detect/byte_jump: use list util in tests; cleanups

author Victor Julien <vjulien@oisf.net>

Fri, 17 Mar 2023 13:19:47 +0000 (14:19 +0100)

committer Victor Julien <vjulien@oisf.net>

Sat, 15 Apr 2023 05:02:49 +0000 (07:02 +0200)
author Victor Julien <vjulien@oisf.net>
Fri, 17 Mar 2023 13:19:47 +0000 (14:19 +0100)
committer Victor Julien <vjulien@oisf.net>
Sat, 15 Apr 2023 05:02:49 +0000 (07:02 +0200)
diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c

index f20c31593ac87a27f1cc1389b09fb2aaa4f00d66..a15eb6145a147c8089c270ff62ba9d27c9a2498a 100644 (file)
--- a/src/detect-bytejump.c
+++ b/src/detect-bytejump.c
@@ -826,34 +826,33 @@ static int DetectBytejumpTestParse08(void)
  static int DetectBytejumpTestParse09(void)
  {
      Signature *s = SigAlloc();
-    if (s == NULL)
-        return 0;
-
-    int result = 1;
-
-    if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) {
-        SigFree(NULL, s);
-        return 0;
-    }
-
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, align, multiplier 2, "
-                                   "post_offset -16,dce") == 0);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, multiplier 2, "
-                                   "post_offset -16,dce") == 0);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0,post_offset -16,dce") == 0);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0,dce") == 0);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0,dce") == 0);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, string, dce") == -1);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, big, dce") == -1);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, little, dce") == -1);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, string, dec, dce") == -1);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, string, oct, dce") == -1);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, string, hex, dce") == -1);
-    result &= (DetectBytejumpSetup(NULL, s, "4,0, from_beginning, dce") == -1);
-    result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);
+    FAIL_IF_NULL(s);
+
+    FAIL_IF(DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0);
+
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s,
+                        "4,0, align, multiplier 2, "
+                        "post_offset -16,dce") == 0);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s,
+                        "4,0, multiplier 2, "
+                        "post_offset -16,dce") == 0);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0,post_offset -16,dce") == 0);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0,dce") == 0);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0,dce") == 0);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, dce") == -1);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, big, dce") == -1);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, little, dce") == -1);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, dec, dce") == -1);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, oct, dce") == -1);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, hex, dce") == -1);
+    FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, from_beginning, dce") == -1);
+
+    FAIL_IF_NULL(s->init_data->smlists[DETECT_SM_LIST_PMATCH]);
+    SigMatch *sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id);
+    FAIL_IF_NOT_NULL(sm);
  
      SigFree(NULL, s);
-    return result;
+    PASS;
  }
  
  /**
@@ -861,103 +860,81 @@ static int DetectBytejumpTestParse09(void)
   */
  static int DetectBytejumpTestParse10(void)
  {
-    DetectEngineCtx *de_ctx = NULL;
-    int result = 1;
-    Signature *s = NULL;
-    DetectBytejumpData *bd = NULL;
-
-    de_ctx = DetectEngineCtxInit();
-    if (de_ctx == NULL)
-        goto end;
-
+    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+    FAIL_IF_NULL(de_ctx);
      de_ctx->flags |= DE_QUIET;
-    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-                               "(msg:\"Testing bytejump_body\"; "
-                               "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
-                               "dce_stub_data; "
-                               "content:\"one\"; distance:0; "
-                               "byte_jump:4,0,align,multiplier 2, "
-                               "post_offset -16,relative,dce; sid:1;)");
-    if (de_ctx->sig_list == NULL) {
-        result = 0;
-        goto end;
-    }
-    s = de_ctx->sig_list;
-    if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) {
-        result = 0;
-        goto end;
-    }
-    result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_BYTEJUMP);
-    bd = (DetectBytejumpData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx;
-    if (!(bd->flags & DETECT_BYTEJUMP_DCE) &&
-        !(bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
-        (bd->flags & DETECT_BYTEJUMP_STRING) &&
-        (bd->flags & DETECT_BYTEJUMP_BIG) &&
-        (bd->flags & DETECT_BYTEJUMP_LITTLE) ) {
-        result = 0;
-        goto end;
-    }
  
