From: Victor Julien Date: Fri, 17 Mar 2023 16:44:57 +0000 (+0100) Subject: detect/http_raw_header: remove obsolete tests X-Git-Tag: suricata-7.0.0-rc2~396 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5994aafe00dcaa4dd491f9f56ba083f3f9d45849;p=thirdparty%2Fsuricata.git detect/http_raw_header: remove obsolete tests --- diff --git a/src/tests/detect-http-raw-header.c b/src/tests/detect-http-raw-header.c index 973a49b056..de716cb35c 100644 --- a/src/tests/detect-http-raw-header.c +++ b/src/tests/detect-http-raw-header.c @@ -3012,159 +3012,6 @@ end: return result; } -/** - * \test Test that a signature containting a http_header is correctly parsed - * and the keyword is registered. - */ -static int DetectHttpRawHeaderTest01(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - SigMatch *sm = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_header\"; flow:to_server; " - "content:\"one\"; http_raw_header; sid:1;)"); - if (de_ctx->sig_list != NULL) { - result = 1; - } else { - printf("Error parsing signature: "); - goto end; - } - - sm = de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id]; - if (sm != NULL) { - result &= (sm->type == DETECT_CONTENT); - result &= (sm->next == NULL); - } else { - result = 0; - printf("Error updating content pattern to http_header pattern: "); - } - - - end: - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test that a signature containing an valid http_header entry is - * parsed. - */ -static int DetectHttpRawHeaderTest02(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_header\"; flow:to_server; " - "content:\"one\"; http_raw_header:; sid:1;)"); - if (de_ctx->sig_list != NULL) - result = 1; - else - printf("Error parsing signature: "); - - end: - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test that an invalid signature containing no content but a http_header - * is invalidated. - */ -static int DetectHttpRawHeaderTest03(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_header\"; flow:to_server; " - "http_raw_header; sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - else - printf("Error parsing signature: "); - - end: - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test that an invalid signature containing a rawbytes along with a - * http_header is invalidated. - */ -static int DetectHttpRawHeaderTest04(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_header\"; flow:to_server; " - "content:\"one\"; rawbytes; http_raw_header; sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - else - printf("Error parsing signature: "); - - end: - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test that an invalid signature containing a rawbytes along with a - * http_header is invalidated. - */ -static int DetectHttpRawHeaderTest05(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_header\"; flow:to_server; " - "content:\"one\"; nocase; http_raw_header; sid:1;)"); - if (de_ctx->sig_list != NULL) - result = 1; - else - printf("Error parsing signature: "); - - end: - DetectEngineCtxFree(de_ctx); - - return result; -} - /** *\test Test that the http_header content matches against a http request * which holds the content. @@ -4026,345 +3873,6 @@ end: return result; } -static int DetectHttpRawHeaderTest20(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; content:\"one\"; http_raw_header; " - "content:\"two\"; distance:0; http_raw_header; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *hrhd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx; - DetectContentData *hrhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx; - if (hrhd1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(hrhd1->content, "one", hrhd1->content_len) != 0 || - hrhd2->flags != DETECT_CONTENT_DISTANCE || - memcmp(hrhd2->content, "two", hrhd1->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderTest21(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; content:\"one\"; http_raw_header; " - "content:\"two\"; within:5; http_raw_header; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *hrhd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx; - DetectContentData *hrhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx; - if (hrhd1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(hrhd1->content, "one", hrhd1->content_len) != 0 || - hrhd2->flags != DETECT_CONTENT_WITHIN || - memcmp(hrhd2->content, "two", hrhd1->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderTest22(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; content:\"one\"; within:5; http_raw_header; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderTest23(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; content:\"one\"; http_raw_header; within:5; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderTest24(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; content:\"one\"; within:5; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderTest25(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; pcre:/one/D; " - "content:\"two\"; within:5; http_raw_header; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id] == NULL || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->type != DETECT_CONTENT || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev == NULL || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->type != DETECT_PCRE) { - - goto end; - } - - DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx; - DetectContentData *hhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx; - if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) || - hhd2->flags != DETECT_CONTENT_WITHIN || - memcmp(hhd2->content, "two", hhd2->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderTest26(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; content:\"two\"; http_raw_header; " - "pcre:/one/DR; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id] == NULL || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->type != DETECT_PCRE || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev == NULL || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->type != DETECT_CONTENT) { - - goto end; - } - - DetectContentData *hhd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx; - DetectPcreData *pd2 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx; - if (pd2->flags != (DETECT_PCRE_RELATIVE) || - hhd1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(hhd1->content, "two", hhd1->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderTest27(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any " - "(flow:to_server; pcre:/one/D; " - "content:\"two\"; distance:5; http_raw_header; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id] == NULL || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->type != DETECT_CONTENT || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev == NULL || - de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->type != DETECT_PCRE) { - - goto end; - } - - DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx; - DetectContentData *hhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx; - if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) || - hhd2->flags != DETECT_CONTENT_DISTANCE || - memcmp(hhd2->content, "two", hhd2->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawHeaderIsdataatParseTest(void) -{ - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, - "alert tcp any any -> any any (" - "flow:to_server; " - "content:\"one\"; http_raw_header; " - "isdataat:!4,relative; sid:1;)"); - FAIL_IF_NULL(s); - - SigMatch *sm = s->init_data->smlists_tail[g_http_raw_header_buffer_id]; - FAIL_IF_NULL(sm); - FAIL_IF_NOT(sm->type == DETECT_ISDATAAT); - - DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx; - FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); - FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED); - FAIL_IF(data->flags & ISDATAAT_RAWBYTES); - - DetectEngineCtxFree(de_ctx); - PASS; -} - void DetectHttpRawHeaderRegisterTests(void) { UtRegisterTest("DetectHttpRawHeaderParserTest01", @@ -4435,11 +3943,6 @@ void DetectHttpRawHeaderRegisterTests(void) UtRegisterTest("DetectEngineHttpRawHeaderTest32", DetectEngineHttpRawHeaderTest32); - UtRegisterTest("DetectHttpRawHeaderTest01", DetectHttpRawHeaderTest01); - UtRegisterTest("DetectHttpRawHeaderTest02", DetectHttpRawHeaderTest02); - UtRegisterTest("DetectHttpRawHeaderTest03", DetectHttpRawHeaderTest03); - UtRegisterTest("DetectHttpRawHeaderTest04", DetectHttpRawHeaderTest04); - UtRegisterTest("DetectHttpRawHeaderTest05", DetectHttpRawHeaderTest05); UtRegisterTest("DetectHttpRawHeaderTest06", DetectHttpRawHeaderTest06); UtRegisterTest("DetectHttpRawHeaderTest07", DetectHttpRawHeaderTest07); UtRegisterTest("DetectHttpRawHeaderTest08", DetectHttpRawHeaderTest08); @@ -4448,20 +3951,6 @@ void DetectHttpRawHeaderRegisterTests(void) UtRegisterTest("DetectHttpRawHeaderTest11", DetectHttpRawHeaderTest11); UtRegisterTest("DetectHttpRawHeaderTest12", DetectHttpRawHeaderTest12); UtRegisterTest("DetectHttpRawHeaderTest13", DetectHttpRawHeaderTest13); - UtRegisterTest("DetectHttpRawHeaderTest20", DetectHttpRawHeaderTest20); - UtRegisterTest("DetectHttpRawHeaderTest21", DetectHttpRawHeaderTest21); - UtRegisterTest("DetectHttpRawHeaderTest22", DetectHttpRawHeaderTest22); - UtRegisterTest("DetectHttpRawHeaderTest23", DetectHttpRawHeaderTest23); - UtRegisterTest("DetectHttpRawHeaderTest24", DetectHttpRawHeaderTest24); - UtRegisterTest("DetectHttpRawHeaderTest25", DetectHttpRawHeaderTest25); - UtRegisterTest("DetectHttpRawHeaderTest26", DetectHttpRawHeaderTest26); - UtRegisterTest("DetectHttpRawHeaderTest27", DetectHttpRawHeaderTest27); - - UtRegisterTest("DetectHttpRawHeaderIsdataatParseTest", - DetectHttpRawHeaderIsdataatParseTest); - - - return; } #endif /* UNITTESTS */