From: Victor Julien Date: Thu, 13 Dec 2018 13:01:40 +0000 (+0100) Subject: detect/file-data: move tests into tests/ X-Git-Tag: suricata-5.0.0-beta1~242 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=64987f36fb437a3c01b16ac48117f2eb024c547f;p=thirdparty%2Fsuricata.git detect/file-data: move tests into tests/ --- diff --git a/src/Makefile.am b/src/Makefile.am index 4e9557582f..a7d618dd65 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -130,7 +130,6 @@ detect-engine-modbus.c detect-engine-modbus.h \ detect-engine-enip.c detect-engine-enip.h \ detect-engine-event.c detect-engine-event.h \ detect-engine-file.c detect-engine-file.h \ -detect-engine-filedata.c detect-engine-filedata.h \ detect-engine-hsbd.c detect-engine-hsbd.h \ detect-engine-iponly.c detect-engine-iponly.h \ detect-engine-loader.c detect-engine-loader.h \ diff --git a/src/detect-engine-filedata.c b/src/detect-engine-filedata.c deleted file mode 100644 index e9e3bb0729..0000000000 --- a/src/detect-engine-filedata.c +++ /dev/null @@ -1,42 +0,0 @@ -/* Copyright (C) 2015-2016 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - - -/** \file - * - * \author Giuseppe Longo - * \author Victor Julien - * - */ - -#include "suricata-common.h" -#include "suricata.h" - -#include "detect.h" -#include "detect-engine.h" -#include "detect-engine-mpm.h" -#include "detect-engine-content-inspection.h" -#include "detect-engine-prefilter.h" -#include "detect-engine-filedata.h" -#include "detect-engine-hsbd.h" - -#include "app-layer-parser.h" - -#ifdef UNITTESTS -#include "tests/detect-engine-filedata.c" -#endif /* UNITTESTS */ - diff --git a/src/detect-engine-filedata.h b/src/detect-engine-filedata.h deleted file mode 100644 index 0f30d50ccb..0000000000 --- a/src/detect-engine-filedata.h +++ /dev/null @@ -1,28 +0,0 @@ -/* Copyright (C) 2015 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** \file - * - * \author Giuseppe Longo - */ - -#ifndef __DETECT_ENGINE_FILEDATA_H__ -#define __DETECT_ENGINE_FILEDATA_H__ - -void DetectEngineSMTPFiledataRegisterTests(void); - -#endif /* __DETECT_ENGINE_FILEDATA_H__ */ diff --git a/src/detect-engine-register.c b/src/detect-engine-register.c index 43f96f803a..0426a2a55a 100644 --- a/src/detect-engine-register.c +++ b/src/detect-engine-register.c @@ -55,7 +55,6 @@ #include "detect-tls-ja3-string.h" #include "detect-engine-state.h" #include "detect-engine-analyzer.h" -#include "detect-engine-filedata.h" #include "detect-http-cookie.h" #include "detect-http-method.h" diff --git a/src/detect-file-data.c b/src/detect-file-data.c index f2893eb7e4..f0d6699f72 100644 --- a/src/detect-file-data.c +++ b/src/detect-file-data.c @@ -35,7 +35,6 @@ #include "detect-engine-state.h" #include "detect-engine-prefilter.h" #include "detect-engine-content-inspection.h" -#include "detect-engine-filedata.h" #include "detect-engine-hsbd.h" #include "detect-file-data.h" @@ -54,7 +53,9 @@ #include "util-file-decompression.h" static int DetectFiledataSetup (DetectEngineCtx *, Signature *, const char *); +#ifdef UNITTESTS static void DetectFiledataRegisterTests(void); +#endif static void DetectFiledataSetupCallback(const DetectEngineCtx *de_ctx, Signature *s); static int g_file_data_buffer_id = 0; @@ -84,7 +85,9 @@ void DetectFiledataRegister(void) sigmatch_table[DETECT_FILE_DATA].desc = "make content keywords match on file data"; sigmatch_table[DETECT_FILE_DATA].url = DOC_URL DOC_VERSION "/rules/http-keywords.html#file-data"; sigmatch_table[DETECT_FILE_DATA].Setup = DetectFiledataSetup; +#ifdef UNITTESTS sigmatch_table[DETECT_FILE_DATA].RegisterTests = DetectFiledataRegisterTests; +#endif sigmatch_table[DETECT_FILE_DATA].flags = SIGMATCH_NOOPT; DetectAppLayerMpmRegister2("file_data", SIG_FLAG_TOSERVER, 2, @@ -529,242 +532,5 @@ int PrefilterMpmFiledataRegister(DetectEngineCtx *de_ctx, } #ifdef UNITTESTS -#include "detect-isdataat.h" - -static int DetectFiledataParseTest01(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert smtp any any -> any any " - "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("content is still in FILEDATA list: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { - printf("content not in FILEDATA list: "); - goto end; - } - - result = 1; -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -static int DetectFiledataParseTest02(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert tcp any any -> any any " - "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("content is still in PMATCH list: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { - printf("content not in FILEDATA list: "); - goto end; - } - - result = 1; -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -static int DetectFiledataParseTest03(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert tcp any any -> any 25 " - "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("content is still in PMATCH list: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { - printf("content not in FILEDATA list: "); - goto end; - } - - result = 1; -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test the file_data fails with flow:to_server. - */ -static int