-    s->next = SigInit(de_ctx, "alert tcp any any -> any any "
-                      "(msg:\"Testing bytejump_body\"; "
-                      "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
-                      "dce_stub_data; "
-                      "content:\"one\"; distance:0; "
-                      "byte_jump:4,0,align,multiplier 2, "
-                      "post_offset -16,relative,dce; sid:1;)");
-    if (s->next == NULL) {
-        result = 0;
-        goto end;
-    }
-    s = s->next;
-    if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) {
-        result = 0;
-        goto end;
-    }
-    result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_BYTEJUMP);
-    bd = (DetectBytejumpData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx;
-    if (!(bd->flags & DETECT_BYTEJUMP_DCE) &&
-        !(bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
-        (bd->flags & DETECT_BYTEJUMP_STRING) &&
-        (bd->flags & DETECT_BYTEJUMP_BIG) &&
-        (bd->flags & DETECT_BYTEJUMP_LITTLE) ) {
-        result = 0;
+    Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
+                                                 "(msg:\"Testing bytejump_body\"; "
+                                                 "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
+                                                 "dce_stub_data; "
+                                                 "content:\"one\"; distance:0; "
+                                                 "byte_jump:4,0,align,multiplier 2, "
+                                                 "post_offset -16,relative,dce; sid:1;)");
+    FAIL_IF_NULL(s);
+    SigMatch *sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id);
+    FAIL_IF_NULL(sm);
+    FAIL_IF_NOT(sm->type == DETECT_CONTENT);
+    FAIL_IF_NULL(sm->next);
+    sm = sm->next;
+    FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP);
+
+    DetectBytejumpData *bd = (DetectBytejumpData *)sm->ctx;
+    if (!(bd->flags & DETECT_BYTEJUMP_DCE) && !(bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
+            (bd->flags & DETECT_BYTEJUMP_STRING) && (bd->flags & DETECT_BYTEJUMP_BIG) &&
+            (bd->flags & DETECT_BYTEJUMP_LITTLE)) {
          goto end;
      }
  
-    s->next = SigInit(de_ctx, "alert tcp any any -> any any "
-                      "(msg:\"Testing bytejump_body\"; "
-                      "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
-                      "dce_stub_data; "
-                      "content:\"one\"; distance:0; "
-                      "byte_jump:4,0,align,multiplier 2, "
-                      "post_offset -16,relative; sid:1;)");
-    if (s->next == NULL) {
-        result = 0;
+    s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
+                                      "(msg:\"Testing bytejump_body\"; "
+                                      "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
+                                      "dce_stub_data; "
+                                      "content:\"one\"; distance:0; "
+                                      "byte_jump:4,0,align,multiplier 2, "
+                                      "post_offset -16,relative,dce; sid:2;)");
+    FAIL_IF_NULL(s);
+    sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id);
+    FAIL_IF_NULL(sm);
+
+    FAIL_IF_NOT(sm->type == DETECT_CONTENT);
+    FAIL_IF_NULL(sm->next);
+    sm = sm->next;
+    FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP);
+
+    bd = (DetectBytejumpData *)sm->ctx;
+    if (!(bd->flags & DETECT_BYTEJUMP_DCE) && !(bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
+            (bd->flags & DETECT_BYTEJUMP_STRING) && (bd->flags & DETECT_BYTEJUMP_BIG) &&
+            (bd->flags & DETECT_BYTEJUMP_LITTLE)) {
          goto end;
      }
-    s = s->next;
-    if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) {
-        result = 0;
-        goto end;
-    }
-    result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_BYTEJUMP);
-    bd = (DetectBytejumpData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx;
-    if ((bd->flags & DETECT_BYTEJUMP_DCE) &&
-        !(bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
-        (bd->flags & DETECT_BYTEJUMP_STRING) &&
-        (bd->flags & DETECT_BYTEJUMP_BIG) &&
-        (bd->flags & DETECT_BYTEJUMP_LITTLE) ) {
-        result = 0;
+
+    s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
+                                      "(msg:\"Testing bytejump_body\"; "
+                                      "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
+                                      "dce_stub_data; "
+                                      "content:\"one\"; distance:0; "
+                                      "byte_jump:4,0,align,multiplier 2, "
+                                      "post_offset -16,relative; sid:3;)");
+    FAIL_IF_NULL(s);
+    sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id);
+    FAIL_IF_NULL(sm);
+
+    FAIL_IF_NOT(sm->type == DETECT_CONTENT);
+    FAIL_IF_NULL(sm->next);
+    sm = sm->next;
+    FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP);
+
+    bd = (DetectBytejumpData *)sm->ctx;
+    if ((bd->flags & DETECT_BYTEJUMP_DCE) && !(bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
+            (bd->flags & DETECT_BYTEJUMP_STRING) && (bd->flags & DETECT_BYTEJUMP_BIG) &&
+            (bd->flags & DETECT_BYTEJUMP_LITTLE)) {
          goto end;
      }
  
