/**
 * \test DetectSshVersionTestParse03 is a test to make sure that we
 *       don't return a ssh_data with an invalid value specified
 */
int DetectSshVersionTestParse03 (void) {
    DetectSshVersionData *ssh = NULL;
    ssh = DetectSshVersionParse("2_com");
    if (ssh != NULL) {
        DetectSshVersionFree(ssh);
        return 0;
    }
    ssh = DetectSshVersionParse("");
    if (ssh != NULL) {
        DetectSshVersionFree(ssh);
        return 0;
    }
    ssh = DetectSshVersionParse(".1");
    if (ssh != NULL) {
        DetectSshVersionFree(ssh);
        return 0;
    }
    ssh = DetectSshVersionParse("lalala");
    if (ssh != NULL) {
        DetectSshVersionFree(ssh);
        return 0;
    }

    return 1;
}
/**
 * \brief this function is used to add the parsed "id" option
 * \brief into the current signature
 *
 * \param de_ctx pointer to the Detection Engine Context
 * \param s pointer to the Current Signature
 * \param idstr pointer to the user provided "id" option
 *
 * \retval 0 on Success
 * \retval -1 on Failure
 */
static int DetectSshVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
    DetectSshVersionData *ssh = NULL;
    SigMatch *sm = NULL;

    if (DetectSignatureSetAppProto(s, ALPROTO_SSH) != 0)
        return -1;

    ssh = DetectSshVersionParse(str);
    if (ssh == NULL)
        goto error;

    /* Okay so far so good, lets get this into a SigMatch
     * and put it in the Signature. */
    sm = SigMatchAlloc();
    if (sm == NULL)
        goto error;

    sm->type = DETECT_AL_SSH_PROTOVERSION;
    sm->ctx = (void *)ssh;

    SigMatchAppendSMToList(s, sm, g_ssh_banner_list_id);
    return 0;

error:
    if (ssh != NULL)
        DetectSshVersionFree(ssh);
    if (sm != NULL)
        SCFree(sm);
    return -1;

}
/**
 * \test DetectSshVersionTestParse02 is a test to make sure that we parse
 *       the proto version (compatible with proto version 2) correctly
 */
int DetectSshVersionTestParse02 (void) {
    DetectSshVersionData *ssh = NULL;
    ssh = DetectSshVersionParse("2_compat");
    if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) {
        DetectSshVersionFree(ssh);
        return 1;
    }

    return 0;
}
/**
 * \test DetectSshVersionTestParse01 is a test to make sure that we parse
 *       a proto version correctly
 */
int DetectSshVersionTestParse01 (void) {
    DetectSshVersionData *ssh = NULL;
    ssh = DetectSshVersionParse("1.0");
    if (ssh != NULL && strncmp((char *) ssh->ver, "1.0", 3) == 0) {
        DetectSshVersionFree(ssh);
        return 1;
    }

    return 0;
}
Esempio n. 5
0
/**
 * \brief this function is used to add the parsed "id" option
 * \brief into the current signature
 *
 * \param de_ctx pointer to the Detection Engine Context
 * \param s pointer to the Current Signature
 * \param idstr pointer to the user provided "id" option
 *
 * \retval 0 on Success
 * \retval -1 on Failure
 */
static int DetectSshVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
    DetectSshVersionData *ssh = NULL;
    SigMatch *sm = NULL;

    ssh = DetectSshVersionParse(str);
    if (ssh == NULL)
        goto error;

    /* Okay so far so good, lets get this into a SigMatch
     * and put it in the Signature. */
    sm = SigMatchAlloc();
    if (sm == NULL)
        goto error;

    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_SSH) {
        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
        goto error;
    }

    sm->type = DETECT_AL_SSH_PROTOVERSION;
    sm->ctx = (void *)ssh;

    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);

    s->flags |= SIG_FLAG_APPLAYER;
    s->alproto = ALPROTO_SSH;
    return 0;

error:
    if (ssh != NULL)
        DetectSshVersionFree(ssh);
    if (sm != NULL)
        SCFree(sm);
    return -1;

}