aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/http_user_agent: remove obsolete tests

Browse Source
pull/8732/head
Victor Julien 2 years ago
parent d6adb5c304
commit c41923f9c4
1 changed files with 0 additions and 409 deletions
Show Stats Download Patch File Download Diff File

409
src/tests/detect-http-user-agent.c
Unescape Escape View File

@ -1180,399 +1180,6 @@ static int DetectHttpUATest14(void)
PASS;
}
static int DetectHttpUATest22(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any "
"(content:\"one\"; content:\"two\"; http_user_agent; "
"content:\"three\"; distance:10; http_user_agent; content:\"four\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectContentData *cd1 =
(DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NULL(cd1);
FAIL_IF_NULL(cd2);
FAIL_IF_NULL(huad1);
FAIL_IF_NULL(huad2);
FAIL_IF_NOT(cd1->flags == 0);
FAIL_IF_NOT(memcmp(cd1->content, "one", cd1->content_len) == 0);
FAIL_IF_NOT(cd2->flags == 0);
FAIL_IF_NOT(memcmp(cd2->content, "four", cd2->content_len) == 0);
FAIL_IF_NOT(huad1->flags == DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF_NOT(memcmp(huad1->content, "two", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(huad2->content, "three", huad1->content_len) == 0);
FAIL_IF(!DETECT_CONTENT_IS_SINGLE(cd1));
FAIL_IF(!DETECT_CONTENT_IS_SINGLE(cd2));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad1));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad2));
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest23(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any "
"(content:\"one\"; http_user_agent; pcre:/two/; "
"content:\"three\"; distance:10; http_user_agent; content:\"four\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectPcreData *pd1 = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NOT(pd1->flags == 0);
FAIL_IF_NOT(cd2->flags == 0);
FAIL_IF_NOT(memcmp(cd2->content, "four", cd2->content_len) == 0);
FAIL_IF_NOT(huad1->flags == DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF_NOT(memcmp(huad1->content, "one", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(huad2->content, "three", huad1->content_len) == 0);
FAIL_IF(!DETECT_CONTENT_IS_SINGLE(cd2));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad1));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad2));
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest24(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_user_agent; pcre:/two/; "
"content:\"three\"; distance:10; within:15; "
"http_user_agent; content:\"four\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectPcreData *pd1 = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NOT(pd1->flags == 0);
FAIL_IF_NOT(cd2->flags == 0);
FAIL_IF_NOT(memcmp(cd2->content, "four", cd2->content_len) == 0);
FAIL_IF_NOT(huad1->flags == DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF_NOT(memcmp(huad1->content, "one", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN));
FAIL_IF_NOT(memcmp(huad2->content, "three", huad1->content_len) == 0);
FAIL_IF(!DETECT_CONTENT_IS_SINGLE(cd2));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad1));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad2));
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest25(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_user_agent; pcre:/two/; "
"content:\"three\"; distance:10; http_user_agent; "
"content:\"four\"; distance:10; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectPcreData *pd1 = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NOT(pd1->flags == DETECT_PCRE_RELATIVE_NEXT);
FAIL_IF_NOT(cd2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(cd2->content, "four", cd2->content_len) == 0);
FAIL_IF_NOT(huad1->flags == DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF_NOT(memcmp(huad1->content, "one", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(huad2->content, "three", huad1->content_len) == 0);
