From: Victor Julien Date: Fri, 17 Mar 2023 13:35:36 +0000 (+0100) Subject: detect/dce_stub_data: remove obsolete tests X-Git-Tag: suricata-7.0.0-rc2~412 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=34735a54d877946b6529d8f822dae7d1d1917475;p=thirdparty%2Fsuricata.git detect/dce_stub_data: remove obsolete tests --- diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index 9bfaecabb2..f624b11e39 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -743,2432 +743,6 @@ end: return result; } -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest25(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "content:\"one\"; content:\"two\"; " - "content:\"three\"; within:10; " - "content:\"four\"; distance:4; " - "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] != NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest26(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "pkt_data; " - "content:\"one\"; " - "content:\"two\"; " - "content:\"three\"; within:5; " - "content:\"four\"; distance:10; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] != NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest27(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "content:\"one\"; distance:10; within:5; " - "content:\"two\"; within:5;" - "content:\"three\"; within:5; " - "content:\"four\"; distance:10; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] != NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest28(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "content:\"one\"; distance:10; within:5; " - "content:\"two\"; within:5;" - "pkt_data; " - "content:\"three\";" - "content:\"four\";" - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest29(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectPcreData *pd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "pkt_data; " - "pcre:/boom/; " - "content:\"one\"; distance:10; within:5; " - "content:\"two\"; within:5;" - "content:\"three\";" - "content:\"four\";" - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] != NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_PCRE) { - result = 0; - goto end; - } - pd = (DetectPcreData *)sm->ctx; - if (pd->flags & DETECT_PCRE_RAWBYTES || - pd->flags & DETECT_PCRE_RELATIVE) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest30(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytejumpData *bd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "pkt_data; " - "byte_jump:2,5; " - "content:\"one\"; distance:10; within:5; " - "content:\"two\"; within:5;" - "content:\"three\";" - "content:\"four\";" - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] != NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_BYTEJUMP) { - result = 0; - goto end; - } - bd = (DetectBytejumpData *)sm->ctx; - if (bd->flags & DETECT_BYTEJUMP_BEGIN || - bd->flags & DETECT_BYTEJUMP_LITTLE || - bd->flags & DETECT_BYTEJUMP_BIG || - bd->flags & DETECT_BYTEJUMP_STRING || - bd->flags & DETECT_BYTEJUMP_RELATIVE || - bd->flags & DETECT_BYTEJUMP_ALIGN || - bd->flags & DETECT_BYTEJUMP_DCE ) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest31(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytejumpData *bd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "byte_jump:2,5,relative; " - "content:\"one\"; distance:10; within:5; " - "content:\"two\"; within:5;" - "pkt_data; " - "content:\"three\";" - "content:\"four\";" - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_BYTEJUMP) { - result = 0; - goto end; - } - bd = (DetectBytejumpData *)sm->ctx; - if (bd->flags & DETECT_BYTEJUMP_BEGIN || - bd->flags & DETECT_BYTEJUMP_LITTLE || - bd->flags & DETECT_BYTEJUMP_BIG || - bd->flags & DETECT_BYTEJUMP_STRING || - !(bd->flags & DETECT_BYTEJUMP_RELATIVE) || - bd->flags & DETECT_BYTEJUMP_ALIGN || - bd->flags & DETECT_BYTEJUMP_DCE ) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest32(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytejumpData *bd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "byte_jump:2,5,relative; " - "content:\"one\"; distance:10; within:5; " - "content:\"two\"; within:5;" - "pkt_data; " - "content:\"three\";" - "content:\"four\"; within:4; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_BYTEJUMP) { - result = 0; - goto end; - } - bd = (DetectBytejumpData *)sm->ctx; - if (bd->flags & DETECT_BYTEJUMP_BEGIN || - bd->flags & DETECT_BYTEJUMP_LITTLE || - bd->flags & DETECT_BYTEJUMP_BIG || - bd->flags & DETECT_BYTEJUMP_STRING || - !