aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/bytejump: test cleanup

Browse Source 
Just one used during debugging.
pull/10052/head
Victor Julien 1 year ago
parent 101452056d
commit fb497bfa7e
1 changed files with 33 additions and 82 deletions
Show Stats Download Patch File Download Diff File

115
src/detect-byte-extract.c
Unescape Escape View File

@ -3438,98 +3438,49 @@ static int DetectByteExtractTest52(void)
static int DetectByteExtractTest53(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 0;
Signature *s = NULL;
SigMatch *sm = NULL;
DetectContentData *cd = NULL;
DetectByteExtractData *bed = NULL;
DetectBytejumpData *bjd = NULL;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
"(msg:\"Testing bytejump_body\"; "
"content:\"one\"; "
"byte_extract:4,0,two,string,hex; "
"byte_jump: 2,two; "
"sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
if (s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH] == NULL) {
result = 0;
goto end;
}
Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any ("
"content:\"one\"; "
"byte_extract:4,0,two,string,hex; "
"byte_jump: 2,two; "
"sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->init_data->smlists_tail[DETECT_SM_LIST_PMATCH]);
sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
if (sm->type != DETECT_CONTENT) {
result = 0;
goto end;
}
cd = (DetectContentData *)sm->ctx;
if (cd->flags & DETECT_CONTENT_RAWBYTES ||
strncmp((char *)cd->content, "one", cd->content_len) != 0 ||
cd->flags & DETECT_CONTENT_NOCASE ||
cd->flags & DETECT_CONTENT_WITHIN ||
cd->flags & DETECT_CONTENT_DISTANCE ||
cd->flags & DETECT_CONTENT_FAST_PATTERN ||
cd->flags & DETECT_CONTENT_RELATIVE_NEXT ||
cd->flags & DETECT_CONTENT_NEGATED ) {
printf("one failed\n");
result = 0;
goto end;
}
SigMatch *sm = s->init_data->smlists[DETECT_SM_LIST_PMATCH];
FAIL_IF(sm->type != DETECT_CONTENT);
DetectContentData *cd = (DetectContentData *)sm->ctx;
FAIL_IF(cd->flags != 0);
sm = sm->next;
if (sm->type != DETECT_BYTE_EXTRACT) {
result = 0;
goto end;
}
bed = (DetectByteExtractData *)sm->ctx;
if (bed->nbytes != 4 ||
bed->offset != 0 ||
strcmp(bed->name, "two") != 0 ||
bed->flags != DETECT_BYTE_EXTRACT_FLAG_STRING ||
bed->endian != DETECT_BYTE_EXTRACT_ENDIAN_NONE ||
bed->base != DETECT_BYTE_EXTRACT_BASE_HEX ||
bed->align_value != 0 ||
bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT) {
goto end;
}
if (bed->local_id != 0) {
result = 0;
goto end;
}
FAIL_IF_NULL(sm);
FAIL_IF(sm->type != DETECT_BYTE_EXTRACT);
DetectByteExtractData *bed = (DetectByteExtractData *)sm->ctx;
FAIL_IF(bed->nbytes != 4);
FAIL_IF(bed->offset != 0);
FAIL_IF(strcmp(bed->name, "two") != 0);
FAIL_IF(bed->flags != DETECT_BYTE_EXTRACT_FLAG_STRING);
FAIL_IF(bed->endian != DETECT_BYTE_EXTRACT_ENDIAN_NONE);
FAIL_IF(bed->base != DETECT_BYTE_EXTRACT_BASE_HEX);
FAIL_IF(bed->align_value != 0);
FAIL_IF(bed->multiplier_value != DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT);
FAIL_IF(bed->local_id != 0);
sm = sm->next;
if (sm->type != DETECT_BYTEJUMP) {
result = 0;
goto end;
}
bjd = (DetectBytejumpData *)sm->ctx;
if (bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR || bjd->offset != 0) {
printf("three failed\n");
result = 0;
goto end;
}
FAIL_IF_NULL(sm);
FAIL_IF(sm->type != DETECT_BYTEJUMP);
DetectBytejumpData *bjd = (DetectBytejumpData *)sm->ctx;
if (sm->next != NULL)
goto end;
result = 1;
FAIL_IF(bjd->flags != DETECT_BYTEJUMP_OFFSET_VAR);
FAIL_IF(bjd->offset != 0);
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
FAIL_IF_NOT_NULL(sm->next);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
static int DetectByteExtractTest54(void)

Write Preview
Loading…
Cancel
Save