aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/http_server_body: remove obsolete tests

Browse Source
pull/8732/head
Victor Julien 3 years ago
parent 5994aafe00
commit 746456deca
1 changed files with 0 additions and 838 deletions
Show Stats Download Patch File Download Diff File

838
src/tests/detect-http-server-body.c
Unescape Escape View File

@ -5249,159 +5249,6 @@ libhtp:\n\
PASS;
}
/**
* \test Test that a signature containting a http_server_body is correctly parsed
* and the keyword is registered.
*/
static int DetectHttpServerBodyTest01(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
SigMatch *sm = NULL;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_server_body\"; "
"content:\"one\"; http_server_body; sid:1;)");
if (de_ctx->sig_list == NULL) {
goto end;
}
/* sm should not be in the MATCH list */
sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
if (sm != NULL) {
goto end;
}
sm = de_ctx->sig_list->sm_lists[g_file_data_buffer_id];
if (sm == NULL) {
goto end;
}
if (sm->type != DETECT_CONTENT) {
printf("sm type not DETECT_AL_HTTP_SERVER_BODY: ");
goto end;
}
if (sm->next != NULL) {
goto end;
}
result = 1;
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that a signature containing an valid http_server_body entry is
* parsed.
*/
static int DetectHttpServerBodyTest02(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_server_body\"; "
"content:\"one\"; http_server_body:; sid:1;)");
if (de_ctx->sig_list != NULL)
result = 1;
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that an invalid signature containing no content but a http_server_body
* is invalidated.
*/
static int DetectHttpServerBodyTest03(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_server_body\"; "
"http_server_body; sid:1;)");
if (de_ctx->sig_list == NULL)
result = 1;
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that an invalid signature containing a rawbytes along with a
* http_server_body is invalidated.
*/
static int DetectHttpServerBodyTest04(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_server_body\"; "
"content:\"one\"; rawbytes; http_server_body; sid:1;)");
if (de_ctx->sig_list == NULL)
result = 1;
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \test Test that an invalid signature containing a rawbytes along with a
* http_server_body is invalidated.
*/
static int DetectHttpServerBodyTest05(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing http_server_body\"; "
"content:\"one\"; http_server_body; nocase; sid:1;)");
if (de_ctx->sig_list != NULL)
result = 1;
end:
DetectEngineCtxFree(de_ctx);
return result;
}
/**
*\test Test that the http_server_body content matches against a http request
* which holds the content.
@ -6746,671 +6593,6 @@ end:
return result;
}
static int DetectHttpServerBodyTest22(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; content:\"two\"; http_server_body; "
"content:\"three\"; distance:10; http_server_body; content:\"four\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectContentData *cd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (cd1->flags != 0 || memcmp(cd1->content, "one", cd1->content_len) != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "two", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) {
goto end;
}
if (!DETECT_CONTENT_IS_SINGLE(cd1) ||
!DETECT_CONTENT_IS_SINGLE(cd2) ||
DETECT_CONTENT_IS_SINGLE(hsbd1) ||
DETECT_CONTENT_IS_SINGLE(hsbd2)) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest23(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_server_body; pcre:/two/; "
"content:\"three\"; distance:10; http_server_body; content:\"four\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) {
goto end;
}
if (!DETECT_CONTENT_IS_SINGLE(cd2) ||
DETECT_CONTENT_IS_SINGLE(hsbd1) ||
DETECT_CONTENT_IS_SINGLE(hsbd2)) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest24(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_server_body; pcre:/two/; "
"content:\"three\"; distance:10; within:15; http_server_body; content:\"four\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != 0 ||
cd2->flags != 0 || memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) ||
memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) {
goto end;
}
if (!DETECT_CONTENT_IS_SINGLE(cd2) ||
DETECT_CONTENT_IS_SINGLE(hsbd1) ||
DETECT_CONTENT_IS_SINGLE(hsbd2)) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest25(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_server_body; pcre:/two/; "
"content:\"three\"; distance:10; http_server_body; "
"content:\"four\"; distance:10; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != DETECT_PCRE_RELATIVE_NEXT ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) {
goto end;
}
if (DETECT_CONTENT_IS_SINGLE(cd2) ||
DETECT_CONTENT_IS_SINGLE(hsbd1) ||
DETECT_CONTENT_IS_SINGLE(hsbd2)) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest26(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; offset:10; http_server_body; pcre:/two/; "
"content:\"three\"; distance:10; http_server_body; within:10; "
"content:\"four\"; distance:10; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET) ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN) ||
memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) {
goto end;
}
if (DETECT_CONTENT_IS_SINGLE(cd2) ||
DETECT_CONTENT_IS_SINGLE(hsbd1) ||
DETECT_CONTENT_IS_SINGLE(hsbd2)) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
/** \test invalid combination for content: distance, depth, http_server_body */
static int DetectHttpServerBodyTest27(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; offset:10; http_server_body; pcre:/two/; distance:10; "
"content:\"three\"; distance:10; http_server_body; depth:10; "
"content:\"four\"; distance:10; sid:1;)");
if (de_ctx->sig_list != NULL) {
printf("de_ctx->sig_list != NULL: ");
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest28(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_server_body; pcre:/two/; "
"content:\"three\"; http_server_body; depth:10; "
"content:\"four\"; distance:10; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
cd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(cd2->content, "four", cd2->content_len) != 0 ||
