From: Modupe Falodun Date: Mon, 7 Feb 2022 21:50:37 +0000 (+0100) Subject: detect-bytetest: remove unittests X-Git-Tag: suricata-7.0.0-beta1~916 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=786cf41599fba8fb8aad91eabd95bebd8d2b02bc;p=thirdparty%2Fsuricata.git detect-bytetest: remove unittests These tests are reimplemented as Suricata-Verify Task: 4911 --- diff --git a/src/detect-bytetest.c b/src/detect-bytetest.c index 7f1275fde7..e84822d4e2 100644 --- a/src/detect-bytetest.c +++ b/src/detect-bytetest.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2020 Open Information Security Foundation +/* Copyright (C) 2007-2022 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -1423,260 +1423,6 @@ static int DetectBytetestTestParse24(void) PASS; } - -/** - * \test DetectByteTestTestPacket01 is a test to check matches of - * byte_test and byte_test relative works if the previous keyword is pcre - * (bug 142) - */ -static int DetectByteTestTestPacket01 (void) -{ - int result = 0; - uint8_t *buf = (uint8_t *)"GET /AllWorkAndNoPlayMakesWillADullBoy HTTP/1.0" - "User-Agent: Wget/1.11.4" - "Accept: */*" - "Host: www.google.com" - "Connection: Keep-Alive" - "Date: Mon, 04 Jan 2010 17:29:39 GMT"; - uint16_t buflen = strlen((char *)buf); - Packet *p; - p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP); - - if (p == NULL) - goto end; - - char sig[] = "alert tcp any any -> any any (msg:\"pcre + byte_test + " - "relative\"; pcre:\"/AllWorkAndNoPlayMakesWillADullBoy/\"; byte_test:1,=,1" - ",6,relative,string,dec; sid:126; rev:1;)"; - - result = UTHPacketMatchSig(p, sig); - - UTHFreePacket(p); -end: - return result; -} - -/** - * \test DetectByteTestTestPacket02 is a test to check matches of - * byte_test and byte_test relative works if the previous keyword is byte_jump - * (bug 158) - */ -static int DetectByteTestTestPacket02 (void) -{ - int result = 0; - uint8_t *buf = (uint8_t *)"GET /AllWorkAndNoPlayMakesWillADullBoy HTTP/1.0" - "User-Agent: Wget/1.11.4" - "Accept: */*" - "Host: www.google.com" - "Connection: Keep-Alive" - "Date: Mon, 04 Jan 2010 17:29:39 GMT"; - uint16_t buflen = strlen((char *)buf); - Packet *p; - p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP); - - if (p == NULL) - goto end; - - char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test + " - "relative\"; byte_jump:1,44,string,dec; byte_test:1,=,0,0,relative,string," - "dec; sid:777; rev:1;)"; - - result = UTHPacketMatchSig(p, sig); - - UTHFreePacket(p); -end: - return result; -} - -static int DetectByteTestTestPacket03(void) -{ - int result = 0; - uint8_t *buf = NULL; - uint16_t buflen = 0; - buf = SCMalloc(4); - if (unlikely(buf == NULL)) { - printf("malloc failed\n"); - exit(EXIT_FAILURE); - } - memcpy(buf, "boom", 4); - buflen = 4; - - Packet *p; - p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP); - - if (p == NULL) - goto end; - - char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test\"; " - "byte_test:1,=,65,214748364; sid:1; rev:1;)"; - - result = !UTHPacketMatchSig(p, sig); - - UTHFreePacket(p); - -end: - SCFree(buf); - return result; -} - -/** \test Test the byte_test signature matching with operator <= */ -static int DetectByteTestTestPacket04(void) -{ - int result = 0; - uint8_t *buf = (uint8_t *)"GET /AllWorkAndNoPlayMakesWillADullBoy HTTP/1.0" - "User-Agent: Wget/1.11.4" - "Accept: */*" - "Host: www.google.com" - "Connection: Keep-Alive" - "Date: Mon, 04 Jan 2010 17:29:39 GMT"; - uint16_t buflen = strlen((char *)buf); - - Packet *p; - p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP); - - if (p == NULL) - goto end; - - char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test +" - "relative\"; content:\"GET \"; depth:4; content:\"HTTP/1.\"; " - "byte_test:1,<=,0,0,relative,string,dec; sid:124; rev:1;)"; - - result = UTHPacketMatchSig(p, sig); - - UTHFreePacket(p); - -end: - return result; -} - -/** \test Test the byte_test signature matching with operator >= */ -static int DetectByteTestTestPacket05(void) -{ - int result = 0; - uint8_t *buf = (uint8_t *)"GET /AllWorkAndNoPlayMakesWillADullBoy HTTP/1.0" - "User-Agent: Wget/1.11.4" - "Accept: */*" - "Host: www.google.com" - "Connection: Keep-Alive" - "Date: Mon, 04 Jan 2010 17:29:39 GMT"; - uint16_t buflen = strlen((char *)buf); - - Packet *p; - p = UTHBuildPacket((uint8_t *)buf, buflen, IPPROTO_TCP); - - if (p == NULL) - goto end; - - char sig[] = "alert tcp any any -> any any (msg:\"content + byte_test +" - "relative\"; content:\"GET \"; depth:4; content:\"HTTP/1.\"; " - "byte_test:1,>=,0,0,relative,string,dec; sid:125; rev:1;)"; - - result = UTHPacketMatchSig(p, sig); - - UTHFreePacket(p); - -end: - return result; -} -/** \test simple dns match on first byte */ -static int DetectByteTestTestPacket06(void) -{ - uint8_t buf[] = { 0x38, 0x35, 0x01, 0x00, 0x00, 0x01, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x001, 0x00, 0x01, 0x00,}; - Flow f; - Packet *p = NULL; - Signature *s = NULL; - ThreadVars tv; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - FAIL_IF_NULL(alp_tctx); - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - - p = UTHBuildPacketReal(buf, sizeof(buf), IPPROTO_UDP, - "192.168.1.5", "192.168.1.1", - 41424, 53); - - FLOW_INITIALIZE(&f); - f.flags |= FLOW_IPV4; - f.proto = IPPROTO_UDP; - f.protomap = FlowGetProtoMapping(f.proto); - - p->flow = &f; - p->flags |= PKT_HAS_FLOW; - p->flowflags |= FLOW_PKT_TOSERVER; - f.alproto = ALPROTO_DNS; - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->mpm_matcher = mpm_default_matcher; - de_ctx->flags |= DE_QUIET; - - /* - * Check first byte - * (0x38 & 0xF8) --> 0x38 - * 0x38 >> 3 --> 0x7 - * 0x7 = 0x07 - */ - /* this rule should alert */ - s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " - "(msg:\"Byte test against first byte\"; " - "byte_test:1,=,0x07,0,bitmask 0xF8;" - "sid:1;)"); - FAIL_IF_NULL(s); - - /* this rule should not alert */ - s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " - "(msg:\"Test dns_query option\"; " - "byte_test:1,=,0x07,0,bitmask 0xFF;" - "sid:2;)"); - FAIL_IF_NULL(s); - - /* - * Check 3rd byte - * (0x01 & 0xFF) --> 0x01 - * 0x01 >> 0 --> 0x1 - * 0x1 = 0x01 - */ - /* this rule should alert */ - s = DetectEngineAppendSig(de_ctx, "alert dns any any -> any any " - "(msg:\"Test dns_query option\"; " - "byte_test:3,=,0x01,0,bitmask 0xFF;" - "sid:3;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - FAIL_IF_NULL(det_ctx); - - FAIL_IF_NOT(0 == AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_DNS, - STREAM_TOSERVER, buf, sizeof(buf))); - - FAIL_IF_NULL(f.alstate); - - /* do detect */ - SigMatchSignatures(&tv, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - FAIL_IF(PacketAlertCheck(p, 2)); - - FAIL_IF_NOT(PacketAlertCheck(p, 3)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&tv, det_ctx); - SigGroupCleanup(de_ctx); - DetectEngineCtxFree(de_ctx); - - FLOW_DESTROY(&f); - UTHFreePacket(p); - PASS; -} - /** * \brief this function registers unit tests for DetectBytetest */ @@ -1709,12 +1455,5 @@ static void DetectBytetestRegisterTests(void) UtRegisterTest("DetectBytetestTestParse22", DetectBytetestTestParse22); UtRegisterTest("DetectBytetestTestParse23", DetectBytetestTestParse23); UtRegisterTest("DetectBytetestTestParse24", DetectBytetestTestParse24); - - UtRegisterTest("DetectByteTestTestPacket01", DetectByteTestTestPacket01); - UtRegisterTest("DetectByteTestTestPacket02", DetectByteTestTestPacket02); - UtRegisterTest("DetectByteTestTestPacket03", DetectByteTestTestPacket03); - UtRegisterTest("DetectByteTestTestPacket04", DetectByteTestTestPacket04); - UtRegisterTest("DetectByteTestTestPacket05", DetectByteTestTestPacket05); - UtRegisterTest("DetectByteTestTestPacket06", DetectByteTestTestPacket06); } #endif /* UNITTESTS */