From d18045ee167179265055ed7f9a1e24394632b1a2 Mon Sep 17 00:00:00 2001
From: Arne Welzel <arne.welzel@corelight.com>
Date: Fri, 25 Oct 2024 10:48:49 +0200
Subject: [PATCH] testing: Add have-spicy-ssl helper and update tests

---
 .../btest/core/analyzer-confirmation-violation-info.zeek   | 2 +-
 testing/btest/coverage/bare-load-baseline.test             | 2 +-
 testing/btest/coverage/default-load-baseline.test          | 2 +-
 testing/btest/plugins/hooks.zeek                           | 2 +-
 .../scripts/base/protocols/ssl/certificate_request.zeek    | 2 +-
 testing/btest/scripts/base/protocols/ssl/dtls-13.test      | 2 +-
 .../btest/scripts/base/protocols/ssl/dtls-stun-dpd.test    | 2 +-
 testing/btest/scripts/base/protocols/ssl/dtls.test         | 2 +-
 testing/btest/scripts/base/protocols/ssl/keyexchange.test  | 2 +-
 testing/btest/scripts/policy/protocols/ssl/decryption.zeek | 2 +-
 .../btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek    | 2 +-
 testing/scripts/have-spicy-ssl                             | 7 +++++++
 12 files changed, 18 insertions(+), 11 deletions(-)
 create mode 100755 testing/scripts/have-spicy-ssl

diff --git a/testing/btest/core/analyzer-confirmation-violation-info.zeek b/testing/btest/core/analyzer-confirmation-violation-info.zeek
index 9ed3f1045f..2dbbfa0056 100644
--- a/testing/btest/core/analyzer-confirmation-violation-info.zeek
+++ b/testing/btest/core/analyzer-confirmation-violation-info.zeek
@@ -1,5 +1,5 @@
 # @TEST-DOC: The SSL analyzer picks up on the traffic in pppoe-over-qing, but then raises analyzer_violation_info
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h
+# @TEST-REQUIRES: ! have-spicy-ssl
 # @TEST-EXEC: zeek -r $TRACES/pppoe-over-qinq.pcap %INPUT
 # @TEST-EXEC: btest-diff .stdout
 
diff --git a/testing/btest/coverage/bare-load-baseline.test b/testing/btest/coverage/bare-load-baseline.test
index bc5602f832..8b73fb125c 100644
--- a/testing/btest/coverage/bare-load-baseline.test
+++ b/testing/btest/coverage/bare-load-baseline.test
@@ -9,7 +9,7 @@
 # below does. Don't ask. :-)
 
 # @TEST-REQUIRES: $SCRIPTS/have-spicy  # This test logs loaded scripts, so disable it if Spicy and it associated plugin is unavailable.
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h # Enabling Spicy SSL changes the loaded scripts, skip in this case
+# @TEST-REQUIRES: ! have-spicy-ssl  # Enabling Spicy SSL changes the loaded scripts, skip in this case
 # @TEST-EXEC: zeek -b misc/loaded-scripts
 # @TEST-EXEC: test -e loaded_scripts.log
 # @TEST-EXEC: cat loaded_scripts.log | grep -E -v '#' | awk 'NR>0{print $1}' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
diff --git a/testing/btest/coverage/default-load-baseline.test b/testing/btest/coverage/default-load-baseline.test
index 5c9e815255..2d098279fe 100644
--- a/testing/btest/coverage/default-load-baseline.test
+++ b/testing/btest/coverage/default-load-baseline.test
@@ -8,7 +8,7 @@
 # below does. Don't ask. :-)
 
 # @TEST-REQUIRES: ${SCRIPTS}/have-spicy
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h # Enabling Spicy SSL changes the loaded scripts, skip in this case
+# @TEST-REQUIRES: ! have-spicy-ssl  # Enabling Spicy SSL changes the loaded scripts, skip in this case
 # @TEST-EXEC: zeek misc/loaded-scripts
 # @TEST-EXEC: test -e loaded_scripts.log
 # @TEST-EXEC: cat loaded_scripts.log | grep -E -v '#' | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix
diff --git a/testing/btest/plugins/hooks.zeek b/testing/btest/plugins/hooks.zeek
index 00d7540e8b..b65d321230 100644
--- a/testing/btest/plugins/hooks.zeek
+++ b/testing/btest/plugins/hooks.zeek
@@ -1,6 +1,6 @@
 # @TEST-REQUIRES: test "${ZEEK_ZAM}" != "1"
 # @TEST-REQUIRES: ${SCRIPTS}/have-spicy  # This test logs loaded scripts, so disable it if Spicy and the associated plugin are unavailable.
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h # Enabling Spicy SSL changes baselines and thus changes raised events. Skip in this case.
+# @TEST-REQUIRES: ! have-spicy-ssl  # Enabling Spicy SSL changes baselines and thus changes raised events. Skip in this case.
 # @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Demo Hooks
 # @TEST-EXEC: cp -r %DIR/hooks-plugin/* .
 # @TEST-EXEC: ./configure --zeek-dist=${DIST} && make
diff --git a/testing/btest/scripts/base/protocols/ssl/certificate_request.zeek b/testing/btest/scripts/base/protocols/ssl/certificate_request.zeek
index e11af4d136..3c9973c298 100644
--- a/testing/btest/scripts/base/protocols/ssl/certificate_request.zeek
+++ b/testing/btest/scripts/base/protocols/ssl/certificate_request.zeek
@@ -1,7 +1,7 @@
 # This tests the certificate_request message parsing
 