FAIL_IF(DETECT_CONTENT_IS_SINGLE(cd2));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad1));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad2));
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest26(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx,
"alert tcp any any -> any any "
"(content:\"one\"; offset:10; http_user_agent; pcre:/two/; "
"content:\"three\"; distance:10; http_user_agent; within:10; "
"content:\"four\"; distance:10; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectPcreData *pd1 = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NOT(pd1->flags == DETECT_PCRE_RELATIVE_NEXT);
FAIL_IF_NOT(cd2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(cd2->content, "four", cd2->content_len) == 0);
FAIL_IF_NOT(huad1->flags == (DETECT_CONTENT_RELATIVE_NEXT | DETECT_CONTENT_OFFSET));
FAIL_IF_NOT(memcmp(huad1->content, "one", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == (DETECT_CONTENT_DISTANCE | DETECT_CONTENT_WITHIN));
FAIL_IF_NOT(memcmp(huad2->content, "three", huad1->content_len) == 0);
FAIL_IF(DETECT_CONTENT_IS_SINGLE(cd2));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad1));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad2));
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest27(void)
{
return DetectHttpUATestSigParse("alert tcp any any -> any any "
"(content:\"one\"; offset:10; http_user_agent; pcre:/two/; "
"content:\"three\"; distance:10; http_user_agent; within:10; "
"content:\"four\"; distance:10; sid:1;)",
true);
}
static int DetectHttpUATest28(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_user_agent; pcre:/two/; "
"content:\"three\"; http_user_agent; depth:10; "
"content:\"four\"; distance:10; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectPcreData *pd1 = (DetectPcreData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->prev->ctx;
DetectContentData *cd2 = (DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx;
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NOT(pd1->flags == DETECT_PCRE_RELATIVE_NEXT);
FAIL_IF_NOT(cd2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(cd2->content, "four", cd2->content_len) == 0);
FAIL_IF_NOT(huad1->flags == 0);
FAIL_IF_NOT(memcmp(huad1->content, "one", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == (DETECT_CONTENT_DEPTH));
FAIL_IF_NOT(memcmp(huad2->content, "three", huad1->content_len) == 0);
FAIL_IF(DETECT_CONTENT_IS_SINGLE(cd2));
FAIL_IF_NOT(DETECT_CONTENT_IS_SINGLE(huad1));
FAIL_IF(DETECT_CONTENT_IS_SINGLE(huad2));
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest29(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s =
DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_user_agent; "
"content:\"two\"; distance:0; http_user_agent; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NOT(huad1->flags == DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF_NOT(memcmp(huad1->content, "one", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(huad2->content, "two", huad1->content_len) == 0);
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest30(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s =
DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(content:\"one\"; http_user_agent; "
"content:\"two\"; within:5; http_user_agent; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
DetectContentData *huad1 =
(DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)s->sm_lists_tail[g_http_ua_buffer_id]->ctx;
FAIL_IF_NOT(huad1->flags == DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF_NOT(memcmp(huad1->content, "one", huad1->content_len) == 0);
FAIL_IF_NOT(huad2->flags == DETECT_CONTENT_WITHIN);
FAIL_IF_NOT(memcmp(huad2->content, "two", huad1->content_len) == 0);
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest31(void)
{
return DetectHttpUATestSigParse("alert tcp any any -> any any "
"(content:\"one\"; within:5; http_user_agent; sid:1;)",
