-/* Copyright (C) 2007-2020 Open Information Security Foundation
+/* Copyright (C) 2007-2022 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
PASS;
}
-#if 0
/**
- * \test HostBitsTestSig03 is a test for a invalid flowbits option
+ * \test HostBitsTestSig03 is a test check idx value
*
* \retval 1 on succces
* \retval 0 on failure
*/
static int HostBitsTestSig03(void)
-{
- uint8_t *buf = (uint8_t *)
- "GET /one/ HTTP/1.1\r\n"
- "Host: one.example.org\r\n"
- "\r\n";
- uint16_t buflen = strlen((char *)buf);
- Packet *p = SCMalloc(SIZE_OF_PACKET);
- if (unlikely(p == NULL))
- return 0;
- Signature *s = NULL;
- ThreadVars th_v;
- DetectEngineThreadCtx *det_ctx = NULL;
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- memset(&th_v, 0, sizeof(th_v));
- memset(p, 0, SIZE_OF_PACKET);
- p->src.family = AF_INET;
- p->dst.family = AF_INET;
- p->payload = buf;
- p->payload_len = buflen;
- p->proto = IPPROTO_TCP;
-
- de_ctx = DetectEngineCtxInit();
-
- if (de_ctx == NULL) {
- goto end;
- }
-
- de_ctx->flags |= DE_QUIET;
-
- s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Unknown cmd\"; flowbits:wrongcmd; content:\"GET \"; sid:1;)");
-
- if (s == NULL) {
- goto end;
- }
-
- SigGroupBuild(de_ctx);
- DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- result = 1;
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- DetectEngineCtxFree(de_ctx);
-
-end:
-
- if (de_ctx != NULL) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- }
-
- if (det_ctx != NULL) {
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- }
-
- if (de_ctx != NULL) {
- DetectEngineCtxFree(de_ctx);
- }
-
-
- SCFree(p);
- return result;
-}
-#endif
-
-/**
- * \test HostBitsTestSig04 is a test check idx value
- *
- * \retval 1 on succces
- * \retval 0 on failure
- */
-
-static int HostBitsTestSig04(void)
{
uint8_t *buf = (uint8_t *)
"GET /one/ HTTP/1.1\r\n"
PASS;
}
-/**
- * \test HostBitsTestSig05 is a test check noalert flag
- *
- * \retval 1 on succces
- * \retval 0 on failure
- */
-
-static int HostBitsTestSig05(void)
-{
- uint8_t *buf = (uint8_t *)
- "GET /one/ HTTP/1.1\r\n"
- "Host: one.example.org\r\n"
- "\r\n";
- uint16_t buflen = strlen((char *)buf);
- Packet *p = SCMalloc(SIZE_OF_PACKET);
- if (unlikely(p == NULL))
- return 0;
- Signature *s = NULL;
- ThreadVars th_v;
- DetectEngineThreadCtx *det_ctx = NULL;
- DetectEngineCtx *de_ctx = NULL;
-
- memset(&th_v, 0, sizeof(th_v));
- memset(p, 0, SIZE_OF_PACKET);
- p->src.family = AF_INET;
- p->dst.family = AF_INET;
- p->payload = buf;
- p->payload_len = buflen;
- p->proto = IPPROTO_TCP;
-
- HostBitsTestSetup();
-
- de_ctx = DetectEngineCtxInit();
- FAIL_IF_NULL(de_ctx);
-
- de_ctx->flags |= DE_QUIET;
-
- s = de_ctx->sig_list = SigInit(de_ctx,
- "alert ip any any -> any any (hostbits:noalert; content:\"GET \"; sid:1;)");
- FAIL_IF_NULL(s);
- FAIL_IF((s->flags & SIG_FLAG_NOALERT) != SIG_FLAG_NOALERT);
-
- SigGroupBuild(de_ctx);
- DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- FAIL_IF(PacketAlertCheck(p, 1));
