SCReturnInt(0);
}
}
+ if (s->id == 0) {
+ SCLogError(SC_ERR_INVALID_SIGNATURE, "Signature missing required value \"sid\".");
+ SCReturnInt(0);
+ }
SCReturnInt(1);
}
Signature *s = NULL;
- s = DetectEngineAppendSig(de_ctx, "drop tcp any any -> any 80 (msg:\"Snort_Inline is blocking the http link\";) ");
+ s = DetectEngineAppendSig(de_ctx,
+ "drop tcp any any -> any 80 (msg:\"Snort_Inline is blocking the http link\"; sid:1;) ");
if (s == NULL) {
printf("sig 1 didn't parse: ");
goto end;
}
- s = DetectEngineAppendSig(de_ctx, "drop tcp any any -> any 80 (msg:\"Snort_Inline is blocking the http link\"; sid:1;) ");
+ s = DetectEngineAppendSig(de_ctx, "drop tcp any any -> any 80 (msg:\"Snort_Inline is blocking "
+ "the http link\"; sid:2;) ");
if (s == NULL) {
printf("sig 2 didn't parse: ");
goto end;
PASS;
}
+static int SidTestParse04(void)
+{
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
+
+ FAIL_IF_NOT_NULL(DetectEngineAppendSig(
+ de_ctx, "alert tcp any any -> any any (content:\"ABC\"; sid: 0;)"));
+
+ /* Let's also make sure that Suricata fails a rule which doesn't have a sid at all */
+ FAIL_IF_NOT_NULL(
+ DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (content:\"ABC\";)"));
+
+ DetectEngineCtxFree(de_ctx);
+ PASS;
+}
+
/**
* \brief Register DetectSid unit tests.
*/
UtRegisterTest("SidTestParse01", SidTestParse01);
UtRegisterTest("SidTestParse02", SidTestParse02);
UtRegisterTest("SidTestParse03", SidTestParse03);
+ UtRegisterTest("SidTestParse04", SidTestParse04);
}
#endif /* UNITTESTS */
\ No newline at end of file