(bd->flags & DETECT_BYTEJUMP_RELATIVE) || - bd->flags & DETECT_BYTEJUMP_ALIGN || - bd->flags & DETECT_BYTEJUMP_DCE ) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest33(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectPcreData *pd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_stub_data; " - "pcre:/boom/R; " - "content:\"one\"; distance:10; within:5; " - "content:\"two\"; within:5;" - "pkt_data; " - "content:\"three\";" - "content:\"four\"; distance:5;" - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_PCRE) { - result = 0; - goto end; - } - pd = (DetectPcreData *)sm->ctx; - if ( pd->flags & DETECT_PCRE_RAWBYTES || - !(pd->flags & DETECT_PCRE_RELATIVE)) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("one failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("four failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "four", 4) == 0); - if (result == 0) - goto end; - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest34(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectPcreData *pd = NULL; - DetectBytejumpData *bd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "pcre:/boom/R; " - "byte_jump:1,2,relative,align,dce; " - "content:\"one\"; within:4; distance:8; " - "pkt_data; " - "content:\"two\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_PCRE) { - result = 0; - goto end; - } - pd = (DetectPcreData *)sm->ctx; - if ( pd->flags & DETECT_PCRE_RAWBYTES || - !(pd->flags & DETECT_PCRE_RELATIVE)) { - result = 0; - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_BYTEJUMP) { - result = 0; - goto end; - } - bd = (DetectBytejumpData *)sm->ctx; - if (bd->flags & DETECT_BYTEJUMP_BEGIN || - bd->flags & DETECT_BYTEJUMP_LITTLE || - bd->flags & DETECT_BYTEJUMP_BIG || - bd->flags & DETECT_BYTEJUMP_STRING || - !(bd->flags & DETECT_BYTEJUMP_RELATIVE) || - !(bd->flags & DETECT_BYTEJUMP_ALIGN) || - !(bd->flags & DETECT_BYTEJUMP_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest35(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytetestData *bd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "byte_test:1,=,0,0,relative,dce; " - "pkt_data; " - "content:\"one\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_BYTETEST) { - result = 0; - goto end; - } - bd = (DetectBytetestData *)sm->ctx; - if (bd->flags & DETECT_BYTETEST_LITTLE || - bd->flags & DETECT_BYTETEST_BIG || - bd->flags & DETECT_BYTETEST_STRING || - !(bd->flags & DETECT_BYTEJUMP_RELATIVE) || - !(bd->flags & DETECT_BYTETEST_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest36(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectIsdataatData *isd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "isdataat:10,relative; " - "content:\"one\"; within:4; distance:8; " - "pkt_data; " - "content:\"two\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_ISDATAAT) { - result = 0; - goto end; - } - isd = (DetectIsdataatData *)sm->ctx; - if ( isd->flags & ISDATAAT_RAWBYTES || - !(isd->flags & ISDATAAT_RELATIVE)) { - result = 0; - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest37(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytejumpData *bjd = NULL; - DetectBytetestData *btd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "byte_jump:1,2,relative,align,dce; " - "byte_test:1,=,2,0,relative,dce; " - "pkt_data; " - "content:\"one\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_BYTEJUMP) { - result = 0; - goto end; - } - bjd = (DetectBytejumpData *)sm->ctx; - if (bjd->flags & DETECT_BYTEJUMP_BEGIN || - bjd->flags & DETECT_BYTEJUMP_LITTLE || - bjd->flags & DETECT_BYTEJUMP_BIG || - bjd->flags & DETECT_BYTEJUMP_STRING || - !(bjd->flags & DETECT_BYTEJUMP_RELATIVE) || - !(bjd->flags & DETECT_BYTEJUMP_ALIGN) || - !(bjd->flags & DETECT_BYTEJUMP_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_BYTETEST) { - result = 0; - goto end; - } - btd = (DetectBytetestData *)sm->ctx; - if (btd->flags & DETECT_BYTETEST_LITTLE || - btd->flags & DETECT_BYTETEST_BIG || - btd->flags & DETECT_BYTETEST_STRING || - !(btd->flags & DETECT_BYTETEST_RELATIVE) || - !(btd->flags & DETECT_BYTETEST_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest38(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectPcreData *pd = NULL; - DetectBytejumpData *bjd = NULL; - DetectBytetestData *btd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "pcre:/boom/R; " - "byte_jump:1,2,relative,align,dce; " - "byte_test:1,=,2,0,relative,dce; " - "pkt_data; " - "content:\"one\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_PCRE) { - result = 0; - goto end; - } - pd = (DetectPcreData *)sm->ctx; - if ( pd->flags & DETECT_PCRE_RAWBYTES || - !