Ejemplo n.º 1
0
HRESULT U2Dx9ShaderMgr::CreateShader( LPD3DXBUFFER pbufShader,
									 U2Dx9ShaderDesc::ShaderType ShaderType,
									U2Dx9ShaderDesc * pDesc )
{
	HRESULT hr = S_OK;
	FAIL_IF_NULL( pbufShader );
	FAIL_IF_NULL( pDesc );
	FAIL_IF_NULL( ms_pD3DDev );

	pDesc->m_type			= ShaderType;

	if( ShaderType == U2Dx9ShaderDesc::SHADERTYPE_VERTEX )
	{
		hr = ms_pD3DDev->CreateVertexShader( (DWORD*) pbufShader->GetBufferPointer(),
			(IDirect3DVertexShader9**) & pDesc->m_pShader );
		SAFE_RELEASE( pbufShader );
		BREAK_AND_RET_VAL_IF_FAILED(hr);		
	}
	else
	{
		hr = ms_pD3DDev->CreatePixelShader( (DWORD*) pbufShader->GetBufferPointer(),
			(IDirect3DPixelShader9**) & pDesc->m_pShader );
		SAFE_RELEASE( pbufShader );		
		BREAK_AND_RET_VAL_IF_FAILED(hr);				
	}
	return( hr );
}
Ejemplo n.º 2
0
static int DetectFiledataIsdataatParseTest1(void)
{
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);
    de_ctx->flags |= DE_QUIET;

    Signature *s = DetectEngineAppendSig(de_ctx,
            "alert tcp any any -> any any ("
            "file_data; content:\"one\"; "
            "isdataat:!4,relative; sid:1;)");
    FAIL_IF_NULL(s);

    SigMatch *sm = s->init_data->smlists[g_file_data_buffer_id];
    FAIL_IF_NULL(sm);
    FAIL_IF_NOT(sm->type == DETECT_CONTENT);
    sm = sm->next;
    FAIL_IF_NULL(sm);
    FAIL_IF_NOT(sm->type == DETECT_ISDATAAT);

    DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx;
    FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
    FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED);
    FAIL_IF(data->flags & ISDATAAT_RAWBYTES);

    DetectEngineCtxFree(de_ctx);
    PASS;
}
Ejemplo n.º 3
0
HRESULT DXDiagNVUtil::GetDirectXVersion( DWORD * pdwDirectXVersionMajor, 
										 DWORD * pdwDirectXVersionMinor,
										 TCHAR * pcDirectXVersionLetter )
{
	HRESULT hr = S_OK;
	FAIL_IF_NULL( m_pDxDiagRoot );
	FAIL_IF_NULL( pdwDirectXVersionMajor );
	FAIL_IF_NULL( pdwDirectXVersionMinor );
	FAIL_IF_NULL( pcDirectXVersionLetter );

	wstring propval;
	GetProperty( L"DxDiag_SystemInfo", L"dwDirectXVersionMajor", &propval );
	*pdwDirectXVersionMajor = _wtoi( propval.c_str() );

	GetProperty( L"DxDiag_SystemInfo", L"dwDirectXVersionMinor", &propval );
	*pdwDirectXVersionMinor = _wtoi( propval.c_str() );

	GetProperty( L"DxDiag_SystemInfo", L"szDirectXVersionLetter", &propval );
	string str;

	str = WStringToString( &propval );
	if( str.length() > 0 )
		*pcDirectXVersionLetter = str.at(0);
	else
		*pcDirectXVersionLetter = ' ';

	return( hr );
}
Ejemplo n.º 4
0
static int DetectAppLayerProtocolTest04(void)
{
    Signature *s = NULL;
    DetectAppLayerProtocolData *data = NULL;
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);
    de_ctx->flags |= DE_QUIET;

    s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
            "(app-layer-protocol:!http; sid:1;)");
    FAIL_IF_NULL(s);
    FAIL_IF(s->alproto != ALPROTO_UNKNOWN);
    FAIL_IF(s->flags & SIG_FLAG_APPLAYER);

    FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
    FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]->ctx);

    data = (DetectAppLayerProtocolData*)s->sm_lists[DETECT_SM_LIST_MATCH]->ctx;
    FAIL_IF_NULL(data);
    FAIL_IF(data->alproto != ALPROTO_HTTP);
    FAIL_IF(data->negated == 0);

    DetectEngineCtxFree(de_ctx);
    PASS;
}
Ejemplo n.º 5
0
/**
 * \test Test that a signature containing a tls_cert_issuer is correctly parsed
 *       and that the keyword is registered.
 */
static int DetectTlsIssuerTest01(void)
{
    DetectEngineCtx *de_ctx = NULL;
    SigMatch *sm = NULL;

    de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    de_ctx->flags |= DE_QUIET;
    de_ctx->sig_list = SigInit(de_ctx, "alert tls any any -> any any "
                               "(msg:\"Testing tls_cert_issuer\"; "
                               "tls_cert_issuer; content:\"test\"; sid:1;)");
    FAIL_IF_NULL(de_ctx->sig_list);

    /* sm should not be in the MATCH list */
    sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH];
    FAIL_IF_NOT_NULL(sm);

    sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_TLSISSUER_MATCH];
    FAIL_IF_NULL(sm);

    FAIL_IF(sm->type != DETECT_CONTENT);
    FAIL_IF_NOT_NULL(sm->next);

    SigGroupCleanup(de_ctx);
    SigCleanSignatures(de_ctx);
    DetectEngineCtxFree(de_ctx);

    PASS;
}
Ejemplo n.º 6
0
/* out: */
PyObject *supp_convertDocumentToPythonDocument(lucene::document::Document *doc) {
  lucene::document::DocumentFieldEnumeration *fieldEnum = NULL;
  PyObject *docFields = NULL;
  PyObject *pyDoc = PyObject_CallFunctionObjArgs(global_DocumentConstructor, Py_False, NULL);
  FAIL_IF_NULL(pyDoc);
  docFields = PyDict_New();
  FAIL_IF_NULL(docFields);

  fieldEnum = doc->fields();
  while (fieldEnum->hasMoreElements()) {
    lucene::document::Field *field = fieldEnum->nextElement();

    PyObject *pyName;
    CONVERT_STRING_OUT(field->Name(), pyName);
    if (pyName == NULL) goto fail;
    PyObject *pyValue;
    CONVERT_STRING_OUT(field->StringValue(), pyValue);
    if (pyValue == NULL) {
      Py_DECREF(pyName);
      goto fail;
    }
    PyObject *pyIsStored = PyBool_FromLong( (long) field->IsStored() );
    PyObject *pyIsIndexed = PyBool_FromLong( (long) field->IsIndexed() );
    PyObject *pyIsTokenized = PyBool_FromLong( (long) field->IsTokenized() );

    PyObject *pyField = PyObject_CallFunctionObjArgs(global_FieldConstructor,
        pyName, pyValue, pyIsStored, pyIsIndexed, pyIsTokenized,
        NULL
      );
    Py_DECREF(pyValue);
    Py_DECREF(pyIsStored);
    Py_DECREF(pyIsIndexed);
    Py_DECREF(pyIsTokenized);
    if (pyField == NULL) {
      Py_DECREF(pyName);
      goto fail;
    }

    if ( PyDict_SetItem(docFields, pyName, pyField) == -1) goto fail;
    /* PyDict_SetItem established its own references to pyName and pyField. */
    Py_DECREF(pyName);
    Py_DECREF(pyField);
  }
  /* Now we have a dict containing the fields.  Attach it to pyDoc. */
  if ( PyObject_SetAttr(pyDoc, global_string__fields, docFields) == -1) goto fail;
  Py_DECREF(docFields);

  delete fieldEnum;
  return pyDoc;
  fail:
    if (!PyErr_Occurred()) PyErr_NoMemory();
    Py_XDECREF(pyDoc);
    Py_XDECREF(docFields);
    delete fieldEnum;
    return NULL;
}
Ejemplo n.º 7
0
static int DetectTemplateSignatureTest01 (void)
{
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    Signature *sig = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any (template:1,10; sid:1; rev:1;)");
    FAIL_IF_NULL(sig);

