From: Victor Julien Date: Fri, 17 Mar 2023 13:19:47 +0000 (+0100) Subject: detect/byte_jump: use list util in tests; cleanups X-Git-Tag: suricata-7.0.0-rc2~417 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=454d13837e0dcce1baac8c3ec644e80d78a589f9;p=thirdparty%2Fsuricata.git detect/byte_jump: use list util in tests; cleanups --- diff --git a/src/detect-bytejump.c b/src/detect-bytejump.c index f20c31593a..a15eb6145a 100644 --- a/src/detect-bytejump.c +++ b/src/detect-bytejump.c @@ -826,34 +826,33 @@ static int DetectBytejumpTestParse08(void) static int DetectBytejumpTestParse09(void) { Signature *s = SigAlloc(); - if (s == NULL) - return 0; - - int result = 1; - - if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) { - SigFree(NULL, s); - return 0; - } - - result &= (DetectBytejumpSetup(NULL, s, "4,0, align, multiplier 2, " - "post_offset -16,dce") == 0); - result &= (DetectBytejumpSetup(NULL, s, "4,0, multiplier 2, " - "post_offset -16,dce") == 0); - result &= (DetectBytejumpSetup(NULL, s, "4,0,post_offset -16,dce") == 0); - result &= (DetectBytejumpSetup(NULL, s, "4,0,dce") == 0); - result &= (DetectBytejumpSetup(NULL, s, "4,0,dce") == 0); - result &= (DetectBytejumpSetup(NULL, s, "4,0, string, dce") == -1); - result &= (DetectBytejumpSetup(NULL, s, "4,0, big, dce") == -1); - result &= (DetectBytejumpSetup(NULL, s, "4,0, little, dce") == -1); - result &= (DetectBytejumpSetup(NULL, s, "4,0, string, dec, dce") == -1); - result &= (DetectBytejumpSetup(NULL, s, "4,0, string, oct, dce") == -1); - result &= (DetectBytejumpSetup(NULL, s, "4,0, string, hex, dce") == -1); - result &= (DetectBytejumpSetup(NULL, s, "4,0, from_beginning, dce") == -1); - result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL); + FAIL_IF_NULL(s); + + FAIL_IF(DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0); + + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, + "4,0, align, multiplier 2, " + "post_offset -16,dce") == 0); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, + "4,0, multiplier 2, " + "post_offset -16,dce") == 0); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0,post_offset -16,dce") == 0); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0,dce") == 0); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0,dce") == 0); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, dce") == -1); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, big, dce") == -1); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, little, dce") == -1); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, dec, dce") == -1); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, oct, dce") == -1); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, string, hex, dce") == -1); + FAIL_IF_NOT(DetectBytejumpSetup(NULL, s, "4,0, from_beginning, dce") == -1); + + FAIL_IF_NULL(s->init_data->smlists[DETECT_SM_LIST_PMATCH]); + SigMatch *sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id); + FAIL_IF_NOT_NULL(sm); SigFree(NULL, s); - return result; + PASS; } /** @@ -861,103 +860,81 @@ static int DetectBytejumpTestParse09(void) */ static int DetectBytejumpTestParse10(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - DetectBytejumpData *bd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " - "dce_stub_data; " - "content:\"one\"; distance:0; " - "byte_jump:4,0,align,multiplier 2, " - "post_offset -16,relative,dce; sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - s = de_ctx->sig_list; - if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_BYTEJUMP); - bd = (DetectBytejumpData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx; - if (!(bd->flags & DETECT_BYTEJUMP_DCE) && - !(bd->flags & DETECT_BYTEJUMP_RELATIVE) && - (bd->flags & DETECT_BYTEJUMP_STRING) && - (bd->flags & DETECT_BYTEJUMP_BIG) && - (bd->flags & DETECT_BYTEJUMP_LITTLE) ) { - result = 0; - goto end; - } - s->next = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " - "dce_stub_data; " - "content:\"one\"; distance:0; " - "byte_jump:4,0,align,multiplier 2, " - "post_offset -16,relative,dce; sid:1;)"); - if (s->next == NULL) { - result = 0; - goto end; - } - s = s->next; - if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_BYTEJUMP); - bd = (DetectBytejumpData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx; - if (!(bd->flags & DETECT_BYTEJUMP_DCE) && - !