From 0984528ddbe7417230d3558d0330f81cb6326629 Mon Sep 17 00:00:00 2001 From: Modupe Falodun Date: Tue, 25 Jan 2022 22:56:26 +0100 Subject: [PATCH] detect-http-request-line: remove unittests These tests are reimplemented as Suricata-Verify Task: 4911 --- src/detect-http-request-line.c | 166 +-------------------------------- 1 file changed, 1 insertion(+), 165 deletions(-) diff --git a/src/detect-http-request-line.c b/src/detect-http-request-line.c index 6626faee6b..106374dac8 100644 --- a/src/detect-http-request-line.c +++ b/src/detect-http-request-line.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2016 Open Information Security Foundation +/* Copyright (C) 2007-2022 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -166,173 +166,9 @@ static int DetectHttpRequestLineTest01(void) PASS; } - -/** - *\test Test that the http_request_line content matches against a http request - * which holds the content. - */ -static int DetectHttpRequestLineTest02(void) -{ - TcpSession ssn; - Packet *p = NULL; - ThreadVars th_v; - DetectEngineCtx *de_ctx = NULL; - DetectEngineThreadCtx *det_ctx = NULL; - HtpState *http_state = NULL; - Flow f; - uint8_t http_buf[] = - "GET /index.html HTTP/1.0\r\n" - "Host: www.openinfosecfoundation.org\r\n" - "User-Agent: This is dummy message body\r\n" - "Content-Type: text/html\r\n" - "\r\n"; - uint32_t http_len = sizeof(http_buf) - 1; - - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - FAIL_IF_NULL(alp_tctx); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - FAIL_IF_NULL(p); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.flags |= FLOW_IPV4; - - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - f.alproto = ALPROTO_HTTP1; - - StreamTcpInitConfig(true); - - de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any " - "(http_request_line; content:\"GET /index.html HTTP/1.0\"; " - "sid:1;)"); - FAIL_IF_NULL(de_ctx->sig_list); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse( - &th_v, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOSERVER, http_buf, http_len); - FAIL_IF(r != 0); - - http_state = f.alstate; - FAIL_IF_NULL(http_state); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF(!(PacketAlertCheck(p, 1))); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePackets(&p, 1); - PASS; -} - -static int DetectHttpRequestLineWrapper(const char *sig, const int expectation) -{ - TcpSession ssn; - Packet *p = NULL; - ThreadVars th_v; - DetectEngineCtx *de_ctx = NULL; - DetectEngineThreadCtx *det_ctx = NULL; - HtpState *http_state = NULL; - Flow f; - uint8_t http_buf[] = - "GET /index.html HTTP/1.0\r\n" - "Host: www.openinfosecfoundation.org\r\n" - "User-Agent: This is dummy message body\r\n" - "Content-Type: text/html\r\n" - "\r\n"; - uint32_t http_len = sizeof(http_buf) - 1; - - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - FAIL_IF_NULL(alp_tctx); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - FAIL_IF_NULL(p); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - f.flags |= FLOW_IPV4; - - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - f.alproto = ALPROTO_HTTP1; - - StreamTcpInitConfig(true); - - de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - de_ctx->sig_list = SigInit(de_ctx, sig); - FAIL_IF_NULL(de_ctx->sig_list); - int sid = de_ctx->sig_list->id; - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse( - &th_v, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOSERVER, http_buf, http_len); - FAIL_IF(r != 0); - - http_state = f.alstate; - FAIL_IF_NULL(http_state); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - r = PacketAlertCheck(p, sid); - FAIL_IF_NOT(r == expectation); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(true); - FLOW_DESTROY(&f); - UTHFreePackets(&p, 1); - PASS; -} - -static int DetectHttpRequestLineTest03(void) -{ - FAIL_IF_NOT(DetectHttpRequestLineWrapper("alert http any any -> any any (http_request_line; bsize:>10; sid:1;)", true)); - FAIL_IF_NOT(DetectHttpRequestLineWrapper("alert http any any -> any any (http_request_line; bsize:<100; sid:2;)", true)); - FAIL_IF_NOT(DetectHttpRequestLineWrapper("alert http any any -> any any (http_request_line; bsize:10<>100; sid:3;)", true)); - FAIL_IF_NOT(DetectHttpRequestLineWrapper("alert http any any -> any any (http_request_line; bsize:>100; sid:3;)", false)); - PASS; -} - static void DetectHttpRequestLineRegisterTests(void) { UtRegisterTest("DetectHttpRequestLineTest01", DetectHttpRequestLineTest01); - UtRegisterTest("DetectHttpRequestLineTest02", DetectHttpRequestLineTest02); - UtRegisterTest("DetectHttpRequestLineTest03", DetectHttpRequestLineTest03); } #endif /* UNITTESTS */ /**