-/* Copyright (C) 2007-2018 Open Information Security Foundation
+/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
TcpSession ssn;
Packet *p;
ThreadVars th_v;
- DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
- SMTPState *smtp_state = NULL;
Flow f;
- int result = 0;
AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
((MimeDecEntity *)state->stack->top->data)->ctnt_flags = CTNT_IS_ATTACHMENT;
state->body_begin = 1;
- if (SMTPProcessDataChunk((uint8_t *)mimemsg, sizeof(mimemsg), state) != 0)
- goto end;
+ FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg, sizeof(mimemsg), state) != 0);
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
StreamTcpInitConfig(TRUE);
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx, "alert smtp any any -> any any "
- "(msg:\"file_data smtp test\"; "
- "file_data; content:\"message\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- goto end;
- }
+ Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
+ "(msg:\"file_data smtp test\"; "
+ "file_data; content:\"message\"; sid:1;)");
+ FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- FLOWLOCK_WRLOCK(&f);
int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP,
- STREAM_TOSERVER | STREAM_START | STREAM_EOF,
- mimemsg,
- mimemsg_len);
- if (r != 0) {
- printf("AppLayerParse for smtp failed. Returned %d", r);
- FLOWLOCK_UNLOCK(&f);
- goto end;
- }
- FLOWLOCK_UNLOCK(&f);
-
- smtp_state = f.alstate;
- if (smtp_state == NULL) {
- printf("no smtp state: ");
- goto end;
- }
+ STREAM_TOSERVER | STREAM_START | STREAM_EOF, mimemsg, mimemsg_len);
+ FAIL_IF_NOT(r == 0);
+ FAIL_IF_NULL(f.alstate);
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
+ FAIL_IF_NOT(PacketAlertCheck(p, 1));
- if (!(PacketAlertCheck(p, 1))) {
- printf("sid 1 didn't match but should have\n");
- goto end;
- }
-
- result = 1;
-
-end:
- if (alp_tctx != NULL)
- AppLayerParserThreadCtxFree(alp_tctx);
- if (de_ctx != NULL)
- SigGroupCleanup(de_ctx);
- if (de_ctx != NULL)
- SigCleanSignatures(de_ctx);
-
+ AppLayerParserThreadCtxFree(alp_tctx);
+ DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
- return result;
+ PASS;
}
static int DetectEngineSMTPFiledataTest02(void)
{
- Signature *s = NULL;
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NOT(de_ctx);
de_ctx->flags |= DE_QUIET;
- s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
- "(msg:\"file_data smtp test\"; "
- "file_data; content:\"message\"; sid:1;)");
- if (s == NULL)
- goto end;
-
- if (s->flags & SIG_FLAG_TOSERVER)
- result = 1;
- else if (s->flags & SIG_FLAG_TOCLIENT)
- printf("s->flags & SIG_FLAG_TOCLIENT");
+ Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
+ "(msg:\"file_data smtp test\"; "
+ "file_data; content:\"message\"; sid:1;)");
+ FAIL_IF_NULL(s);
-end:
- SigCleanSignatures(de_ctx);
+ FAIL_IF_NOT(s->flags & SIG_FLAG_TOSERVER);
DetectEngineCtxFree(de_ctx);
- return result;
-
+ PASS;
}
static int DetectEngineSMTPFiledataTest03(void)
TcpSession ssn;
Packet *p;
ThreadVars th_v;
- DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
- SMTPState *smtp_state = NULL;
Flow f;
- int result = 1;
AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
((MimeDecEntity *)state->stack->top->data)->ctnt_flags = CTNT_IS_ATTACHMENT;
state->body_begin = 1;
- if (SMTPProcessDataChunk((uint8_t *)mimemsg1, sizeof(mimemsg1), state) != 0)
- goto end;
-
- if (SMTPProcessDataChunk((uint8_t *)mimemsg2, sizeof(mimemsg2), state) != 0)
- goto end;
+ FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg1, sizeof(mimemsg1), state) != 0);
+ FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg2, sizeof(mimemsg2), state) != 0);
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
StreamTcpInitConfig(TRUE);
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx, "alert smtp any any -> any any "
- "(msg:\"file_data smtp test\"; "
- "file_data; content:\"evil\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- goto end;
- }
+ Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
+ "(msg:\"file_data smtp test\"; "
+ "file_data; content:\"evil\"; sid:1;)");
+ FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
- FLOWLOCK_WRLOCK(&f);
- int r = 0;
- r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP,
- STREAM_TOSERVER, mimemsg1, mimemsg1_len);
- if (r != 0) {
- printf("AppLayerParse for smtp failed. Returned %d", r);
- FLOWLOCK_UNLOCK(&f);
- goto end;
- }
+ int r = AppLayerParserParse(
+ NULL, alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, mimemsg1, mimemsg1_len);
+ FAIL_IF_NOT(r == 0);
r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP,
STREAM_TOSERVER, mimemsg2, mimemsg2_len);
- if (r != 0) {
- printf("AppLayerParse for smtp failed. Returned %d", r);