    DetectEngineCtxFree(de_ctx);
    PASS;
}
Ejemplo n.º 8
0
static int DetectFtpdataSignatureTest01(void)
{
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    Signature *sig = DetectEngineAppendSig(de_ctx, "alert ip any any -> any any (ftpdata_command:stor; sid:1; rev:1;)");
    FAIL_IF_NULL(sig);

    DetectEngineCtxFree(de_ctx);
    PASS;
}
Ejemplo n.º 9
0
static int DetectKrb5ErrCodeSignatureTest01 (void)
{
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    Signature *sig = DetectEngineAppendSig(de_ctx, "alert krb5 any any -> any any (krb5_err_code:10; sid:1; rev:1;)");
    FAIL_IF_NULL(sig);

    DetectEngineCtxFree(de_ctx);
    PASS;
}
Ejemplo n.º 10
0
int UTHRemoveSessionFromFlow(Flow *f)
{
    FAIL_IF_NULL(f);
    FAIL_IF_NOT(f->proto == IPPROTO_TCP);
    TcpSession *ssn = f->protoctx;
    FAIL_IF_NULL(ssn);
    StreamTcpSessionCleanup(ssn);
    SCFree(ssn);
    f->protoctx = NULL;
    return 1;
}
Ejemplo n.º 11
0
/**
 * \test Test that a signature containting a http_request_line is correctly parsed
 *       and the keyword is registered.
 */
static int DetectHttpRequestLineTest01(void)
{
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    de_ctx->flags |= DE_QUIET;
    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
                               "(http_request_line; content:\"GET /\"; sid:1;)");
    FAIL_IF_NULL(de_ctx->sig_list);

    DetectEngineCtxFree(de_ctx);
    PASS;
}
Ejemplo n.º 12
0
int UTHAddStreamToFlow(Flow *f, int direction,
    uint8_t *data, uint32_t data_len)
{
    FAIL_IF_NULL(f);
    FAIL_IF_NOT(f->proto == IPPROTO_TCP);
    FAIL_IF_NULL(f->protoctx);
    TcpSession *ssn = f->protoctx;

    StreamingBufferSegment seg;
    TcpStream *stream = direction == 0 ? &ssn->client : &ssn->server;
    int r = StreamingBufferAppend(&stream->sb, &seg, data, data_len);
    FAIL_IF_NOT(r == 0);
    stream->last_ack += data_len;
    return 1;
}
Ejemplo n.º 13
0
HRESULT DXDiagNVUtil::GetDebugLevels( wstring * pwstrLevels )
{
	HRESULT hr = S_OK;
	FAIL_IF_NULL( pwstrLevels );
	*pwstrLevels = L"";
	wstring propval;

	hr = GetProperty( L"DxDiag_SystemInfo", L"nD3DDebugLevel", &propval );
	pwstrLevels->append( L"D3DDebugLevel =    "); pwstrLevels->append( propval ); pwstrLevels->append(L"\n");

	hr = GetProperty( L"DxDiag_SystemInfo", L"nDDrawDebugLevel", &propval );
	pwstrLevels->append( L"DDrawDebugLevel =  "); pwstrLevels->append( propval ); pwstrLevels->append(L"\n");

	hr = GetProperty( L"DxDiag_SystemInfo", L"nDIDebugLevel", &propval );
	pwstrLevels->append( L"DIDebugLevel =     "); pwstrLevels->append( propval ); pwstrLevels->append(L"\n");

	hr = GetProperty( L"DxDiag_SystemInfo", L"nDMusicDebugLevel", &propval );
	pwstrLevels->append( L"DMusicDebugLevel = "); pwstrLevels->append( propval ); pwstrLevels->append(L"\n");

	hr = GetProperty( L"DxDiag_SystemInfo", L"nDPlayDebugLevel", &propval );
	pwstrLevels->append( L"DPlayDebugLevel =  "); pwstrLevels->append( propval ); pwstrLevels->append(L"\n");

