From 3c57ac144c279eb8cb5f7a23b9046ba6b09a19dc Mon Sep 17 00:00:00 2001 From: Mats Klepsland Date: Tue, 14 May 2019 15:46:40 +0200 Subject: [PATCH] detect-ssl-version: move unittests to tests/ --- src/detect-ssl-version.c | 252 +------------------------------- src/tests/detect-ssl-version.c | 258 +++++++++++++++++++++++++++++++++ 2 files changed, 265 insertions(+), 245 deletions(-) create mode 100644 src/tests/detect-ssl-version.c diff --git a/src/detect-ssl-version.c b/src/detect-ssl-version.c index 2d68b1ac79..ba205b817f 100644 --- a/src/detect-ssl-version.c +++ b/src/detect-ssl-version.c @@ -64,7 +64,9 @@ static int DetectSslVersionMatch(ThreadVars *, DetectEngineThreadCtx *, Flow *, uint8_t, void *, void *, const Signature *, const SigMatchCtx *); static int DetectSslVersionSetup(DetectEngineCtx *, Signature *, const char *); +#ifdef UNITTESTS static void DetectSslVersionRegisterTests(void); +#endif static void DetectSslVersionFree(void *); static int g_tls_generic_list_id = 0; @@ -77,8 +79,9 @@ void DetectSslVersionRegister(void) sigmatch_table[DETECT_AL_SSL_VERSION].AppLayerTxMatch = DetectSslVersionMatch; sigmatch_table[DETECT_AL_SSL_VERSION].Setup = DetectSslVersionSetup; sigmatch_table[DETECT_AL_SSL_VERSION].Free = DetectSslVersionFree; +#ifdef UNITTESTS sigmatch_table[DETECT_AL_SSL_VERSION].RegisterTests = DetectSslVersionRegisterTests; - +#endif DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study); g_tls_generic_list_id = DetectBufferTypeRegister("tls_generic"); @@ -346,247 +349,6 @@ void DetectSslVersionFree(void *ptr) SCFree(ptr); } -/**********************************Unittests***********************************/ - -#ifdef UNITTESTS /* UNITTESTS */ - -/** - * \test DetectSslVersionTestParse01 is a test to make sure that we parse the - * "ssl_version" option correctly when given valid ssl_version option - */ -static int DetectSslVersionTestParse01(void) -{ - DetectSslVersionData *ssl = NULL; - ssl = DetectSslVersionParse("SSlv3"); - FAIL_IF_NULL(ssl); - FAIL_IF_NOT(ssl->data[SSLv3].ver == SSL_VERSION_3); - DetectSslVersionFree(ssl); - PASS; -} - -/** - * \test DetectSslVersionTestParse02 is a test to make sure that we parse the - * "ssl_version" option correctly when given an invalid ssl_version option - * it should return ssl = NULL - */ -static int DetectSslVersionTestParse02(void) -{ - DetectSslVersionData *ssl = NULL; - ssl = DetectSslVersionParse("2.5"); - FAIL_IF_NOT_NULL(ssl); - DetectSslVersionFree(ssl); - PASS; -} - -/** - * \test DetectSslVersionTestParse03 is a test to make sure that we parse the - * "ssl_version" options correctly when given valid ssl_version options - */ -static int DetectSslVersionTestParse03(void) -{ - DetectSslVersionData *ssl = NULL; - ssl = DetectSslVersionParse("SSlv3,tls1.0, !tls1.2"); - FAIL_IF_NULL(ssl); - FAIL_IF_NOT(ssl->data[SSLv3].ver == SSL_VERSION_3); - FAIL_IF_NOT(ssl->data[TLS10].ver == TLS_VERSION_10); - FAIL_IF_NOT(ssl->data[TLS12].ver == TLS_VERSION_12); - FAIL_IF_NOT(ssl->data[TLS12].flags & DETECT_SSL_VERSION_NEGATED); - DetectSslVersionFree(ssl); - PASS; -} - -#include "stream-tcp-reassemble.h" - -/** \test Send a get request in three chunks + more data. */ -static int DetectSslVersionTestDetect01(void) -{ - Flow f; - uint8_t sslbuf1[] = { 0x16 }; - uint32_t ssllen1 = sizeof(sslbuf1); - uint8_t sslbuf2[] = { 0x03 }; - uint32_t ssllen2 = sizeof(sslbuf2); - uint8_t sslbuf3[] = { 0x01 }; - uint32_t ssllen3 = sizeof(sslbuf3); - uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 }; - uint32_t ssllen4 = sizeof(sslbuf4); - TcpSession ssn; - Packet *p = NULL; - Signature *s = NULL; - ThreadVars