From: Eileen Donlon Date: Mon, 13 Feb 2012 15:45:29 +0000 (-0500) Subject: fix invalid unittests with mixed content modifiers X-Git-Tag: suricata-1.3beta1~126 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b2bd9280a945f98353da8daa342d648d3eeb814;p=thirdparty%2Fsuricata.git fix invalid unittests with mixed content modifiers Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers. --- diff --git a/src/detect-byte-extract.c b/src/detect-byte-extract.c index a47c08aebb..8dd0bfa13a 100644 --- a/src/detect-byte-extract.c +++ b/src/detect-byte-extract.c @@ -3743,13 +3743,13 @@ int DetectByteExtractTest55(void) de_ctx->flags |= DE_QUIET; s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " + "(msg:\"Testing byte_extract\"; " "content:\"one\"; " "byte_extract:4,0,two,string,hex; " "byte_extract:4,0,three,string,hex; " "byte_extract:4,0,four,string,hex; " "byte_extract:4,0,five,string,hex; " - "content: \"four\"; within:two; distance:three; offset:four; depth:five; " + "content: \"four\"; within:two; distance:three; " "sid:1;)"); if (de_ctx->sig_list == NULL) { result = 0; @@ -3830,17 +3830,11 @@ int DetectByteExtractTest55(void) cd = (DetectContentData *)sm->ctx; if (strncmp((char *)cd->content, "four", cd->content_len) != 0 || cd->flags != (DETECT_CONTENT_DISTANCE_BE | - DETECT_CONTENT_DEPTH_BE | - DETECT_CONTENT_OFFSET_BE | DETECT_CONTENT_WITHIN_BE | DETECT_CONTENT_DISTANCE | - DETECT_CONTENT_DEPTH | - DETECT_CONTENT_OFFSET | DETECT_CONTENT_WITHIN) || cd->within != bed1->local_id || - cd->distance != bed2->local_id || - cd->offset != bed3->local_id || - cd->depth != bed4->local_id) { + cd->distance != bed2->local_id) { printf("four failed\n"); result = 0; goto end; @@ -3885,7 +3879,7 @@ int DetectByteExtractTest56(void) "byte_extract:4,0,three,string,hex; " "byte_extract:4,0,four,string,hex; " "byte_extract:4,0,five,string,hex; " - "content: \"four\"; within:two; distance:three; offset:four; depth:five; " + "content: \"four\"; within:two; distance:three; " "sid:1;)"); if (de_ctx->sig_list == NULL) { result = 0; @@ -3988,17 +3982,11 @@ int DetectByteExtractTest56(void) cd = (DetectContentData *)sm->ctx; if (strncmp((char *)cd->content, "four", cd->content_len) != 0 || cd->flags != (DETECT_CONTENT_DISTANCE_BE | - DETECT_CONTENT_DEPTH_BE | - DETECT_CONTENT_OFFSET_BE | DETECT_CONTENT_WITHIN_BE | DETECT_CONTENT_DISTANCE | - DETECT_CONTENT_DEPTH | - DETECT_CONTENT_OFFSET | DETECT_CONTENT_WITHIN) || cd->within != bed1->local_id || - cd->distance != bed2->local_id || - cd->offset != bed3->local_id || - cd->depth != bed4->local_id) { + cd->distance != bed2->local_id ) { printf("four failed\n"); result = 0; goto end; @@ -4043,7 +4031,7 @@ int DetectByteExtractTest57(void) "byte_extract:4,0,three,string,hex,relative; " "byte_extract:4,0,four,string,hex,relative; " "byte_extract:4,0,five,string,hex,relative; " - "uricontent: \"four\"; within:two; distance:three; offset:four; depth:five; " + "uricontent: \"four\"; within:two; distance:three; " "sid:1;)"); if (de_ctx->sig_list == NULL) { result = 0; @@ -4159,17 +4147,11 @@ int DetectByteExtractTest57(void) cd = (DetectContentData *)sm->ctx; if (strncmp((char *)cd->content, "four", cd->content_len) != 0 || cd->flags != (DETECT_CONTENT_DISTANCE_BE | - DETECT_CONTENT_DEPTH_BE | - DETECT_CONTENT_OFFSET_BE | DETECT_CONTENT_WITHIN_BE | DETECT_CONTENT_DISTANCE | - DETECT_CONTENT_DEPTH | - DETECT_CONTENT_OFFSET | DETECT_CONTENT_WITHIN) || cd->within != bed1->local_id || - cd->distance != bed2->local_id || - cd->offset != bed3->local_id || - cd->depth != bed4->local_id) { + cd->distance != bed2->local_id) { printf("four failed\n"); result = 0; goto end; diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index 63c3ec238e..f4f8dec6d0 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -7272,99 +7272,6 @@ end: return result; } -/** - * \test Test the working of consecutive relative matches with offset. - */ -int DcePayloadTest24(void) -{ - int result = 0; - - uint8_t request1[] = { - 0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00, - 0x68, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, - 0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0x00, - 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, /* " " */ - 0x20, 0x74, 0x68, 0x75, 0x73, 0x20, 0x74, 0x68, /* " thus th" */ - 0x75, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, /* "us is a " */ - 0x62, 0x69, 0x67 }; /* "big" */ - uint32_t request1_len = sizeof(request1); - - TcpSession ssn; - Packet *p = NULL; - ThreadVars tv; - DetectEngineCtx *de_ctx = NULL; - DetectEngineThreadCtx *det_ctx = NULL; - Flow f; - int r; - - char *sig1 = "alert tcp any any -> any any " - "(msg:\"testing dce consecutive relative matches\"; dce_stub_data; " - "content:\"thus\"; distance:0; offset:8; content:\"is\"; within:6; " - "content:\"big\"; within:8; sid:1;)"; - - Signature *s; - - memset(&tv, 0, sizeof(ThreadVars)); - memset(&f, 0, sizeof(Flow)); - memset(&ssn, 0, sizeof(TcpSession)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - p->flow = &f; - p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.flags |= FLOW_IPV4; - f.alproto = ALPROTO_DCERPC; - - StreamTcpInitConfig(TRUE); - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - de_ctx->flags |= DE_QUIET; - - de_ctx->sig_list = SigInit(de_ctx, sig1); - s = de_ctx->sig_list; - if (s == NULL) - goto end; - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); - - /* request 1 */ - r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len); - if (r != 0) { - printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r); - result = 0; - goto end; - } - /* detection phase */ - SigMatchSignatures(&tv, de_ctx, det_ctx, p); - if (!(PacketAlertCheck(p, 1))) { - printf("sid 1 didn't match but should have for packet: "); - goto end; - } - - result = 1; - -end: - if (de_ctx != NULL) { - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - - DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - } - - StreamTcpFreeConfig(TRUE); - - UTHFreePackets(&p, 1); - return result; -} - /** * \test Test content for dce sig. */ @@ -10030,7 +9937,6 @@ void DcePayloadRegisterTests(void) UtRegisterTest("DcePayloadTest21", DcePayloadTest21, 1); UtRegisterTest("DcePayloadTest22", DcePayloadTest22, 1); UtRegisterTest("DcePayloadTest23", DcePayloadTest23, 1); - UtRegisterTest("DcePayloadTest24", DcePayloadTest24, 1); UtRegisterTest("DcePayloadParseTest25", DcePayloadParseTest25, 1); UtRegisterTest("DcePayloadParseTest26", DcePayloadParseTest26, 1); diff --git a/src/detect-http-client-body.c b/src/detect-http-client-body.c index 9593a53f4b..187e2d84e1 100644 --- a/src/detect-http-client-body.c +++ b/src/detect-http-client-body.c @@ -2124,7 +2124,7 @@ int DetectHttpClientBodyTest26(void) de_ctx->flags |= DE_QUIET; de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " "(content:\"one\"; offset:10; http_client_body; pcre:/two/; " - "content:\"three\"; distance:10; http_client_body; depth:10; " + "content:\"three\"; distance:10; http_client_body; within:10; " "content:\"four\"; distance:10; sid:1;)"); if (de_ctx->sig_list == NULL) { printf("de_ctx->sig_list == NULL\n"); @@ -2150,8 +2150,9 @@ int DetectHttpClientBodyTest26(void) memcmp(cd2->content, "four", cd2->content_len) != 0 || hcbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET) || memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 || - hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_DEPTH) || + hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) || memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) { + printf ("failed: http_client_body incorrect flags"); goto end; } @@ -2180,7 +2181,7 @@ int DetectHttpClientBodyTest27(void) de_ctx->flags |= DE_QUIET; de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " "(content:\"one\"; offset:10; http_client_body; pcre:/two/; distance:10; " - "content:\"three\"; distance:10; http_client_body; depth:10; " + "content:\"three\"; distance:10; http_client_body; within:10; " "content:\"four\"; distance:10; sid:1;)"); if (de_ctx->sig_list == NULL) { printf("de_ctx->sig_list == NULL\n"); diff --git a/src/detect-http-server-body.c b/src/detect-http-server-body.c index 6a5682811b..39592c99cb 100644 --- a/src/detect-http-server-body.c +++ b/src/detect-http-server-body.c @@ -2164,7 +2164,7 @@ int DetectHttpServerBodyTest26(void) de_ctx->flags |= DE_QUIET; de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " "(content:\"one\"; offset:10; http_server_body; pcre:/two/; " - "content:\"three\"; distance:10; http_server_body; depth:10; " + "content:\"three\"; distance:10; http_server_body; within:10; " "content:\"four\"; distance:10; sid:1;)"); if (de_ctx->sig_list == NULL) { printf("de_ctx->sig_list == NULL\n"); @@ -2190,7 +2190,7 @@ int DetectHttpServerBodyTest26(void) memcmp(cd2->content, "four", cd2->content_len) != 0 || hsbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET) || memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 || - hsbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_DEPTH) || + hsbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) || memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) { goto end; }