#include "util-cidr.h"
#include "util-unittest.h"
#include "util-rule-vars.h"
+#include "conf.h"
#include "detect-engine-siggroup.h"
#include "detect-engine-address.h"
return -1;
}
+int DetectAddressTestConfVars(void)
+{
+ SCLogDebug("Testing address conf vars for any misconfigured values");
+
+ ConfNode *address_vars_node = ConfGetNode("vars.address-groups");
+ if (address_vars_node == NULL) {
+ return 0;
+ }
+
+ ConfNode *seq_node;
+ TAILQ_FOREACH(seq_node, &address_vars_node->head, next) {
+ SCLogDebug("Testing %s - %s\n", seq_node->name, seq_node->val);
+
+ DetectAddressHead *gh = DetectAddressHeadInit();
+ if (gh == NULL) {
+ goto error;
+ }
+ DetectAddressHead *ghn = DetectAddressHeadInit();
+ if (ghn == NULL) {
+ goto error;
+ }
+
+ int r = DetectAddressParse2(gh, ghn, seq_node->val, /* start with negate no */0);
+ if (r < 0) {
+ goto error;
+ }
+
+ if (DetectAddressIsCompleteIPSpace(ghn)) {
+ SCLogError(SC_ERR_ADDRESS_ENGINE_GENERIC,
+ "Address var - \"%s\" has the complete IP space negated "
+ "with it's value \"%s\". Rule address range is NIL. "
+ "Probably have a !any or an address range that supplies "
+ "a NULL address range", seq_node->name, seq_node->val);
+ goto error;
+ }
+
+ if (gh != NULL)
+ DetectAddressHeadFree(gh);
+ if (ghn != NULL)
+ DetectAddressHeadFree(ghn);
+ }
+
+ return 0;
+ error:
+ return -1;
+}
+
/**
* \brief Parses an address group sent as a character string and updates the
* DetectAddressHead sent as the argument with the relevant address
int DetectAddressMatchIPv4(DetectMatchAddressIPv4 *, uint16_t, Address *);
int DetectAddressMatchIPv6(DetectMatchAddressIPv6 *, uint16_t, Address *);
+int DetectAddressTestConfVars(void);
+
void DetectAddressTests(void);
#endif /* __DETECT_ADDRESS_H__ */
#include "detect-engine-siggroup.h"
#include "detect-engine-port.h"
+#include "conf.h"
#include "util-debug.h"
#include "util-error.h"
return -1;
}
+int DetectPortTestConfVars(void)
+{
+ SCLogDebug("Testing port conf vars for any misconfigured values");
+
+ ConfNode *port_vars_node = ConfGetNode("vars.port-groups");
+ if (port_vars_node == NULL) {
+ return 0;
+ }
+
+ ConfNode *seq_node;
+ TAILQ_FOREACH(seq_node, &port_vars_node->head, next) {
+ SCLogDebug("Testing %s - %s\n", seq_node->name, seq_node->val);
+
+ DetectPort *gh = DetectPortInit();
+ if (gh == NULL) {
+ goto error;
+ }
+ DetectPort *ghn = NULL;
+
+ int r = DetectPortParseDo(&gh, &ghn, seq_node->val, /* start with negate no */0);
+ if (r < 0) {
+ goto error;
+ }
+
+ if (DetectPortIsCompletePortSpace(ghn)) {
+ SCLogError(SC_ERR_PORT_ENGINE_GENERIC,
+ "Port var - \"%s\" has the complete Port range negated "
+ "with it's value \"%s\". Port space range is NIL. "
+ "Probably have a !any or a port range that supplies "
+ "a NULL address range", seq_node->name, seq_node->val);
+ goto error;
+ }
+
+ if (gh != NULL)
+ DetectPortFree(gh);
+ if (ghn != NULL)
+ DetectPortFree(ghn);
+ }
+
+ return 0;
+ error:
+ return -1;
+}
+
+
/**
* \brief Function for parsing port strings
*
int DetectPortCmp(DetectPort *, DetectPort *);
void DetectPortFree(DetectPort *);
+int DetectPortTestConfVars(void);
+
void DetectPortTests(void);
#endif /* __DETECT_PORT_H__ */
if (MagicInit() != 0)
exit(EXIT_FAILURE);
+ if (DetectAddressTestConfVars() < 0)
+ exit(0);
+ if (DetectPortTestConfVars() < 0)
+ exit(0);
+
if (SigLoadSignatures(de_ctx, sig_file, sig_file_exclusive) < 0) {
if (sig_file == NULL) {
SCLogError(SC_ERR_OPENING_FILE, "Signature file has not been provided");
CASE_CODE (SC_ERR_REASSEMBLY);
CASE_CODE (SC_ERR_POOL_INIT);
CASE_CODE (SC_ERR_UNIMPLEMENTED);
+ CASE_CODE (SC_ERR_ADDRESS_ENGINE_GENERIC);
+ CASE_CODE (SC_ERR_PORT_ENGINE_GENERIC);
CASE_CODE (SC_ERR_FAST_LOG_GENERIC);
CASE_CODE (SC_ERR_ADDRESS_ENGINE_GENERIC);
CASE_CODE (SC_ERR_IPONLY_RADIX);
SC_ERR_DAEMON,
SC_ERR_UNIMPLEMENTED,
SC_ERR_ADDRESS_ENGINE_GENERIC,
+ SC_ERR_PORT_ENGINE_GENERIC,
SC_ERR_IPONLY_RADIX,
SC_ERR_FAST_LOG_GENERIC,
SC_ERR_DEBUG_LOG_GENERIC,
projects / thirdparty / suricata.git / commitdiff