th_v; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(TRUE); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, sslbuf1, ssllen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf2, ssllen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf3, ssllen3); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf4, ssllen4); - FAIL_IF(r != 0); - - SSLState *app_state = f.alstate; - FAIL_IF_NULL(app_state); - - FAIL_IF(app_state->client_connp.content_type != 0x16); - - FAIL_IF(app_state->client_connp.version != TLS_VERSION_10); - - SCLogDebug("app_state is at %p, app_state->server_connp.version 0x%02X app_state->client_connp.version 0x%02X", - app_state, app_state->server_connp.version, app_state->client_connp.version); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - - StreamTcpFreeConfig(TRUE); - FLOW_DESTROY(&f); - - UTHFreePackets(&p, 1); - - PASS; -} - -static int DetectSslVersionTestDetect02(void) -{ - Flow f; - uint8_t sslbuf1[] = { 0x16 }; - uint32_t ssllen1 = sizeof(sslbuf1); - uint8_t sslbuf2[] = { 0x03 }; - uint32_t ssllen2 = sizeof(sslbuf2); - uint8_t sslbuf3[] = { 0x01 }; - uint32_t ssllen3 = sizeof(sslbuf3); - uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x02 }; - uint32_t ssllen4 = sizeof(sslbuf4); - TcpSession ssn; - Packet *p = NULL; - Signature *s = NULL; - ThreadVars th_v; - DetectEngineThreadCtx *det_ctx = NULL; - AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); - - memset(&th_v, 0, sizeof(th_v)); - memset(&f, 0, sizeof(f)); - memset(&ssn, 0, sizeof(ssn)); - - p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); - - FLOW_INITIALIZE(&f); - f.protoctx = (void *)&ssn; - f.proto = IPPROTO_TCP; - p->flow = &f; - p->flowflags |= FLOW_PKT_TOSERVER; - p->flowflags |= FLOW_PKT_ESTABLISHED; - p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; - f.alproto = ALPROTO_TLS; - - StreamTcpInitConfig(TRUE); - - DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - FAIL_IF_NULL(de_ctx); - - de_ctx->flags |= DE_QUIET; - - s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; sid:1;)"); - FAIL_IF_NULL(s); - - SigGroupBuild(de_ctx); - DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - - int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, - STREAM_TOSERVER, sslbuf1, ssllen1); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf2, ssllen2); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf3, ssllen3); - FAIL_IF(r != 0); - - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, - sslbuf4, ssllen4); - FAIL_IF(r != 0); - - SSLState *app_state = f.alstate; - FAIL_IF_NULL(app_state); - - FAIL_IF(app_state->client_connp.content_type != 0x16); - - FAIL_IF(app_state->client_connp.version != TLS_VERSION_10); - - /* do detect */ - SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - - FAIL_IF_NOT(PacketAlertCheck(p, 1)); - - AppLayerParserThreadCtxFree(alp_tctx); - DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); - DetectEngineCtxFree(de_ctx); - StreamTcpFreeConfig(TRUE); - FLOW_DESTROY(&f); - UTHFreePackets(&p, 1); - - PASS; -} - -#endif /* UNITTESTS */ - -/** - * \brief this function registers unit tests for DetectSslVersion - */ -static void DetectSslVersionRegisterTests(void) -{ -#ifdef UNITTESTS /* UNITTESTS */ - UtRegisterTest("DetectSslVersionTestParse01", DetectSslVersionTestParse01); - UtRegisterTest("DetectSslVersionTestParse02", DetectSslVersionTestParse02); - UtRegisterTest("DetectSslVersionTestParse03", DetectSslVersionTestParse03); - UtRegisterTest("DetectSslVersionTestDetect01", - DetectSslVersionTestDetect01); - UtRegisterTest("DetectSslVersionTestDetect02", - DetectSslVersionTestDetect02); -#endif /* UNITTESTS */ - - return; -} +#ifdef UNITTESTS +#include "tests/detect-ssl-version.c" +#endif diff --git a/src/tests/detect-ssl-version.c b/src/tests/detect-ssl-version.c new file mode 100644 index 0000000000..91c07cea78 --- /dev/null +++ b/src/tests/detect-ssl-version.c @@ -0,0 +1,258 @@ +/* Copyright (C) 2007-2019 Open Information Security Foundation + * + * You can copy, redistribute or modify this Program under the terms of + * the GNU General Public License version 2 as published by the Free + * Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * version 2 along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA + * 02110-1301, USA. + */ + +/** + * \file detect-ssl-version.c + * + * \author Gurvinder Singh + * + */ + +/** + * \test DetectSslVersionTestParse01 is a test to make sure that we parse the + * "ssl_version" option correctly when given valid ssl_version option + */ +static int DetectSslVersionTestParse01(void) +{ + DetectSslVersionData *ssl = NULL; + ssl = DetectSslVersionParse("SSlv3"); + FAIL_IF_NULL(ssl); + FAIL_IF_NOT(ssl->data[SSLv3].ver == SSL_VERSION_3); + DetectSslVersionFree(ssl); + PASS; +} + +/** + * \test DetectSslVersionTestParse02 is a test to make sure that we parse the + * "ssl_version" option correctly when given an invalid ssl_version option + * it should return ssl = NULL + */ +static int DetectSslVersionTestParse02(void) +{ + DetectSslVersionData *ssl = NULL; + ssl = DetectSslVersionParse("2.5"); + FAIL_IF_NOT_NULL(ssl); + DetectSslVersionFree(ssl); + PASS; +} + +/** + * \test DetectSslVersionTestParse03 is a test to make sure that we parse the + * "ssl_version" options correctly when given valid ssl_version options + */ +static int DetectSslVersionTestParse03(void) +{ + DetectSslVersionData *ssl = NULL; + ssl = DetectSslVersionParse("SSlv3,tls1.0, !tls1.2"); + FAIL_IF_NULL(ssl); + FAIL_IF_NOT(ssl->data[SSLv3].ver == SSL_VERSION_3); + FAIL_IF_NOT(ssl->data[TLS10].ver == TLS_VERSION_10); + FAIL_IF_NOT(ssl->data[TLS12].ver == TLS_VERSION_12); + FAIL_IF_NOT(ssl->data[TLS12].flags & DETECT_SSL_VERSION_NEGATED); + DetectSslVersionFree(ssl); + PASS; +} + +#include "stream-tcp-reassemble.h" + +/** \test Send a get request in three chunks + more data. */ +static int DetectSslVersionTestDetect01(void) +{ + Flow f; + uint8_t sslbuf1[] = { 0x16 }; + uint32_t ssllen1 = sizeof(sslbuf1); + uint8_t sslbuf2[] = { 0x03 }; + uint32_t ssllen2 = sizeof(sslbuf2); + uint8_t sslbuf3[] = { 0x01 }; + uint32_t ssllen3 = sizeof(sslbuf3); + uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x01 }; + uint32_t ssllen4 = sizeof(sslbuf4); + TcpSession ssn; + Packet *p = NULL; + Signature *s = NULL; + ThreadVars th_v; + DetectEngineThreadCtx *det_ctx = NULL; + AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); + + memset(&th_v, 0, sizeof(th_v)); + memset(&f, 0, sizeof(f)); + memset(&ssn, 0, sizeof(ssn)); + + p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); + + FLOW_INITIALIZE(&f); + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + p->flow = &f; + p->flowflags |= FLOW_PKT_TOSERVER; + p->flowflags |= FLOW_PKT_ESTABLISHED; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + f.alproto = ALPROTO_TLS; + + StreamTcpInitConfig(TRUE); + + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + + de_ctx->flags |= DE_QUIET; + + s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; sid:1;)"); + FAIL_IF_NULL(s); + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, + STREAM_TOSERVER, sslbuf1, ssllen1); + FAIL_IF(r != 0); + + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, + sslbuf2, ssllen2); + FAIL_IF(r != 0); + + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, + sslbuf3, ssllen3); + FAIL_IF(r != 0); + + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, + sslbuf4, ssllen4); + FAIL_IF(r != 0); + + SSLState *app_state = f.alstate; + FAIL_IF_NULL(app_state); + + FAIL_IF(app_state->client_connp.content_type != 0x16); + + FAIL_IF(app_state->client_connp.version != TLS_VERSION_10); + + SCLogDebug("app_state is at %p, app_state->server_connp.version 0x%02X app_state->client_connp.version 0x%02X", + app_state, app_state->server_connp.version, app_state->client_connp.version); + + /* do detect */ + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + + FAIL_IF_NOT(PacketAlertCheck(p, 1)); + + AppLayerParserThreadCtxFree(alp_tctx); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + DetectEngineCtxFree(de_ctx); + + StreamTcpFreeConfig(TRUE); + FLOW_DESTROY(&f); + + UTHFreePackets(&p, 1); + + PASS; +} + +static int DetectSslVersionTestDetect02(void) +{ + Flow f; + uint8_t sslbuf1[] = { 0x16 }; + uint32_t ssllen1 = sizeof(sslbuf1); + uint8_t sslbuf2[] = { 0x03 }; + uint32_t ssllen2 = sizeof(sslbuf2); + uint8_t sslbuf3[] = { 0x01 }; + uint32_t ssllen3 = sizeof(sslbuf3); + uint8_t sslbuf4[] = { 0x01, 0x00, 0x00, 0xad, 0x03, 0x02 }; + uint32_t ssllen4 = sizeof(sslbuf4); + TcpSession ssn; + Packet *p = NULL; + Signature *s = NULL; + ThreadVars th_v; + DetectEngineThreadCtx *det_ctx = NULL; + AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); + + memset(&th_v, 0, sizeof(th_v)); + memset(&f, 0, sizeof(f)); + memset(&ssn, 0, sizeof(ssn)); + + p = UTHBuildPacket(NULL, 0, IPPROTO_TCP); + + FLOW_INITIALIZE(&f); + f.protoctx = (void *)&ssn; + f.proto = IPPROTO_TCP; + p->flow = &f; + p->flowflags |= FLOW_PKT_TOSERVER; + p->flowflags |= FLOW_PKT_ESTABLISHED; + p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; + f.alproto = ALPROTO_TLS; + + StreamTcpInitConfig(TRUE); + + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + + de_ctx->flags |= DE_QUIET; + + s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; ssl_version:tls1.0; sid:1;)"); + FAIL_IF_NULL(s); + + SigGroupBuild(de_ctx); + DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); + + int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, + STREAM_TOSERVER, sslbuf1, ssllen1); + FAIL_IF(r != 0); + + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, + sslbuf2, ssllen2); + FAIL_IF(r != 0); + + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, + sslbuf3, ssllen3); + FAIL_IF(r != 0); + + r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, + sslbuf4, ssllen4); + FAIL_IF(r != 0); + + SSLState *app_state = f.alstate; + FAIL_IF_NULL(app_state); + + FAIL_IF(app_state->client_connp.content_type != 0x16); + + FAIL_IF(app_state->client_connp.version != TLS_VERSION_10); + + /* do detect */ + SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + + FAIL_IF_NOT(PacketAlertCheck(p, 1)); + + AppLayerParserThreadCtxFree(alp_tctx); + DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx); + DetectEngineCtxFree(de_ctx); + StreamTcpFreeConfig(TRUE); + FLOW_DESTROY(&f); + UTHFreePackets(&p, 1); + + PASS; +} + +/** + * \brief this function registers unit tests for DetectSslVersion + */ +static void DetectSslVersionRegisterTests(void) +{ + UtRegisterTest("DetectSslVersionTestParse01", DetectSslVersionTestParse01); + UtRegisterTest("DetectSslVersionTestParse02", DetectSslVersionTestParse02); + UtRegisterTest("DetectSslVersionTestParse03", DetectSslVersionTestParse03); + UtRegisterTest("DetectSslVersionTestDetect01", + DetectSslVersionTestDetect01); + UtRegisterTest("DetectSslVersionTestDetect02", + DetectSslVersionTestDetect02); +}