aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/parse: test sig parsing for more actions

Browse Source 
Our unittests were only covering sig parsing for alert actions. As in
environments without LibNet the reject action will not work, we must
ensure that our parser properly fails in such cases, instead of silently
accepting an unsupported action.

Added tests for the reject and drop action.

Task #5496
pull/7730/head
Juliana Fajardini 3 years ago committed by Victor Julien
parent 2c4d6b33ae
commit c81b78fd1c
1 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File

34
src/detect-parse.c
Unescape Escape View File

@ -4229,6 +4229,38 @@ static int SigParseBidirWithSameSrcAndDest02(void)
PASS;
}
static int SigParseTestActionReject(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
Signature *sig = DetectEngineAppendSig(
de_ctx, "reject tcp 1.2.3.4 any -> !1.2.3.4 any (msg:\"SigParseTest01\"; sid:1;)");
#ifdef HAVE_LIBNET11
FAIL_IF_NULL(sig);
FAIL_IF_NOT((sig->action & (ACTION_DROP | ACTION_REJECT)) == (ACTION_DROP | ACTION_REJECT));
#else
FAIL_IF_NOT_NULL(sig);
#endif
DetectEngineCtxFree(de_ctx);
PASS;
}
static int SigParseTestActionDrop(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
Signature *sig = DetectEngineAppendSig(
de_ctx, "drop tcp 1.2.3.4 any -> !1.2.3.4 any (msg:\"SigParseTest01\"; sid:1;)");
FAIL_IF_NULL(sig);
FAIL_IF_NOT(sig->action & ACTION_DROP);
DetectEngineCtxFree(de_ctx);
PASS;
}
#endif /* UNITTESTS */
#ifdef UNITTESTS
@ -4303,5 +4335,7 @@ void SigParseRegisterTests(void)
SigParseBidirWithSameSrcAndDest01);
UtRegisterTest("SigParseBidirWithSameSrcAndDest02",
SigParseBidirWithSameSrcAndDest02);
UtRegisterTest("SigParseTestActionReject", SigParseTestActionReject);
UtRegisterTest("SigParseTestActionDrop", SigParseTestActionDrop);
#endif /* UNITTESTS */
}

Write Preview
Loading…
Cancel
Save