p = s->p; + + switch (p->proto) { + case IPPROTO_TCP: + case IPPROTO_UDP: + case IPPROTO_SCTP: + lua_pushinteger(luastate, p->sp); + break; + default: + LUA_ERROR("sp only available for tcp, udp and sctp"); + } + + return 1; +} + +/** \internal + * \brief get tcp/udp/sctp dest port + * \param luastate the lua state + */ +static int LuaPacketDport(lua_State *luastate) +{ + struct LuaPacket *s = (struct LuaPacket *)lua_touserdata(luastate, 1); + if (s == NULL || s->p == NULL) { + LUA_ERROR("failed to get packet"); + } + Packet *p = s->p; + + switch (p->proto) { + case IPPROTO_TCP: + case IPPROTO_UDP: + case IPPROTO_SCTP: + lua_pushinteger(luastate, p->dp); + break; + default: + LUA_ERROR("dp only available for tcp, udp and sctp"); + } + + return 1; +} + +static int LuaPacketGet(lua_State *luastate) +{ + Packet *p = LuaStateGetPacket(luastate); + if (p == NULL) { + LUA_ERROR("failed to get packet"); + } + + struct LuaPacket *s = (struct LuaPacket *)lua_newuserdata(luastate, sizeof(*s)); + if (s == NULL) { + LUA_ERROR("failed to get userdata"); + } + s->p = p; + luaL_getmetatable(luastate, suricata_packet); + lua_setmetatable(luastate, -2); + return 1; +} + +static const luaL_Reg packetlib[] = { + // clang-format off + { "get", LuaPacketGet }, + { NULL, NULL } + // clang-format on +}; + +static const luaL_Reg packetlib_meta[] = { + // clang-format off + { "packet", LuaPacketPacket }, + { "payload", LuaPacketPayload }, + { "pcap_cnt", LuaPacketPcapCnt }, + { "timestring", LuaPacketTimestring }, + { "timestamp", LuaPacketTimestamp }, + { "tuple", LuaPacketTuple }, + { "sp", LuaPacketSport }, + { "dp", LuaPacketDport }, + { "__gc", LuaPacketGC }, + { NULL, NULL } + // clang-format on +}; + +int LuaLoadPacketLib(lua_State *luastate) +{ + luaL_newmetatable(luastate, suricata_packet); + lua_pushvalue(luastate, -1); + lua_setfield(luastate, -2, "__index"); + luaL_setfuncs(luastate, packetlib_meta, 0); + + luaL_newlib(luastate, packetlib); + return 1; +} diff --git a/src/util-lua-packetlib.h b/src/util-lua-packetlib.h new file mode 100644 index 000000000000..8d9393edee79 --- /dev/null +++ b/src/util-lua-packetlib.h @@ -0,0 +1,25 @@ +/* Copyright (C) 2025 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +#ifndef SURICATA_UTIL_LUA_PACKET_H +#define SURICATA_UTIL_LUA_PACKET_H + +#include "lua.h" + +int LuaLoadPacketLib(lua_State *luastate); + +#endif /* SURICATA_UTIL_LUA_DATASET_H */ From 307e87604a8949d8b039305fe2904a81435a0a4c Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Tue, 21 Jan 2025 20:14:07 +0100 Subject: [PATCH 4/5] lua: remove old lua payload/packet calls Moving forward the packetlib is to be used. Ticket: #7488. --- src/detect-lua.c | 10 --- src/util-lua-common.c | 156 ------------------------------------------ 2 files changed, 166 deletions(-) diff --git a/src/detect-lua.c b/src/detect-lua.c index b7c5c9f1b295..93306b2cc9d3 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -353,16 +353,6 @@ static int DetectLuaMatch (DetectEngineThreadCtx *det_ctx, lua_getglobal(tlua->luastate, "match"); lua_newtable(tlua->luastate); /* stack at -1 */ - if ((tlua->flags & FLAG_DATATYPE_PAYLOAD) && p->payload_len) { - lua_pushliteral(tlua->luastate, "payload"); /* stack at -2 */ - LuaPushStringBuffer (tlua->luastate, (const uint8_t *)p->payload, (size_t)p->payload_len); /* stack at -3 */ - lua_settable(tlua->luastate, -3); - } - if ((tlua->flags & FLAG_DATATYPE_PACKET) && GET_PKT_LEN(p)) { - lua_pushliteral(tlua->luastate, "packet"); /* stack at -2 */ - LuaPushStringBuffer (tlua->luastate, (const uint8_t *)GET_PKT_DATA(p), (size_t)GET_PKT_LEN(p)); /* stack at -3 */ - lua_settable(tlua->luastate, -3); - } if (tlua->alproto == ALPROTO_HTTP1) { HtpState *htp_state = p->flow->alstate; if (htp_state != NULL && htp_state->connp != NULL) { diff --git a/src/util-lua-common.c b/src/util-lua-common.c index 4811bd9d7d79..94d562e0ad9d 100644 --- a/src/util-lua-common.c +++ b/src/util-lua-common.c @@ -133,90 +133,6 @@ static int LuaCallbackStreamingBuffer(lua_State *luastate) return LuaCallbackStreamingBufferPushToStack(luastate, b); } -/** \internal - * \brief fill lua stack with payload - * \param luastate the lua state - * \param p packet - * \retval cnt number of data items placed on the stack - * - * Places: payload (string) - */ -static int LuaCallbackPacketPayloadPushToStackFromPacket(lua_State *luastate, const Packet *p) -{ - lua_pushlstring (luastate, (const char *)p->payload, p->payload_len); - return 1; -} - -/** \internal - * \brief Wrapper for getting payload into a lua script - * \retval cnt number of items placed on the stack - */ -static int LuaCallbackPacketPayload(lua_State *luastate) -{ - const Packet *p = LuaStateGetPacket(luastate); - if (p == NULL) - return LuaCallbackError(luastate, "internal error: no packet"); - - return LuaCallbackPacketPayloadPushToStackFromPacket(luastate, p); -} - -/** \internal - * \brief fill lua stack with packet timestamp - * \param luastate the lua state - * \param p packet - * \retval cnt number of data items placed on the stack - * - * Places: seconds (number), microseconds (number) - */ -static int LuaCallbackTimestampPushToStack(lua_State *luastate, const SCTime_t ts) -{ - lua_pushnumber(luastate, (double)SCTIME_SECS(ts)); - lua_pushnumber(luastate, (double)SCTIME_USECS(ts)); - return 2; -} - -/** \internal - * \brief fill lua stack with header info - * \param luastate the lua state - * \param p packet - * \retval cnt number of data items placed on the stack - * - * Places: ts (string) - */ -static int LuaCallbackTimeStringPushToStackFromPacket(lua_State *luastate, const Packet *p) -{ - char timebuf[64]; - CreateTimeString(p->ts, timebuf, sizeof(timebuf)); - lua_pushstring (luastate, timebuf); - return 1; -} - -/** \internal - * \brief Wrapper for getting packet timestamp (as numbers) into a lua script - * \retval cnt number of items placed on the stack - */ -static int LuaCallbackPacketTimestamp(lua_State *luastate) -{ - const Packet *p = LuaStateGetPacket(luastate); - if (p == NULL) - return LuaCallbackError(luastate, "internal error: no packet"); - - return LuaCallbackTimestampPushToStack(luastate, p->ts); -} - -/** \internal - * \brief Wrapper for getting tuple info into a lua script - * \retval cnt number of items placed on the stack - */ -static int LuaCallbackPacketTimeString(lua_State *luastate) -{ - const Packet *p = LuaStateGetPacket(luastate); - if (p == NULL) - return LuaCallbackError(luastate, "internal error: no packet"); - - return LuaCallbackTimeStringPushToStackFromPacket(luastate, p); -} - /** \internal * \brief fill lua stack with flow timestamps * \param luastate the lua state @@ -314,69 +230,6 @@ static int LuaCallbackFlowHasAlerts(lua_State *luastate) return r; } -/** \internal - * \brief fill lua stack with header info - * \param luastate the lua state - * \param p packet - * \retval cnt number of data items placed on the stack - * - * Places: ipver (number), src ip (string), dst ip (string), protocol (number), - * sp or icmp type (number), dp or icmp code (number). - */ -static int