From: Victor Julien Date: Fri, 17 Mar 2023 16:49:24 +0000 (+0100) Subject: detect/http_uri: remove obsolete tests; clean up X-Git-Tag: suricata-7.0.0-rc2~391 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7377ebc369e5f718ab1d88ae7204cd564a923532;p=thirdparty%2Fsuricata.git detect/http_uri: remove obsolete tests; clean up --- diff --git a/src/tests/detect-http-uri.c b/src/tests/detect-http-uri.c index 1664142986..f167be46cf 100644 --- a/src/tests/detect-http-uri.c +++ b/src/tests/detect-http-uri.c @@ -3660,875 +3660,28 @@ end: return result; } -/** - * \test Checks if a http_uri is registered in a Signature, if content is not - * specified in the signature - */ -static int DetectHttpUriTest01(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_uri\"; http_uri;sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - -end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_uri is registered in a Signature, if some parameter - * is specified with http_uri in the signature - */ -static int DetectHttpUriTest02(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_uri\"; content:\"one\"; " - "http_cookie:wrong; sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - -end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_uri is registered in a Signature - */ -static int DetectHttpUriTest03(void) -{ - SigMatch *sm = NULL; - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_uri\"; content:\"one\"; " - "http_uri; content:\"two\"; http_uri; " - "content:\"three\"; http_uri; " - "sid:1;)"); - - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - sm = de_ctx->sig_list->sm_lists[g_http_uri_buffer_id]; - if (sm == NULL) { - printf("no sigmatch(es): "); - goto end; - } - - while (sm != NULL) { - if (sm->type == DETECT_CONTENT) { - result = 1; - } else { - printf("expected DETECT_AL_HTTP_URI, got %d: ", sm->type); - goto end; - } - sm = sm->next; - } - -end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_uri is registered in a Signature, when rawbytes is - * also specified in the signature - */ -static int DetectHttpUriTest04(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_uri\"; content:\"one\"; " - "rawbytes; http_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - - end: - if (de_ctx != NULL) SigCleanSignatures(de_ctx); - if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_uri is successfully converted to a uricontent - * - */ -static int DetectHttpUriTest05(void) -{ - DetectEngineCtx *de_ctx = NULL; - Signature *s = NULL; - int result = 0; - - if ((de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - s = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_uri\"; " - "content:\"we are testing http_uri keyword\"; " - "http_uri; sid:1;)"); - if (s == NULL) { - printf("sig failed to parse\n"); - goto end; - } - if (s->sm_lists[g_http_uri_buffer_id] == NULL) - goto end; - if (s->sm_lists[g_http_uri_buffer_id]->type != DETECT_CONTENT) { - printf("wrong type\n"); - goto end; - } - - const char *str = "we are testing http_uri keyword"; - int uricomp = memcmp((const char *)((DetectContentData*) s->sm_lists[g_http_uri_buffer_id]->ctx)->content, str, strlen(str)-1); - int urilen = ((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->content_len; - if (uricomp != 0 || - urilen != strlen("we are testing http_uri keyword")) { - printf("sig failed to parse, content not setup properly\n"); - goto end; - } - result = 1; - -end: - if (de_ctx != NULL) SigCleanSignatures(de_ctx); - if (de_ctx != NULL) SigGroupCleanup(de_ctx); - return result; -} - -static int DetectHttpUriTest12(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_uri; " - "content:\"two\"; distance:0; http_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *ud1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_DISTANCE || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpUriTest13(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_uri; " - "content:\"two\"; within:5; http_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *ud1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_WITHIN || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpUriTest14(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; within:5; http_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpUriTest15(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_uri; within:5; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *cd = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx; - if (memcmp(cd->content, "one", cd->content_len) != 0 || - cd->flags != DETECT_CONTENT_WITHIN) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpUriTest16(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; within:5; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpUriTest17(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(uricontent:\"one\"; " - "content:\"two\"; distance:0; http_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *ud1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_DISTANCE || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpUriTest18(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(uricontent:\"one\"; " - "content:\"two\"; within:5; http_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *ud1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_WITHIN || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - goto end; - } - - result = 1; - - end: - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpUriIsdataatParseTest(void) -{ - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, - "alert tcp any any -> any any (" - "content:\"one\"; http_uri; " - "isdataat:!4,relative; sid:1;)"); - FAIL_IF_NULL(s); - - SigMatch *sm = s->init_data->smlists_tail[g_http_uri_buffer_id]; - FAIL_IF_NULL(sm); - FAIL_IF_NOT(sm->type == DETECT_ISDATAAT); - - DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx; - FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); - FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED); - FAIL_IF(data->flags & ISDATAAT_RAWBYTES); - - DetectEngineCtxFree(de_ctx); - PASS; -} - -/** - * \test Checks if a http_raw_uri is registered in a Signature, if content is not - * specified in the signature. - */ -static int DetectHttpRawUriTest01(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_raw_uri\"; http_raw_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - -end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_raw_uri is registered in a Signature, if some parameter - * is specified with http_raw_uri in the signature. - */ -static int DetectHttpRawUriTest02(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_raw_uri\"; content:\"one\"; " - "http_raw_uri:wrong; sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - -end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_raw_uri is registered in a Signature. - */ -static int DetectHttpRawUriTest03(void) -{ - SigMatch *sm = NULL; - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_raw_uri\"; " - "content:\"one\"; http_raw_uri; " - "content:\"two\"; http_raw_uri; " - "content:\"three\"; http_raw_uri; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - sm = de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id]; - if (sm == NULL) { - printf("no sigmatch(es): "); - goto end; - } - - while (sm != NULL) { - if (sm->type == DETECT_CONTENT) { - result = 1; - } else { - printf("expected DETECT_CONTENT for http_raw_uri(%d), got %d: ", - DETECT_CONTENT, sm->type); - goto end; - } - sm = sm->next; - } - -end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_raw_uri is registered in a Signature, when rawbytes is - * also specified in the signature. - */ -static int DetectHttpRawUriTest04(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_raw_uri\"; " - "content:\"one\"; rawbytes; http_raw_uri; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) - result = 1; - - end: - if (de_ctx != NULL) - DetectEngineCtxFree(de_ctx); - return result; -} - -/** - * \test Checks if a http_raw_uri is successfully converted to a rawuricontent. - * - */ -static int DetectHttpRawUriTest05(void) -{ - DetectEngineCtx *de_ctx = NULL; - Signature *s = NULL; - int result = 0; - - if ((de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - s = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing http_raw_uri\"; " - "content:\"we are testing http_raw_uri keyword\"; http_raw_uri; " - "sid:1;)"); - if (s == NULL) { - printf("sig failed to parse\n"); - goto end; - } - if (s->sm_lists[g_http_raw_uri_buffer_id] == NULL) - goto end; - if (s->sm_lists[g_http_raw_uri_buffer_id]->type != DETECT_CONTENT) { - printf("wrong type\n"); - goto end; - } - - const char *str = "we are testing http_raw_uri keyword"; - int uricomp = memcmp((const char *) - ((DetectContentData*)s->sm_lists[g_http_raw_uri_buffer_id]->ctx)->content, - str, - strlen(str) - 1); - int urilen = ((DetectContentData*)s->sm_lists_tail[g_http_raw_uri_buffer_id]->ctx)->content_len; - if (uricomp != 0 || - urilen != strlen("we are testing http_raw_uri keyword")) { - printf("sig failed to parse, content not setup properly\n"); - goto end; - } - result = 1; - -end: - if (de_ctx != NULL) - SigGroupCleanup(de_ctx); - return result; -} - -static int DetectHttpRawUriTest12(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_raw_uri; " - "content:\"two\"; distance:0; http_raw_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *ud1 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_DISTANCE || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - /* inside body */ - goto end; - } - - result = 1; - - end: - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawUriTest13(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_raw_uri; " - "content:\"two\"; within:5; http_raw_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *ud1 