	hr = GetProperty( L"DxDiag_SystemInfo", L"nDSoundDebugLevel", &propval );
	pwstrLevels->append( L"DSoundDebugLevel = "); pwstrLevels->append( propval ); pwstrLevels->append(L"\n");

	hr = GetProperty( L"DxDiag_SystemInfo", L"nDShowDebugLevel", &propval );
	pwstrLevels->append( L"DShowDebugLevel =  "); pwstrLevels->append( propval ); pwstrLevels->append(L"\n");

	return( hr );
}
Ejemplo n.º 14
0
/**
 * \test Test parsing of negated states.
 */
int DetectSslStateTestParseNegate(void)
{
    DetectSslStateData *ssd = DetectSslStateParse("!client_hello");
    FAIL_IF_NULL(ssd);
    uint32_t expected = DETECT_SSL_STATE_CLIENT_HELLO;
    FAIL_IF(ssd->flags != expected || ssd->mask != expected);
    SCFree(ssd);

    ssd = DetectSslStateParse("!client_hello,!server_hello");
    FAIL_IF_NULL(ssd);
    expected = DETECT_SSL_STATE_CLIENT_HELLO | DETECT_SSL_STATE_SERVER_HELLO;
    FAIL_IF(ssd->flags != expected || ssd->mask != expected);
    SCFree(ssd);

    PASS;
}
Ejemplo n.º 15
0
void MixedApp::InitializeWindow(HINSTANCE instance)
{
    WNDCLASSEX wcx{};
    wcx.cbSize = sizeof(wcx);
    wcx.hbrBackground = static_cast<HBRUSH>(GetStockObject(BLACK_BRUSH));
    wcx.hInstance = instance;
    wcx.lpfnWndProc = s_WindowProc;
    wcx.lpszClassName = ClassName;

    if (RegisterClassEx(&wcx) == INVALID_ATOM)
    {
        FAIL(L"RegisterClassEx failed.");
    }

    DWORD style = WS_OVERLAPPEDWINDOW;
    RECT rc{ 0, 0, 1280, 720 };
    AdjustWindowRect(&rc, style, FALSE);

    Window = CreateWindow(ClassName, ClassName, style, CW_USEDEFAULT, CW_USEDEFAULT,
        rc.right - rc.left, rc.bottom - rc.top, nullptr, nullptr, instance, nullptr);

    FAIL_IF_NULL(Window, L"Failed to create window. Error %d", GetLastError());

    ShowWindow(Window, SW_SHOW);
    UpdateWindow(Window);
}
Ejemplo n.º 16
0
/**
 * Test that a DCE ethernet frame, followed by data that is too small
 * for an ethernet header.
 *
 * Redmine issue:
 * https://redmine.openinfosecfoundation.org/issues/2887
 */
static int DecodeEthernetTestDceNextTooSmall(void)
{
    uint8_t raw_eth[] = {
        0x00, 0x10, 0x94, 0x55, 0x00, 0x01, 0x00, 0x10,
        0x94, 0x56, 0x00, 0x01, 0x89, 0x03, //0x88, 0x64,

        0x00, 0x00,

        0x00, 0x10, 0x94, 0x55, 0x00, 0x01, 0x00, 0x10,
        0x94, 0x56, 0x00, 0x01,
    };

    Packet *p = SCMalloc(SIZE_OF_PACKET);
    FAIL_IF_NULL(p);
    ThreadVars tv;
    DecodeThreadVars dtv;

    memset(&dtv, 0, sizeof(DecodeThreadVars));
    memset(&tv,  0, sizeof(ThreadVars));
    memset(p, 0, SIZE_OF_PACKET);

    DecodeEthernet(&tv, &dtv, p, raw_eth, sizeof(raw_eth), NULL);

    FAIL_IF_NOT(ENGINE_ISSET_EVENT(p, ETHERNET_PKT_TOO_SMALL));