DetectFiledataParseTest04(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert smtp any any -> any any " - "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 1; - } - -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -/** - * \test Test the file_data fails with flow:to_server. - */ -static int DetectFiledataParseTest05(void) -{ - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - - de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert http any any -> any any " - "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 1; - } - -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); - DetectEngineCtxFree(de_ctx); - - return result; -} - -static int DetectFiledataIsdataatParseTest1(void) -{ - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, - "alert tcp any any -> any any (" - "file_data; content:\"one\"; " - "isdataat:!4,relative; sid:1;)"); - FAIL_IF_NULL(s); - - SigMatch *sm = s->init_data->smlists[g_file_data_buffer_id]; - FAIL_IF_NULL(sm); - FAIL_IF_NOT(sm->type == DETECT_CONTENT); - sm = sm->next; - FAIL_IF_NULL(sm); - FAIL_IF_NOT(sm->type == DETECT_ISDATAAT); - - DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx; - FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); - FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED); - FAIL_IF(data->flags & ISDATAAT_RAWBYTES); - - DetectEngineCtxFree(de_ctx); - PASS; -} - -static int DetectFiledataIsdataatParseTest2(void) -{ - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - de_ctx->flags |= DE_QUIET; - - Signature *s = DetectEngineAppendSig(de_ctx, - "alert tcp any any -> any any (" - "file_data; " - "isdataat:!4,relative; sid:1;)"); - FAIL_IF_NULL(s); - - SigMatch *sm = s->init_data->smlists_tail[g_file_data_buffer_id]; - FAIL_IF_NULL(sm); - FAIL_IF_NOT(sm->type == DETECT_ISDATAAT); - - DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx; - FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); - FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED); - FAIL_IF(data->flags & ISDATAAT_RAWBYTES); - - DetectEngineCtxFree(de_ctx); - PASS; -} - -#endif - -void DetectFiledataRegisterTests(void) -{ -#ifdef UNITTESTS - UtRegisterTest("DetectFiledataParseTest01", DetectFiledataParseTest01); - UtRegisterTest("DetectFiledataParseTest02", DetectFiledataParseTest02); - UtRegisterTest("DetectFiledataParseTest03", DetectFiledataParseTest03); - UtRegisterTest("DetectFiledataParseTest04", DetectFiledataParseTest04); - UtRegisterTest("DetectFiledataParseTest05", DetectFiledataParseTest05); - - UtRegisterTest("DetectFiledataIsdataatParseTest1", - DetectFiledataIsdataatParseTest1); - UtRegisterTest("DetectFiledataIsdataatParseTest2", - DetectFiledataIsdataatParseTest2); +#include "tests/detect-file-data.c" #endif -} diff --git a/src/detect.c b/src/detect.c index 79515ef9fc..6be8ca02d1 100644 --- a/src/detect.c +++ b/src/detect.c @@ -49,9 +49,6 @@ #include "detect-engine-state.h" #include "detect-engine-analyzer.h" -#include "detect-engine-filedata.h" - - #include "detect-engine-payload.h" #include "detect-engine-event.h" #include "detect-engine-hsbd.h" diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index 6ddae98720..3cdc6e5270 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -40,7 +40,6 @@ #include "detect-engine-state.h" #include "detect-engine-tag.h" #include "detect-engine-modbus.h" -#include "detect-engine-filedata.h" #include "detect-fast-pattern.h" #include "flow.h" #include "flow-timeout.h" @@ -192,7 +191,6 @@ static void RegisterUnittests(void) DetectEngineHttpServerBodyRegisterTests(); DetectEngineInspectModbusRegisterTests(); DetectEngineRegisterTests(); - DetectEngineSMTPFiledataRegisterTests(); SCLogRegisterTests(); MagicRegisterTests(); UtilMiscRegisterTests(); diff --git a/src/tests/detect-engine-filedata.c b/src/tests/detect-file-data.c similarity index 57% rename from src/tests/detect-engine-filedata.c rename to src/tests/detect-file-data.c index 800196317a..d1dabd67a6 100644 --- a/src/tests/detect-engine-filedata.c +++ b/src/tests/detect-file-data.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2015-2016 Open Information Security Foundation +/* Copyright (C) 2007-2018 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -15,19 +15,19 @@ * 02110-1301, USA. */ - -/** \file +/** + * \file * * \author Giuseppe Longo * \author Victor Julien * */ -#include "../suricata-common.h" -#include "../app-layer-smtp.h" +#ifdef UNITTESTS + #include "../stream-tcp.h" -#include "../util-unittest.h" -#include "../util-unittest-helper.h" +#include "../detect.h" +#include "../detect-isdataat.h" static int DetectEngineSMTPFiledataTest01(void) { @@ -289,7 +289,227 @@ end: return result == 0; } -void DetectEngineSMTPFiledataRegisterTests(void) +static int DetectFiledataParseTest01(void) +{ + DetectEngineCtx *de_ctx = NULL; + int result = 0; + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + de_ctx->sig_list = SigInit(de_ctx, + "alert smtp any any -> any any " + "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + printf("sig parse failed: "); + goto end; + } + + if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { + printf("content