|
|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
/* Copyright (C) 2007-2020 Open Information Security Foundation
|
|
|
|
|
/* Copyright (C) 2007-2021 Open Information Security Foundation
|
|
|
|
|
*
|
|
|
|
|
* You can copy, redistribute or modify this Program under the terms of
|
|
|
|
|
* the GNU General Public License version 2 as published by the Free
|
|
|
|
|
@ -379,15 +379,13 @@ static bool PrefilterICodeIsPrefilterable(const Signature *s)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest01(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
int result = 0;
|
|
|
|
|
icd = DetectICodeParse(NULL, "8");
|
|
|
|
|
if (icd != NULL) {
|
|
|
|
|
if (icd->code1 == 8 && icd->mode == DETECT_ICODE_EQ)
|
|
|
|
|
result = 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, "8");
|
|
|
|
|
FAIL_IF_NULL(icd);
|
|
|
|
|
FAIL_IF_NOT(icd->code1 == 8);
|
|
|
|
|
FAIL_IF_NOT(icd->mode == DETECT_ICODE_EQ);
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -396,15 +394,13 @@ static int DetectICodeParseTest01(void)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest02(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
int result = 0;
|
|
|
|
|
icd = DetectICodeParse(NULL, ">8");
|
|
|
|
|
if (icd != NULL) {
|
|
|
|
|
if (icd->code1 == 8 && icd->mode == DETECT_ICODE_GT)
|
|
|
|
|
result = 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, ">8");
|
|
|
|
|
FAIL_IF_NULL(icd);
|
|
|
|
|
FAIL_IF_NOT(icd->code1 == 8);
|
|
|
|
|
FAIL_IF_NOT(icd->mode == DETECT_ICODE_GT);
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -413,15 +409,13 @@ static int DetectICodeParseTest02(void)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest03(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
int result = 0;
|
|
|
|
|
icd = DetectICodeParse(NULL, "<8");
|
|
|
|
|
if (icd != NULL) {
|
|
|
|
|
if (icd->code1 == 8 && icd->mode == DETECT_ICODE_LT)
|
|
|
|
|
result = 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, "<8");
|
|
|
|
|
FAIL_IF_NULL(icd);
|
|
|
|
|
FAIL_IF_NOT(icd->code1 == 8);
|
|
|
|
|
FAIL_IF_NOT(icd->mode == DETECT_ICODE_LT);
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -430,15 +424,14 @@ static int DetectICodeParseTest03(void)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest04(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
int result = 0;
|
|
|
|
|
icd = DetectICodeParse(NULL, "8<>20");
|
|
|
|
|
if (icd != NULL) {
|
|
|
|
|
if (icd->code1 == 8 && icd->code2 == 20 && icd->mode == DETECT_ICODE_RN)
|
|
|
|
|
result = 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, "8<>20");
|
|
|
|
|
FAIL_IF_NULL(icd);
|
|
|
|
|
FAIL_IF_NOT(icd->code1 == 8);
|
|
|
|
|
FAIL_IF_NOT(icd->code2 == 20);
|
|
|
|
|
FAIL_IF_NOT(icd->mode == DETECT_ICODE_RN);
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -447,15 +440,13 @@ static int DetectICodeParseTest04(void)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest05(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
int result = 0;
|
|
|
|
|
icd = DetectICodeParse(NULL, " 8 ");
|
|
|
|
|
if (icd != NULL) {
|
|
|
|
|
if (icd->code1 == 8 && icd->mode == DETECT_ICODE_EQ)
|
|
|
|
|
result = 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, " 8 ");
|
|
|
|
|
FAIL_IF_NULL(icd);
|
|
|
|
|
FAIL_IF_NOT(icd->code1 == 8);
|
|
|
|
|
FAIL_IF_NOT(icd->mode == DETECT_ICODE_EQ);
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -464,15 +455,13 @@ static int DetectICodeParseTest05(void)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest06(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
int result = 0;
|
|
|
|
|
icd = DetectICodeParse(NULL, " > 8 ");
|
|
|
|
|
if (icd != NULL) {
|
|
|
|
|
if (icd->code1 == 8 && icd->mode == DETECT_ICODE_GT)
|
|
|
|
|
result = 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, " > 8 ");
|
|
|
|
|
FAIL_IF_NULL(icd);
|
|
|
|
|
FAIL_IF_NOT(icd->code1 == 8);
|
|
|
|
|
FAIL_IF_NOT(icd->mode == DETECT_ICODE_GT);
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -481,15 +470,14 @@ static int DetectICodeParseTest06(void)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest07(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
int result = 0;
|
|
|
|
|
icd = DetectICodeParse(NULL, " 8 <> 20 ");
|
|
|
|
|
if (icd != NULL) {
|
|
|
|
|
if (icd->code1 == 8 && icd->code2 == 20 && icd->mode == DETECT_ICODE_RN)
