#define CONFIG_DP 6
#define CONFIG_OPTS 7
-// action protocol src sp dir dst dp options
-#define CONFIG_PCRE "^([A-z]+)\\s+([A-z0-9\\-]+)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,\\/]+)\\s+([\\:A-z0-9_\\$\\!,]+)\\s+(-\\>|\\<\\>|\\<\\-)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,/]+)\\s+([\\:A-z0-9_\\$\\!,]+)(?:\\s+\\((.*)?(?:\\s*)\\))?(?:(?:\\s*)\\n)?\\s*$"
+/* if enclosed in [], spaces are allowed */
+#define CONFIG_PCRE_SRCDST "(" \
+ "[\\[\\]A-z0-9\\.\\:_\\$\\!\\-,\\/]+" \
+ "|" \
+ "\\[[\\[\\]A-z0-9\\.\\:_\\$\\!\\-,\\/\\s]+\\]"\
+ ")"
+
+/* if enclosed in [], spaces are allowed */
+#define CONFIG_PCRE_PORT "(" \
+ "[\\:A-z0-9_\\$\\!,]+"\
+ "|"\
+ "\\[[\\:A-z0-9_\\$\\!,\\s]+\\]"\
+ ")"
+
+/* format: action space(s) protocol spaces(s) src space(s) sp spaces(s) dir spaces(s) dst spaces(s) dp spaces(s) options */
+#define CONFIG_PCRE "^([A-z]+)\\s+([A-z0-9\\-]+)\\s+" \
+ CONFIG_PCRE_SRCDST \
+ "\\s+"\
+ CONFIG_PCRE_PORT \
+ "\\s+(-\\>|\\<\\>|\\<\\-)\\s+" \
+ CONFIG_PCRE_SRCDST \
+ "\\s+" \
+ CONFIG_PCRE_PORT \
+ "(?:\\s+\\((.*)?(?:\\s*)\\))?(?:(?:\\s*)\\n)?\\s*$"
#define OPTION_PARTS 3
#define OPTION_PCRE "^\\s*([A-z_0-9-\\.]+)(?:\\s*\\:\\s*(.*)(?<!\\\\))?\\s*;\\s*(?:\\s*(.*))?\\s*$"
return result;
}
+/** \test address parsing */
+static int SigParseTest21 (void) {
+ int result = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL)
+ goto end;
+
+ if (DetectEngineAppendSig(de_ctx, "alert tcp [1.2.3.4, 1.2.3.5] any -> !1.2.3.4 any (sid:1;)") == NULL)
+ goto end;
+
+ result = 1;
+end:
+ if (de_ctx != NULL)
+ DetectEngineCtxFree(de_ctx);
+ return result;
+}
+
+/** \test address parsing */
+static int SigParseTest22 (void) {
+ int result = 0;
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL)
+ goto end;
+
+ if (DetectEngineAppendSig(de_ctx, "alert tcp [10.10.10.0/24, !10.10.10.247] any -> [10.10.10.0/24, !10.10.10.247] any (sid:1;)") == NULL)
+ goto end;
+
+ result = 1;
+end:
+ if (de_ctx != NULL)
+ DetectEngineCtxFree(de_ctx);
+ return result;
+}
+
/** \test Direction operator validation (invalid) */
int SigParseBidirecTest06 (void) {
int result = 1;
UtRegisterTest("SigParseTest18", SigParseTest18, 1);
UtRegisterTest("SigParseTest19", SigParseTest19, 1);
UtRegisterTest("SigParseTest20", SigParseTest20, 1);
+ UtRegisterTest("SigParseTest21 -- address with space", SigParseTest21, 1);
+ UtRegisterTest("SigParseTest22 -- address with space", SigParseTest22, 1);
UtRegisterTest("SigParseBidirecTest06", SigParseBidirecTest06, 1);
UtRegisterTest("SigParseBidirecTest07", SigParseBidirecTest07, 1);
return result;
}
+
+static const char *dummy_conf_string2 =
+ "%YAML 1.1\n"
+ "---\n"
+ "vars:\n"
+ "\n"
+ " address-groups:\n"
+ "\n"
+ " HOME_NET: \"[10.10.10.0/24, !10.10.10.247]\"\n"
+ "\n"
+ " EXTERNAL_NET: \"any\"\n"
+ "\n"
+ " port-groups:\n"
+ "\n"
+ " HTTP_PORTS: \"80:81,88\"\n"
+ "\n";
+
+static int DetectAddressYamlParsing01 (void) {
+ int result = 0;
+
+ ConfCreateContextBackup();
+ ConfInit();
+ ConfYamlLoadString(dummy_conf_string2, strlen(dummy_conf_string2));
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL) {
+ goto end;
+ }
+
+ de_ctx->flags |= DE_QUIET;
+
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> any any (sid:1;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp any any -> $HOME_NET any (sid:2;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> $HOME_NET any (sid:3;)")) == NULL)
+ goto end;
+
+ result = 1;
+
+ DetectEngineCtxFree(de_ctx);
+end:
+ ConfDeInit();
+ ConfRestoreContextBackup();
+ return result;
