/** * \brief this function is used to parse filemagic options * \brief into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param str pointer to the user provided "filemagic" option * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFilemagicSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { DetectFilemagicData *filemagic = NULL; SigMatch *sm = NULL; if (s->alproto != ALPROTO_HTTP && s->alproto != ALPROTO_SMTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rules with filemagic need to have protocol set to http or smtp."); goto error; } filemagic = DetectFilemagicParse(str); if (filemagic == NULL) goto error; filemagic->thread_ctx_id = DetectRegisterThreadCtxFuncs(de_ctx, "filemagic", DetectFilemagicThreadInit, (void *)filemagic, DetectFilemagicThreadFree, 1); if (filemagic->thread_ctx_id == -1) goto error; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILEMAGIC; sm->ctx = (void *)filemagic; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); if (s->alproto == ALPROTO_HTTP) { AppLayerHtpNeedFileInspection(); } s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MAGIC); return 0; error: if (filemagic != NULL) DetectFilemagicFree(filemagic); if (sm != NULL) SCFree(sm); return -1; }
/** * \brief this function is used to parse filemd5 options * \brief into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param str pointer to the user provided "filemd5" option * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFileMd5Setup (DetectEngineCtx *de_ctx, Signature *s, char *str) { DetectFileMd5Data *filemd5 = NULL; SigMatch *sm = NULL; filemd5 = DetectFileMd5Parse(str); if (filemd5 == NULL) goto error; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILEMD5; sm->ctx = (void *)filemd5; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } AppLayerHtpNeedFileInspection(); /** \todo remove this once we support more than http */ s->alproto = ALPROTO_HTTP; s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_MD5); return 0; error: if (filemd5 != NULL) DetectFileMd5Free(filemd5); if (sm != NULL) SCFree(sm); return -1; }
/** * \brief this function is used to parse filesize data into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param str pointer to the user provided options * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { SCEnter(); DetectFilesizeData *fsd = NULL; SigMatch *sm = NULL; fsd = DetectFilesizeParse(str); if (fsd == NULL) goto error; sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILESIZE; sm->ctx = (void *)fsd; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } AppLayerHtpNeedFileInspection(); /** \todo remove this once we support more than http */ s->alproto = ALPROTO_HTTP; s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE); SCReturnInt(0); error: if (fsd != NULL) DetectFilesizeFree(fsd); if (sm != NULL) SCFree(sm); SCReturnInt(-1); }
/** * \brief this function is used to parse filestore options * \brief into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param str pointer to the user provided "filestore" option * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFilestoreSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { SCEnter(); DetectFilestoreData *fd = NULL; SigMatch *sm = NULL; char *args[3] = {NULL,NULL,NULL}; #define MAX_SUBSTRINGS 30 int ret = 0, res = 0; int ov[MAX_SUBSTRINGS]; sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILESTORE; if (str != NULL && strlen(str) > 0) { SCLogDebug("str %s", str); ret = pcre_exec(parse_regex, parse_regex_study, str, strlen(str), 0, 0, ov, MAX_SUBSTRINGS); if (ret < 1 || ret > 4) { SCLogError(SC_ERR_PCRE_MATCH, "parse error, ret %" PRId32 ", string %s", ret, str); goto error; } if (ret > 1) { const char *str_ptr; res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 1, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[0] = (char *)str_ptr; if (ret > 2) { res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 2, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[1] = (char *)str_ptr; } if (ret > 3) { res = pcre_get_substring((char *)str, ov, MAX_SUBSTRINGS, 3, &str_ptr); if (res < 0) { SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed"); goto error; } args[2] = (char *)str_ptr; } } fd = SCMalloc(sizeof(DetectFilestoreData)); if (fd == NULL) goto error; memset(fd, 0x00, sizeof(DetectFilestoreData)); if (args[0] != NULL) { SCLogDebug("first arg %s", args[0]); if (strcasecmp(args[0], "request") == 0 || strcasecmp(args[0], "to_server") == 0) { fd->direction = FILESTORE_DIR_TOSERVER; fd->scope = FILESTORE_SCOPE_TX; } else if (strcasecmp(args[0], "response") == 0 || strcasecmp(args[0], "to_client") == 0) { fd->direction = FILESTORE_DIR_TOCLIENT; fd->scope = FILESTORE_SCOPE_TX; } else if (strcasecmp(args[0], "both") == 0) { fd->direction = FILESTORE_DIR_BOTH; fd->scope = FILESTORE_SCOPE_TX; } } else { fd->direction = FILESTORE_DIR_DEFAULT; } if (args[1] != NULL) { SCLogDebug("second arg %s", args[1]); if (strcasecmp(args[1], "file") == 0) { fd->scope = FILESTORE_SCOPE_DEFAULT; } else if (strcasecmp(args[1], "tx") == 0) { fd->scope = FILESTORE_SCOPE_TX; } else if (strcasecmp(args[1], "ssn") == 0 || strcasecmp(args[1], "flow") == 0) { fd->scope = FILESTORE_SCOPE_SSN; } } else { if (fd->scope == 0) fd->scope = FILESTORE_SCOPE_DEFAULT; } sm->ctx = fd; } else { sm->ctx = NULL; } SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } AppLayerHtpNeedFileInspection(); s->alproto = ALPROTO_HTTP; s->flags |= SIG_FLAG_FILESTORE; return 0; error: if (sm != NULL) SCFree(sm); return -1; }