 # Does not work in spicy version, due to missing DTLS support
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h
+# @TEST-REQUIRES: ! have-spicy-ssl
 
 # @TEST-EXEC: zeek -b -r $TRACES/tls/client-certificate.pcap %INPUT > out
 # @TEST-EXEC: zeek -C -b -r $TRACES/tls/certificate-request-failed.pcap %INPUT >> out
diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-13.test b/testing/btest/scripts/base/protocols/ssl/dtls-13.test
index fb8725b422..b2278fcd73 100644
--- a/testing/btest/scripts/base/protocols/ssl/dtls-13.test
+++ b/testing/btest/scripts/base/protocols/ssl/dtls-13.test
@@ -1,6 +1,6 @@
 # This tests a normal SSL connection and the log it outputs.
 
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h # DTLS not supported in Spicy SSL
+# @TEST-REQUIRES: ! have-spicy-ssl  # DTLS not supported in Spicy SSL
 # @TEST-EXEC: zeek -C -r $TRACES/tls/dtls13-wolfssl.pcap %INPUT
 # @TEST-EXEC: cp ssl.log ssl-all.log
 # @TEST-EXEC: echo "start CID test"
diff --git a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
index 88dedf3f14..847e4a529e 100644
--- a/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
+++ b/testing/btest/scripts/base/protocols/ssl/dtls-stun-dpd.test
@@ -1,4 +1,4 @@
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h # DTLS is not supported in Spicy SSL yet
+# @TEST-REQUIRES: ! have-spicy-ssl  # DTLS is not supported in Spicy SSL yet
 # @TEST-EXEC: zeek -b -r $TRACES/tls/webrtc-stun.pcap %INPUT
 # @TEST-EXEC: btest-diff ssl.log
 # @TEST-EXEC: touch dpd.log
diff --git a/testing/btest/scripts/base/protocols/ssl/dtls.test b/testing/btest/scripts/base/protocols/ssl/dtls.test
index 4e4fe3fff2..af88aed50b 100644
--- a/testing/btest/scripts/base/protocols/ssl/dtls.test
+++ b/testing/btest/scripts/base/protocols/ssl/dtls.test
@@ -1,6 +1,6 @@
 # This tests a normal SSL connection and the log it outputs.
 
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h # DTLS is not supported in Spicy SSL yet
+# @TEST-REQUIRES: ! have-spicy-ssl  # DTLS is not supported in Spicy SSL yet
 # @TEST-EXEC: zeek -b -r $TRACES/tls/dtls1_0.pcap %INPUT
 # @TEST-EXEC: btest-diff ssl.log
 # @TEST-EXEC: btest-diff x509.log
diff --git a/testing/btest/scripts/base/protocols/ssl/keyexchange.test b/testing/btest/scripts/base/protocols/ssl/keyexchange.test
index a7284e0759..1df1768f89 100644
--- a/testing/btest/scripts/base/protocols/ssl/keyexchange.test
+++ b/testing/btest/scripts/base/protocols/ssl/keyexchange.test
@@ -1,5 +1,5 @@
 # Does not work in spicy version, due to missing DTLS support
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h
+# @TEST-REQUIRES: ! have-spicy-ssl
 
 # @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT
 # @TEST-EXEC: cat ssl.log > ssl-all.log
diff --git a/testing/btest/scripts/policy/protocols/ssl/decryption.zeek b/testing/btest/scripts/policy/protocols/ssl/decryption.zeek
index bef4f26da3..0079a89d13 100644
--- a/testing/btest/scripts/policy/protocols/ssl/decryption.zeek
+++ b/testing/btest/scripts/policy/protocols/ssl/decryption.zeek
@@ -1,5 +1,5 @@
 # @TEST-REQUIRES: grep -q "#define OPENSSL_HAVE_KDF_H" $BUILD/zeek-config.h
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h # Decryption is not supported in Spicy SSL
+# @TEST-REQUIRES: ! have-spicy-ssl  # Decryption is not supported in Spicy SSL
 
 # @TEST-EXEC: zeek -B dpd -C -r $TRACES/tls/tls12-decryption.pcap %INPUT
 # @TEST-EXEC: btest-diff http.log
diff --git a/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek b/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek
index aa867dc70e..df1a11409c 100644
--- a/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek
+++ b/testing/btest/scripts/policy/protocols/ssl/ssl-log-ext.zeek
@@ -1,5 +1,5 @@
 # Does not work in spicy version, due to missing DTLS support
-# @TEST-REQUIRES: ! grep -q "#define ENABLE_SPICY_SSL" $BUILD/zeek-config.h
+# @TEST-REQUIRES: ! have-spicy-ssl
 
 # @TEST-EXEC: zeek -b -r $TRACES/tls/dhe.pcap %INPUT
 # @TEST-EXEC: cat ssl.log > ssl-all.log
diff --git a/testing/scripts/have-spicy-ssl b/testing/scripts/have-spicy-ssl
new file mode 100755
index 0000000000..d0ff5cd51a
--- /dev/null
+++ b/testing/scripts/have-spicy-ssl
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if grep -q "#define ENABLE_SPICY_SSL" "${BUILD}/zeek-config.h"; then
+    exit 0
+fi
+
+exit 1