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- DetectEngineCtxFree(de_ctx);
-
- HostBitsTestShutdown();
-
- SCFree(p);
- PASS;
-}
-
-#if 0
-/**
- * \test HostBitsTestSig06 is a test set flowbits option
- *
- * \retval 1 on succces
- * \retval 0 on failure
- */
-
-static int HostBitsTestSig06(void)
-{
- uint8_t *buf = (uint8_t *)
- "GET /one/ HTTP/1.1\r\n"
- "Host: one.example.org\r\n"
- "\r\n";
- uint16_t buflen = strlen((char *)buf);
- Packet *p = SCMalloc(SIZE_OF_PACKET);
- if (unlikely(p == NULL))
- return 0;
- Signature *s = NULL;
- ThreadVars th_v;
- DetectEngineThreadCtx *det_ctx = NULL;
- DetectEngineCtx *de_ctx = NULL;
- Flow f;
- GenericVar flowvar, *gv = NULL;
- int result = 0;
- int idx = 0;
-
- memset(p, 0, SIZE_OF_PACKET);
- memset(&th_v, 0, sizeof(th_v));
- memset(&f, 0, sizeof(Flow));
- memset(&flowvar, 0, sizeof(GenericVar));
-
- FLOW_INITIALIZE(&f);
- p->flow = &f;
- p->flow->flowvar = &flowvar;
-
- p->src.family = AF_INET;
- p->dst.family = AF_INET;
- p->payload = buf;
- p->payload_len = buflen;
- p->proto = IPPROTO_TCP;
- p->flags |= PKT_HAS_FLOW;
- p->flowflags |= FLOW_PKT_TOSERVER;
-
- de_ctx = DetectEngineCtxInit();
-
- if (de_ctx == NULL) {
- goto end;
- }
-
- de_ctx->flags |= DE_QUIET;
-
- s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Flowbit set\"; flowbits:set,myflow; sid:10;)");
-
- if (s == NULL) {
- goto end;
- }
-
- SigGroupBuild(de_ctx);
- DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- idx = VariableNameGetIdx(de_ctx, "myflow", VAR_TYPE_HOST_BIT);
-
- gv = p->flow->flowvar;
-
- for ( ; gv != NULL; gv = gv->next) {
- if (gv->type == DETECT_HOSTBITS && gv->idx == idx) {
- result = 1;
- }
- }
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- DetectEngineCtxFree(de_ctx);
-
- if(gv) GenericVarFree(gv);
- FLOW_DESTROY(&f);
-
- SCFree(p);
- return result;
-end:
-
- if (de_ctx != NULL) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- }
-
- if (det_ctx != NULL) {
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- }
-
- if (de_ctx != NULL) {
- DetectEngineCtxFree(de_ctx);
- }
-
- if(gv) GenericVarFree(gv);
- FLOW_DESTROY(&f);
- SCFree(p);
- return result;
-}
-
-/**
- * \test HostBitsTestSig07 is a test unset flowbits option
- *
- * \retval 1 on succces
- * \retval 0 on failure
- */
-
-static int HostBitsTestSig07(void)
-{
- uint8_t *buf = (uint8_t *)
- "GET /one/ HTTP/1.1\r\n"
- "Host: one.example.org\r\n"
- "\r\n";
- uint16_t buflen = strlen((char *)buf);
- Packet *p = SCMalloc(SIZE_OF_PACKET);
- if (unlikely(p == NULL))
- return 0;
- Signature *s = NULL;
- ThreadVars th_v;
- DetectEngineThreadCtx *det_ctx = NULL;
- DetectEngineCtx *de_ctx = NULL;
- Flow f;
- GenericVar flowvar, *gv = NULL;
- int result = 0;
- int idx = 0;
-
- memset(p, 0, SIZE_OF_PACKET);
- memset(&th_v, 0, sizeof(th_v));
- memset(&f, 0, sizeof(Flow));
- memset(&flowvar, 0, sizeof(GenericVar));
-
- FLOW_INITIALIZE(&f);
- p->flow = &f;