LuaCallbackTuplePushToStackFromPacket(lua_State *luastate, const Packet *p) -{ - int ipver = 0; - if (PacketIsIPv4(p)) { - ipver = 4; - } else if (PacketIsIPv6(p)) { - ipver = 6; - } - lua_pushinteger(luastate, ipver); - if (ipver == 0) - return 1; - - char srcip[46] = "", dstip[46] = ""; - if (PacketIsIPv4(p)) { - PrintInet(AF_INET, (const void *)GET_IPV4_SRC_ADDR_PTR(p), srcip, sizeof(srcip)); - PrintInet(AF_INET, (const void *)GET_IPV4_DST_ADDR_PTR(p), dstip, sizeof(dstip)); - } else if (PacketIsIPv6(p)) { - PrintInet(AF_INET6, (const void *)GET_IPV6_SRC_ADDR(p), srcip, sizeof(srcip)); - PrintInet(AF_INET6, (const void *)GET_IPV6_DST_ADDR(p), dstip, sizeof(dstip)); - } - - lua_pushstring (luastate, srcip); - lua_pushstring (luastate, dstip); - - /* proto and ports (or type/code) */ - lua_pushinteger(luastate, p->proto); - if (p->proto == IPPROTO_TCP || p->proto == IPPROTO_UDP) { - lua_pushinteger(luastate, p->sp); - lua_pushinteger(luastate, p->dp); - - } else if (p->proto == IPPROTO_ICMP || p->proto == IPPROTO_ICMPV6) { - lua_pushinteger(luastate, p->icmp_s.type); - lua_pushinteger(luastate, p->icmp_s.code); - } else { - lua_pushinteger(luastate, 0); - lua_pushinteger(luastate, 0); - } - - return 6; -} - -/** \internal - * \brief Wrapper for getting tuple info into a lua script - * \retval cnt number of items placed on the stack - */ -static int LuaCallbackTuple(lua_State *luastate) -{ - const Packet *p = LuaStateGetPacket(luastate); - if (p == NULL) - return LuaCallbackError(luastate, "internal error: no packet"); - - return LuaCallbackTuplePushToStackFromPacket(luastate, p); -} - /** \internal * \brief fill lua stack with header info * \param luastate the lua state @@ -931,15 +784,6 @@ static int LuaCallbackThreadInfo(lua_State *luastate) int LuaRegisterFunctions(lua_State *luastate) { /* registration of the callbacks */ - lua_pushcfunction(luastate, LuaCallbackPacketPayload); - lua_setglobal(luastate, "SCPacketPayload"); - lua_pushcfunction(luastate, LuaCallbackPacketTimestamp); - lua_setglobal(luastate, "SCPacketTimestamp"); - lua_pushcfunction(luastate, LuaCallbackPacketTimeString); - lua_setglobal(luastate, "SCPacketTimeString"); - lua_pushcfunction(luastate, LuaCallbackTuple); - lua_setglobal(luastate, "SCPacketTuple"); - lua_pushcfunction(luastate, LuaCallbackFlowTimestamps); lua_setglobal(luastate, "SCFlowTimestamps"); lua_pushcfunction(luastate, LuaCallbackFlowTimeString); From 5f8158ed1e7dc13a46aca2330db037d5460f6007 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 22 Jan 2025 19:28:43 +0100 Subject: [PATCH 5/5] detect/lua: register built-in libs also for open setup Register internal libs for the case where loading external modules is allowed. --- src/detect-lua.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/detect-lua.c b/src/detect-lua.c index 93306b2cc9d3..e5a8cb28c78d 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -57,6 +57,7 @@ #include "util-var-name.h" #include "util-lua.h" +#include "util-lua-builtins.h" #include "util-lua-sandbox.h" static int DetectLuaMatch (DetectEngineThreadCtx *, @@ -474,6 +475,7 @@ static void *DetectLuaThreadInit(void *data) if (lua->allow_restricted_functions) { luaL_openlibs(t->luastate); + SCLuaRequirefBuiltIns(t->luastate); } else { SCLuaSbLoadLibs(t->luastate); } @@ -589,6 +591,7 @@ static int DetectLuaSetupPrime(DetectEngineCtx *de_ctx, DetectLuaData *ld, const return -1; if (ld->allow_restricted_functions) { luaL_openlibs(luastate); + SCLuaRequirefBuiltIns(luastate); } else { SCLuaSbLoadLibs(luastate); }