true);
}
static int DetectHttpUATest32(void)
{
return DetectHttpUATestSigParse("alert tcp any any -> any any "
"(content:\"one\"; http_user_agent; within:5; sid:1;)",
true);
}
static int DetectHttpUATest33(void)
{
return DetectHttpUATestSigParse("alert tcp any any -> any any "
"(content:\"one\"; within:5; sid:1;)",
true);
}
static int DetectHttpUATest34(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s =
DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(pcre:/one/V; "
"content:\"two\"; within:5; http_user_agent; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NULL(s->sm_lists[g_http_ua_buffer_id]);
SigMatch *sm = de_ctx->sig_list->sm_lists_tail[g_http_ua_buffer_id];
FAIL_IF_NULL(sm);
FAIL_IF_NOT(sm->type == DETECT_CONTENT);
FAIL_IF_NULL(sm->prev);
FAIL_IF_NOT(sm->prev->type == DETECT_PCRE);
DetectPcreData *pd1 = (DetectPcreData *)sm->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)sm->ctx;
FAIL_IF_NOT(pd1->flags == (DETECT_PCRE_RELATIVE_NEXT));
FAIL_IF_NOT(huad2->flags == DETECT_CONTENT_WITHIN);
FAIL_IF_NOT(memcmp(huad2->content, "two", huad2->content_len) == 0);
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest35(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(content:\"two\"; http_user_agent; "
"pcre:/one/VR; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
SigMatch *sm = s->sm_lists_tail[g_http_ua_buffer_id];
FAIL_IF_NULL(sm);
FAIL_IF_NOT(sm->type == DETECT_PCRE);
FAIL_IF_NULL(sm->prev);
FAIL_IF_NOT(sm->prev->type == DETECT_CONTENT);
DetectContentData *huad1 = (DetectContentData *)sm->prev->ctx;
DetectPcreData *pd2 = (DetectPcreData *)sm->ctx;
FAIL_IF_NOT(pd2->flags == (DETECT_PCRE_RELATIVE));
FAIL_IF_NOT(huad1->flags == DETECT_CONTENT_RELATIVE_NEXT);
FAIL_IF_NOT(memcmp(huad1->content, "two", huad1->content_len) == 0);
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectHttpUATest36(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
Signature *s =
DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(pcre:/one/V; "
"content:\"two\"; distance:5; http_user_agent; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
SigMatch *sm = s->sm_lists_tail[g_http_ua_buffer_id];
FAIL_IF_NULL(sm);
FAIL_IF(sm->type != DETECT_CONTENT);
FAIL_IF_NULL(sm->prev);
FAIL_IF_NOT(sm->prev->type == DETECT_PCRE);
DetectPcreData *pd1 = (DetectPcreData *)sm->prev->ctx;
DetectContentData *huad2 = (DetectContentData *)sm->ctx;
FAIL_IF_NOT(pd1->flags == (DETECT_PCRE_RELATIVE_NEXT));
FAIL_IF_NOT(huad2->flags == DETECT_CONTENT_DISTANCE);
FAIL_IF_NOT(memcmp(huad2->content, "two", huad2->content_len) == 0);
DetectEngineCtxFree(de_ctx);
PASS;
}
static void DetectHttpUARegisterTests(void)
{
UtRegisterTest("DetectEngineHttpUATest01", DetectEngineHttpUATest01);
@ -1607,22 +1214,6 @@ static void DetectHttpUARegisterTests(void)
UtRegisterTest("DetectHttpUATest12", DetectHttpUATest12);
UtRegisterTest("DetectHttpUATest13", DetectHttpUATest13);
UtRegisterTest("DetectHttpUATest14", DetectHttpUATest14);
UtRegisterTest("DetectHttpUATest22", DetectHttpUATest22);
UtRegisterTest("DetectHttpUATest23", DetectHttpUATest23);
UtRegisterTest("DetectHttpUATest24", DetectHttpUATest24);
UtRegisterTest("DetectHttpUATest25", DetectHttpUATest25);
UtRegisterTest("DetectHttpUATest26", DetectHttpUATest26);
UtRegisterTest("DetectHttpUATest27", DetectHttpUATest27);
UtRegisterTest("DetectHttpUATest28", DetectHttpUATest28);
UtRegisterTest("DetectHttpUATest29", DetectHttpUATest29);
UtRegisterTest("DetectHttpUATest30", DetectHttpUATest30);
UtRegisterTest("DetectHttpUATest31", DetectHttpUATest31);
UtRegisterTest("DetectHttpUATest32", DetectHttpUATest32);
UtRegisterTest("DetectHttpUATest33", DetectHttpUATest33);
UtRegisterTest("DetectHttpUATest34", DetectHttpUATest34);
UtRegisterTest("DetectHttpUATest35", DetectHttpUATest35);
UtRegisterTest("DetectHttpUATest36", DetectHttpUATest36);
}
/**

Write Preview
Loading…
Cancel
Save