diff --git a/src/tests/detect-bsize.c b/src/tests/detect-bsize.c index 6c317427a9..524d6d192e 100644 --- a/src/tests/detect-bsize.c +++ b/src/tests/detect-bsize.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2017 Open Information Security Foundation +/* Copyright (C) 2017-2020 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -96,32 +96,65 @@ static int DetectBsizeTest04(void) #undef TEST_OK #undef TEST_FAIL -#define TEST_OK(rule) \ -{ \ - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); \ - FAIL_IF_NULL(de_ctx); \ - Signature *s = DetectEngineAppendSig(de_ctx, (rule)); \ - FAIL_IF_NULL(s); \ - DetectEngineCtxFree(de_ctx); \ -} +#define TEST_OK(rule) \ + { \ + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); \ + FAIL_IF_NULL(de_ctx); \ + SCLogNotice("rule: %s", rule); \ + Signature *s = DetectEngineAppendSig(de_ctx, (rule)); \ + FAIL_IF_NULL(s); \ + DetectEngineCtxFree(de_ctx); \ + } -#define TEST_FAIL(rule) \ -{ \ - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); \ - FAIL_IF_NULL(de_ctx); \ - Signature *s = DetectEngineAppendSig(de_ctx, (rule)); \ - FAIL_IF_NOT_NULL(s); \ - DetectEngineCtxFree(de_ctx); \ -} +#define TEST_FAIL(rule) \ + { \ + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); \ + FAIL_IF_NULL(de_ctx); \ + SCLogNotice("rule: %s", rule); \ + Signature *s = DetectEngineAppendSig(de_ctx, (rule)); \ + FAIL_IF_NOT_NULL(s); \ + DetectEngineCtxFree(de_ctx); \ + } static int DetectBsizeSigTest01(void) { +#if 0 TEST_OK("alert http any any -> any any (http_request_line; bsize:10; sid:1;)"); TEST_OK("alert http any any -> any any (file_data; bsize:>1000; sid:2;)"); TEST_FAIL("alert tcp any any -> any any (content:\"abc\"; bsize:10; sid:3;)"); TEST_FAIL("alert http any any -> any any (content:\"GET\"; http_method; bsize:10; sid:4;)"); TEST_FAIL("alert http any any -> any any (http_request_line; content:\"GET\"; bsize:<10>; sid:5;)"); + + /* bsize validation with buffer */ + TEST_OK("alert http any any -> any any (http.uri; content:\"/index.php\"; bsize:>1024; " + "sid:6;)"); + TEST_OK("alert http any any -> any any (http.uri; content:\"abdcef\"; content: \"g\"; bsize:1; " + "sid:7;)"); + TEST_OK("alert http any any -> any any (http.uri; content:\"abdcef\"; content: \"g\"; bsize:4; " + "sid:8;)"); + TEST_OK("alert http any any -> any any (http.uri; content:\"abcdefgh123456\"; bsize:<20; " + " sid:9;)"); + TEST_OK("alert http any any -> any any (http.uri; content:\"abcdefgh123456\"; bsize:15<>25; " + "sid:10;)"); + TEST_FAIL("alert http any any -> any any (http.uri; content:\"abcdefgh123456\"; bsize:2; " + "sid:11;)"); + TEST_FAIL("alert http any any -> any any (http.uri; content:\"abcdefgh123456\"; bsize:<13; " + "sid:12;)"); + TEST_OK("alert http any any -> any any (http.uri; content:\"abcdefgh123456\"; bsize:10<>15; " + "sid:13;)"); + TEST_FAIL("alert http any any -> any any (http.uri; content:\"abcdefghi123456\"; offset:12; " + "bsize:3; sid:14;)"); + TEST_FAIL("alert http any any -> any any (http.uri; content:\"abc\"; offset:3; depth:3; " + "bsize:3; sid:15;)"); + TEST_FAIL("alert http any any -> any any (http.uri; content:\"abdcef\"; content: \"gh\"; " + "bsize:1; sid:16;)"); + TEST_FAIL("alert http any any -> any any (http.uri; content:\"abc\"; offset:3; bsize:3; " + "sid:17;)"); + +#endif + TEST_FAIL("alert http any any -> any any (http.uri; content:\"abc\"; offset:65535; bsize:3; " + "sid:18;)"); PASS; }