aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-tls-version: use new unit test macros

Browse Source
pull/2284/head
Mats Klepsland 9 years ago committed by Victor Julien
parent d9e2cde585
commit 1503ac97a6
1 changed files with 49 additions and 171 deletions
Show Stats Download Patch File Download Diff File

220
src/detect-tls-version.c
Unescape Escape View File

@ -265,12 +265,10 @@ int DetectTlsVersionTestParse01 (void)
{
DetectTlsVersionData *tls = NULL;
tls = DetectTlsVersionParse("1.0");
if (tls != NULL && tls->ver == TLS_VERSION_10) {
DetectTlsVersionFree(tls);
return 1;
}
return 0;
FAIL_IF_NULL(tls);
FAIL_IF_NOT(tls->ver == TLS_VERSION_10);
DetectTlsVersionFree(tls);
PASS;
}
/**
@ -282,12 +280,9 @@ int DetectTlsVersionTestParse02 (void)
{
DetectTlsVersionData *tls = NULL;
tls = DetectTlsVersionParse("2.5");
if (tls == NULL) {
DetectTlsVersionFree(tls);
return 1;
}
return 0;
FAIL_IF_NOT_NULL(tls);
DetectTlsVersionFree(tls);
PASS;
}
#include "stream-tcp-reassemble.h"
@ -295,7 +290,6 @@ int DetectTlsVersionTestParse02 (void)
/** \test Send a get request in three chunks + more data. */
static int DetectTlsVersionTestDetect01(void)
{
int result = 0;
Flow f;
uint8_t tlsbuf1[] = { 0x16 };
uint32_t tlslen1 = sizeof(tlsbuf1);
@ -330,67 +324,36 @@ static int DetectTlsVersionTestDetect01(void)
StreamTcpInitConfig(TRUE);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; tls.version:1.0; sid:1;)");
if (s == NULL) {
goto end;
}
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
FLOWLOCK_WRLOCK(&f);
int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
FLOWLOCK_UNLOCK(&f);
SSLState *ssl_state = f.alstate;
if (ssl_state == NULL) {
printf("no tls state: ");
goto end;
}
FAIL_IF_NULL(ssl_state);
if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
0x16, ssl_state->client_connp.content_type);
goto end;
}
FAIL_IF(ssl_state->client_connp.content_type != 0x16);
if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
TLS_VERSION_10, ssl_state->client_connp.version);
goto end;
}
FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10);
SCLogDebug("ssl_state is at %p, ssl_state->server_version 0x%02X "
"ssl_state->client_version 0x%02X",
@ -400,14 +363,9 @@ static int DetectTlsVersionTestDetect01(void)
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (!(PacketAlertCheck(p, 1))) {
goto end;
}
FAIL_IF_NOT(PacketAlertCheck(p, 1));
result = 1;
end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
AppLayerParserThreadCtxFree(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
@ -418,12 +376,12 @@ end:
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
PASS;
}
static int DetectTlsVersionTestDetect02(void)
{
int result = 0;
Flow f;
uint8_t tlsbuf1[] = { 0x16 };
uint32_t tlslen1 = sizeof(tlsbuf1);
@ -458,80 +416,43 @@ static int DetectTlsVersionTestDetect02(void)
StreamTcpInitConfig(TRUE);
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tls any any -> any any (msg:\"TLS\"; tls.version:1.0; sid:1;)");
if (s == NULL) {
goto end;
}
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
FLOWLOCK_WRLOCK(&f);
int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
FLOWLOCK_UNLOCK(&f);
SSLState *ssl_state = f.alstate;
if (ssl_state == NULL) {
printf("no tls state: ");
goto end;
}
FAIL_IF_NULL(ssl_state);
if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
0x16, ssl_state->client_connp.content_type);
goto end;
}
FAIL_IF(ssl_state->client_connp.content_type != 0x16);
if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
TLS_VERSION_10, ssl_state->client_connp.version);
goto end;
}
FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10);
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (!(PacketAlertCheck(p, 1))) {
printf("signature 1 didn't match while it should have: ");
goto end;
}
FAIL_IF_NOT(PacketAlertCheck(p, 1));
result = 1;
end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
AppLayerParserThreadCtxFree(alp_tctx);
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
@ -542,13 +463,13 @@ end:
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
PASS;
}
static int DetectTlsVersionTestDetect03(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
Flow f;
uint8_t tlsbuf1[] = { 0x16 };
uint32_t tlslen1 = sizeof(tlsbuf1);
@ -584,10 +505,7 @@ static int DetectTlsVersionTestDetect03(void)
StreamTcpInitConfig(TRUE);
StreamMsg *stream_msg = StreamMsgGetFromPool();
if (stream_msg == NULL) {
printf("no stream_msg: ");
goto end;
}
FAIL_IF_NULL(stream_msg);
memcpy(stream_msg->data, tlsbuf4, tlslen4);
stream_msg->data_len = tlslen4;
@ -596,91 +514,51 @@ static int DetectTlsVersionTestDetect03(void)
ssn.toserver_smsg_tail = stream_msg;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,"alert tcp any any -> any any (msg:\"TLS\"; tls.version:1.0; content:\"|01 00 00 AD|\"; sid:1;)");
if (s == NULL) {
goto end;
}
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
FLOWLOCK_WRLOCK(&f);
int r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf1, tlslen1);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf2, tlslen2);
if (r != 0) {
printf("toserver chunk 2 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf3, tlslen3);
if (r != 0) {
printf("toserver chunk 3 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
r = AppLayerParserParse(alp_tctx, &f, ALPROTO_TLS, STREAM_TOSERVER, tlsbuf4, tlslen4);
if (r != 0) {
printf("toserver chunk 4 returned %" PRId32 ", expected 0: ", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FAIL_IF(r != 0);
FLOWLOCK_UNLOCK(&f);
SSLState *ssl_state = f.alstate;
if (ssl_state == NULL) {
printf("no tls state: ");
goto end;
}
FAIL_IF_NULL(ssl_state);
if (ssl_state->client_connp.content_type != 0x16) {
printf("expected content_type %" PRIu8 ", got %" PRIu8 ": ",
0x16, ssl_state->client_connp.content_type);
goto end;
}
FAIL_IF(ssl_state->client_connp.content_type != 0x16);
if (ssl_state->client_connp.version != TLS_VERSION_10) {
printf("expected version %04" PRIu16 ", got %04" PRIu16 ": ",
TLS_VERSION_10, ssl_state->client_connp.version);
goto end;
}
FAIL_IF(ssl_state->client_connp.version != TLS_VERSION_10);
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (!(PacketAlertCheck(p, 1))) {
printf("signature 1 didn't match while it should have: ");
goto end;
}
FAIL_IF_NOT(PacketAlertCheck(p, 1));
result = 1;
end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
if (de_ctx != NULL) {
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
}
AppLayerParserThreadCtxFree(alp_tctx);
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
PASS;
}
#endif /* UNITTESTS */

Write Preview
Loading…
Cancel
Save