/**
* \brief this function is used to parse filemagic options
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param str pointer to the user provided "filemagic" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectFilemagicSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
DetectFilemagicData *filemagic = NULL;
SigMatch *sm = NULL;
if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rules with filemagic need to have protocol set to http or smtp.");
goto error;
}
filemagic = DetectFilemagicParse(str);
if (filemagic == NULL)
goto error;
filemagic->thread_ctx_id = DetectRegisterThreadCtxFuncs(de_ctx, "filemagic",
DetectFilemagicThreadInit, (void *)filemagic,
DetectFilemagicThreadFree, 1);
if (filemagic->thread_ctx_id == -1)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FILEMAGIC;
sm->ctx = (void *)filemagic;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
if (s->alproto == ALPROTO_HTTP) {
AppLayerHtpNeedFileInspection();
}
s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MAGIC);
return 0;
error:
if (filemagic != NULL)
DetectFilemagicFree(filemagic);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \brief this function is used to parse filemd5 options
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param str pointer to the user provided "filemd5" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
DetectFileMd5Data *filemd5 = NULL;
SigMatch *sm = NULL;
filemd5 = DetectFileMd5Parse(str);
if (filemd5 == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FILEMD5;
sm->ctx = (void *)filemd5;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
goto error;
}
AppLayerHtpNeedFileInspection();
/** \todo remove this once we support more than http */
s->alproto = ALPROTO_HTTP;
s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MD5);
return 0;
error:
if (filemd5 != NULL)
DetectFileMd5Free(filemd5);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \brief this function is used to parse filesize data into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param str pointer to the user provided options
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
SCEnter();
DetectFilesizeData *fsd = NULL;
SigMatch *sm = NULL;
fsd = DetectFilesizeParse(str);
if (fsd == NULL)
goto error;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FILESIZE;
sm->ctx = (void *)fsd;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
goto error;
}
AppLayerHtpNeedFileInspection();
/** \todo remove this once we support more than http */
s->alproto = ALPROTO_HTTP;
s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE);
SCReturnInt(0);
error:
if (fsd != NULL)
DetectFilesizeFree(fsd);
if (sm != NULL)
SCFree(sm);
SCReturnInt(-1);
}
/**
* \brief this function is used to parse filestore options
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param str pointer to the user provided "filestore" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
SCEnter();
DetectFilestoreData *fd = NULL;
SigMatch *sm = NULL;
char *args[3] = {NULL,NULL,NULL};
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FILESTORE;
if (str != NULL && strlen(str) > 0) {
SCLogDebug("str %s", str);
ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str);
goto error;
}
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[0] = (char *)str_ptr;
if (ret > 2) {
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[1] = (char *)str_ptr;
}
if (ret > 3) {
res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[2] = (char *)str_ptr;
}
}
fd = SCMalloc(sizeof(DetectFilestoreData));
if (fd == NULL)
goto error;
memset(fd, 0x00, sizeof(DetectFilestoreData));
if (args[0] != NULL) {
SCLogDebug("first arg %s", args[0]);
if (strcasecmp(args[0], "request") == 0 ||
strcasecmp(args[0], "to_server") == 0)
{
fd->direction = FILESTORE_DIR_TOSERVER;
fd->scope = FILESTORE_SCOPE_TX;
}
else if (strcasecmp(args[0], "response") == 0 ||
strcasecmp(args[0], "to_client") == 0)
{
fd->direction = FILESTORE_DIR_TOCLIENT;
fd->scope = FILESTORE_SCOPE_TX;
}
else if (strcasecmp(args[0], "both") == 0)
{
fd->direction = FILESTORE_DIR_BOTH;
fd->scope = FILESTORE_SCOPE_TX;
}
} else {
fd->direction = FILESTORE_DIR_DEFAULT;
}
if (args[1] != NULL) {
SCLogDebug("second arg %s", args[1]);
if (strcasecmp(args[1], "file") == 0)
{
fd->scope = FILESTORE_SCOPE_DEFAULT;
} else if (strcasecmp(args[1], "tx") == 0)
{
fd->scope = FILESTORE_SCOPE_TX;
} else if (strcasecmp(args[1], "ssn") == 0 ||
strcasecmp(args[1], "flow") == 0)
{
fd->scope = FILESTORE_SCOPE_SSN;
}
} else {
if (fd->scope == 0)
fd->scope = FILESTORE_SCOPE_DEFAULT;
}
sm->ctx = fd;
} else {