    SCFree(p);
    PASS;
}
void frameq_enqueue_send_and_recv_vr(void* arg, struct modtest_result* result) {
	//int ret = 0;
	const char buf[] = { 0x7E, 0x00, 0x04, 0x08, 0x01, 0x56, 0x52, 0x4E };
	const int count = 8;

	struct xb_device* xbdev = (struct xb_device*)arg;
	struct sk_buff* send_buf = alloc_skb(128, GFP_KERNEL);
	struct sk_buff* skb;

	unsigned char* tail = skb_put(send_buf, count);
	memcpy(tail, buf, count);
	frameq_enqueue_send(&xbdev->send_queue, send_buf);

	FAIL_IF_NOT_EQ(1, skb_queue_len(&xbdev->send_queue));
	FAIL_IF_NOT_EQ(0, xbdev->recv_buf->len);

	xb_send(xbdev);
	skb = xb_recv(xbdev, 1, 1000);

	FAIL_IF_NULL(skb);

	FAIL_IF_NOT_EQ(0, skb_queue_len(&xbdev->send_queue));

	TEST_SUCCESS();
}
Ejemplo n.º 18
0
static int FlowBitsTestSig02(void)
{
    Signature *s = NULL;
    ThreadVars th_v;
    DetectEngineCtx *de_ctx = NULL;

    memset(&th_v, 0, sizeof(th_v));

    de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    de_ctx->flags |= DE_QUIET;

    s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"isset rule need an option\"; flowbits:isset; content:\"GET \"; sid:1;)");
    FAIL_IF_NOT_NULL(s);

    s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"isnotset rule need an option\"; flowbits:isnotset; content:\"GET \"; sid:2;)");
    FAIL_IF_NOT_NULL(s);

    s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"set rule need an option\"; flowbits:set; content:\"GET \"; sid:3;)");
    FAIL_IF_NOT_NULL(s);

    s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"unset rule need an option\"; flowbits:unset; content:\"GET \"; sid:4;)");
    FAIL_IF_NOT_NULL(s);

    s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"toggle rule need an option\"; flowbits:toggle; content:\"GET \"; sid:5;)");
    FAIL_IF_NOT_NULL(s);

    DetectEngineCtxFree(de_ctx);

    PASS;
}
Ejemplo n.º 19
0
static int DecodeMPLSTestPacketTooSmall(void)
{
    ThreadVars tv;
    DecodeThreadVars dtv;

    memset(&dtv, 0, sizeof(DecodeThreadVars));
    memset(&tv,  0, sizeof(ThreadVars));

    Packet *p0 = SCCalloc(1, SIZE_OF_PACKET);
    memset(p0, 0, SIZE_OF_PACKET);
    uint8_t pkt0[] = { 0x00, 0x01, 0x51, 0xff };
    DecodeMPLS(&tv, &dtv, p0, pkt0, sizeof(pkt0), NULL);
    FAIL_IF_NOT(ENGINE_ISSET_EVENT(p0, MPLS_PKT_TOO_SMALL));
    SCFree(p0);

    Packet *p1 = SCCalloc(1, SIZE_OF_PACKET);
    FAIL_IF_NULL(p1);
    uint8_t pkt1[] = { 0x00, 0x01, 0x51, 0xff, 0x45 };
    DecodeMPLS(&tv, &dtv, p1, pkt1, sizeof(pkt1), NULL);
    FAIL_IF_NOT(ENGINE_ISSET_EVENT(p1, MPLS_PKT_TOO_SMALL));
    SCFree(p1);

    Packet *p2 = SCCalloc(1, SIZE_OF_PACKET);
    FAIL_IF_NULL(p2);
    uint8_t pkt2[] = { 0x00, 0x01, 0x51, 0xff, 0x45, 0x01 };
    DecodeMPLS(&tv, &dtv, p2, pkt2, sizeof(pkt2), NULL);
    FAIL_IF_NOT(ENGINE_ISSET_EVENT(p2, MPLS_PKT_TOO_SMALL));
    SCFree(p2);

    Packet *p3 = SCCalloc(1, SIZE_OF_PACKET);
    FAIL_IF_NULL(p3);
    uint8_t pkt3[] = { 0x00, 0x01, 0x51, 0xff, 0x45, 0x01, 0x02 };
    DecodeMPLS(&tv, &dtv, p3, pkt3, sizeof(pkt3), NULL);
    FAIL_IF_NOT(ENGINE_ISSET_EVENT(p3, MPLS_PKT_TOO_SMALL));
    SCFree(p3);