hsbd1->flags != 0 ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_DEPTH ||
memcmp(hsbd2->content, "three", hsbd1->content_len) != 0) {
goto end;
}
if (DETECT_CONTENT_IS_SINGLE(cd2) ||
!DETECT_CONTENT_IS_SINGLE(hsbd1) ||
DETECT_CONTENT_IS_SINGLE(hsbd2)) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest29(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_server_body; "
"content:\"two\"; distance:0; http_server_body; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hsbd2->content, "two", hsbd1->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest30(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_server_body; "
"content:\"two\"; within:5; http_server_body; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "one", hsbd1->content_len) != 0 ||
hsbd2->flags != DETECT_CONTENT_WITHIN ||
memcmp(hsbd2->content, "two", hsbd1->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest31(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; within:5; http_server_body; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest32(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_server_body; within:5; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest33(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; within:5; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest34(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(pcre:/one/Q; "
"content:\"two\"; within:5; http_server_body; sid:1;)");
FAIL_IF_NULL(de_ctx->sig_list);
FAIL_IF_NOT_NULL(de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH]);
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id] == NULL ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_CONTENT ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hsbd2->flags != DETECT_CONTENT_WITHIN ||
memcmp(hsbd2->content, "two", hsbd2->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest35(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(content:\"two\"; http_server_body; "
"pcre:/one/QR; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id] == NULL ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_PCRE ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->type != DETECT_CONTENT) {
goto end;
}
DetectContentData *hsbd1 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectPcreData *pd2 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd2->flags != (DETECT_PCRE_RELATIVE) ||
hsbd1->flags != DETECT_CONTENT_RELATIVE_NEXT ||
memcmp(hsbd1->content, "two", hsbd1->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
static int DetectHttpServerBodyTest36(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
goto end;
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(pcre:/one/Q; "
"content:\"two\"; distance:5; http_server_body; sid:1;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL) {
printf("de_ctx->sig_list->sm_lists[DETECT_SM_LIST_PMATCH] != NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL) {
printf("de_ctx->sig_list->sm_lists[g_file_data_buffer_id] == NULL\n");
goto end;
}
if (de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id] == NULL ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->type != DETECT_CONTENT ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev == NULL ||
de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->type != DETECT_PCRE) {
goto end;
}
DetectPcreData *pd1 = (DetectPcreData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->prev->ctx;
DetectContentData *hsbd2 = (DetectContentData *)de_ctx->sig_list->sm_lists_tail[g_file_data_buffer_id]->ctx;
if (pd1->flags != (DETECT_PCRE_RELATIVE_NEXT) ||
hsbd2->flags != DETECT_CONTENT_DISTANCE ||
memcmp(hsbd2->content, "two", hsbd2->content_len) != 0) {
goto end;
}
result = 1;
end:
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
}
/**
*\test Test that the http_server_body content matches against a http request
* which holds the content.
@ -8723,11 +7905,6 @@ void DetectHttpServerBodyRegisterTests(void)
UtRegisterTest("DetectHttpServerBodyParserTest01", DetectHttpServerBodyParserTest01);
UtRegisterTest("DetectHttpServerBodyParserTest02", DetectHttpServerBodyParserTest02);
UtRegisterTest("DetectHttpServerBodyTest01", DetectHttpServerBodyTest01);
UtRegisterTest("DetectHttpServerBodyTest02", DetectHttpServerBodyTest02);
UtRegisterTest("DetectHttpServerBodyTest03", DetectHttpServerBodyTest03);
UtRegisterTest("DetectHttpServerBodyTest04", DetectHttpServerBodyTest04);
UtRegisterTest("DetectHttpServerBodyTest05", DetectHttpServerBodyTest05);
UtRegisterTest("DetectHttpServerBodyTest06", DetectHttpServerBodyTest06);
UtRegisterTest("DetectHttpServerBodyTest07", DetectHttpServerBodyTest07);
UtRegisterTest("DetectHttpServerBodyTest08", DetectHttpServerBodyTest08);
@ -8738,21 +7915,6 @@ void DetectHttpServerBodyRegisterTests(void)
UtRegisterTest("DetectHttpServerBodyTest13", DetectHttpServerBodyTest13);
UtRegisterTest("DetectHttpServerBodyTest14", DetectHttpServerBodyTest14);
UtRegisterTest("DetectHttpServerBodyTest15", DetectHttpServerBodyTest15);
UtRegisterTest("DetectHttpServerBodyTest22", DetectHttpServerBodyTest22);
UtRegisterTest("DetectHttpServerBodyTest23", DetectHttpServerBodyTest23);
UtRegisterTest("DetectHttpServerBodyTest24", DetectHttpServerBodyTest24);
UtRegisterTest("DetectHttpServerBodyTest25", DetectHttpServerBodyTest25);
UtRegisterTest("DetectHttpServerBodyTest26", DetectHttpServerBodyTest26);
UtRegisterTest("DetectHttpServerBodyTest27", DetectHttpServerBodyTest27);
UtRegisterTest("DetectHttpServerBodyTest28", DetectHttpServerBodyTest28);
UtRegisterTest("DetectHttpServerBodyTest29", DetectHttpServerBodyTest29);
UtRegisterTest("DetectHttpServerBodyTest30", DetectHttpServerBodyTest30);
UtRegisterTest("DetectHttpServerBodyTest31", DetectHttpServerBodyTest31);
UtRegisterTest("DetectHttpServerBodyTest32", DetectHttpServerBodyTest32);
UtRegisterTest("DetectHttpServerBodyTest33", DetectHttpServerBodyTest33);
UtRegisterTest("DetectHttpServerBodyTest34", DetectHttpServerBodyTest34);
UtRegisterTest("DetectHttpServerBodyTest35", DetectHttpServerBodyTest35);
UtRegisterTest("DetectHttpServerBodyTest36", DetectHttpServerBodyTest36);
UtRegisterTest("DetectHttpServerBodyFileDataTest01",
DetectHttpServerBodyFileDataTest01);

Write Preview
Loading…
Cancel
Save