- p->flow->flowvar = &flowvar;
-
- p->src.family = AF_INET;
- p->dst.family = AF_INET;
- p->payload = buf;
- p->payload_len = buflen;
- p->proto = IPPROTO_TCP;
-
- de_ctx = DetectEngineCtxInit();
-
- if (de_ctx == NULL) {
- goto end;
- }
-
- de_ctx->flags |= DE_QUIET;
-
- s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Flowbit set\"; flowbits:set,myflow2; sid:10;)");
- if (s == NULL) {
- goto end;
- }
-
- s = s->next = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Flowbit unset\"; flowbits:unset,myflow2; sid:11;)");
- if (s == NULL) {
- goto end;
- }
-
- SigGroupBuild(de_ctx);
- DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- idx = VariableNameGetIdx(de_ctx, "myflow", VAR_TYPE_HOST_BIT);
-
- gv = p->flow->flowvar;
-
- for ( ; gv != NULL; gv = gv->next) {
- if (gv->type == DETECT_HOSTBITS && gv->idx == idx) {
- result = 1;
- }
- }
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- DetectEngineCtxFree(de_ctx);
-
- if(gv) GenericVarFree(gv);
- FLOW_DESTROY(&f);
-
- SCFree(p);
- return result;
-end:
-
- if (de_ctx != NULL) {
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
- }
-
- if (det_ctx != NULL) {
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- }
-
- if (de_ctx != NULL) {
- DetectEngineCtxFree(de_ctx);
- }
-
- if(gv) GenericVarFree(gv);
- FLOW_DESTROY(&f);
-
- SCFree(p);
- return result;}
-#endif
-
-/**
- * \test set / isset
- *
- * \retval 1 on succces
- * \retval 0 on failure
- */
-static int HostBitsTestSig07(void)
-{
- uint8_t *buf = (uint8_t *)
- "GET /one/ HTTP/1.1\r\n"
- "Host: one.example.org\r\n"
- "\r\n";
- uint16_t buflen = strlen((char *)buf);
- Packet *p = SCMalloc(SIZE_OF_PACKET);
- if (unlikely(p == NULL))
- return 0;
- Signature *s = NULL;
- ThreadVars th_v;
- DetectEngineThreadCtx *det_ctx = NULL;
- DetectEngineCtx *de_ctx = NULL;
- Flow f;
- int result = 0;
-
- memset(p, 0, SIZE_OF_PACKET);
- memset(&th_v, 0, sizeof(th_v));
- memset(&f, 0, sizeof(Flow));
-
- HostBitsTestSetup();
-
- FLOW_INITIALIZE(&f);
- p->flow = &f;
- p->flowflags = FLOW_PKT_TOSERVER;
-
- p->src.family = AF_INET;
- p->dst.family = AF_INET;
- p->payload = buf;
- p->payload_len = buflen;
- p->proto = IPPROTO_TCP;
-
- de_ctx = DetectEngineCtxInit();
- FAIL_IF_NULL(de_ctx);
-
- de_ctx->flags |= DE_QUIET;
-
- s = de_ctx->sig_list = SigInit(de_ctx,
- "alert ip any any -> any any (hostbits:set,myflow2; sid:10;)");
- FAIL_IF_NULL(s);
-
- s = s->next = SigInit(de_ctx,
- "alert ip any any -> any any (hostbits:isset,myflow2; sid:11;)");
- FAIL_IF_NULL(s);
-
- SigGroupBuild(de_ctx);
- DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- SCLogInfo("p->host_src %p", p->host_src);
-
- if (HostHasHostBits(p->host_src) == 1) {
- if (PacketAlertCheck(p, 11)) {
- result = 1;
- }
- }
- FAIL_IF_NOT(result);
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- DetectEngineCtxFree(de_ctx);
-
- FLOW_DESTROY(&f);
-
- HostBitsTestShutdown();
- SCFree(p);
- PASS;
-}
-
-/**
- * \test set / toggle / toggle / isset
