From c81b78fd1c9a6e86d6be14b7567c5b8d8c89d6af Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Mon, 15 Aug 2022 15:57:58 -0300 Subject: [PATCH] detect/parse: test sig parsing for more actions Our unittests were only covering sig parsing for alert actions. As in environments without LibNet the reject action will not work, we must ensure that our parser properly fails in such cases, instead of silently accepting an unsupported action. Added tests for the reject and drop action. Task #5496 --- src/detect-parse.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/src/detect-parse.c b/src/detect-parse.c index 3fd1d9934c..5fbdab85bc 100644 --- a/src/detect-parse.c +++ b/src/detect-parse.c @@ -4229,6 +4229,38 @@ static int SigParseBidirWithSameSrcAndDest02(void) PASS; } +static int SigParseTestActionReject(void) +{ + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + + Signature *sig = DetectEngineAppendSig( + de_ctx, "reject tcp 1.2.3.4 any -> !1.2.3.4 any (msg:\"SigParseTest01\"; sid:1;)"); +#ifdef HAVE_LIBNET11 + FAIL_IF_NULL(sig); + FAIL_IF_NOT((sig->action & (ACTION_DROP | ACTION_REJECT)) == (ACTION_DROP | ACTION_REJECT)); +#else + FAIL_IF_NOT_NULL(sig); +#endif + + DetectEngineCtxFree(de_ctx); + PASS; +} + +static int SigParseTestActionDrop(void) +{ + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); + + Signature *sig = DetectEngineAppendSig( + de_ctx, "drop tcp 1.2.3.4 any -> !1.2.3.4 any (msg:\"SigParseTest01\"; sid:1;)"); + FAIL_IF_NULL(sig); + FAIL_IF_NOT(sig->action & ACTION_DROP); + + DetectEngineCtxFree(de_ctx); + PASS; +} + #endif /* UNITTESTS */ #ifdef UNITTESTS @@ -4303,5 +4335,7 @@ void SigParseRegisterTests(void) SigParseBidirWithSameSrcAndDest01); UtRegisterTest("SigParseBidirWithSameSrcAndDest02", SigParseBidirWithSameSrcAndDest02); + UtRegisterTest("SigParseTestActionReject", SigParseTestActionReject); + UtRegisterTest("SigParseTestActionDrop", SigParseTestActionDrop); #endif /* UNITTESTS */ }