|
|
|
|
|
result = 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, " 8 <> 20 ");
|
|
|
|
|
FAIL_IF_NULL(icd);
|
|
|
|
|
FAIL_IF_NOT(icd->code1 == 8);
|
|
|
|
|
FAIL_IF_NOT(icd->code2 == 20);
|
|
|
|
|
FAIL_IF_NOT(icd->mode == DETECT_ICODE_RN);
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
}
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -497,12 +485,11 @@ static int DetectICodeParseTest07(void)
|
|
|
|
|
*/
|
|
|
|
|
static int DetectICodeParseTest08(void)
|
|
|
|
|
{
|
|
|
|
|
DetectICodeData *icd = NULL;
|
|
|
|
|
icd = DetectICodeParse(NULL, "> 8 <> 20");
|
|
|
|
|
if (icd == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
DetectICodeData *icd = DetectICodeParse(NULL, "> 8 <> 20");
|
|
|
|
|
FAIL_IF_NOT_NULL(icd);
|
|
|
|
|
|
|
|
|
|
DetectICodeFree(NULL, icd);
|
|
|
|
|
return 0;
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
@ -517,7 +504,6 @@ static int DetectICodeMatchTest01(void)
|
|
|
|
|
Signature *s = NULL;
|
|
|
|
|
ThreadVars th_v;
|
|
|
|
|
DetectEngineThreadCtx *det_ctx;
|
|
|
|
|
int result = 0;
|
|
|
|
|
|
|
|
|
|
memset(&th_v, 0, sizeof(th_v));
|
|
|
|
|
|
|
|
|
|
@ -526,70 +512,42 @@ static int DetectICodeMatchTest01(void)
|
|
|
|
|
p->icmpv4h->code = 10;
|
|
|
|
|
|
|
|
|
|
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
|
|
|
|
|
if (de_ctx == NULL) {
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
FAIL_IF_NULL(de_ctx);
|
|
|
|
|
|
|
|
|
|
de_ctx->flags |= DE_QUIET;
|
|
|
|
|
|
|
|
|
|
s = de_ctx->sig_list = SigInit(de_ctx,"alert icmp any any -> any any (icode:10; sid:1;)");
|
|
|
|
|
if (s == NULL) {
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any (icode:10; sid:1;)");
|
|
|
|
|
FAIL_IF_NULL(s);
|
|
|
|
|
|
|
|
|
|
s = s->next = SigInit(de_ctx,"alert icmp any any -> any any (icode:<15; sid:2;)");
|
|
|
|
|
if (s == NULL) {
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any (icode:<15; sid:2;)");
|
|
|
|
|
FAIL_IF_NULL(s);
|
|
|
|
|
|
|
|
|
|
s = s->next = SigInit(de_ctx,"alert icmp any any -> any any (icode:>20; sid:3;)");
|
|
|
|
|
if (s == NULL) {
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any (icode:>20; sid:3;)");
|
|
|
|
|
FAIL_IF_NULL(s);
|
|
|
|
|
|
|
|
|
|
s = s->next = SigInit(de_ctx,"alert icmp any any -> any any (icode:8<>20; sid:4;)");
|
|
|
|
|
if (s == NULL) {
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any (icode:8<>20; sid:4;)");
|
|
|
|
|
FAIL_IF_NULL(s);
|
|
|
|
|
|
|
|
|
|
s = s->next = SigInit(de_ctx,"alert icmp any any -> any any (icode:20<>8; sid:5;)");
|
|
|
|
|
if (s == NULL) {
|
|
|
|
|
goto end;
|
|
|
|
|
}
|
|
|
|
|
s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any (icode:20<>8; sid:5;)");
|
|
|
|
|
FAIL_IF_NULL(s);
|
|
|
|
|
|
|
|
|
|
SigGroupBuild(de_ctx);
|
|
|
|
|
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
|
|
|
|
|
|
|
|
|
|
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
|
|
|
|
|
if (PacketAlertCheck(p, 1) == 0) {
|
|
|
|
|
SCLogDebug("sid 1 did not alert, but should have");
|
|
|
|
|
goto cleanup;
|
|
|
|
|
} else if (PacketAlertCheck(p, 2) == 0) {
|
|
|
|
|
SCLogDebug("sid 2 did not alert, but should have");
|
|
|
|
|
goto cleanup;
|
|
|
|
|
} else if (PacketAlertCheck(p, 3)) {
|
|
|
|
|
SCLogDebug("sid 3 alerted, but should not have");
|
|
|
|
|
goto cleanup;
|
|
|
|
|
} else if (PacketAlertCheck(p, 4) == 0) {
|
|
|
|
|
SCLogDebug("sid 4 did not alert, but should have");
|
|
|
|
|
goto cleanup;
|
|
|
|
|
} else if (PacketAlertCheck(p, 5) == 0) {
|
|
|
|
|
SCLogDebug("sid 5 did not alert, but should have");
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = 1;
|
|
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
|
SigGroupCleanup(de_ctx);
|
|
|
|
|
SigCleanSignatures(de_ctx);
|
|
|
|
|
|
|
|
|
|
FAIL_IF(PacketAlertCheck(p, 1) == 0);
|
|
|
|
|
FAIL_IF(PacketAlertCheck(p, 2) == 0);
|
|
|
|
|
FAIL_IF(PacketAlertCheck(p, 3));
|
|
|
|
|
FAIL_IF(PacketAlertCheck(p, 4) == 0);
|
|
|
|
|
FAIL_IF(PacketAlertCheck(p, 5) == 0);
|
|
|
|
|
|
|
|
|
|
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
|
|
|
|
|
DetectEngineCtxFree(de_ctx);
|
|
|
|
|
|
|
|
|
|
UTHFreePackets(&p, 1);
|
|
|
|
|
end:
|
|
|
|
|
return result;
|
|
|
|
|
|
|
|
|
|
PASS;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
Modupe Falodun
4 years ago
committed by
Victor Julien