void RunUnittests(int list_unittests, char *regex_arg) { #ifdef UNITTESTS /* Initializations for global vars, queues, etc (memsets, mutex init..) */ GlobalInits(); TimeInit(); SupportFastPatternForSigMatchTypes(); default_packet_size = DEFAULT_PACKET_SIZE; #ifdef __SC_CUDA_SUPPORT__ /* Init the CUDA environment */ SCCudaInitCudaEnvironment(); CudaBufferInit(); #endif /* load the pattern matchers */ MpmTableSetup(); #ifdef __SC_CUDA_SUPPORT__ MpmCudaEnvironmentSetup(); #endif SpmTableSetup(); AppLayerSetup(); /* hardcoded initialization code */ SigTableSetup(); /* load the rule keywords */ TmqhSetup(); StorageInit(); CIDRInit(); SigParsePrepare(); #ifdef DBG_MEM_ALLOC SCLogInfo("Memory used at startup: %"PRIdMAX, (intmax_t)global_mem); #endif SCReputationInitCtx(); SCProtoNameInit(); TagInitCtx(); SCReferenceConfInit(); SCClassConfInit(); UtInitialize(); RegisterAllModules(); HostBitInitCtx(); StorageFinalize(); /* test and initialize the unittesting subsystem */ if(regex_arg == NULL){ regex_arg = ".*"; UtRunSelftest(regex_arg); /* inits and cleans up again */ } AppLayerHtpEnableRequestBodyCallback(); AppLayerHtpNeedFileInspection(); UTHRegisterTests(); StreamTcpRegisterTests(); SigRegisterTests(); SCReputationRegisterTests(); TmModuleRegisterTests(); SigTableRegisterTests(); HashTableRegisterTests(); HashListTableRegisterTests(); BloomFilterRegisterTests(); BloomFilterCountingRegisterTests(); PoolRegisterTests(); ByteRegisterTests(); MpmRegisterTests(); FlowBitRegisterTests(); HostBitRegisterTests(); IPPairBitRegisterTests(); StatsRegisterTests(); DecodePPPRegisterTests(); DecodeVLANRegisterTests(); DecodeRawRegisterTests(); DecodePPPOERegisterTests(); DecodeICMPV4RegisterTests(); DecodeICMPV6RegisterTests(); DecodeIPV4RegisterTests(); DecodeIPV6RegisterTests(); DecodeTCPRegisterTests(); DecodeUDPV4RegisterTests(); DecodeGRERegisterTests(); DecodeAsn1RegisterTests(); DecodeMPLSRegisterTests(); AppLayerProtoDetectUnittestsRegister(); ConfRegisterTests(); ConfYamlRegisterTests(); TmqhFlowRegisterTests(); FlowRegisterTests(); HostRegisterUnittests(); IPPairRegisterUnittests(); SCSigRegisterSignatureOrderingTests(); SCRadixRegisterTests(); DefragRegisterTests(); SigGroupHeadRegisterTests(); SCHInfoRegisterTests(); SCRuleVarsRegisterTests(); AppLayerParserRegisterUnittests(); ThreadMacrosRegisterTests(); UtilSpmSearchRegistertests(); UtilActionRegisterTests(); SCClassConfRegisterTests(); SCThresholdConfRegisterTests(); SCRConfRegisterTests(); #ifdef __SC_CUDA_SUPPORT__ SCCudaRegisterTests(); #endif PayloadRegisterTests(); DcePayloadRegisterTests(); UriRegisterTests(); #ifdef PROFILING SCProfilingRegisterTests(); #endif DeStateRegisterTests(); DetectRingBufferRegisterTests(); MemcmpRegisterTests(); DetectEngineHttpClientBodyRegisterTests(); DetectEngineHttpServerBodyRegisterTests(); DetectEngineHttpHeaderRegisterTests(); DetectEngineHttpRawHeaderRegisterTests(); DetectEngineHttpMethodRegisterTests(); DetectEngineHttpCookieRegisterTests(); DetectEngineHttpRawUriRegisterTests(); DetectEngineHttpStatMsgRegisterTests(); DetectEngineHttpStatCodeRegisterTests(); DetectEngineHttpUARegisterTests(); DetectEngineHttpHHRegisterTests(); DetectEngineHttpHRHRegisterTests(); DetectEngineInspectModbusRegisterTests(); DetectEngineRegisterTests(); DetectEngineSMTPFiledataRegisterTests(); SCLogRegisterTests(); MagicRegisterTests(); UtilMiscRegisterTests(); DetectAddressTests(); DetectProtoTests(); DetectPortTests(); SCAtomicRegisterTests(); MemrchrRegisterTests(); #ifdef __SC_CUDA_SUPPORT__ CudaBufferRegisterUnittests(); #endif AppLayerUnittestsRegister(); MimeDecRegisterTests(); StreamingBufferRegisterTests(); if (list_unittests) { UtListTests(regex_arg); } else { /* global packet pool */ extern intmax_t max_pending_packets; max_pending_packets = 128; PacketPoolInit(); uint32_t failed = UtRunTests(regex_arg); PacketPoolDestroy(); UtCleanup(); #ifdef BUILD_HYPERSCAN MpmHSGlobalCleanup(); #endif #ifdef __SC_CUDA_SUPPORT__ if (PatternMatchDefaultMatcher() == MPM_AC_CUDA) MpmCudaBufferDeSetup(); CudaHandlerFreeProfiles(); #endif if (failed) { exit(EXIT_FAILURE); } } #ifdef DBG_MEM_ALLOC SCLogInfo("Total memory used (without SCFree()): %"PRIdMAX, (intmax_t)global_mem); #endif exit(EXIT_SUCCESS); #else SCLogError(SC_ERR_NOT_SUPPORTED, "Unittests are not build-in"); exit(EXIT_FAILURE); #endif /* UNITTESTS */ }