aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/uricontent: remove obsolete tests

Browse Source
pull/8732/head
Victor Julien 2 years ago
parent 233f663053
commit 5c8ff17186
1 changed files with 2 additions and 540 deletions
Show Stats Download Patch File Download Diff File

542
src/detect-uricontent.c
Unescape Escape View File

@ -56,10 +56,7 @@
#include "conf.h"
/* prototypes */
static int DetectUricontentSetup (DetectEngineCtx *, Signature *, const char *);
#ifdef UNITTESTS
static void DetectUricontentRegisterTests(void);
#endif
static int DetectUricontentSetup(DetectEngineCtx *, Signature *, const char *);
static void DetectUricontentFree(DetectEngineCtx *de_ctx, void *);
static int g_http_uri_buffer_id = 0;
@ -74,10 +71,7 @@ void DetectUricontentRegister (void)
sigmatch_table[DETECT_URICONTENT].url = "/rules/http-keywords.html#uricontent";
sigmatch_table[DETECT_URICONTENT].Match = NULL;
sigmatch_table[DETECT_URICONTENT].Setup = DetectUricontentSetup;
sigmatch_table[DETECT_URICONTENT].Free = DetectUricontentFree;
#ifdef UNITTESTS
sigmatch_table[DETECT_URICONTENT].RegisterTests = DetectUricontentRegisterTests;
#endif
sigmatch_table[DETECT_URICONTENT].Free = DetectUricontentFree;
sigmatch_table[DETECT_URICONTENT].flags = (SIGMATCH_QUOTES_MANDATORY|SIGMATCH_HANDLE_NEGATION);
sigmatch_table[DETECT_URICONTENT].alternative = DETECT_HTTP_URI;
@ -149,535 +143,3 @@ int DetectUricontentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *con
error:
SCReturnInt(-1);
}
/*
* UNITTTESTS
*/
#ifdef UNITTESTS
#include "detect-isdataat.h"
#include "stream-tcp-reassemble.h"
/**
* \test Checks if a uricontent is registered in a Signature
*/
static int DetectUriSigTest01(void)
{
ThreadVars th_v;
Signature *s = NULL;
memset(&th_v, 0, sizeof(th_v));
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = DetectEngineAppendSig(de_ctx,"alert http any any -> any any (msg:"
"\" Test uricontent\"; content:\"me\"; uricontent:\"me\"; sid:1;)");
FAIL_IF_NULL(s);
BUG_ON(s->sm_lists[g_http_uri_buffer_id] == NULL);
FAIL_IF_NOT(de_ctx->sig_list->sm_lists[g_http_uri_buffer_id]->type == DETECT_CONTENT);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Check that modifiers of content apply only to content keywords
* and the same for uricontent modifiers
*/
static int DetectUriSigTest02(void)
{
Signature *s = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent\"; "
"uricontent:\"foo\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"content:\"foo\"; uricontent:\"bar\";"
" depth:10; offset: 5; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[g_http_uri_buffer_id]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[g_http_uri_buffer_id]->ctx)->offset = 5);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; within:3; sid:1;)");
FAIL_IF_NOT_NULL(s);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; distance:3; sid:1;)");
FAIL_IF_NOT_NULL(s);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; content:"
"\"two_contents\"; within:30; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->within = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; within:30; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->within = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; content:"
"\"two_contents\"; distance:30; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->distance = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; distance:30; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->distance = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; distance:30; "
"within:60; content:\"two_contents\";"
" within:70; distance:45; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->distance = 30);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->within = 60);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->distance = 45);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->within = 70);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Test content for dce sig.
*/
static int DetectUriSigTest03(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:238012;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Test content for dce sig.
*/
static int DetectUriSigTest04(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"; sid:238012;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Test content for dce sig.
*/
static int DetectUriSigTest05(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"boo; sid:238012;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Test content for dce sig.
*/
static int DetectUriSigTest06(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:boo\"; sid:238012;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriSigTest07(void)
{
DetectContentData *ud = 0;
Signature *s = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent: !\"boo\"; sid:238012;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists_tail[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists_tail[g_http_uri_buffer_id]->ctx);
ud = (DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx;
FAIL_IF_NOT(strncmp("boo", (char *)ud->content, ud->content_len) == 0);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest08(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest09(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest10(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"af|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest11(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|\"; sid:1;)");
FAIL_IF_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest12(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest13(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|af\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest14(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|af|\"; sid:1;)");
FAIL_IF_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest15(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|asdf\"; sid:1;)");
FAIL_IF_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest16(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest17(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s =
DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|af\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest18(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s =
DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|af|\"; sid:1;)");
FAIL_IF_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
* \test Parsing test
*/
static int DetectUriContentParseTest19(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectUricontentIsdataatParseTest(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any ("
"uricontent:\"one\"; "
"isdataat:!4,relative; sid:1;)");
FAIL_IF_NULL(s);
SigMatch *sm = s->init_data->smlists_tail[g_http_uri_buffer_id];
FAIL_IF_NULL(sm);
FAIL_IF_NOT(sm->type == DETECT_ISDATAAT);
DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx;
FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED);
FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
DetectEngineCtxFree(de_ctx);
PASS;
}
static void DetectUricontentRegisterTests(void)
{
UtRegisterTest("DetectUriSigTest01", DetectUriSigTest01);
UtRegisterTest("DetectUriSigTest02 - Modifiers", DetectUriSigTest02);
UtRegisterTest("DetectUriSigTest03", DetectUriSigTest03);
UtRegisterTest("DetectUriSigTest04", DetectUriSigTest04);
UtRegisterTest("DetectUriSigTest05", DetectUriSigTest05);
UtRegisterTest("DetectUriSigTest06", DetectUriSigTest06);
UtRegisterTest("DetectUriSigTest07", DetectUriSigTest07);
UtRegisterTest("DetectUriContentParseTest08", DetectUriContentParseTest08);
UtRegisterTest("DetectUriContentParseTest09", DetectUriContentParseTest09);
UtRegisterTest("DetectUriContentParseTest10", DetectUriContentParseTest10);
UtRegisterTest("DetectUriContentParseTest11", DetectUriContentParseTest11);
UtRegisterTest("DetectUriContentParseTest12", DetectUriContentParseTest12);
UtRegisterTest("DetectUriContentParseTest13", DetectUriContentParseTest13);
UtRegisterTest("DetectUriContentParseTest14", DetectUriContentParseTest14);
UtRegisterTest("DetectUriContentParseTest15", DetectUriContentParseTest15);
UtRegisterTest("DetectUriContentParseTest16", DetectUriContentParseTest16);
UtRegisterTest("DetectUriContentParseTest17", DetectUriContentParseTest17);
UtRegisterTest("DetectUriContentParseTest18", DetectUriContentParseTest18);
UtRegisterTest("DetectUriContentParseTest19", DetectUriContentParseTest19);
UtRegisterTest("DetectUricontentIsdataatParseTest",
DetectUricontentIsdataatParseTest);
}
#endif /* UNITTESTS */

Write Preview
Loading…
Cancel
Save