- FLOWLOCK_UNLOCK(&f);
- goto end;
- }
- FLOWLOCK_UNLOCK(&f);
-
- smtp_state = f.alstate;
- if (smtp_state == NULL) {
- printf("no smtp state: ");
- goto end;
- }
+ FAIL_IF_NOT(r == 0);
+ FAIL_IF_NULL(f.alstate);
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
- if (PacketAlertCheck(p, 1)) {
- printf("sid 1 matched but shouldn't have\n");
- goto end;
- }
-
- result = 0;
-
-end:
- if (alp_tctx != NULL)
- AppLayerParserThreadCtxFree(alp_tctx);
- if (de_ctx != NULL)
- SigGroupCleanup(de_ctx);
- if (de_ctx != NULL)
- SigCleanSignatures(de_ctx);
+ FAIL_IF(PacketAlertCheck(p, 1));
+ AppLayerParserThreadCtxFree(alp_tctx);
+ DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
- return result == 0;
+ PASS;
}
static int DetectFiledataParseTest01(void)
{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,
- "alert smtp any any -> any any "
- "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- printf("sig parse failed: ");
- goto end;
- }
-
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
- printf("content is still in FILEDATA list: ");
- goto end;
- }
-
- if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
- printf("content not in FILEDATA list: ");
- goto end;
- }
-
- result = 1;
-end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
+ Signature *s =
+ DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
+ "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
+ FAIL_IF_NULL(s);
+ FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
+ FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]);
DetectEngineCtxFree(de_ctx);
-
- return result;
+ PASS;
}
static int DetectFiledataParseTest02(void)
{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,
- "alert tcp any any -> any any "
- "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- printf("sig parse failed: ");
- goto end;
- }
-
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
- printf("content is still in PMATCH list: ");
- goto end;
- }
-
- if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
- printf("content not in FILEDATA list: ");
- goto end;
- }
-
- result = 1;
-end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
+ Signature *s =
+ DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
+ "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
+ FAIL_IF_NULL(s);
+ FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
+ FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]);
DetectEngineCtxFree(de_ctx);
-
- return result;
+ PASS;
}
static int DetectFiledataParseTest03(void)
{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,
- "alert tcp any any -> any 25 "
- "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- printf("sig parse failed: ");
- goto end;
- }
-
- if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
- printf("content is still in PMATCH list: ");
- goto end;
- }
-
- if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
- printf("content not in FILEDATA list: ");
- goto end;
- }
-
- result = 1;
-end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
+ Signature *s = DetectEngineAppendSig(de_ctx,
+ "alert tcp any any -> any 25 "
+ "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
+ FAIL_IF_NULL(s);
+ FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
+ FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]);
DetectEngineCtxFree(de_ctx);
-
- return result;
+ PASS;
}
/**
*/
static int DetectFiledataParseTest04(void)
{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,
- "alert smtp any any -> any any "
- "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- result = 1;
- }
-
-end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
+ Signature *s = DetectEngineAppendSig(de_ctx,
+ "alert smtp any any -> any any "
+ "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)");
+ FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
-
- return result;
+ PASS;
}
/**
*/
static int DetectFiledataParseTest05(void)
{
- DetectEngineCtx *de_ctx = NULL;
- int result = 0;
-
- de_ctx = DetectEngineCtxInit();
- if (de_ctx == NULL)
- goto end;
-
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
- de_ctx->sig_list = SigInit(de_ctx,
- "alert http any any -> any any "
- "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
- if (de_ctx->sig_list == NULL) {
- result = 1;
- }
-
-end:
- SigGroupCleanup(de_ctx);
- SigCleanSignatures(de_ctx);
+ Signature *s = DetectEngineAppendSig(de_ctx,
+ "alert http any any -> any any "
+ "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
+ FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
-
- return result;
+ PASS;
}
static int DetectFiledataIsdataatParseTest1(void)
projects / thirdparty / suricata.git / commitdiff
