From 31e9cb55bec67816a655f12c0997b9d8eea9af6f Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 16 Oct 2025 11:54:03 +0200 Subject: [PATCH] detect: tcp.flags unit tests improvements Tests better the ignored flags functionality. This functionality is only used at detection for default mode, it is not used for any, plus or not mode. So, have unit tests about igored flags with default mode with both matching and non matching cases --- rust/Cargo.lock.in | 104 ++++++++++++++++++++--------------------- src/detect-tcp-flags.c | 26 +++++------ 2 files changed, 65 insertions(+), 65 deletions(-) diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in index e6e8c9a06d..a6ef1793d9 100644 --- a/rust/Cargo.lock.in +++ b/rust/Cargo.lock.in @@ -75,9 +75,9 @@ checksum = "683d7910e743518b0e34f1186f92494becacb047c7b6bf616c96772180fef923" [[package]] name = "anstyle" -version = "1.0.13" +version = "1.0.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5192cca8006f1fd4f7237516f40fa183bb07f8fbdfedaa0036de5ea9b0b45e78" +checksum = "862ed96ca487e809f1c8e5a8447f6ee2cf102f846893800b20cebdf541fc6bbd" [[package]] name = "asn1-rs" @@ -107,7 +107,7 @@ dependencies = [ "nom", "num-traits 0.2.19", "rusticata-macros", - "thiserror 2.0.17", + "thiserror 2.0.16", ] [[package]] @@ -233,9 +233,9 @@ checksum = "14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610" [[package]] name = "cc" -version = "1.2.41" +version = "1.2.39" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac9fe6cdbb24b6ade63616c0a0688e45bb56732262c158df3c0c4bea4ca47cb7" +checksum = "e1354349954c6fc9cb0deab020f27f783cf0b604e8bb754dc4658ecf0d29c35f" dependencies = [ "find-msvc-tools", "shlex", @@ -249,9 +249,9 @@ checksum = "d98eabef08bbdf5afd0b9c0cabb1ac335f7c70447ef095eed85dffd9628b20bc" [[package]] name = "cfg-if" -version = "1.0.4" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" +checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" [[package]] name = "cfg_aliases" @@ -271,9 +271,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.49" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f4512b90fa68d3a9932cea5184017c5d200f5921df706d45e853537dea51508f" +checksum = "e2134bb3ea021b78629caa971416385309e0131b351b25e01dc16fb54e1b5fae" dependencies = [ "clap_builder", "clap_derive", @@ -281,9 +281,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.49" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0025e98baa12e766c67ba13ff4695a887a1eba19569aad00a472546795bd6730" +checksum = "c2ba64afa3c0a6df7fa517765e31314e983f51dda798ffba27b988194fb65dc9" dependencies = [ "anstyle", "clap_lex", @@ -291,9 +291,9 @@ dependencies = [ [[package]] name = "clap_derive" -version = "4.5.49" +version = "4.5.47" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2a0b5487afeab2deb2ff4e03a807ad1a03ac532ff5a2cee5d86884440c7f7671" +checksum = "bbfd7eae0b0f1a6e63d4b13c9c478de77c2eb546fba158ad50b4203dc24b9f9c" dependencies = [ "heck", "proc-macro2", @@ -303,9 +303,9 @@ dependencies = [ [[package]] name = "clap_lex" -version = "0.7.6" +version = "0.7.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1d728cc89cf3aee9ff92b05e62b19ee65a02b5702cff7d5a377e32c6ae29d8d" +checksum = "b94f61472cee1439c0b966b47e3aca9ae07e45d070759512cd390ea2bebc6675" [[package]] name = "clipboard-win" @@ -442,7 +442,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb" dependencies = [ "libc", - "windows-sys 0.61.2", + "windows-sys 0.61.1", ] [[package]] @@ -485,9 +485,9 @@ dependencies = [ [[package]] name = "find-msvc-tools" -version = "0.1.4" +version = "0.1.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "52051878f80a721bb68ebfbc930e07b65ba72f2da88968ea5c06fd6ca3d3a127" +checksum = "1ced73b1dacfc750a6db6c0a0c3a3853c8b41997e2e2c563dc90804ae6867959" [[package]] name = "flate2" @@ -609,9 +609,9 @@ dependencies = [ [[package]] name = "generic-array" -version = "0.14.9" +version = "0.14.