From: Victor Julien Date: Sun, 16 Oct 2016 09:02:50 +0000 (+0200) Subject: detect: dce test fixes and improvements X-Git-Tag: suricata-4.0.0-beta1~400 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=debc1a6334bdd9f37ccd043b6e3fe57b9c549d5d;p=thirdparty%2Fsuricata.git detect: dce test fixes and improvements --- diff --git a/src/detect-dce-opnum.c b/src/detect-dce-opnum.c index 064cc95639..75b291a4d3 100644 --- a/src/detect-dce-opnum.c +++ b/src/detect-dce-opnum.c @@ -354,8 +354,6 @@ static int DetectDceOpnumTestParse01(void) Signature *s = SigAlloc(); int result = 0; - memset(s, 0, sizeof(Signature)); - result = (DetectDceOpnumSetup(NULL, s, "12") == 0); result &= (DetectDceOpnumSetup(NULL, s, "12,24") == 0); result &= (DetectDceOpnumSetup(NULL, s, "12,12-24") == 0); @@ -380,8 +378,6 @@ static int DetectDceOpnumTestParse02(void) DetectDceOpnumRange *dor = NULL; SigMatch *temp = NULL; - memset(s, 0, sizeof(Signature)); - result = (DetectDceOpnumSetup(NULL, s, "12") == 0); if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) { @@ -409,8 +405,6 @@ static int DetectDceOpnumTestParse03(void) DetectDceOpnumRange *dor = NULL; SigMatch *temp = NULL; - memset(s, 0, sizeof(Signature)); - result = (DetectDceOpnumSetup(NULL, s, "12-24") == 0); if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) { @@ -438,8 +432,6 @@ static int DetectDceOpnumTestParse04(void) DetectDceOpnumRange *dor = NULL; SigMatch *temp = NULL; - memset(s, 0, sizeof(Signature)); - result = (DetectDceOpnumSetup(NULL, s, "12-24,24,62-72,623-635,62,25,213-235") == 0); if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) { @@ -504,8 +496,6 @@ static int DetectDceOpnumTestParse05(void) DetectDceOpnumRange *dor = NULL; SigMatch *temp = NULL; - memset(s, 0, sizeof(Signature)); - result = (DetectDceOpnumSetup(NULL, s, "1,2,3,4,5,6,7") == 0); if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) { @@ -570,8 +560,6 @@ static int DetectDceOpnumTestParse06(void) DetectDceOpnumRange *dor = NULL; SigMatch *temp = NULL; - memset(s, 0, sizeof(Signature)); - result = (DetectDceOpnumSetup(NULL, s, "1-2,3-4,5-6,7-8") == 0); if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) { @@ -618,8 +606,6 @@ static int DetectDceOpnumTestParse07(void) DetectDceOpnumRange *dor = NULL; SigMatch *temp = NULL; - memset(s, 0, sizeof(Signature)); - result = (DetectDceOpnumSetup(NULL, s, "1-2,3-4,5-6,7-8,9") == 0); if (s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL) { diff --git a/src/detect-dce-stub-data.c b/src/detect-dce-stub-data.c index b9674cacff..aa51dd8333 100644 --- a/src/detect-dce-stub-data.c +++ b/src/detect-dce-stub-data.c @@ -105,20 +105,16 @@ static int DetectDceStubDataSetup(DetectEngineCtx *de_ctx, Signature *s, char *a static int DetectDceStubDataTestParse01(void) { - Signature s; - int result = 0; - - memset(&s, 0, sizeof(Signature)); - - result = (DetectDceStubDataSetup(NULL, &s, NULL) == 0); - - if (s.sm_lists[DETECT_SM_LIST_AMATCH] == NULL) { - result = 1; - } else { - result = 0; - } - - return result; + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + de_ctx->flags = DE_QUIET; + Signature *s = DetectEngineAppendSig(de_ctx, + "alert tcp any any -> any any (dce_stub_data; content:\"1\"; sid:1;)"); + FAIL_IF_NULL(s); + FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_AMATCH]); + FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_DMATCH]); + DetectEngineCtxFree(de_ctx); + PASS; } /** diff --git a/src/detect-engine-dcepayload.c b/src/detect-engine-dcepayload.c index 874e30f346..aa323d71ed 100644 --- a/src/detect-engine-dcepayload.c +++ b/src/detect-engine-dcepayload.c @@ -9796,125 +9796,88 @@ end: static int DcePayloadParseTest44(void) { DetectEngineCtx *de_ctx = NULL; - int result = 1; Signature *s = NULL; SigMatch *sm = NULL; DetectContentData *data = NULL; DetectIsdataatData *isd = NULL; de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing bytejump_body\"; " - "content:\"one\"; " - "dce_iface:12345678-1234-1234-1234-123456789012; " - "dce_opnum:10; dce_stub_data; " - "isdataat:10,relative; " - "content:\"one\"; within:4; distance:8; " - "pkt_data; " - "content:\"two\"; " - "sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 0; - goto end; - } - - if (s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH] == NULL) { - result = 0; - goto end; - } - if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) { - result = 0; - goto end; - } + s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any (" + "content:\"one\"; " + "dce_iface:12345678-1234-1234-1234-123456789012; " + "dce_opnum:10; dce_stub_data; " + "isdataat:10,relative; " + "content:\"one\"; within:4; distance:8; " + "pkt_data; " + "content:\"two\"; " + "sid:1;)"); + FAIL_IF_NULL(s); + + FAIL_IF_NULL(s->init_data->smlists_tail[DETECT_SM_LIST_DMATCH]); + FAIL_IF_NULL(s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]); + + /* isdataat:10,relative; */ sm = s->init_data->smlists[DETECT_SM_LIST_DMATCH]; - if (sm->type != DETECT_ISDATAAT) { - result = 0; - goto end; - } + FAIL_IF(sm->type != DETECT_ISDATAAT); isd = (DetectIsdataatData *)sm->ctx; - if ( isd->flags & ISDATAAT_RAWBYTES || - !(isd->flags & ISDATAAT_RELATIVE)) { - result = 0; - goto end; - } + FAIL_IF(isd->flags & ISDATAAT_RAWBYTES); + FAIL_IF_NOT(isd->flags & ISDATAAT_RELATIVE); + FAIL_IF_NULL(sm->next); sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } - data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_RELATIVE_NEXT || - data->flags & DETECT_CONTENT_NEGATED ) { - result = 0; - printf("two failed\n"); - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - - result &= (sm->next == NULL); + /* content:\"one\"; within:4; distance:8; */ + FAIL_IF(sm->type != DETECT_CONTENT); + data = (DetectContentData *)sm->ctx; + FAIL_IF (data->flags & DETECT_CONTENT_RAWBYTES || + data->flags & DETECT_CONTENT_NOCASE || + !(data->flags & DETECT_CONTENT_WITHIN) || + !(data->flags & DETECT_CONTENT_DISTANCE) || + data->flags & DETECT_CONTENT_FAST_PATTERN || + data->flags & DETECT_CONTENT_RELATIVE_NEXT || + data->flags & DETECT_CONTENT_NEGATED ); + + FAIL_IF_NOT(strncmp((char *)data->content, "one", 3) == 0); + FAIL_IF_NOT(sm->next == NULL); + + /* first content:\"one\"; */ sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH]; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } + FAIL_IF(sm->type != DETECT_CONTENT); data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_RELATIVE_NEXT || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("three failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "one", 3) == 0); - if (result == 0) - goto end; - + FAIL_IF(data->flags & DETECT_CONTENT_RAWBYTES); + FAIL_IF(data->flags & DETECT_CONTENT_NOCASE); + FAIL_IF(data->flags & DETECT_CONTENT_WITHIN); + FAIL_IF(data->flags & DETECT_CONTENT_DISTANCE); + FAIL_IF(data->flags & DETECT_CONTENT_FAST_PATTERN); + FAIL_IF(data->flags & DETECT_CONTENT_RELATIVE_NEXT); + FAIL_IF(data->flags & DETECT_CONTENT_NEGATED ); + FAIL_IF_NOT(strncmp((char *)data->content, "one", 3) == 0); + + FAIL_IF_NULL(sm->next); sm = sm->next; - if (sm->type != DETECT_CONTENT) { - result = 0; - goto end; - } + + FAIL_IF(sm->type != DETECT_CONTENT); + data = (DetectContentData *)sm->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED ) { - printf("two failed\n"); - result = 0; - goto end; - } - result &= (strncmp((char *)data->content, "two", 3) == 0); - if (result == 0) - goto end; + FAIL_IF(data->flags & DETECT_CONTENT_RAWBYTES || + data->flags & DETECT_CONTENT_NOCASE || + data->flags & DETECT_CONTENT_WITHIN || + data->flags & DETECT_CONTENT_DISTANCE || + data->flags & DETECT_CONTENT_FAST_PATTERN || + data->flags & DETECT_CONTENT_NEGATED ); - result &= (sm->next == NULL); + FAIL_IF_NOT(strncmp((char *)data->content, "two", 3) == 0); + + FAIL_IF_NOT(sm->next == NULL); - end: SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); DetectEngineCtxFree(de_ctx); - return result; + PASS; } /**