- *
- * \retval 1 on succces
- * \retval 0 on failure
- */
-static int HostBitsTestSig08(void)
-{
- uint8_t *buf = (uint8_t *)
- "GET /one/ HTTP/1.1\r\n"
- "Host: one.example.org\r\n"
- "\r\n";
- uint16_t buflen = strlen((char *)buf);
- Packet *p = SCMalloc(SIZE_OF_PACKET);
- if (unlikely(p == NULL))
- return 0;
- Signature *s = NULL;
- ThreadVars th_v;
- DetectEngineThreadCtx *det_ctx = NULL;
- DetectEngineCtx *de_ctx = NULL;
- Flow f;
-
- memset(p, 0, SIZE_OF_PACKET);
- memset(&th_v, 0, sizeof(th_v));
- memset(&f, 0, sizeof(Flow));
-
- HostBitsTestSetup();
-
- FLOW_INITIALIZE(&f);
- p->flow = &f;
-
- p->src.family = AF_INET;
- p->dst.family = AF_INET;
- p->payload = buf;
- p->payload_len = buflen;
- p->proto = IPPROTO_TCP;
-
- de_ctx = DetectEngineCtxInit();
- FAIL_IF_NULL(de_ctx);
-
- de_ctx->flags |= DE_QUIET;
-
- s = DetectEngineAppendSig(de_ctx,
- "alert ip any any -> any any (hostbits:set,myflow2; sid:10;)");
- FAIL_IF_NULL(s);
- s = DetectEngineAppendSig(de_ctx,
- "alert ip any any -> any any (hostbits:toggle,myflow2; sid:11;)");
- FAIL_IF_NULL(s);
- s = DetectEngineAppendSig(de_ctx,
- "alert ip any any -> any any (hostbits:toggle,myflow2; sid:12;)");
- FAIL_IF_NULL(s);
- s = DetectEngineAppendSig(de_ctx,
- "alert ip any any -> any any (hostbits:isset,myflow2; sid:13;)");
- FAIL_IF_NULL(s);
-
- SCSigRegisterSignatureOrderingFuncs(de_ctx);
- SCSigOrderSignatures(de_ctx);
- SCSigSignatureOrderingModuleCleanup(de_ctx);
-
- SigGroupBuild(de_ctx);
- DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
-
- SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
-
- SCLogInfo("p->host_src %p", p->host_src);
-
- if (HostHasHostBits(p->host_src) == 1) {
- if (PacketAlertCheck(p, 10)) {
- SCLogInfo("sid 10 matched");
- }
- if (PacketAlertCheck(p, 11)) {
- SCLogInfo("sid 11 matched");
- }
- if (PacketAlertCheck(p, 12)) {
- SCLogInfo("sid 12 matched");
- }
- if (PacketAlertCheck(p, 13)) {
- SCLogInfo("sid 13 matched");
- } else {
- FAIL;
- }
- }
-
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
-
- DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
- DetectEngineCtxFree(de_ctx);
-
- FLOW_DESTROY(&f);
-
- HostBitsTestShutdown();
-
- SCFree(p);
- PASS;
-}
-
/**
* \brief this function registers unit tests for HostBits
*/
UtRegisterTest("HostBitsTestParse01", HostBitsTestParse01);
UtRegisterTest("HostBitsTestSig01", HostBitsTestSig01);
UtRegisterTest("HostBitsTestSig02", HostBitsTestSig02);
-#if 0
- UtRegisterTest("HostBitsTestSig03", HostBitsTestSig03, 0);
-#endif
- UtRegisterTest("HostBitsTestSig04", HostBitsTestSig04);
- UtRegisterTest("HostBitsTestSig05", HostBitsTestSig05);
-#if 0
- UtRegisterTest("HostBitsTestSig06", HostBitsTestSig06, 1);
-#endif
- UtRegisterTest("HostBitsTestSig07", HostBitsTestSig07);
- UtRegisterTest("HostBitsTestSig08", HostBitsTestSig08);
+ UtRegisterTest("HostBitsTestSig03", HostBitsTestSig03);
}
#endif /* UNITTESTS */
projects / thirdparty / suricata.git / commitdiff
