/**
* \brief this function is used to add the parsed "id" option
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectSslVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectSslVersionData *ssl = NULL;
SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_TLS) != 0)
return -1;
ssl = DetectSslVersionParse(str);
if (ssl == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_SSL_VERSION;
sm->ctx = (void *)ssl;
SigMatchAppendSMToList(s, sm, g_tls_generic_list_id);
return 0;
error:
if (ssl != NULL)
DetectSslVersionFree(ssl);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \brief this function is used to add the parsed "id" option
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectSslVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
DetectSslVersionData *ssl = NULL;
SigMatch *sm = NULL;
ssl = DetectSslVersionParse(str);
if (ssl == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_SSL_VERSION;
sm->ctx = (void *)ssl;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_TLS) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
goto error;
}
s->alproto = ALPROTO_TLS;
return 0;
error:
if (ssl != NULL)
DetectSslVersionFree(ssl);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \test DetectSslVersionTestParse02 is a test to make sure that we parse the
* "ssl_version" option correctly when given an invalid ssl_version option
* it should return ssl = NULL
*/
static int DetectSslVersionTestParse02(void)
{
DetectSslVersionData *ssl = NULL;
ssl = DetectSslVersionParse("2.5");
FAIL_IF_NOT_NULL(ssl);
DetectSslVersionFree(ssl);
PASS;
}
/**
* \test DetectSslVersionTestParse01 is a test to make sure that we parse the
* "ssl_version" option correctly when given valid ssl_version option
*/
static int DetectSslVersionTestParse01(void)
{
DetectSslVersionData *ssl = NULL;
ssl = DetectSslVersionParse("SSlv3");
FAIL_IF_NULL(ssl);
FAIL_IF_NOT(ssl->data[SSLv3].ver == SSL_VERSION_3);
DetectSslVersionFree(ssl);
PASS;
}
/**
* \test DetectSslVersionTestParse02 is a test to make sure that we parse the
* "ssl_version" option correctly when given an invalid ssl_version option
* it should return ssl = NULL
*/
int DetectSslVersionTestParse02(void) {
DetectSslVersionData *ssl = NULL;
ssl = DetectSslVersionParse("2.5");
if (ssl == NULL) {
DetectSslVersionFree(ssl);
return 1;
}
return 0;
}
/**
* \test DetectSslVersionTestParse01 is a test to make sure that we parse the
* "ssl_version" option correctly when given valid ssl_version option
*/
int DetectSslVersionTestParse01(void) {
DetectSslVersionData *ssl = NULL;
ssl = DetectSslVersionParse("SSlv3");
if (ssl != NULL && ssl->data[SSLv3].ver == SSL_VERSION_3) {
DetectSslVersionFree(ssl);
return 1;
}
return 0;
}
/**
* \test DetectSslVersionTestParse03 is a test to make sure that we parse the
* "ssl_version" options correctly when given valid ssl_version options
*/
static int DetectSslVersionTestParse03(void)
{
DetectSslVersionData *ssl = NULL;
ssl = DetectSslVersionParse("SSlv3,tls1.0, !tls1.2");
FAIL_IF_NULL(ssl);
FAIL_IF_NOT(ssl->data[SSLv3].ver == SSL_VERSION_3);
FAIL_IF_NOT(ssl->data[TLS10].ver == TLS_VERSION_10);
FAIL_IF_NOT(ssl->data[TLS12].ver == TLS_VERSION_12);
FAIL_IF_NOT(ssl->data[TLS12].flags & DETECT_SSL_VERSION_NEGATED);
DetectSslVersionFree(ssl);
PASS;
}
/**
* \test DetectSslVersionTestParse03 is a test to make sure that we parse the
* "ssl_version" options correctly when given valid ssl_version options
*/
int DetectSslVersionTestParse03(void) {
DetectSslVersionData *ssl = NULL;
ssl = DetectSslVersionParse("SSlv3,tls1.0, !tls1.2");
if (ssl != NULL && ssl->data[SSLv3].ver == SSL_VERSION_3 &&
ssl->data[TLS10].ver == TLS_VERSION_10 &&
ssl->data[TLS12].ver == TLS_VERSION_12 &&
ssl->data[TLS12].flags & DETECT_SSL_VERSION_NEGATED)
{
DetectSslVersionFree(ssl);
return 1;
}
return 0;
}
