From: Victor Julien Date: Mon, 7 Oct 2013 13:03:43 +0000 (+0200) Subject: Bug 640: add more tests to validate that issue is fixed X-Git-Tag: suricata-2.0beta2~236 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=958938bf0163b6a08f18eb3b05ac265eb499c923;p=thirdparty%2Fsuricata.git Bug 640: add more tests to validate that issue is fixed --- diff --git a/src/detect-http-header.c b/src/detect-http-header.c index 3abbb375cf..3cd26c2ecd 100644 --- a/src/detect-http-header.c +++ b/src/detect-http-header.c @@ -1490,6 +1490,8 @@ int DetectHttpHeaderTest27(void) return result; } +/** \test app-layer-event:http.host_header_ambiguous should not be set + * \bug 640*/ static int DetectHttpHeaderTest28(void) { TcpSession ssn; @@ -1552,6 +1554,172 @@ static int DetectHttpHeaderTest28(void) SigMatchSignatures(&th_v, de_ctx, det_ctx, p); if (PacketAlertCheck(p, 1)) { + printf("sid 1 matched but shouldnt have: "); + goto end; + } + + result = 1; + end: + if (de_ctx != NULL) + SigGroupCleanup(de_ctx); + if (de_ctx != NULL) + SigCleanSignatures(de_ctx); + if (de_ctx != NULL) + DetectEngineCtxFree(de_ctx); + + StreamTcpFreeConfig(TRUE); + FLOW_DESTROY(&f); + UTHFreePackets(&p, 1); + return result; +} + +/** \test app-layer-event:http.host_header_ambiguous should be set + * \bug 640*/ +static int DetectHttpHeaderTest29(void) +{ + TcpSession ssn; + Packet *p = NULL; + ThreadVars th_v; + DetectEngineCtx *de_ctx = NULL; + DetectEngineThreadCtx *det_ctx = NULL; + Flow f; + uint8_t http_buf[] = + "POST http://xxx.intranet.local:8001/xxx HTTP/1.1\r\n" + "User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_29\r\n" + "Host: xxx.intranet.local:8000\r\n" + "\r\n"; + uint32_t http_len = sizeof(http_buf) - 1; + int result = 0; + + memset(&th_v, 0, sizeof(th_v)); + memset(&f, 0, sizeof(f)); + memset(&ssn, 0, sizeof(ssn)); + + p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); + + FLOW_INITIALIZE(&f); + f.protoctx = (void *)&ssn; + f.flags |= FLOW_IPV4; + p->flow = &f; + p->flowflags |= FLOW_PKT_TOSERVER; + p->flowflags |= FLOW_PKT_ESTABLISHED; + p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; + f.alproto = ALPROTO_HTTP; + + StreamTcpInitConfig(TRUE); + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + + de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any " + "(app-layer-event:http.host_header_ambiguous; " + "sid:1;)"); + if (de_ctx->sig_list == NULL) + goto end; + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + SCMutexLock(&f.m); + int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + if (r != 0) { + printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); + result = 0; + SCMutexUnlock(&f.m); + goto end; + } + SCMutexUnlock(&f.m); + + /* do detect */ + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + + if (!(PacketAlertCheck(p, 1))) { + printf("sid 1 didn't match but should have: "); + goto end; + } + + result = 1; + end: + if (de_ctx != NULL) + SigGroupCleanup(de_ctx); + if (de_ctx != NULL) + SigCleanSignatures(de_ctx); + if (de_ctx != NULL) + DetectEngineCtxFree(de_ctx); + + StreamTcpFreeConfig(TRUE); + FLOW_DESTROY(&f); + UTHFreePackets(&p, 1); + return result; +} + +/** \test app-layer-event:http.host_header_ambiguous should be set + * \bug 640*/ +static int DetectHttpHeaderTest30(void) +{ + TcpSession ssn; + Packet *p = NULL; + ThreadVars th_v; + DetectEngineCtx *de_ctx = NULL; + DetectEngineThreadCtx *det_ctx = NULL; + Flow f; + uint8_t http_buf[] = + "POST http://xxx.intranet.local:8000/xxx HTTP/1.1\r\n" + "User-Agent: Mozilla/4.0 (Windows XP 5.1) Java/1.6.0_29\r\n" + "Host: xyz.intranet.local:8000\r\n" + "\r\n"; + uint32_t http_len = sizeof(http_buf) - 1; + int result = 0; + + memset(&th_v, 0, sizeof(th_v)); + memset(&f, 0, sizeof(f)); + memset(&ssn, 0, sizeof(ssn)); + + p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); + + FLOW_INITIALIZE(&f); + f.protoctx = (void *)&ssn; + f.flags |= FLOW_IPV4; + p->flow = &f; + p->flowflags |= FLOW_PKT_TOSERVER; + p->flowflags |= FLOW_PKT_ESTABLISHED; + p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; + f.alproto = ALPROTO_HTTP; + + StreamTcpInitConfig(TRUE); + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + + de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any " + "(app-layer-event:http.host_header_ambiguous; " + "sid:1;)"); + if (de_ctx->sig_list == NULL) + goto end; + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + SCMutexLock(&f.m); + int r = AppLayerParse(NULL, &f, ALPROTO_HTTP, STREAM_TOSERVER, http_buf, http_len); + if (r != 0) { + printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); + result = 0; + SCMutexUnlock(&f.m); + goto end; + } + SCMutexUnlock(&f.m); + + /* do detect */ + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + + if (!(PacketAlertCheck(p, 1))) { printf("sid 1 didn't match but should have: "); goto end; } @@ -1598,6 +1766,8 @@ void DetectHttpHeaderRegisterTests(void) UtRegisterTest("DetectHttpHeaderTest26", DetectHttpHeaderTest26, 1); UtRegisterTest("DetectHttpHeaderTest27", DetectHttpHeaderTest27, 1); UtRegisterTest("DetectHttpHeaderTest28", DetectHttpHeaderTest28, 1); + UtRegisterTest("DetectHttpHeaderTest29", DetectHttpHeaderTest29, 1); + UtRegisterTest("DetectHttpHeaderTest30", DetectHttpHeaderTest30, 1); #endif /* UNITTESTS */ return;