    // This should not create a too small event is it has one more byte
    // than required.
    Packet *p4 = SCCalloc(1, SIZE_OF_PACKET);
    FAIL_IF_NULL(p4);
    uint8_t pkt4[] = { 0x00, 0x01, 0x51, 0xff, 0x45, 0x01, 0x02, 0x03 };
    DecodeMPLS(&tv, &dtv, p4, pkt4, sizeof(pkt4), NULL);
    FAIL_IF(ENGINE_ISSET_EVENT(p4, MPLS_PKT_TOO_SMALL));
    SCFree(p4);

    PASS;
}
Ejemplo n.º 20
0
/**
 * \test DetectFlowTestParse01 is a test to make sure that we return "something"
 *  when given valid flow opt
 */
int DetectFlowTestParse01 (void)
{
    DetectFlowData *fd = NULL;
    fd = DetectFlowParse("established");
    FAIL_IF_NULL(fd);
    DetectFlowFree(fd);
    PASS;
}
Ejemplo n.º 21
0
int DetectSslStateTest01(void)
{
    DetectSslStateData *ssd = DetectSslStateParse("client_hello");
    FAIL_IF_NULL(ssd);
    FAIL_IF_NOT(ssd->flags == DETECT_SSL_STATE_CLIENT_HELLO);
    SCFree(ssd);
    PASS;
}
Ejemplo n.º 22
0
static int DetectKrb5ErrCodeParseTest01 (void)
{
    DetectKrb5ErrCodeData *krb5d = DetectKrb5ErrCodeParse("10");
    FAIL_IF_NULL(krb5d);
    FAIL_IF(!(krb5d->err_code == 10));
    DetectKrb5ErrCodeFree(krb5d);
    PASS;
}
Ejemplo n.º 23
0
static int DetectTemplateParseTest01 (void)
{
    DetectTemplateData *templated = DetectTemplateParse("1,10");
    FAIL_IF_NULL(templated);
    FAIL_IF(!(templated->arg1 == 1 && templated->arg2 == 10));
    DetectTemplateFree(templated);
    PASS;
}
Ejemplo n.º 24
0
HRESULT DXDiagNVUtil::GetDisplayDeviceProp( DWORD dwDevice, LPCWSTR prop_name, wstring * pwstrProp )
{
	HRESULT hr = S_OK;
	FAIL_IF_NULL( prop_name );
	FAIL_IF_NULL( pwstrProp );
	*pwstrProp = L"";

	IDxDiagContainer * pDisplayDevice;
	hr = GetDisplayDeviceNode( dwDevice, &pDisplayDevice );
	RET_VAL_IF_FAILED( hr );
	FAIL_IF_NULL( pDisplayDevice );

	hr = GetProperty( pDisplayDevice, prop_name, pwstrProp );
	MSG_IF( FAILED(hr), "GetDisplayDeviceProp() Couldn't get the property string!\n");

	return( hr );
}
Ejemplo n.º 25
0
static int DetectAppLayerProtocolTest14(void)
{
    DetectAppLayerProtocolData *data = NULL;
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);
    de_ctx->flags |= DE_QUIET;

    Signature *s1 = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
            "(app-layer-protocol:http; flowbits:set,blah; sid:1;)");
    FAIL_IF_NULL(s1);
    FAIL_IF(s1->alproto != ALPROTO_UNKNOWN);
    FAIL_IF_NULL(s1->sm_lists[DETECT_SM_LIST_MATCH]);
    FAIL_IF_NULL(s1->sm_lists[DETECT_SM_LIST_MATCH]->ctx);
    data = (DetectAppLayerProtocolData *)s1->sm_lists[DETECT_SM_LIST_MATCH]->ctx;
    FAIL_IF(data->alproto != ALPROTO_HTTP);
    FAIL_IF(data->negated);

