Unable require scripts in lua

Hi, I use lua for detection, and an error in suricata.log

[111791 - W#01-enp0s8] 2024-06-06 10:50:59 Warning: detect-lua: Lua script failed to run successfully: /home/suricata/rules/hello.lua:47: attempt to call a nil value (global 'require')

my suricata version:

This is Suricata version 8.0.0-dev (8781e9352 2024-06-04)

my rule content:

alert http any any -> any any (msg:"nacos"; flow: established, to_server; http.uri; content:"/nacos/v1/cs/configs"; lua:hello.lua; flowbits: set, nacos.1000001; flowbits: noalert; classtype:bad-unknown; sid: 1000001; rev: 1;)

hello.lua script:

local nacos_default_secret = "SecretKey012345678901234567890123456789012345678901234567890123456789"
local common
local sha256

local function base64_url_decode(s)
    --local common        = require"common"
    local url_decode    = common.url_decode
    local base64_decode = common.base64_decode
    return base64_decode(url_decode(s))

local function verify_jwt(token, secret)
    --local sha256        = require"sha256"
    local hmac_sha256   = sha256.hmac_sha256
    local header_b64, payload_b64, signature_b64 = token:match("([^%.]+)%.([^%.]+)%.([^%.]+)")
    if not header_b64 or not payload_b64 or not signature_b64 then
        return false, "Invalid JWT format"

    local header = base64_url_decode(header_b64)
    local payload = base64_url_decode(payload_b64)
    local signature = base64_url_decode(signature_b64)

    local data = header_b64 .. "." .. payload_b64
    local expected_signature = hmac_sha256(secret, data)

    if signature == expected_signature then
        return true, "Valid JWT", payload
        return false, "Invalid JWT signature"

local function extract_access_token(url)
    local token = url:match("accessToken=([^&]+)")
    return token

function init (args)
    local needs = {}
    needs["http.uri"] = tostring(true)
    return needs

function match(args)
    sha256 = require"sha256"
    common = require"common"
    local http_uri = tostring(args["http.uri"])
    if not http_uri then
        return 0
    local token = extract_access_token(http_uri)
    if not token then
        return 0
    SCLogInfo("token: " .. token);
    local verified, message, payload = verify_jwt(token, nacos_default_secret)
    SCLogInfo("verified: " .. verified);
    SCLogInfo("message: " .. message);
    SCLogInfo("payload: " .. payload);
    if verified then
        return 1
        return 0

return 0

It’s unhappy about line 47, the sha256 = require"sha256". This is not a construct or syntax I recognize.

I tried require("sha256") , and have same error attempt to call a nil value (global 'require')
Is suricata-8.0.0-dev allow use require() to import customized script ?

ah you may be running into the new sandboxing logic. Loading of modules isn’t permitted. We plan to expose more functionality to the lua layer.

We created tickets to track some of these: