From: Victor Julien <victor@inliniac.net>
Date: Mon, 15 Feb 2021 08:50:03 +0000 (+0100)
Subject: detect/content: add some more dsize tests
X-Git-Tag: suricata-7.0.0-beta1~1492
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84872ecc54f40f90a803eb514c8d62f563f75c31;p=thirdparty%2Fsuricata.git

detect/content: add some more dsize tests
---

diff --git a/src/detect-content.c b/src/detect-content.c
index 695b122c64..89dddc4711 100644
--- a/src/detect-content.c
+++ b/src/detect-content.c
@@ -652,20 +652,21 @@ static bool TestLastContent(const Signature *s, uint16_t o, uint16_t d)
     return true;
 }
 
-#define TEST_RUN(sig, o, d)                                                                 \
-{                                                                                           \
-    SCLogDebug("TEST_RUN start: '%s'", (sig));                                              \
-    DetectEngineCtx *de_ctx = DetectEngineCtxInit();                                        \
-    FAIL_IF_NULL(de_ctx);                                                                   \
-    char rule[2048];                                                                        \
-    snprintf(rule, sizeof(rule), "alert tcp any any -> any any (%s sid:1; rev:1;)", (sig)); \
-    Signature *s = DetectEngineAppendSig(de_ctx, rule);                                     \
-    FAIL_IF_NULL(s);                                                                        \
-    SigAddressPrepareStage1(de_ctx);                                                        \
-    bool res = TestLastContent(s, (o), (d));                                                \
-    FAIL_IF(res == false);                                                                  \
-    DetectEngineCtxFree(de_ctx);                                                            \
-}
+#define TEST_RUN(sig, o, d)                                                                        \
+    {                                                                                              \
+        SCLogDebug("TEST_RUN start: '%s'", (sig));                                                 \
+        DetectEngineCtx *de_ctx = DetectEngineCtxInit();                                           \
+        FAIL_IF_NULL(de_ctx);                                                                      \
+        de_ctx->flags |= DE_QUIET;                                                                 \
+        char rule[2048];                                                                           \
+        snprintf(rule, sizeof(rule), "alert tcp any any -> any any (%s sid:1; rev:1;)", (sig));    \
+        Signature *s = DetectEngineAppendSig(de_ctx, rule);                                        \
+        FAIL_IF_NULL(s);                                                                           \
+        SigAddressPrepareStage1(de_ctx);                                                           \
+        bool res = TestLastContent(s, (o), (d));                                                   \
+        FAIL_IF(res == false);                                                                     \
+        DetectEngineCtxFree(de_ctx);                                                               \
+    }
 
 #define TEST_DONE \
     PASS
@@ -677,6 +678,8 @@ static int DetectContentDepthTest01(void)
     TEST_RUN("content:\"abc\"; offset:1; depth:3;", 1, 4);
     // dsize applied as depth
     TEST_RUN("dsize:10; content:\"abc\";", 0, 10);
+    TEST_RUN("dsize:<10; content:\"abc\";", 0, 10);
+    TEST_RUN("dsize:5<>10; content:\"abc\";", 0, 10);
 
     // relative match, directly following anchored content
     TEST_RUN("content:\"abc\"; depth:3; content:\"xyz\"; distance:0; within:3; ", 3, 6);