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4bb6743198531e02858aeaea5398fcc883e71851fcbcb5a2f773e2fb6cb1edf2" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" dependencies = [ "typenum", "version_check", @@ -754,14 +754,14 @@ checksum = "db3356a3bd19e90fdc8b29f32c48e21b1bb1c5d129c1df7000ce3071c6f9e6b1" dependencies = [ "asn1-rs 0.7.1", "rusticata-macros", - "thiserror 2.0.17", + "thiserror 2.0.16", ] [[package]] name = "libc" -version = "0.2.177" +version = "0.2.176" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2874a2af47a2325c2001a6e6fad9b16a53b802102b528163885171cf92b15976" +checksum = "58f929b4d672ea937a23a1ab494143d968337a5f47e56d0815df1e0890ddf174" [[package]] name = "libz-sys" @@ -902,11 +902,11 @@ dependencies = [ [[package]] name = "nu-ansi-term" -version = "0.50.3" +version = "0.50.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7957b9740744892f114936ab4a57b3f487491bbeafaf8083688b16841a4240e5" +checksum = "d4a28e057d01f97e61255210fcff094d74ed0466038633e95017f5beb68e4399" dependencies = [ - "windows-sys 0.61.2", + "windows-sys 0.52.0", ] [[package]] @@ -1167,9 +1167,9 @@ dependencies = [ [[package]] name = "psl" -version = "2.1.150" +version = "2.1.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1c569a9577fe28cc82ac9969ec31778511f1912b3468fe236c24393bebf8a571" +checksum = "f9bc7bed4cdf5168c58514ad64f37615f6683882209e2b6ba345cda0c6b8d949" dependencies = [ "psl-types", ] @@ -1182,9 +1182,9 @@ checksum = "33cb294fe86a74cbcf50d4445b37da762029549ebeea341421c7c70370f86cac" [[package]] name = "quote" -version = "1.0.41" +version = "1.0.40" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" dependencies = [ "proc-macro2", ] @@ -1242,9 +1242,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.13" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5276caf25ac86c8d810222b3dbb938e512c55c6831a10f3e6ed1c93b84041f1c" +checksum = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad" [[package]] name = "regex-syntax" @@ -1306,7 +1306,7 @@ dependencies = [ "errno", "libc", "linux-raw-sys", - "windows-sys 0.61.2", + "windows-sys 0.61.1", ] [[package]] @@ -1415,9 +1415,9 @@ checksum = "d767eb0aabc880b29956c35734170f26ed551a859dbd361d140cdbeca61ab1e2" [[package]] name = "serde" -version = "1.0.228" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +checksum = "80ece43fc6fbed4eb5392ab50c07334d3e577cbf40997ee896fe7af40bba4245" dependencies = [ "serde_core", "serde_derive", @@ -1425,18 +1425,18 @@ dependencies = [ [[package]] name = "serde_core" -version = "1.0.228" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +checksum = "7a576275b607a2c86ea29e410193df32bc680303c82f31e275bbfcafe8b33be5" dependencies = [ "serde_derive", ] [[package]] name = "serde_derive" -version = "1.0.228" +version = "1.0.227" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +checksum = "51e694923b8824cf0e9b382adf0f60d4e05f348f357b38833a3fa5ed7c2ede04" dependencies = [ "proc-macro2", "quote", @@ -1526,9 +1526,9 @@ dependencies = [ [[package]] name = "subtle" -version = "2.6.1" +version = "2.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" +checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "suricata" @@ -1736,11 +1736,11 @@ dependencies = [ [[package]] name = "thiserror" -version = "2.0.17" +version = "2.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f63587ca0f12b72a0600bcba1d40081f830876000bb46dd2337a3051618f4fc8" +checksum = "3467d614147380f2e4e374161426ff399c91084acd2363eaf549172b3d5e60c0" dependencies = [ - "thiserror-impl 2.0.17", + "thiserror-impl 2.0.16", ] [[package]] @@ -1756,9 +1756,9 @@ dependencies = [ [[package]] name = "thiserror-impl" -version = "2.0.17" +version = "2.0.16" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3ff15c8ecd7de3849db632e14d18d2571fa09dfc5ed93479bc4485c7a517c913" +checksum = "6c5e1be1c48b9172ee610da68fd9cd2770e7a4056cb3fc98710ee6906f0c7960" dependencies = [ "proc-macro2", "quote", @@ -1887,9 +1887,9 @@ dependencies = [ [[package]] name = "typenum" -version = "1.19.0" +version = "1.18.