diff --git a/src/tests/detect-file-data.c b/src/tests/detect-file-data.c index 8dbcf73a9b..b00edc4c4b 100644 --- a/src/tests/detect-file-data.c +++ b/src/tests/detect-file-data.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2018 Open Information Security Foundation +/* Copyright (C) 2007-2021 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -55,11 +55,8 @@ static int DetectEngineSMTPFiledataTest01(void) TcpSession ssn; Packet *p; ThreadVars th_v; - DetectEngineCtx *de_ctx = NULL; DetectEngineThreadCtx *det_ctx = NULL; - SMTPState *smtp_state = NULL; Flow f; - int result = 0; AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); @@ -79,8 +76,7 @@ static int DetectEngineSMTPFiledataTest01(void) ((MimeDecEntity *)state->stack->top->data)->ctnt_flags = CTNT_IS_ATTACHMENT; state->body_begin = 1; - if (SMTPProcessDataChunk((uint8_t *)mimemsg, sizeof(mimemsg), state) != 0) - goto end; + FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg, sizeof(mimemsg), state) != 0); p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -90,92 +86,49 @@ static int DetectEngineSMTPFiledataTest01(void) StreamTcpInitConfig(TRUE); - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert smtp any any -> any any " - "(msg:\"file_data smtp test\"; " - "file_data; content:\"message\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - goto end; - } + Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any " + "(msg:\"file_data smtp test\"; " + "file_data; content:\"message\"; sid:1;)"); + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - FLOWLOCK_WRLOCK(&f); int r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP, - STREAM_TOSERVER | STREAM_START | STREAM_EOF, - mimemsg, - mimemsg_len); - if (r != 0) { - printf("AppLayerParse for smtp failed. Returned %d", r); - FLOWLOCK_UNLOCK(&f); - goto end; - } - FLOWLOCK_UNLOCK(&f); - - smtp_state = f.alstate; - if (smtp_state == NULL) { - printf("no smtp state: "); - goto end; - } + STREAM_TOSERVER | STREAM_START | STREAM_EOF, mimemsg, mimemsg_len); + FAIL_IF_NOT(r == 0); + FAIL_IF_NULL(f.alstate); /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, p); + FAIL_IF_NOT(PacketAlertCheck(p, 1)); - if (!(PacketAlertCheck(p, 1))) { - printf("sid 1 didn't match but should have\n"); - goto end; - } - - result = 1; - -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - if (de_ctx != NULL) - SigGroupCleanup(de_ctx); - if (de_ctx != NULL) - SigCleanSignatures(de_ctx); - + AppLayerParserThreadCtxFree(alp_tctx); + DetectEngineCtxFree(de_ctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); UTHFreePackets(&p, 1); - return result; + PASS; } static int DetectEngineSMTPFiledataTest02(void) { - Signature *s = NULL; - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NOT(de_ctx); de_ctx->flags |= DE_QUIET; - s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any " - "(msg:\"file_data smtp test\"; " - "file_data; content:\"message\"; sid:1;)"); - if (s == NULL) - goto end; - - if (s->flags & SIG_FLAG_TOSERVER) - result = 1; - else if (s->flags & SIG_FLAG_TOCLIENT) - printf("s->flags & SIG_FLAG_TOCLIENT"); + Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any " + "(msg:\"file_data smtp test\"; " + "file_data; content:\"message\"; sid:1;)"); + FAIL_IF_NULL(s); -end: - SigCleanSignatures(de_ctx); + FAIL_IF_NOT(s->flags & SIG_FLAG_TOSERVER); DetectEngineCtxFree(de_ctx); - return result; - + PASS; } static int DetectEngineSMTPFiledataTest03(void) @@ -187,11 +140,8 @@ static int DetectEngineSMTPFiledataTest03(void) TcpSession ssn; Packet *p; ThreadVars th_v; - DetectEngineCtx *de_ctx = NULL; DetectEngineThreadCtx *det_ctx = NULL; - SMTPState *smtp_state = NULL; Flow f; - int result = 1; AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); @@ -211,11 +161,8 @@ static int DetectEngineSMTPFiledataTest03(void) ((MimeDecEntity *)state->stack->top->data)->ctnt_flags = CTNT_IS_ATTACHMENT; state->body_begin = 1; - if (SMTPProcessDataChunk((uint8_t *)mimemsg1, sizeof(mimemsg1), state) != 0) - goto end; - - if (SMTPProcessDataChunk((uint8_t *)mimemsg2, sizeof(mimemsg2), state) != 0) - goto end; + FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg1, sizeof(mimemsg1), state) != 0); + FAIL_IF(SMTPProcessDataChunk((uint8_t *)mimemsg2, sizeof(mimemsg2), state) != 0); p->flow = &f; p->flowflags |= FLOW_PKT_TOSERVER; @@ -225,179 +172,82 @@ static int DetectEngineSMTPFiledataTest03(void) StreamTcpInitConfig(TRUE); - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, "alert smtp any any -> any any " - "(msg:\"file_data smtp test\"; " - "file_data; content:\"evil\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - goto end; - } + Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any " + "(msg:\"file_data smtp test\"; " + "file_data; content:\"evil\"; sid:1;)"); + FAIL_IF_NULL(s); SigGroupBuild(de_ctx); DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx); - FLOWLOCK_WRLOCK(&f); - int r = 