/** * \brief this function is used to add the parsed "id" option * \brief into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param idstr pointer to the user provided "id" option * * \retval 0 on Success * \retval -1 on Failure */ static int DetectSshSoftwareVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str) { DetectSshSoftwareVersionData *ssh = NULL; SigMatch *sm = NULL; if (DetectSignatureSetAppProto(s, ALPROTO_SSH) != 0) return -1; ssh = DetectSshSoftwareVersionParse(str); if (ssh == NULL) goto error; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_AL_SSH_SOFTWAREVERSION; sm->ctx = (void *)ssh; SigMatchAppendSMToList(s, sm, g_ssh_banner_list_id); return 0; error: if (ssh != NULL) DetectSshSoftwareVersionFree(ssh); if (sm != NULL) SCFree(sm); return -1; }
/** * \test DetectSshSoftwareVersionTestParse03 is a test to make sure that we * don't return a ssh_data with an empty value specified */ int DetectSshSoftwareVersionTestParse03 (void) { DetectSshSoftwareVersionData *ssh = NULL; ssh = DetectSshSoftwareVersionParse(""); if (ssh != NULL) { DetectSshSoftwareVersionFree(ssh); return 0; } return 1; }
/** * \test DetectSshSoftwareVersionTestParse02 is a test to make sure that we parse * the software version correctly */ int DetectSshSoftwareVersionTestParse02 (void) { DetectSshSoftwareVersionData *ssh = NULL; ssh = DetectSshSoftwareVersionParse("\"SecureCRT-4.0\""); if (ssh != NULL && strncmp((char *) ssh->software_ver, "SecureCRT-4.0", 13) == 0) { DetectSshSoftwareVersionFree(ssh); return 1; } return 0; }
/** * \test DetectSshSoftwareVersionTestParse01 is a test to make sure that we parse * a software version correctly */ int DetectSshSoftwareVersionTestParse01 (void) { DetectSshSoftwareVersionData *ssh = NULL; ssh = DetectSshSoftwareVersionParse("PuTTY_1.0"); if (ssh != NULL && strncmp((char *) ssh->software_ver, "PuTTY_1.0", 9) == 0) { DetectSshSoftwareVersionFree(ssh); return 1; } return 0; }
/** * \brief this function is used to add the parsed "id" option * \brief into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param idstr pointer to the user provided "id" option * * \retval 0 on Success * \retval -1 on Failure */ static int DetectSshSoftwareVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { DetectSshSoftwareVersionData *ssh = NULL; SigMatch *sm = NULL; ssh = DetectSshSoftwareVersionParse(str); if (ssh == NULL) goto error; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); if (sm == NULL) goto error; if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_SSH) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } sm->type = DETECT_AL_SSH_SOFTWAREVERSION; sm->ctx = (void *)ssh; s->flags |= SIG_FLAG_APPLAYER; s->alproto = ALPROTO_SSH; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH); return 0; error: if (ssh != NULL) DetectSshSoftwareVersionFree(ssh); if (sm != NULL) SCFree(sm); return -1; }