/** * \brief this function is used to add the parsed icode data into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param icodestr pointer to the user provided icode options * * \retval 0 on Success * \retval -1 on Failure */ static int DetectICodeSetup(DetectEngineCtx *de_ctx, Signature *s, char *icodestr) { DetectICodeData *icd = NULL; SigMatch *sm = NULL; icd = DetectICodeParse(icodestr); if (icd == NULL) goto error; sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_ICODE; sm->ctx = (SigMatchCtx *)icd; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_MATCH); s->flags |= SIG_FLAG_REQUIRE_PACKET; return 0; error: if (icd != NULL) DetectICodeFree(icd); if (sm != NULL) SCFree(sm); return -1; }
/** * \test DetectICodeParseTest08 is a test for setting an invalid icode value */ int DetectICodeParseTest08(void) { DetectICodeData *icd = NULL; icd = DetectICodeParse("> 8 <> 20"); if (icd == NULL) return 1; DetectICodeFree(icd); return 0; }
/** * \test DetectICodeParseTest07 is a test for setting a valid icode value * with "<>" operator and spaces all around */ int DetectICodeParseTest07(void) { DetectICodeData *icd = NULL; int result = 0; icd = DetectICodeParse(" 8 <> 20 "); if (icd != NULL) { if (icd->code1 == 8 && icd->code2 == 20 && icd->mode == DETECT_ICODE_RN) result = 1; DetectICodeFree(icd); } return result; }