aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/http_raw_header: remove obsolete tests

Browse Source
pull/8732/head
Victor Julien 3 years ago
parent 85639ea174
commit 5994aafe00
1 changed files with 0 additions and 511 deletions
Show Stats Download Patch File Download Diff File

511
src/tests/detect-http-raw-header.c
Unescape Escape View File

@ -3012,159 +3012,6 @@ end:
return result;
}
/**
* \test Test that a signature containting a http_header is correctly parsed
* and the keyword is registered.
*/
static int DetectHttpRawHeaderTest01(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
SigMatch *sm = NULL;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_header\"; flow:to_server; "
"content:\"one\"; http_raw_header; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 1;
} else {
printf("Error parsing signature: ");
goto end;
}
sm = de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id];
if (sm != NULL) {
result &= (sm->type == DETECT_CONTENT);
result &= (sm->next == NULL);
} else {
result = 0;
printf("Error updating content pattern to http_header pattern: ");
}
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that a signature containing an valid http_header entry is
* parsed.
*/
static int DetectHttpRawHeaderTest02(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_header\"; flow:to_server; "
"content:\"one\"; http_raw_header:; sid:1;)");
if (de_ctx->sig_list != NULL)
result = 1;
else
printf("Error parsing signature: ");
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that an invalid signature containing no content but a http_header
* is invalidated.
*/
static int DetectHttpRawHeaderTest03(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_header\"; flow:to_server; "
"http_raw_header; sid:1;)");
if (de_ctx->sig_list == NULL)
result = 1;
else
printf("Error parsing signature: ");
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that an invalid signature containing a rawbytes along with a
* http_header is invalidated.
*/
static int DetectHttpRawHeaderTest04(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_header\"; flow:to_server; "
"content:\"one\"; rawbytes; http_raw_header; sid:1;)");
if (de_ctx->sig_list == NULL)
result = 1;
else
printf("Error parsing signature: ");
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that an invalid signature containing a rawbytes along with a
* http_header is invalidated.
*/
static int DetectHttpRawHeaderTest05(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_header\"; flow:to_server; "
"content:\"one\"; nocase; http_raw_header; sid:1;)");
if (de_ctx->sig_list != NULL)
result = 1;
else
printf("Error parsing signature: ");
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
*\test Test that the http_header content matches against a http request
* which holds the content.
@ -4026,345 +3873,6 @@ end:
return result;
}
static int DetectHttpRawHeaderTest20(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; content:\"one\"; http_raw_header; "
"content:\"two\"; distance:0; http_raw_header; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n");
goto end;
}
DetectContentData *hrhd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx;
DetectContentData *hrhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx;
if (hrhd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hrhd1->content, "one", hrhd1->content_len) != 0 ||
hrhd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hrhd2->content, "two", hrhd1->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderTest21(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; content:\"one\"; http_raw_header; "
"content:\"two\"; within:5; http_raw_header; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n");
goto end;
}
DetectContentData *hrhd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx;
DetectContentData *hrhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx;
if (hrhd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hrhd1->content, "one", hrhd1->content_len) != 0 ||
hrhd2->flags != DETECT_CONTENT_WITHIN ||
memcmp(hrhd2->content, "two", hrhd1->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderTest22(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; content:\"one\"; within:5; http_raw_header; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderTest23(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; content:\"one\"; http_raw_header; within:5; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderTest24(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; content:\"one\"; within:5; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderTest25(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; pcre:/one/D; "
"content:\"two\"; within:5; http_raw_header; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id] == NULL ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->type != DETECT_CONTENT ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx;
DetectContentData *hhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hhd2->flags != DETECT_CONTENT_WITHIN ||
memcmp(hhd2->content, "two", hhd2->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderTest26(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; content:\"two\"; http_raw_header; "
"pcre:/one/DR; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id] == NULL ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->type != DETECT_PCRE ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->type != DETECT_CONTENT) {
goto end;
}
DetectContentData *hhd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx;
DetectPcreData *pd2 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx;
if (pd2->flags != (DETECT_PCRE_RELATIVE) ||
hhd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hhd1->content, "two", hhd1->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderTest27(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert http any any -> any any "
"(flow:to_server; pcre:/one/D; "
"content:\"two\"; distance:5; http_raw_header; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_http_raw_header_buffer_id] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id] == NULL ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->type != DETECT_CONTENT ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->prev->ctx;
DetectContentData *hhd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_http_raw_header_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hhd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hhd2->content, "two", hhd2->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpRawHeaderIsdataatParseTest(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any ("
"flow:to_server; "
"content:\"one\"; http_raw_header; "
"isdataat:!4,relative; sid:1;)");
FAIL_IF_NULL(s);
SigMatch *sm = s->init_data->smlists_tail[g_http_raw_header_buffer_id];
FAIL_IF_NULL(sm);
FAIL_IF_NOT(sm->type == DETECT_ISDATAAT);
DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx;
FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED);
FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
DetectEngineCtxFree(de_ctx);
PASS;
}
void DetectHttpRawHeaderRegisterTests(void)
{
UtRegisterTest("DetectHttpRawHeaderParserTest01",
@ -4435,11 +3943,6 @@ void DetectHttpRawHeaderRegisterTests(void)
UtRegisterTest("DetectEngineHttpRawHeaderTest32",
DetectEngineHttpRawHeaderTest32);
UtRegisterTest("DetectHttpRawHeaderTest01", DetectHttpRawHeaderTest01);
UtRegisterTest("DetectHttpRawHeaderTest02", DetectHttpRawHeaderTest02);
UtRegisterTest("DetectHttpRawHeaderTest03", DetectHttpRawHeaderTest03);
UtRegisterTest("DetectHttpRawHeaderTest04", DetectHttpRawHeaderTest04);
UtRegisterTest("DetectHttpRawHeaderTest05", DetectHttpRawHeaderTest05);
UtRegisterTest("DetectHttpRawHeaderTest06", DetectHttpRawHeaderTest06);
UtRegisterTest("DetectHttpRawHeaderTest07", DetectHttpRawHeaderTest07);
UtRegisterTest("DetectHttpRawHeaderTest08", DetectHttpRawHeaderTest08);
@ -4448,20 +3951,6 @@ void DetectHttpRawHeaderRegisterTests(void)
UtRegisterTest("DetectHttpRawHeaderTest11", DetectHttpRawHeaderTest11);
UtRegisterTest("DetectHttpRawHeaderTest12", DetectHttpRawHeaderTest12);
UtRegisterTest("DetectHttpRawHeaderTest13", DetectHttpRawHeaderTest13);
UtRegisterTest("DetectHttpRawHeaderTest20", DetectHttpRawHeaderTest20);
UtRegisterTest("DetectHttpRawHeaderTest21", DetectHttpRawHeaderTest21);
UtRegisterTest("DetectHttpRawHeaderTest22", DetectHttpRawHeaderTest22);
UtRegisterTest("DetectHttpRawHeaderTest23", DetectHttpRawHeaderTest23);
UtRegisterTest("DetectHttpRawHeaderTest24", DetectHttpRawHeaderTest24);
UtRegisterTest("DetectHttpRawHeaderTest25", DetectHttpRawHeaderTest25);
UtRegisterTest("DetectHttpRawHeaderTest26", DetectHttpRawHeaderTest26);
UtRegisterTest("DetectHttpRawHeaderTest27", DetectHttpRawHeaderTest27);
UtRegisterTest("DetectHttpRawHeaderIsdataatParseTest",
DetectHttpRawHeaderIsdataatParseTest);
return;
}
#endif /* UNITTESTS */

Write Preview
Loading…
Cancel
Save