(bd->flags & DETECT_BYTEJUMP_RELATIVE) && - (bd->flags & DETECT_BYTEJUMP_STRING) && - (bd->flags & DETECT_BYTEJUMP_BIG) && - (bd->flags & DETECT_BYTEJUMP_LITTLE) ) { - result = 0; + Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " + "(msg:\"Testing bytejump_body\"; " + "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " + "dce_stub_data; " + "content:\"one\"; distance:0; " + "byte_jump:4,0,align,multiplier 2, " + "post_offset -16,relative,dce; sid:1;)"); + FAIL_IF_NULL(s); + SigMatch *sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id); + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + FAIL_IF_NULL(sm->next); + sm = sm->next; + FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP); + + DetectBytejumpData *bd = (DetectBytejumpData *)sm->ctx; + if (!(bd->flags & DETECT_BYTEJUMP_DCE) && !(bd->flags & DETECT_BYTEJUMP_RELATIVE) && + (bd->flags & DETECT_BYTEJUMP_STRING) && (bd->flags & DETECT_BYTEJUMP_BIG) && + (bd->flags & DETECT_BYTEJUMP_LITTLE)) { goto end; } - s->next = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " - "dce_stub_data; " - "content:\"one\"; distance:0; " - "byte_jump:4,0,align,multiplier 2, " - "post_offset -16,relative; sid:1;)"); - if (s->next == NULL) { - result = 0; + s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " + "(msg:\"Testing bytejump_body\"; " + "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " + "dce_stub_data; " + "content:\"one\"; distance:0; " + "byte_jump:4,0,align,multiplier 2, " + "post_offset -16,relative,dce; sid:2;)"); + FAIL_IF_NULL(s); + sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id); + FAIL_IF_NULL(sm); + + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + FAIL_IF_NULL(sm->next); + sm = sm->next; + FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP); + + bd = (DetectBytejumpData *)sm->ctx; + if (!(bd->flags & DETECT_BYTEJUMP_DCE) && !(bd->flags & DETECT_BYTEJUMP_RELATIVE) && + (bd->flags & DETECT_BYTEJUMP_STRING) && (bd->flags & DETECT_BYTEJUMP_BIG) && + (bd->flags & DETECT_BYTEJUMP_LITTLE)) { goto end; } - s = s->next; - if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_BYTEJUMP); - bd = (DetectBytejumpData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx; - if ((bd->flags & DETECT_BYTEJUMP_DCE) && - !(bd->flags & DETECT_BYTEJUMP_RELATIVE) && - (bd->flags & DETECT_BYTEJUMP_STRING) && - (bd->flags & DETECT_BYTEJUMP_BIG) && - (bd->flags & DETECT_BYTEJUMP_LITTLE) ) { - result = 0; + + s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " + "(msg:\"Testing bytejump_body\"; " + "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " + "dce_stub_data; " + "content:\"one\"; distance:0; " + "byte_jump:4,0,align,multiplier 2, " + "post_offset -16,relative; sid:3;)"); + FAIL_IF_NULL(s); + sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id); + FAIL_IF_NULL(sm); + + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + FAIL_IF_NULL(sm->next); + sm = sm->next; + FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP); + + bd = (DetectBytejumpData *)sm->ctx; + if ((bd->flags & DETECT_BYTEJUMP_DCE) && !(bd->flags & DETECT_BYTEJUMP_RELATIVE) && + (bd->flags & DETECT_BYTEJUMP_STRING) && (bd->flags & DETECT_BYTEJUMP_BIG) && + (bd->flags & DETECT_BYTEJUMP_LITTLE)) { goto end; } - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); +end: DetectEngineCtxFree(de_ctx); - - return result; + PASS; } /** @@ -1064,49 +1041,27 @@ static int DetectBytejumpTestParse11(void) */ static int DetectBytejumpTestParse12(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - Signature *s = NULL; - DetectBytejumpData *bd = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(file_data; byte_jump:4,0,align,multiplier 2, " - "post_offset -16,relative; sid:1;)"); - if (de_ctx->sig_list == NULL) { - goto end; - } - s = de_ctx->sig_list; - if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) { - goto end; - } + Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " + "(file_data; byte_jump:4,0,align,multiplier 2, " + "post_offset -16,relative; sid:1;)"); + FAIL_IF_NULL(s); - if (s->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_BYTEJUMP) { - goto end; - } + SigMatch *sm = DetectBufferGetFirstSigMatch(s, g_file_data_buffer_id); + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_BYTEJUMP); - bd = (DetectBytejumpData *)s->sm_lists_tail[g_file_data_buffer_id]->ctx; - if ((bd->flags & DETECT_BYTEJUMP_DCE) && - (bd->flags & DETECT_BYTEJUMP_RELATIVE) && - (bd->flags & DETECT_BYTEJUMP_STRING) && - (bd->flags & DETECT_BYTEJUMP_BIG) && - (bd->flags & DETECT_BYTEJUMP_LITTLE) ) { - result = 0; - goto end; - } + DetectBytejumpData *bd = (DetectBytejumpData *)sm->ctx; + FAIL_IF(bd->flags & DETECT_BYTEJUMP_DCE); + FAIL_IF((bd->flags & + (DETECT_BYTEJUMP_RELATIVE | DETECT_BYTEJUMP_STRING | DETECT_BYTEJUMP_BIG)) == + (DETECT_BYTEJUMP_RELATIVE | DETECT_BYTEJUMP_STRING | DETECT_BYTEJUMP_BIG)); - result = 1; - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); DetectEngineCtxFree(de_ctx); - - return result; + PASS; } static int DetectBytejumpTestParse13(void)