    Signature *s2 = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
            "(app-layer-protocol:http; flow:to_client; sid:2;)");
    FAIL_IF_NULL(s2);
    FAIL_IF(s2->alproto != ALPROTO_UNKNOWN);
    FAIL_IF_NULL(s2->sm_lists[DETECT_SM_LIST_MATCH]);
    FAIL_IF_NULL(s2->sm_lists[DETECT_SM_LIST_MATCH]->ctx);
    data = (DetectAppLayerProtocolData *)s2->sm_lists[DETECT_SM_LIST_MATCH]->ctx;
    FAIL_IF(data->alproto != ALPROTO_HTTP);
    FAIL_IF(data->negated);

    /* flow:established and other options not supported for PD-only */
    Signature *s3 = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
            "(app-layer-protocol:http; flow:to_client,established; sid:3;)");
    FAIL_IF_NULL(s3);
    FAIL_IF(s3->alproto != ALPROTO_UNKNOWN);
    FAIL_IF_NULL(s3->sm_lists[DETECT_SM_LIST_MATCH]);
    FAIL_IF_NULL(s3->sm_lists[DETECT_SM_LIST_MATCH]->ctx);
    data = (DetectAppLayerProtocolData *)s3->sm_lists[DETECT_SM_LIST_MATCH]->ctx;
    FAIL_IF(data->alproto != ALPROTO_HTTP);
    FAIL_IF(data->negated);

    SigGroupBuild(de_ctx);
    FAIL_IF_NOT(s1->flags & SIG_FLAG_PDONLY);
    FAIL_IF_NOT(s2->flags & SIG_FLAG_PDONLY);
    FAIL_IF(s3->flags & SIG_FLAG_PDONLY); // failure now

    DetectEngineCtxFree(de_ctx);
    PASS;
}
Ejemplo n.º 26
0
/**
 * \test FlagsTestParse01 is a test for a  valid flags value
 *
 *  \retval 1 on succces
 *  \retval 0 on failure
 */
static int FlagsTestParse01 (void)
{
    DetectFlagsData *de = DetectFlagsParse("S");
    FAIL_IF_NULL(de);
    FAIL_IF_NOT(de->flags == TH_SYN);
    DetectFlagsFree(de);
    PASS;
}
Ejemplo n.º 27
0
/**
 * \test DetectFlowTestParseNocase01 is a test to make sure that we return "something"
 *  when given valid flow opt
 */
int DetectFlowTestParseNocase01 (void)
{
    DetectFlowData *fd = NULL;
    fd = DetectFlowParse("ESTABLISHED");
    FAIL_IF_NULL(fd);
    DetectFlowFree(fd);
    PASS;
}
Ejemplo n.º 28
0
static int DetectFtpdataParseTest01(void)
{
    DetectFtpdataData *ftpcommandd = DetectFtpdataParse("stor");
    FAIL_IF_NULL(ftpcommandd);
    FAIL_IF(!(ftpcommandd->command == FTP_COMMAND_STOR));
    DetectFtpdataFree(ftpcommandd);
    PASS;
}
Ejemplo n.º 29
0
/**
 * \test DetectFlowTestParseNocase03 is a test for setting the stateless flow opt
 */
int DetectFlowTestParseNocase03 (void)
{
    DetectFlowData *fd = NULL;
    fd = DetectFlowParse("STATELESS");
    FAIL_IF_NULL(fd);
    FAIL_IF_NOT(fd->flags == DETECT_FLOW_FLAG_STATELESS && fd->match_cnt == 1);         DetectFlowFree(fd);
    PASS;
}
Ejemplo n.º 30
0
static int FlowBitsTestSig05(void)
{
    Signature *s = NULL;
    DetectEngineCtx *de_ctx = NULL;

    de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    de_ctx->flags |= DE_QUIET;

    s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Noalert\"; flowbits:noalert; content:\"GET \"; sid:1;)");
    FAIL_IF_NULL(s);
    FAIL_IF((s->flags & SIG_FLAG_NOALERT) != SIG_FLAG_NOALERT);

    DetectEngineCtxFree(de_ctx);
    PASS;
}