aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix invalid unittests with mixed content modifiers

Browse Source 
Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers.
remotes/origin/master
Eileen Donlon 14 years ago committed by Victor Julien
parent 0bcbd23343
commit 9b2bd9280a
4 changed files with 13 additions and 124 deletions
Show Stats Download Patch File Download Diff File

32
src/detect-byte-extract.c
Unescape Escape View File

@ -3743,13 +3743,13 @@ int DetectByteExtractTest55(void)
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing bytejump_body\"; "
"(msg:\"Testing byte_extract\"; "
"content:\"one\"; "
"byte_extract:4,0,two,string,hex; "
"byte_extract:4,0,three,string,hex; "
"byte_extract:4,0,four,string,hex; "
"byte_extract:4,0,five,string,hex; "
"content: \"four\"; within:two; distance:three; offset:four; depth:five; "
"content: \"four\"; within:two; distance:three; "
"sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
@ -3830,17 +3830,11 @@ int DetectByteExtractTest55(void)
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
cd->flags != (DETECT_CONTENT_DISTANCE_BE |
DETECT_CONTENT_DEPTH_BE |
DETECT_CONTENT_OFFSET_BE |
DETECT_CONTENT_WITHIN_BE |
DETECT_CONTENT_DISTANCE |
DETECT_CONTENT_DEPTH |
DETECT_CONTENT_OFFSET |
DETECT_CONTENT_WITHIN) ||
cd->within != bed1->local_id ||
cd->distance != bed2->local_id ||
cd->offset != bed3->local_id ||
cd->depth != bed4->local_id) {
cd->distance != bed2->local_id) {
printf("four failed\n");
result = 0;
goto end;
@ -3885,7 +3879,7 @@ int DetectByteExtractTest56(void)
"byte_extract:4,0,three,string,hex; "
"byte_extract:4,0,four,string,hex; "
"byte_extract:4,0,five,string,hex; "
"content: \"four\"; within:two; distance:three; offset:four; depth:five; "
"content: \"four\"; within:two; distance:three; "
"sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
@ -3988,17 +3982,11 @@ int DetectByteExtractTest56(void)
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
cd->flags != (DETECT_CONTENT_DISTANCE_BE |
DETECT_CONTENT_DEPTH_BE |
DETECT_CONTENT_OFFSET_BE |
DETECT_CONTENT_WITHIN_BE |
DETECT_CONTENT_DISTANCE |
DETECT_CONTENT_DEPTH |
DETECT_CONTENT_OFFSET |
DETECT_CONTENT_WITHIN) ||
cd->within != bed1->local_id ||
cd->distance != bed2->local_id ||
cd->offset != bed3->local_id ||
cd->depth != bed4->local_id) {
cd->distance != bed2->local_id ) {
printf("four failed\n");
result = 0;
goto end;
@ -4043,7 +4031,7 @@ int DetectByteExtractTest57(void)
"byte_extract:4,0,three,string,hex,relative; "
"byte_extract:4,0,four,string,hex,relative; "
"byte_extract:4,0,five,string,hex,relative; "
"uricontent: \"four\"; within:two; distance:three; offset:four; depth:five; "
"uricontent: \"four\"; within:two; distance:three; "
"sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
@ -4159,17 +4147,11 @@ int DetectByteExtractTest57(void)
cd = (DetectContentData *)sm->ctx;
if (strncmp((char *)cd->content, "four", cd->content_len) != 0 ||
cd->flags != (DETECT_CONTENT_DISTANCE_BE |
DETECT_CONTENT_DEPTH_BE |
DETECT_CONTENT_OFFSET_BE |
DETECT_CONTENT_WITHIN_BE |
DETECT_CONTENT_DISTANCE |
DETECT_CONTENT_DEPTH |
DETECT_CONTENT_OFFSET |
DETECT_CONTENT_WITHIN) ||
cd->within != bed1->local_id ||
cd->distance != bed2->local_id ||
cd->offset != bed3->local_id ||
cd->depth != bed4->local_id) {
cd->distance != bed2->local_id) {
printf("four failed\n");
result = 0;
goto end;