- end:
-    SigGroupCleanup(de_ctx);
-    SigCleanSignatures(de_ctx);
+end:
      DetectEngineCtxFree(de_ctx);
-
-    return result;
+    PASS;
  }
  
  /**
@@ -1064,49 +1041,27 @@ static int DetectBytejumpTestParse11(void)
   */
  static int DetectBytejumpTestParse12(void)
  {
-    DetectEngineCtx *de_ctx = NULL;
-    int result = 0;
-    Signature *s = NULL;
-    DetectBytejumpData *bd = NULL;
-
-    de_ctx = DetectEngineCtxInit();
-    if (de_ctx == NULL)
-        goto end;
-
+    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+    FAIL_IF_NULL(de_ctx);
      de_ctx->flags |= DE_QUIET;
-    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
-                               "(file_data; byte_jump:4,0,align,multiplier 2, "
-                               "post_offset -16,relative; sid:1;)");
-    if (de_ctx->sig_list == NULL) {
-        goto end;
-    }
  
-    s = de_ctx->sig_list;
-    if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) {
-        goto end;
-    }
+    Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
+                                                 "(file_data; byte_jump:4,0,align,multiplier 2, "
+                                                 "post_offset -16,relative; sid:1;)");
+    FAIL_IF_NULL(s);
  
-    if (s->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_BYTEJUMP) {
-        goto end;
-    }
+    SigMatch *sm = DetectBufferGetFirstSigMatch(s, g_file_data_buffer_id);
+    FAIL_IF_NULL(sm);
+    FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP);
  
-    bd = (DetectBytejumpData *)s->sm_lists_tail[g_file_data_buffer_id]->ctx;
-    if ((bd->flags & DETECT_BYTEJUMP_DCE) &&
-        (bd->flags & DETECT_BYTEJUMP_RELATIVE) &&
-        (bd->flags & DETECT_BYTEJUMP_STRING) &&
-        (bd->flags & DETECT_BYTEJUMP_BIG) &&
-        (bd->flags & DETECT_BYTEJUMP_LITTLE) ) {
-        result = 0;
-        goto end;
-    }
+    DetectBytejumpData *bd = (DetectBytejumpData *)sm->ctx;
+    FAIL_IF(bd->flags & DETECT_BYTEJUMP_DCE);
+    FAIL_IF((bd->flags &
+                    (DETECT_BYTEJUMP_RELATIVE | DETECT_BYTEJUMP_STRING | DETECT_BYTEJUMP_BIG)) ==
+            (DETECT_BYTEJUMP_RELATIVE | DETECT_BYTEJUMP_STRING | DETECT_BYTEJUMP_BIG));
  
-    result = 1;
- end:
-    SigGroupCleanup(de_ctx);
-    SigCleanSignatures(de_ctx);
      DetectEngineCtxFree(de_ctx);
-
-    return result;
+    PASS;
  }
  
  static int DetectBytejumpTestParse13(void)
author	Victor Julien <vjulien@oisf.net>
	Fri, 17 Mar 2023 13:19:47 +0000 (14:19 +0100)
committer	Victor Julien <vjulien@oisf.net>
	Sat, 15 Apr 2023 05:02:49 +0000 (07:02 +0200)