aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/file_data: cleanup tests

Browse Source
pull/5752/head
Victor Julien 4 years ago
parent 116c089de0
commit 191461a028
1 changed files with 81 additions and 255 deletions
Show Stats Download Patch File Download Diff File

336
src/tests/detect-file-data.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2018 Open Information Security Foundation
/* Copyright (C) 2007-2021 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -55,11 +55,8 @@ static int DetectEngineSMTPFiledataTest01(void)
TcpSession ssn;
Packet *p;
ThreadVars th_v;
DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
SMTPState *smtp_state = NULL;
Flow f;
int result = 0;
AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
@ -79,8 +76,7 @@ static int DetectEngineSMTPFiledataTest01(void)
((MimeDecEntity *)state->stack->top->data)->ctnt_flags = CTNT_IS_ATTACHMENT;
state->body_begin = 1;
if (SMTPProcessDataChunk((uint8_t *)mimemsg, sizeof(mimemsg), state) != 0)
goto end;
FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg, sizeof(mimemsg), state) != 0);
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
@ -90,92 +86,49 @@ static int DetectEngineSMTPFiledataTest01(void)
StreamTcpInitConfig(TRUE);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert smtp any any -> any any "
"(msg:\"file_data smtp test\"; "
"file_data; content:\"message\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
goto end;
}
Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
"(msg:\"file_data smtp test\"; "
"file_data; content:\"message\"; sid:1;)");
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
FLOWLOCK_WRLOCK(&f);
int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP,
STREAM_TOSERVER | STREAM_START | STREAM_EOF,
mimemsg,
mimemsg_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %d", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FLOWLOCK_UNLOCK(&f);
smtp_state = f.alstate;
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
STREAM_TOSERVER | STREAM_START | STREAM_EOF, mimemsg, mimemsg_len);
FAIL_IF_NOT(r == 0);
FAIL_IF_NULL(f.alstate);
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
FAIL_IF_NOT(PacketAlertCheck(p, 1));
if (!(PacketAlertCheck(p, 1))) {
printf("sid 1 didn't match but should have\n");
goto end;
}
result = 1;
end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
SigCleanSignatures(de_ctx);
AppLayerParserThreadCtxFree(alp_tctx);
DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result;
PASS;
}
static int DetectEngineSMTPFiledataTest02(void)
{
Signature *s = NULL;
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NOT(de_ctx);
de_ctx->flags |= DE_QUIET;
s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
"(msg:\"file_data smtp test\"; "
"file_data; content:\"message\"; sid:1;)");
if (s == NULL)
goto end;
if (s->flags & SIG_FLAG_TOSERVER)
result = 1;
else if (s->flags & SIG_FLAG_TOCLIENT)
printf("s->flags & SIG_FLAG_TOCLIENT");
Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
"(msg:\"file_data smtp test\"; "
"file_data; content:\"message\"; sid:1;)");
FAIL_IF_NULL(s);
end:
SigCleanSignatures(de_ctx);
FAIL_IF_NOT(s->flags & SIG_FLAG_TOSERVER);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
static int DetectEngineSMTPFiledataTest03(void)
@ -187,11 +140,8 @@ static int DetectEngineSMTPFiledataTest03(void)
TcpSession ssn;
Packet *p;
ThreadVars th_v;
DetectEngineCtx *de_ctx = NULL;
DetectEngineThreadCtx *det_ctx = NULL;
SMTPState *smtp_state = NULL;
Flow f;
int result = 1;
AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();
@ -211,11 +161,8 @@ static int DetectEngineSMTPFiledataTest03(void)
((MimeDecEntity *)state->stack->top->data)->ctnt_flags = CTNT_IS_ATTACHMENT;
state->body_begin = 1;
if (SMTPProcessDataChunk((uint8_t *)mimemsg1, sizeof(mimemsg1), state) != 0)
goto end;
if (SMTPProcessDataChunk((uint8_t *)mimemsg2, sizeof(mimemsg2), state) != 0)
goto end;
FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg1, sizeof(mimemsg1), state) != 0);
FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg2, sizeof(mimemsg2), state) != 0);
p->flow = &f;
p->flowflags |= FLOW_PKT_TOSERVER;
@ -225,179 +172,82 @@ static int DetectEngineSMTPFiledataTest03(void)
StreamTcpInitConfig(TRUE);
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert smtp any any -> any any "
"(msg:\"file_data smtp test\"; "
"file_data; content:\"evil\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
goto end;
}
Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
"(msg:\"file_data smtp test\"; "
"file_data; content:\"evil\"; sid:1;)");
FAIL_IF_NULL(s);
SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
FLOWLOCK_WRLOCK(&f);
int r = 0;
r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP,
STREAM_TOSERVER, mimemsg1, mimemsg1_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %d", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
int r = AppLayerParserParse(
NULL, alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, mimemsg1, mimemsg1_len);
FAIL_IF_NOT(r == 0);
r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP,
STREAM_TOSERVER, mimemsg2, mimemsg2_len);
if (r != 0) {
printf("AppLayerParse for smtp failed. Returned %d", r);
FLOWLOCK_UNLOCK(&f);
goto end;
}
FLOWLOCK_UNLOCK(&f);
smtp_state = f.alstate;
if (smtp_state == NULL) {
printf("no smtp state: ");
goto end;
}
FAIL_IF_NOT(r == 0);
FAIL_IF_NULL(f.alstate);
/* do detect */
SigMatchSignatures(&th_v, de_ctx, det_ctx, p);
if (PacketAlertCheck(p, 1)) {
printf("sid 1 matched but shouldn't have\n");
goto end;
}
result = 0;
end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
SigCleanSignatures(de_ctx);
FAIL_IF(PacketAlertCheck(p, 1));
AppLayerParserThreadCtxFree(alp_tctx);
DetectEngineCtxFree(de_ctx);
StreamTcpFreeConfig(TRUE);
FLOW_DESTROY(&f);
UTHFreePackets(&p, 1);
return result == 0;
PASS;
}
static int DetectFiledataParseTest01(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert smtp any any -> any any "
"(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("sig parse failed: ");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("content is still in FILEDATA list: ");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
result = 1;
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s =
DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
"(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
static int DetectFiledataParseTest02(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any "
"(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("sig parse failed: ");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("content is still in PMATCH list: ");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
result = 1;
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s =
DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(msg:\"test\"; file_data; content:\"abc\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
static int DetectFiledataParseTest03(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any 25 "
"(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("sig parse failed: ");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("content is still in PMATCH list: ");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("content not in FILEDATA list: ");
goto end;
}
result = 1;
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any 25 "
"(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
/**
@ -405,27 +255,15 @@ end:
*/
static int DetectFiledataParseTest04(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert smtp any any -> any any "
"(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 1;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx,
"alert smtp any any -> any any "
"(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
/**
@ -433,27 +271,15 @@ end:
*/
static int DetectFiledataParseTest05(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert http any any -> any any "
"(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 1;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx,
"alert http any any -> any any "
"(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
static int DetectFiledataIsdataatParseTest1(void)

Write Preview
Loading…
Cancel
Save