+}
+
+static const char *dummy_conf_string3 =
+ "%YAML 1.1\n"
+ "---\n"
+ "vars:\n"
+ "\n"
+ " address-groups:\n"
+ "\n"
+ " HOME_NET: \"[10.10.10.0/24, !10.10.10.247/32]\"\n"
+ "\n"
+ " EXTERNAL_NET: \"any\"\n"
+ "\n"
+ " port-groups:\n"
+ "\n"
+ " HTTP_PORTS: \"80:81,88\"\n"
+ "\n";
+
+static int DetectAddressYamlParsing02 (void) {
+ int result = 0;
+
+ ConfCreateContextBackup();
+ ConfInit();
+ ConfYamlLoadString(dummy_conf_string3, strlen(dummy_conf_string3));
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL) {
+ goto end;
+ }
+
+ de_ctx->flags |= DE_QUIET;
+
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> any any (sid:1;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp any any -> $HOME_NET any (sid:2;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> $HOME_NET any (sid:3;)")) == NULL)
+ goto end;
+
+ result = 1;
+
+ DetectEngineCtxFree(de_ctx);
+end:
+ ConfDeInit();
+ ConfRestoreContextBackup();
+ return result;
+}
+
+static const char *dummy_conf_string4 =
+ "%YAML 1.1\n"
+ "---\n"
+ "vars:\n"
+ "\n"
+ " address-groups:\n"
+ "\n"
+ " HOME_NET: \"[10.10.10.0/24, !10.10.10.247/32]\"\n"
+ "\n"
+ " EXTERNAL_NET: \"any\"\n"
+ "\n"
+ " port-groups:\n"
+ "\n"
+ " HTTP_PORTS: \"80:81,88\"\n"
+ "\n";
+
+static int DetectAddressYamlParsing03 (void) {
+ int result = 0;
+
+ ConfCreateContextBackup();
+ ConfInit();
+ ConfYamlLoadString(dummy_conf_string4, strlen(dummy_conf_string4));
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL) {
+ goto end;
+ }
+
+ de_ctx->flags |= DE_QUIET;
+
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> any any (sid:1;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp any any -> $HOME_NET any (sid:2;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> $HOME_NET any (sid:3;)")) == NULL)
+ goto end;
+
+ result = 1;
+
+ DetectEngineCtxFree(de_ctx);
+end:
+ ConfDeInit();
+ ConfRestoreContextBackup();
+ return result;
+}
+
+static const char *dummy_conf_string5 =
+ "%YAML 1.1\n"
+ "---\n"
+ "vars:\n"
+ "\n"
+ " address-groups:\n"
+ "\n"
+ " HOME_NET: \"[10.196.0.0/24, !10.196.0.15]\"\n"
+ "\n"
+ " EXTERNAL_NET: \"any\"\n"
+ "\n"
+ " port-groups:\n"
+ "\n"
+ " HTTP_PORTS: \"80:81,88\"\n"
+ "\n";
+
+/** \test bug #815 */
+static int DetectAddressYamlParsing04 (void) {
+ int result = 0;
+
+ ConfCreateContextBackup();
+ ConfInit();
+ ConfYamlLoadString(dummy_conf_string5, strlen(dummy_conf_string5));
+
+ DetectEngineCtx *de_ctx = DetectEngineCtxInit();
+ if (de_ctx == NULL) {
+ goto end;
+ }
+
+ de_ctx->flags |= DE_QUIET;
+
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> any any (sid:1;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp any any -> $HOME_NET any (sid:2;)")) == NULL)
+ goto end;
+ if ((DetectEngineAppendSig(de_ctx, "alert tcp $HOME_NET any -> $HOME_NET any (sid:3;)")) == NULL)
+ goto end;
+
+ result = 1;
+
+ DetectEngineCtxFree(de_ctx);
+end:
+ ConfDeInit();
+ ConfRestoreContextBackup();
+ return result;
+}
#endif /* UNITTESTS */
void SigRegisterTests(void) {
UtRegisterTest("SigTestDropFlow03", SigTestDropFlow03, 1);
UtRegisterTest("SigTestDropFlow04", SigTestDropFlow04, 1);
+ UtRegisterTest("DetectAddressYamlParsing01", DetectAddressYamlParsing01, 1);
+ UtRegisterTest("DetectAddressYamlParsing02", DetectAddressYamlParsing02, 1);
+ UtRegisterTest("DetectAddressYamlParsing03", DetectAddressYamlParsing03, 1);
+ UtRegisterTest("DetectAddressYamlParsing04", DetectAddressYamlParsing04, 1);
+
DetectSimdRegisterTests();
#endif /* UNITTESTS */
}
projects / thirdparty / suricata.git / commitdiff
