diff --git a/src/detect-content.c b/src/detect-content.c index f58533e8c6..8dfa544fbf 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -1453,34 +1453,26 @@ end: */ static int DetectContentParseTest18(void) { - Signature *s = SigAlloc(); - int result = 1; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) { - result = 0; - goto end; - } - - if (DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0) - goto end; - - result &= (DetectContentSetup(de_ctx, s, "one") == 0); - result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL); + FAIL_IF_NULL(de_ctx); + Signature *s = SigAlloc(); + FAIL_IF_NULL(s); + FAIL_IF(DetectSignatureSetAppProto(s, ALPROTO_DCERPC) < 0); + FAIL_IF_NOT(DetectContentSetup(de_ctx, s, "one") == 0); + FAIL_IF(DetectBufferIsPresent(s, g_dce_stub_data_buffer_id)); + FAIL_IF_NOT(s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL); SigFree(de_ctx, s); s = SigAlloc(); - if (s == NULL) - return 0; - - result &= (DetectContentSetup(de_ctx, s, "one") == 0); - result &= (s->sm_lists[g_dce_stub_data_buffer_id] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL); - - end: + FAIL_IF_NULL(s); + FAIL_IF_NOT(DetectContentSetup(de_ctx, s, "one") == 0); + FAIL_IF(DetectBufferIsPresent(s, g_dce_stub_data_buffer_id)); + FAIL_IF_NOT(s->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL); SigFree(de_ctx, s); - DetectEngineCtxFree(de_ctx); - return result; + DetectEngineCtxFree(de_ctx); + PASS; } /** @@ -1489,124 +1481,75 @@ static int DetectContentParseTest18(void) static int DetectContentParseTest19(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 1; - Signature *s = NULL; - DetectContentData *data = NULL; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing dce iface, stub_data with content\"; " - "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " - "dce_stub_data; " - "content:\"one\"; distance:0; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf ("failed dce iface, stub_data with content "); - result = 0; - goto end; - } - s = de_ctx->sig_list; - if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_CONTENT); - result &= (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL); - data = (DetectContentData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - data->flags & DETECT_CONTENT_WITHIN || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED || - result == 0) { - result = 0; - goto end; - } - s->next = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing dce iface, stub_data with contents & distance, within\"; " - "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " - "dce_stub_data; " - "content:\"one\"; distance:0; content:\"two\"; within:10; sid:1;)"); - if (s->next == NULL) { - printf("failed dce iface, stub_data with content & distance, within"); - result = 0; - goto end; - } - s = s->next; - if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_CONTENT); - result &= (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL); - data = (DetectContentData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - data->flags & DETECT_CONTENT_DISTANCE || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED || - result == 0) { - result = 0; - goto end; - } - result &= (data->within == 10); - s->next = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing dce iface, stub with contents, distance, within\"; " - "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " - "dce_stub_data; " - "content:\"one\"; distance:0; " - "content:\"two\"; within:10; distance:2; sid:1;)"); - if (s->next == NULL) { - result = 0; - goto end; - } - s = s->next; - if (s->sm_lists_tail[g_dce_stub_data_buffer_id] == NULL) { - result = 0; - goto end; - } - result &= (s->sm_lists_tail[g_dce_stub_data_buffer_id]->type == DETECT_CONTENT); - result &= (s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL); - data = (DetectContentData *)s->sm_lists_tail[g_dce_stub_data_buffer_id]->ctx; - if (data->flags & DETECT_CONTENT_RAWBYTES || - data->flags & DETECT_CONTENT_NOCASE || - !(data->flags & DETECT_CONTENT_WITHIN) || - !(data->flags & DETECT_CONTENT_DISTANCE) || - data->flags & DETECT_CONTENT_FAST_PATTERN || - data->flags & DETECT_CONTENT_NEGATED || - result == 0) { - result = 0; - goto end; - } - result &= (data->within == 10 && data->distance == 2); - s->next = SigInit(de_ctx, "alert tcp any any -> any any " - "(msg:\"Testing content\"; " - "content:\"one\"; sid:1;)"); - if (s->next == NULL) { - printf ("failed testing content"); - result = 0; - goto end; - } - s = s->next; - if (s->sm_lists_tail[g_dce_stub_data_buffer_id] != NULL) { - result = 0; - goto end; - } - result &= (s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL); + Signature *s = + DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " + "(msg:\"Testing dce iface, stub_data with content\"; " + "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " + "dce_stub_data; " + "content:\"one\"; distance:0; sid:1;)"); + FAIL_IF_NULL(s); + + SigMatch *sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id); + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + FAIL_IF_NOT(s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL); + + DetectContentData *data = (DetectContentData *)sm->ctx; + FAIL_IF_NOT(data->flags == DETECT_CONTENT_DISTANCE); + + s = DetectEngineAppendSig(de_ctx, + "alert tcp any any -> any any " + "(msg:\"Testing dce iface, stub_data with contents & distance, within\"; " + "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " + "dce_stub_data; " + "content:\"one\"; distance:0; content:\"two\"; within:10; sid:2;)"); + FAIL_IF_NULL(s); + sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id); + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + FAIL_IF_NULL(sm->next); + sm = sm->next; + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + FAIL_IF_NOT(s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL); + + data = (DetectContentData *)sm->ctx; + FAIL_IF_NOT(data->flags == DETECT_CONTENT_WITHIN); + FAIL_IF_NOT(data->within == 10); + + s = DetectEngineAppendSig(de_ctx, + "alert tcp any any -> any any " + "(msg:\"Testing dce iface, stub with contents, distance, within\"; " + "dce_iface:3919286a-b10c-11d0-9ba8-00c04fd92ef5; " + "dce_stub_data; " + "content:\"one\"; distance:0; " + "content:\"two\"; within:10; distance:2; sid:3;)"); + FAIL_IF_NULL(s); + sm = DetectBufferGetFirstSigMatch(s, g_dce_stub_data_buffer_id); + FAIL_IF_NULL(sm); + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + FAIL_IF_NULL(sm->next); + sm = sm->next; + FAIL_IF_NOT(sm->type == DETECT_CONTENT); + data = (DetectContentData *)sm->ctx; + FAIL_IF_NOT(data->flags == (DETECT_CONTENT_WITHIN | DETECT_CONTENT_DISTANCE)); + FAIL_IF_NOT(data->within == 10); + FAIL_IF_NOT(data->distance == 2); + FAIL_IF_NOT(s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL); + + s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " + "(msg:\"Testing content\"; " + "content:\"one\"; sid:4;)"); + FAIL_IF_NULL(s); + FAIL_IF(DetectBufferIsPresent(s, g_dce_stub_data_buffer_id)); + FAIL_IF(s->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL); - end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); DetectEngineCtxFree(de_ctx); - - return result; + PASS; } /**