0; - r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP, - STREAM_TOSERVER, mimemsg1, mimemsg1_len); - if (r != 0) { - printf("AppLayerParse for smtp failed. Returned %d", r); - FLOWLOCK_UNLOCK(&f); - goto end; - } + int r = AppLayerParserParse( + NULL, alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, mimemsg1, mimemsg1_len); + FAIL_IF_NOT(r == 0); r = AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_SMTP, STREAM_TOSERVER, mimemsg2, mimemsg2_len); - if (r != 0) { - printf("AppLayerParse for smtp failed. Returned %d", r); - FLOWLOCK_UNLOCK(&f); - goto end; - } - FLOWLOCK_UNLOCK(&f); - - smtp_state = f.alstate; - if (smtp_state == NULL) { - printf("no smtp state: "); - goto end; - } + FAIL_IF_NOT(r == 0); + FAIL_IF_NULL(f.alstate); /* do detect */ SigMatchSignatures(&th_v, de_ctx, det_ctx, p); - if (PacketAlertCheck(p, 1)) { - printf("sid 1 matched but shouldn't have\n"); - goto end; - } - - result = 0; - -end: - if (alp_tctx != NULL) - AppLayerParserThreadCtxFree(alp_tctx); - if (de_ctx != NULL) - SigGroupCleanup(de_ctx); - if (de_ctx != NULL) - SigCleanSignatures(de_ctx); + FAIL_IF(PacketAlertCheck(p, 1)); + AppLayerParserThreadCtxFree(alp_tctx); + DetectEngineCtxFree(de_ctx); StreamTcpFreeConfig(TRUE); FLOW_DESTROY(&f); UTHFreePackets(&p, 1); - return result == 0; + PASS; } static int DetectFiledataParseTest01(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert smtp any any -> any any " - "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("content is still in FILEDATA list: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { - printf("content not in FILEDATA list: "); - goto end; - } - - result = 1; -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); + Signature *s = + DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any " + "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); + FAIL_IF_NULL(s); + FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]); + FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]); DetectEngineCtxFree(de_ctx); - - return result; + PASS; } static int DetectFiledataParseTest02(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert tcp any any -> any any " - "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("content is still in PMATCH list: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { - printf("content not in FILEDATA list: "); - goto end; - } - - result = 1; -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); + Signature *s = + DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " + "(msg:\"test\"; file_data; content:\"abc\"; sid:1;)"); + FAIL_IF_NULL(s); + FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]); + FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]); DetectEngineCtxFree(de_ctx); - - return result; + PASS; } static int DetectFiledataParseTest03(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert tcp any any -> any 25 " - "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - printf("sig parse failed: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) { - printf("content is still in PMATCH list: "); - goto end; - } - - if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) { - printf("content not in FILEDATA list: "); - goto end; - } - - result = 1; -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); + Signature *s = DetectEngineAppendSig(de_ctx, + "alert tcp any any -> any 25 " + "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); + FAIL_IF_NULL(s); + FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]); + FAIL_IF_NULL(s->sm_lists[g_file_data_buffer_id]); DetectEngineCtxFree(de_ctx); - - return result; + PASS; } /** @@ -405,27 +255,15 @@ end: */ static int DetectFiledataParseTest04(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert smtp any any -> any any " - "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 1; - } - -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); + Signature *s = DetectEngineAppendSig(de_ctx, + "alert smtp any any -> any any " + "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)"); + FAIL_IF_NOT_NULL(s); DetectEngineCtxFree(de_ctx); - - return result; + PASS; } /** @@ -433,27 +271,15 @@ end: */ static int DetectFiledataParseTest05(void) { - DetectEngineCtx *de_ctx = NULL; - int result = 0; - - de_ctx = DetectEngineCtxInit(); - if (de_ctx == NULL) - goto end; - + DetectEngineCtx *de_ctx = DetectEngineCtxInit(); + FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; - de_ctx->sig_list = SigInit(de_ctx, - "alert http any any -> any any " - "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); - if (de_ctx->sig_list == NULL) { - result = 1; - } - -end: - SigGroupCleanup(de_ctx); - SigCleanSignatures(de_ctx); + Signature *s = DetectEngineAppendSig(de_ctx, + "alert http any any -> any any " + "(msg:\"test\"; flow:to_server,established; file_data; content:\"abc\"; sid:1;)"); + FAIL_IF_NOT_NULL(s); DetectEngineCtxFree(de_ctx); - - return result; + PASS; } static int DetectFiledataIsdataatParseTest1(void)