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_WITHIN || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - /* inside the body */ - goto end; - } - - result = 1; - - end: - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawUriTest14(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; within:5; http_raw_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawUriTest15(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_raw_uri; within:5; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawUriTest16(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; within:5; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - result = 1; - - end: - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawUriTest17(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_raw_uri; " - "content:\"two\"; distance:0; http_raw_uri; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL\n"); - goto end; - } - - DetectContentData *ud1 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_DISTANCE || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - /* inside body */ - goto end; - } - - result = 1; - - end: - DetectEngineCtxFree(de_ctx); - return result; -} - -static int DetectHttpRawUriTest18(void) +static int DetectHttpUriIsdataatParseTest(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - if ( (de_ctx = DetectEngineCtxInit()) == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " - "(content:\"one\"; http_raw_uri; " - "content:\"two\"; within:5; http_raw_uri; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("de_ctx->sig_list == NULL\n"); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n"); - goto end; - } - if (de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL) { - printf("de_ctx->sig_list->sm_lists[g_http_raw_uri_buffer_id] == NULL\n"); - goto end; - } + Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (" + "content:\"one\"; http_uri; " + "isdataat:!4,relative; sid:1;)"); + FAIL_IF_NULL(s); - DetectContentData *ud1 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->prev->ctx; - DetectContentData *ud2 = - (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_uri_buffer_id]->ctx; - if (ud1->flags != DETECT_CONTENT_RELATIVE_NEXT || - memcmp(ud1->content, "one", ud1->content_len) != 0 || - ud2->flags != DETECT_CONTENT_WITHIN || - memcmp(ud2->content, "two", ud1->content_len) != 0) { - /* inside body */ - goto end; - } + SigMatch *sm = DetectBufferGetLastSigMatch(s, g_http_uri_buffer_id); + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_ISDATAAT); - result = 1; + DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx; + FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); + FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED); + FAIL_IF(data->flags & ISDATAAT_RAWBYTES); - end: DetectEngineCtxFree(de_ctx); - return result; + PASS; } static int DetectEngineHttpRawUriTest01(void) @@ -7709,35 +6862,9 @@ static void DetectHttpUriRegisterTests (void) UtRegisterTest("UriTestSig37", UriTestSig37); UtRegisterTest("UriTestSig38", UriTestSig38); - UtRegisterTest("DetectHttpUriTest01", DetectHttpUriTest01); - UtRegisterTest("DetectHttpUriTest02", DetectHttpUriTest02); - UtRegisterTest("DetectHttpUriTest03", DetectHttpUriTest03); - UtRegisterTest("DetectHttpUriTest04", DetectHttpUriTest04); - UtRegisterTest("DetectHttpUriTest05", DetectHttpUriTest05); - UtRegisterTest("DetectHttpUriTest12", DetectHttpUriTest12); - UtRegisterTest("DetectHttpUriTest13", DetectHttpUriTest13); - UtRegisterTest("DetectHttpUriTest14", DetectHttpUriTest14); - UtRegisterTest("DetectHttpUriTest15", DetectHttpUriTest15); - UtRegisterTest("DetectHttpUriTest16", DetectHttpUriTest16); - UtRegisterTest("DetectHttpUriTest17", DetectHttpUriTest17); - UtRegisterTest("DetectHttpUriTest18", DetectHttpUriTest18); - UtRegisterTest("DetectHttpUriIsdataatParseTest", DetectHttpUriIsdataatParseTest); - UtRegisterTest("DetectHttpRawUriTest01", DetectHttpRawUriTest01); - UtRegisterTest("DetectHttpRawUriTest02", DetectHttpRawUriTest02); - UtRegisterTest("DetectHttpRawUriTest03", DetectHttpRawUriTest03); - UtRegisterTest("DetectHttpRawUriTest04", DetectHttpRawUriTest04); - UtRegisterTest("DetectHttpRawUriTest05", DetectHttpRawUriTest05); - UtRegisterTest("DetectHttpRawUriTest12", DetectHttpRawUriTest12); - UtRegisterTest("DetectHttpRawUriTest13", DetectHttpRawUriTest13); - UtRegisterTest("DetectHttpRawUriTest14", DetectHttpRawUriTest14); - UtRegisterTest("DetectHttpRawUriTest15", DetectHttpRawUriTest15); - UtRegisterTest("DetectHttpRawUriTest16", DetectHttpRawUriTest16); - UtRegisterTest("DetectHttpRawUriTest17", DetectHttpRawUriTest17); - UtRegisterTest("DetectHttpRawUriTest18", DetectHttpRawUriTest18); - UtRegisterTest("DetectEngineHttpRawUriTest01", DetectEngineHttpRawUriTest01); UtRegisterTest("DetectEngineHttpRawUriTest02",