(pd->flags & DETECT_PCRE_RELATIVE)) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_BYTEJUMP) { - result = 0; - goto end; - } - bjd = (DetectBytejumpData *)sm->ctx; - if (bjd->flags & DETECT_BYTEJUMP_BEGIN || - bjd->flags & DETECT_BYTEJUMP_LITTLE || - bjd->flags & DETECT_BYTEJUMP_BIG || - bjd->flags & DETECT_BYTEJUMP_STRING || - !(bjd->flags & DETECT_BYTEJUMP_RELATIVE) || - !(bjd->flags & DETECT_BYTEJUMP_ALIGN) || - !(bjd->flags & DETECT_BYTEJUMP_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_BYTETEST) { - result = 0; - goto end; - } - btd = (DetectBytetestData *)sm->ctx; - if (btd->flags & DETECT_BYTETEST_LITTLE || - btd->flags & DETECT_BYTETEST_BIG || - btd->flags & DETECT_BYTETEST_STRING || - !(btd->flags & DETECT_BYTETEST_RELATIVE) || - !(btd->flags & DETECT_BYTETEST_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest39(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "content:\"one\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "content:\"two\"; within:4; distance:8; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest40(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytetestData *btd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "content:\"one\"; within:10; " - "content:\"two\"; distance:20; within:30; " - "byte_test:1,=,2,0,relative,dce; " - "pkt_data; " - "content:\"three\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_BYTETEST) { - result = 0; - goto end; - } - btd = (DetectBytetestData *)sm->ctx; - if (btd->flags & DETECT_BYTETEST_LITTLE || - btd->flags & DETECT_BYTETEST_BIG || - btd->flags & DETECT_BYTETEST_STRING || - !(btd->flags & DETECT_BYTETEST_RELATIVE) || - !(btd->flags & DETECT_BYTETEST_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest41(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytetestData *btd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "content:\"one\"; within:10; " - "pkt_data; " - "content:\"two\"; " - "byte_test:1,=,2,0,relative,dce; " - "content:\"three\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_BYTETEST) { - result = 0; - goto end; - } - btd = (DetectBytetestData *)sm->ctx; - if (btd->flags & DETECT_BYTETEST_LITTLE || - btd->flags & DETECT_BYTETEST_BIG || - btd->flags & DETECT_BYTETEST_STRING || - !(btd->flags & DETECT_BYTETEST_RELATIVE) || - !(btd->flags & DETECT_BYTETEST_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "three", 5) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest44(void) -{ - DetectEngineCtx *de_ctx = NULL; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectIsdataatData *isd = NULL; - - de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - de_ctx->flags |= DE_QUIET; - - s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (" - "content:\"one\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "isdataat:10,relative; " - "content:\"one\"; within:4; distance:8; " - "pkt_data; " - "content:\"two\"; " - "sid:1;)"); - FAIL_IF_NULL(s); - - FAIL_IF_NULL(s->init_data->smlists_tail[g_dce_stub_data_buffer_id]); - FAIL_IF_NULL(s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); - - /* isdataat:10,relative; */ - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - FAIL_IF(sm->type != DETECT_ISDATAAT); - isd = (DetectIsdataatData *)sm->ctx; - FAIL_IF(isd->flags & ISDATAAT_RAWBYTES); - FAIL_IF_NOT(isd->flags & ISDATAAT_RELATIVE); - FAIL_IF_NULL(sm->next); - - sm = sm->next; - - /* content:\"one\"; within:4; distance:8; */ - FAIL_IF(sm->type != DETECT_CONTENT); - data = (DetectContentData *)sm->ctx; - FAIL_IF (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_RELATIVE_NEXT || - data->flags & DETECT_CONTENT_NEGATED ); - - FAIL_IF_NOT(strncmp((char *)data->content, "one", 3) == 0); - FAIL_IF_NOT(sm->next == NULL); - - /* first content:\"one\"; */ - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - FAIL_IF(sm->type != DETECT_CONTENT); - data = (DetectContentData *)sm->ctx; - FAIL_IF(data->flags & DETECT_CONTENT_RAWBYTES); - FAIL_IF(data->flags & DETECT_CONTENT_NOCASE); - FAIL_IF(data->flags & DETECT_CONTENT_WITHIN); - FAIL_IF(data->flags & DETECT_CONTENT_DISTANCE); - FAIL_IF(data->flags & DETECT_CONTENT_FAST_PATTERN); - FAIL_IF(data->flags & DETECT_CONTENT_RELATIVE_NEXT); - FAIL_IF(data->flags & DETECT_CONTENT_NEGATED ); - FAIL_IF_NOT(strncmp((char *)data->content, "one", 3) == 0); - - FAIL_IF_NULL(sm->next); - sm = sm->next; - - FAIL_IF(sm->type != DETECT_CONTENT); - - data = (DetectContentData *)sm->ctx; - FAIL_IF(data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ); - - FAIL_IF_NOT(strncmp((char *)data->content, "two", 3) == 0); - - FAIL_IF_NOT(sm->next == NULL); - - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - PASS; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest45(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytejumpData *bjd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "content:\"one\"; " - "dce_opnum:10; dce_stub_data; " - "byte_jump:1,2,relative,align,dce; " - "pkt_data; " - "content:\"two\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_BYTEJUMP) { - result = 0; - goto end; - } - bjd = (DetectBytejumpData *)sm->ctx; - if (bjd->flags & DETECT_BYTEJUMP_BEGIN || - bjd->flags & DETECT_BYTEJUMP_LITTLE || - bjd->flags & DETECT_BYTEJUMP_BIG || - bjd->flags & DETECT_BYTEJUMP_STRING || - !(bjd->flags & DETECT_BYTEJUMP_RELATIVE) || - !(bjd->flags & DETECT_BYTEJUMP_ALIGN) || - !(bjd->flags & DETECT_BYTEJUMP_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_RELATIVE_NEXT || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("one failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_RELATIVE_NEXT || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("two failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test content for dce sig. - */ -static int DcePayloadParseTest46(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - SigMatch *sm = NULL; - DetectContentData *data = NULL; - DetectBytetestData *btd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "content:\"one\"; " - "dce_opnum:10; dce_stub_data; " - "byte_test:1,=,2,0,relative,dce; " - "pkt_data; " - "content:\"two\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } - - sm = s->init_data->smlists[g_dce_stub_data_buffer_id]; - if (sm->type != DETECT_BYTETEST) { - result = 0; - goto end; - } - btd = (DetectBytetestData *)sm->ctx; - if (btd->flags & DETECT_BYTETEST_LITTLE || - btd->flags & DETECT_BYTETEST_BIG || - btd->flags & DETECT_BYTETEST_STRING || - !(btd->flags & DETECT_BYTETEST_RELATIVE) || - !(btd->flags & DETECT_BYTETEST_DCE) ) { - result = 0; - printf("one failed\n"); - goto end; - } - - result &= (sm->next == NULL); - - sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_RELATIVE_NEXT || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("one failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_RELATIVE_NEXT || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("two failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); - - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - #endif /* UNITTESTS */ void DcePayloadRegisterTests(void) @@ -3182,29 +756,5 @@ void DcePayloadRegisterTests(void) UtRegisterTest("DcePayloadTest18", DcePayloadTest18); UtRegisterTest("DcePayloadTest19", DcePayloadTest19); UtRegisterTest("DcePayloadTest20", DcePayloadTest20); - - UtRegisterTest("DcePayloadParseTest25", DcePayloadParseTest25); - UtRegisterTest("DcePayloadParseTest26", DcePayloadParseTest26); - UtRegisterTest("DcePayloadParseTest27", DcePayloadParseTest27); - UtRegisterTest("DcePayloadParseTest28", DcePayloadParseTest28); - UtRegisterTest("DcePayloadParseTest29", DcePayloadParseTest29); - UtRegisterTest("DcePayloadParseTest30", DcePayloadParseTest30); - UtRegisterTest("DcePayloadParseTest31", DcePayloadParseTest31); - UtRegisterTest("DcePayloadParseTest32", DcePayloadParseTest32); - UtRegisterTest("DcePayloadParseTest33", DcePayloadParseTest33); - UtRegisterTest("DcePayloadParseTest34", DcePayloadParseTest34); - UtRegisterTest("DcePayloadParseTest35", DcePayloadParseTest35); - UtRegisterTest("DcePayloadParseTest36", DcePayloadParseTest36); - UtRegisterTest("DcePayloadParseTest37", DcePayloadParseTest37); - UtRegisterTest("DcePayloadParseTest38", DcePayloadParseTest38); - UtRegisterTest("DcePayloadParseTest39", DcePayloadParseTest39); - UtRegisterTest("DcePayloadParseTest40", DcePayloadParseTest40); - UtRegisterTest("DcePayloadParseTest41", DcePayloadParseTest41); - - UtRegisterTest("DcePayloadParseTest44", DcePayloadParseTest44); - UtRegisterTest("DcePayloadParseTest45", DcePayloadParseTest45); - UtRegisterTest("DcePayloadParseTest46", DcePayloadParseTest46); #endif /* UNITTESTS */ - - return; }