Example #1
0
/**
 * \test Check if replace is working when depth block match used
 */
static int DetectReplaceMatchTest09(void)
{
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"big\"; depth:16; replace:\"pig\"; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
                " content:\"this is a pig test\"; sid:2;)";
    return !DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
}
Example #2
0
/**
 * \test Check if replace is not done when second content match and not
 * first
 */
static int DetectReplaceMatchTest06(void)
{
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"nutella\"; replace:\"commode\"; content:\"this is\"; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
                " content:\"commode\"; sid:2;)";
    return !DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
}
Example #3
0
/**
 * \test Check if replace is working with second content
 */
static int DetectReplaceMatchTest04(void)
{
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"th\"; replace:\"TH\"; content:\"patter\"; replace:\"matter\"; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
                " content:\"THis\"; content:\"matterns\"; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
}
Example #4
0
/**
 * \test Check if replace is working with within
 */
static int DetectReplaceMatchTest14(void)
{
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"big\"; replace:\"pig\"; content:\"test\"; distance: 2; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
                " content:\"pig\"; depth:17; offset:14; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
}
Example #5
0
/**
 * \test Check if replace is working when nocase used
 */
int DetectReplaceMatchTest07()
{
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"BiG\"; nocase; replace:\"pig\"; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
                " content:\"this is a pig test\"; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
}
Example #6
0
/**
 * \test Check if replace is not done when second content don't match
 */
int DetectReplaceMatchTest05()
{
    char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";"
                " content:\"th\"; replace:\"TH\"; content:\"nutella\"; sid:1;)";
    char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";"
                " content:\"TH\"; sid:2;)";
    return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2);
}