94
src/detect-engine-dcepayload.c
Unescape Escape View File

@ -7272,99 +7272,6 @@ end:
return result;
}
/**
* \test Test the working of consecutive relative matches with offset.
*/
int DcePayloadTest24(void)
{
int result = 0;
uint8_t request1[] = {
0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00,
0x68, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
0x50, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1a, 0x00,
0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, /* " " */
0x20, 0x74, 0x68, 0x75, 0x73, 0x20, 0x74, 0x68, /* " thus th" */
0x75, 0x73, 0x20, 0x69, 0x73, 0x20, 0x61, 0x20, /* "us is a " */
0x62, 0x69, 0x67 }; /* "big" */
uint32_t request1_len = sizeof(request1);
TcpSession ssn;
Packet *p = NULL;
ThreadVars tv;
DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
Flow f;
int r;
char *sig1 = "alert tcp any any -> any any "
"(msg:\"testing dce consecutive relative matches\"; dce_stub_data; "
"content:\"thus\"; distance:0; offset:8; content:\"is\"; within:6; "
"content:\"big\"; within:8; sid:1;)";
Signature *s;
memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
memset(&ssn, 0, sizeof(TcpSession));
p = UTHBuildPacket(NULL, 0, IPPROTO_TCP);
p->flow = &f;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.flags |= FLOW_IPV4;
f.alproto = ALPROTO_DCERPC;
StreamTcpInitConfig(TRUE);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, sig1);
s = de_ctx->sig_list;
if (s == NULL)
goto end;
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);
/* request 1 */
r = AppLayerParse(NULL, &f, ALPROTO_DCERPC, STREAM_TOSERVER, request1, request1_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
result = 0;
goto end;
}
/* detection phase */
SigMatchSignatures(&tv, de_ctx, det_ctx, p);
if (!(PacketAlertCheck(p, 1))) {
printf("sid 1 didn't match but should have for packet: ");
goto end;
}
result = 1;
end:
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&tv, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
}
StreamTcpFreeConfig(TRUE);
UTHFreePackets(&p, 1);
return result;
}
/**
* \test Test content for dce sig.
*/
@ -10030,7 +9937,6 @@ void DcePayloadRegisterTests(void)
UtRegisterTest("DcePayloadTest21", DcePayloadTest21, 1);
UtRegisterTest("DcePayloadTest22", DcePayloadTest22, 1);
UtRegisterTest("DcePayloadTest23", DcePayloadTest23, 1);
UtRegisterTest("DcePayloadTest24", DcePayloadTest24, 1);
UtRegisterTest("DcePayloadParseTest25", DcePayloadParseTest25, 1);
UtRegisterTest("DcePayloadParseTest26", DcePayloadParseTest26, 1);

7
src/detect-http-client-body.c
Unescape Escape View File

@ -2124,7 +2124,7 @@ int DetectHttpClientBodyTest26(void)
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any "
"(content:\"one\"; offset:10; http_client_body; pcre:/two/; "
"content:\"three\"; distance:10; http_client_body; depth:10; "
"content:\"three\"; distance:10; http_client_body; within:10; "
"content:\"four\"; distance:10; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
@ -2150,8 +2150,9 @@ int DetectHttpClientBodyTest26(void)
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hcbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET) ||
memcmp(hcbd1->content, "one", hcbd1->content_len) != 0 ||
hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_DEPTH) ||
hcbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) ||
memcmp(hcbd2->content, "three", hcbd1->content_len) != 0) {
printf ("failed: http_client_body incorrect flags");
goto end;
}
@ -2180,7 +2181,7 @@ int DetectHttpClientBodyTest27(void)
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any "
"(content:\"one\"; offset:10; http_client_body; pcre:/two/; distance:10; "
"content:\"three\"; distance:10; http_client_body; depth:10; "
"content:\"three\"; distance:10; http_client_body; within:10; "
"content:\"four\"; distance:10; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");

4
src/detect-http-server-body.c
Unescape Escape View File

@ -2164,7 +2164,7 @@ int DetectHttpServerBodyTest26(void)
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any "
"(content:\"one\"; offset:10; http_server_body; pcre:/two/; "
"content:\"three\"; distance:10; http_server_body; depth:10; "
"content:\"three\"; distance:10; http_server_body; within:10; "
"content:\"four\"; distance:10; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
@ -2190,7 +2190,7 @@ int DetectHttpServerBodyTest26(void)
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET) ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_DEPTH) ||
hsbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) ||
memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) {
goto end;
}

Write Preview
Loading…
Cancel
Save