aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/isdataat: remove obsolete test; reduce sm_lists use

Browse Source
pull/8732/head
Victor Julien 2 years ago
parent 343a7fd900
commit 243c285fe9
1 changed files with 9 additions and 114 deletions
Show Stats Download Patch File Download Diff File

123
src/detect-isdataat.c
Unescape Escape View File

@ -421,113 +421,8 @@ static int DetectIsdataatTestParse04(void)
result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL); result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);
SigFree(NULL, s); SigFree(NULL, s);
FAIL_IF(result == 0);
return result; PASS;
}
/**
* \test Test isdataat option for dce sig.
*/
static int DetectIsdataatTestParse05(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
Signature *s = NULL;
DetectIsdataatData *data = NULL;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing bytejump_body\"; "
"dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
"dce_stub_data; "
"content:\"one\"; distance:0; "
"isdataat:4,relative; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
s = de_ctx->sig_list;
if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) {
result = 0;
goto end;
}
result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_ISDATAAT);
data = (DetectIsdataatData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx;
if ( !(data->flags & ISDATAAT_RELATIVE) ||
(data->flags & ISDATAAT_RAWBYTES) ) {
result = 0;
goto end;
}
s->next = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing bytejump_body\"; "
"dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
"dce_stub_data; "
"content:\"one\"; distance:0; "
"isdataat:4,relative; sid:1;)");
if (s->next == NULL) {
result = 0;
goto end;
}
s = s->next;
if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) {
result = 0;
goto end;
}
result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_ISDATAAT);
data = (DetectIsdataatData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx;
if ( !(data->flags & ISDATAAT_RELATIVE) ||
(data->flags & ISDATAAT_RAWBYTES) ) {
result = 0;
goto end;
}
s->next = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing bytejump_body\"; "
"dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; "
"dce_stub_data; "
"content:\"one\"; distance:0; "
"isdataat:4,relative,rawbytes; sid:1;)");
if (s->next == NULL) {
result = 0;
goto end;
}
s = s->next;
if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) {
result = 0;
goto end;
}
result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_ISDATAAT);
data = (DetectIsdataatData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx;
if ( !(data->flags & ISDATAAT_RELATIVE) ||
!(data->flags & ISDATAAT_RAWBYTES) ) {
result = 0;
goto end;
}
s->next = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing bytejump_body\"; "
"content:\"one\"; isdataat:4,relative,rawbytes; sid:1;)");
if (s->next == NULL) {
result = 0;
goto end;
}
s = s->next;
if (s->sm_lists_tail[g_dce_stub_data_buffer_id] != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
} }
static int DetectIsdataatTestParse06(void) static int DetectIsdataatTestParse06(void)
@ -542,10 +437,11 @@ static int DetectIsdataatTestParse06(void)
"isdataat:!4,relative; sid:1;)"); "isdataat:!4,relative; sid:1;)");
FAIL_IF(s == NULL); FAIL_IF(s == NULL);
FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL); FAIL_IF(s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL);
FAIL_IF_NOT(s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->type == DETECT_ISDATAAT); FAIL_IF_NOT(s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]->type == DETECT_ISDATAAT);
DetectIsdataatData *data = (DetectIsdataatData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx; DetectIsdataatData *data =
(DetectIsdataatData *)s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]->ctx;
FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
FAIL_IF(data->flags & ISDATAAT_RAWBYTES); FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
@ -557,10 +453,10 @@ static int DetectIsdataatTestParse06(void)
"isdataat: !4,relative; sid:2;)"); "isdataat: !4,relative; sid:2;)");
FAIL_IF(s == NULL); FAIL_IF(s == NULL);
FAIL_IF(s->sm_lists_tail[DETECT_SM_LIST_PMATCH] == NULL); FAIL_IF(s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL);
FAIL_IF_NOT(s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->type == DETECT_ISDATAAT); FAIL_IF_NOT(s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]->type == DETECT_ISDATAAT);
data = (DetectIsdataatData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx; data = (DetectIsdataatData *)s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]->ctx;
FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE); FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
FAIL_IF(data->flags & ISDATAAT_RAWBYTES); FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
@ -686,7 +582,6 @@ void DetectIsdataatRegisterTests(void)
UtRegisterTest("DetectIsdataatTestParse02", DetectIsdataatTestParse02); UtRegisterTest("DetectIsdataatTestParse02", DetectIsdataatTestParse02);
UtRegisterTest("DetectIsdataatTestParse03", DetectIsdataatTestParse03); UtRegisterTest("DetectIsdataatTestParse03", DetectIsdataatTestParse03);
UtRegisterTest("DetectIsdataatTestParse04", DetectIsdataatTestParse04); UtRegisterTest("DetectIsdataatTestParse04", DetectIsdataatTestParse04);
UtRegisterTest("DetectIsdataatTestParse05", DetectIsdataatTestParse05);
UtRegisterTest("DetectIsdataatTestParse06", DetectIsdataatTestParse06); UtRegisterTest("DetectIsdataatTestParse06", DetectIsdataatTestParse06);
UtRegisterTest("DetectIsdataatTestPacket01", DetectIsdataatTestPacket01); UtRegisterTest("DetectIsdataatTestPacket01", DetectIsdataatTestPacket01);

Write Preview
Loading…
Cancel
Save