sm->ctx = NULL;
}
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
goto error;
}
AppLayerHtpNeedFileInspection();
s->alproto = ALPROTO_HTTP;
s->flags |= SIG_FLAG_FILESTORE;
return 0;
error:
if (sm != NULL)
SCFree(sm);
return -1;
}
void RunUnittests(int list_unittests, char *regex_arg)
{
#ifdef UNITTESTS
/* Initializations for global vars, queues, etc (memsets, mutex init..) */
GlobalInits();
TimeInit();
SupportFastPatternForSigMatchTypes();
default_packet_size = DEFAULT_PACKET_SIZE;
#ifdef __SC_CUDA_SUPPORT__
/* Init the CUDA environment */
SCCudaInitCudaEnvironment();
CudaBufferInit();
#endif
/* load the pattern matchers */
MpmTableSetup();
#ifdef __SC_CUDA_SUPPORT__
MpmCudaEnvironmentSetup();
#endif
SpmTableSetup();
AppLayerSetup();
/* hardcoded initialization code */
SigTableSetup(); /* load the rule keywords */
TmqhSetup();
StorageInit();
CIDRInit();
SigParsePrepare();
#ifdef DBG_MEM_ALLOC
SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem);
#endif
SCReputationInitCtx();
SCProtoNameInit();
TagInitCtx();
SCReferenceConfInit();
SCClassConfInit();
UtInitialize();
RegisterAllModules();
HostBitInitCtx();
StorageFinalize();
/* test and initialize the unittesting subsystem */
if(regex_arg == NULL){
regex_arg = ".*";
UtRunSelftest(regex_arg); /* inits and cleans up again */
}
AppLayerHtpEnableRequestBodyCallback();
AppLayerHtpNeedFileInspection();
UTHRegisterTests();
StreamTcpRegisterTests();
SigRegisterTests();
SCReputationRegisterTests();
TmModuleRegisterTests();
SigTableRegisterTests();
HashTableRegisterTests();
HashListTableRegisterTests();
BloomFilterRegisterTests();
BloomFilterCountingRegisterTests();
PoolRegisterTests();
ByteRegisterTests();
MpmRegisterTests();
FlowBitRegisterTests();
HostBitRegisterTests();
IPPairBitRegisterTests();
StatsRegisterTests();
DecodePPPRegisterTests();
DecodeVLANRegisterTests();
DecodeRawRegisterTests();
DecodePPPOERegisterTests();
DecodeICMPV4RegisterTests();
DecodeICMPV6RegisterTests();
DecodeIPV4RegisterTests();
DecodeIPV6RegisterTests();
DecodeTCPRegisterTests();
DecodeUDPV4RegisterTests();
DecodeGRERegisterTests();
DecodeAsn1RegisterTests();
DecodeMPLSRegisterTests();
AppLayerProtoDetectUnittestsRegister();
ConfRegisterTests();
ConfYamlRegisterTests();
TmqhFlowRegisterTests();
FlowRegisterTests();
HostRegisterUnittests();
IPPairRegisterUnittests();
SCSigRegisterSignatureOrderingTests();
SCRadixRegisterTests();
DefragRegisterTests();
SigGroupHeadRegisterTests();
SCHInfoRegisterTests();
SCRuleVarsRegisterTests();
AppLayerParserRegisterUnittests();
ThreadMacrosRegisterTests();
UtilSpmSearchRegistertests();
UtilActionRegisterTests();
SCClassConfRegisterTests();
SCThresholdConfRegisterTests();
SCRConfRegisterTests();
#ifdef __SC_CUDA_SUPPORT__
SCCudaRegisterTests();
#endif
PayloadRegisterTests();
DcePayloadRegisterTests();
UriRegisterTests();
#ifdef PROFILING
SCProfilingRegisterTests();
#endif
DeStateRegisterTests();
DetectRingBufferRegisterTests();
MemcmpRegisterTests();
DetectEngineHttpClientBodyRegisterTests();
DetectEngineHttpServerBodyRegisterTests();
DetectEngineHttpHeaderRegisterTests();
DetectEngineHttpRawHeaderRegisterTests();
DetectEngineHttpMethodRegisterTests();
DetectEngineHttpCookieRegisterTests();
DetectEngineHttpRawUriRegisterTests();
DetectEngineHttpStatMsgRegisterTests();
DetectEngineHttpStatCodeRegisterTests();
DetectEngineHttpUARegisterTests();
DetectEngineHttpHHRegisterTests();
DetectEngineHttpHRHRegisterTests();
DetectEngineInspectModbusRegisterTests();
DetectEngineRegisterTests();
DetectEngineSMTPFiledataRegisterTests();
SCLogRegisterTests();
MagicRegisterTests();
UtilMiscRegisterTests();
DetectAddressTests();
DetectProtoTests();
DetectPortTests();
SCAtomicRegisterTests();
MemrchrRegisterTests();
#ifdef __SC_CUDA_SUPPORT__
CudaBufferRegisterUnittests();
#endif
AppLayerUnittestsRegister();
MimeDecRegisterTests();
StreamingBufferRegisterTests();
if (list_unittests) {
UtListTests(regex_arg);
} else {
/* global packet pool */
extern intmax_t max_pending_packets;
max_pending_packets = 128;
PacketPoolInit();
uint32_t failed = UtRunTests(regex_arg);
PacketPoolDestroy();
UtCleanup();
#ifdef BUILD_HYPERSCAN
MpmHSGlobalCleanup();
#endif
#ifdef __SC_CUDA_SUPPORT__
if (PatternMatchDefaultMatcher() == MPM_AC_CUDA)
MpmCudaBufferDeSetup();
CudaHandlerFreeProfiles();
#endif
if (failed) {
exit(EXIT_FAILURE);
}
}
#ifdef DBG_MEM_ALLOC
SCLogInfo("Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem);
#endif
exit(EXIT_SUCCESS);
#else
SCLogError(SC_ERR_NOT_SUPPORTED, "Unittests are not build-in");
exit(EXIT_FAILURE);
#endif /* UNITTESTS */
}