is still in FILEDATA list: "); + goto end; + } + + if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { + printf("content not in FILEDATA list: "); + goto end; + } + + result = 1; +end: + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + DetectEngineCtxFree(de_ctx); + + return result; +} + +static int DetectFiledataParseTest02(void) +{ + DetectEngineCtx *de_ctx = NULL; + int result = 0; + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + de_ctx->sig_list = SigInit(de_ctx, + "alert tcp any any -> any any " + "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + printf("sig parse failed: "); + goto end; + } + + if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { + printf("content is still in PMATCH list: "); + goto end; + } + + if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { + printf("content not in FILEDATA list: "); + goto end; + } + + result = 1; +end: + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + DetectEngineCtxFree(de_ctx); + + return result; +} + +static int DetectFiledataParseTest03(void) +{ + DetectEngineCtx *de_ctx = NULL; + int result = 0; + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + de_ctx->sig_list = SigInit(de_ctx, + "alert tcp any any -> any 25 " + "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + printf("sig parse failed: "); + goto end; + } + + if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { + printf("content is still in PMATCH list: "); + goto end; + } + + if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { + printf("content not in FILEDATA list: "); + goto end; + } + + result = 1; +end: + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + DetectEngineCtxFree(de_ctx); + + return result; +} + +/** + * \test Test the file_data fails with flow:to_server. + */ +static int DetectFiledataParseTest04(void) +{ + DetectEngineCtx *de_ctx = NULL; + int result = 0; + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + de_ctx->sig_list = SigInit(de_ctx, + "alert smtp any any -> any any " + "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + result = 1; + } + +end: + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + DetectEngineCtxFree(de_ctx); + + return result; +} + +/** + * \test Test the file_data fails with flow:to_server. + */ +static int DetectFiledataParseTest05(void) +{ + DetectEngineCtx *de_ctx = NULL; + int result = 0; + + de_ctx = DetectEngineCtxInit(); + if (de_ctx == NULL) + goto end; + + de_ctx->flags |= DE_QUIET; + de_ctx->sig_list = SigInit(de_ctx, + "alert http any any -> any any " + "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); + if (de_ctx->sig_list == NULL) { + result = 1; + } + +end: + SigGroupCleanup(de_ctx); + SigCleanSignatures(de_ctx); + DetectEngineCtxFree(de_ctx); + + return result; +} + +static int DetectFiledataIsdataatParseTest1(void) +{ + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + de_ctx->flags |= DE_QUIET; + + Signature *s = DetectEngineAppendSig(de_ctx, + "alert tcp any any -> any any (" + "file_data; content:\"one\"; " + "isdataat:!4,relative; sid:1;)"); + FAIL_IF_NULL(s); + + SigMatch *sm = s->init_data->smlists[g_file_data_buffer_id]; + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + sm = sm->next; + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_ISDATAAT); + + DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx; + FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); + FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED); + FAIL_IF(data->flags & ISDATAAT_RAWBYTES); + + DetectEngineCtxFree(de_ctx); + PASS; +} + +static int DetectFiledataIsdataatParseTest2(void) +{ + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + de_ctx->flags |= DE_QUIET; + + Signature *s = DetectEngineAppendSig(de_ctx, + "alert tcp any any -> any any (" + "file_data; " + "isdataat:!4,relative; sid:1;)"); + FAIL_IF_NULL(s); + + SigMatch *sm = s->init_data->smlists_tail[g_file_data_buffer_id]; + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_ISDATAAT); + + DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx; + FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); + FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED); + FAIL_IF(data->flags & ISDATAAT_RAWBYTES); + + DetectEngineCtxFree(de_ctx); + PASS; +} + +void DetectFiledataRegisterTests(void) { UtRegisterTest("DetectEngineSMTPFiledataTest01", DetectEngineSMTPFiledataTest01); @@ -297,4 +517,17 @@ void DetectEngineSMTPFiledataRegisterTests(void) DetectEngineSMTPFiledataTest02); UtRegisterTest("DetectEngineSMTPFiledataTest03", DetectEngineSMTPFiledataTest03); + + UtRegisterTest("DetectFiledataParseTest01", DetectFiledataParseTest01); + UtRegisterTest("DetectFiledataParseTest02", DetectFiledataParseTest02); + UtRegisterTest("DetectFiledataParseTest03", DetectFiledataParseTest03); + UtRegisterTest("DetectFiledataParseTest04", DetectFiledataParseTest04); + UtRegisterTest("DetectFiledataParseTest05", DetectFiledataParseTest05); + + UtRegisterTest("DetectFiledataIsdataatParseTest1", + DetectFiledataIsdataatParseTest1); + UtRegisterTest("DetectFiledataIsdataatParseTest2", + DetectFiledataIsdataatParseTest2); } + +#endif