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "562d481066bde0658276a35467c4af00bdc6ee726305698a55b86e61d7ad82bb" +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" [[package]] name = "unicode-ident" @@ -1969,9 +1969,9 @@ checksum = "c168940144dd21fd8046987c16a46a33d5fc84eec29ef9dcddc2ac9e31526b7c" [[package]] name = "windows-link" -version = "0.2.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5" +checksum = "45e46c0661abb7180e7b9c281db115305d49ca1709ab8242adf09666d2173c65" [[package]] name = "windows-sys" @@ -1993,9 +1993,9 @@ dependencies = [ [[package]] name = "windows-sys" -version = "0.61.2" +version = "0.61.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc" +checksum = "6f109e41dd4a3c848907eb83d5a42ea98b3769495597450cf6d153507b166f0f" dependencies = [ "windows-link", ] diff --git a/src/detect-tcp-flags.c b/src/detect-tcp-flags.c index 3b7092f75b..c8c139391b 100644 --- a/src/detect-tcp-flags.c +++ b/src/detect-tcp-flags.c @@ -336,7 +336,7 @@ static int FlagsTestParse04 (void) } /** - * \test FlagsTestParse05 test if ACK+PUSH and more flags are set. Ignore SYN and RST bits. + * \test FlagsTestParse05 test if ACK+PUSH and no other flags are set. Ignore SYN and RST bits. * \retval 1 on success * \retval 0 on failure */ @@ -356,10 +356,10 @@ static int FlagsTestParse05 (void) tcph.th_flags = TH_ACK | TH_PUSH | TH_SYN | TH_RST; UTHSetTCPHdr(p, &tcph); - DetectU8Data *de = SCDetectTcpFlagsParse("+AP,SR"); + DetectU8Data *de = SCDetectTcpFlagsParse("AP,SR"); FAIL_IF_NULL(de); FAIL_IF(de->mode != DetectUintModeBitmask); - FAIL_IF(de->arg1 != (TH_ACK | TH_PUSH)); + FAIL_IF(de->arg1 != (uint8_t) ~(TH_SYN | TH_RST)); FAIL_IF(de->arg2 != (TH_ACK | TH_PUSH)); SigMatch *sm = SigMatchAlloc(); @@ -376,8 +376,8 @@ static int FlagsTestParse05 (void) } /** - * \test FlagsTestParse06 test if ACK+PUSH and more flags are set. Ignore URG and RST bits. - * Must return success. + * \test FlagsTestParse06 test if ACK+PUSH and no other flags are set. Ignore URG and RST bits. + * Must fail as TH_SYN is also set * \retval 1 on success * \retval 0 on failure */ @@ -397,10 +397,10 @@ static int FlagsTestParse06 (void) tcph.th_flags = TH_ACK | TH_PUSH | TH_SYN | TH_RST; UTHSetTCPHdr(p, &tcph); - DetectU8Data *de = SCDetectTcpFlagsParse("+AP,UR"); + DetectU8Data *de = SCDetectTcpFlagsParse("AP,UR"); FAIL_IF_NULL(de); FAIL_IF(de->mode != DetectUintModeBitmask); - FAIL_IF(de->arg1 != (TH_ACK | TH_PUSH)); + FAIL_IF(de->arg1 != (uint8_t) ~(TH_URG | TH_RST)); FAIL_IF(de->arg2 != (TH_ACK | TH_PUSH)); SigMatch *sm = SigMatchAlloc(); @@ -409,7 +409,7 @@ static int FlagsTestParse06 (void) sm->ctx = (SigMatchCtx *)de; int ret = DetectFlagsMatch(NULL, p, NULL, sm->ctx); - FAIL_IF_NOT(ret == 1); + FAIL_IF_NOT(ret == 0); SigMatchFree(NULL, sm); PacketFree(p); @@ -580,7 +580,7 @@ static int FlagsTestParse10 (void) } /** - * \test FlagsTestParse11 test if ACK or PUSH are set. Ignore SYN and RST. Must fails. + * \test FlagsTestParse11 test if flags are ACK and PUSH. Ignore SYN and RST. * * \retval 1 on success * \retval 0 on failure @@ -601,11 +601,11 @@ static int FlagsTestParse11 (void) tcph.th_flags = TH_SYN | TH_RST | TH_URG; UTHSetTCPHdr(p, &tcph); - DetectU8Data *de = SCDetectTcpFlagsParse("*AP,SR"); + DetectU8Data *de = SCDetectTcpFlagsParse("AP,SR"); FAIL_IF_NULL(de); - FAIL_IF(de->mode != DetectUintModeNegBitmask); - FAIL_IF(de->arg1 != (TH_ACK | TH_PUSH)); - FAIL_IF(de->arg2 != 0); + FAIL_IF(de->mode != DetectUintModeBitmask); + FAIL_IF(de->arg1 != (uint8_t) ~(TH_SYN | TH_RST)); + FAIL_IF(de->arg2 != (TH_ACK | TH_PUSH)); SigMatch *sm = SigMatchAlloc(); FAIL_IF_NULL(de);