/**
* \test Test dce option.
*/
int DetectBytejumpTestParse09(void) {
Signature *s = SigAlloc();
if (s == NULL)
return 0;
int result = 1;
s->alproto = ALPROTO_DCERPC;
result &= (DetectBytejumpSetup(NULL, s, "4,0, align, multiplier 2, "
"post_offset -16,dce") == 0);
result &= (DetectBytejumpSetup(NULL, s, "4,0, multiplier 2, "
"post_offset -16,dce") == 0);
result &= (DetectBytejumpSetup(NULL, s, "4,0,post_offset -16,dce") == 0);
result &= (DetectBytejumpSetup(NULL, s, "4,0,dce") == 0);
result &= (DetectBytejumpSetup(NULL, s, "4,0,dce") == 0);
result &= (DetectBytejumpSetup(NULL, s, "4,0, string, dce") == -1);
result &= (DetectBytejumpSetup(NULL, s, "4,0, big, dce") == -1);
result &= (DetectBytejumpSetup(NULL, s, "4,0, little, dce") == -1);
result &= (DetectBytejumpSetup(NULL, s, "4,0, string, dec, dce") == -1);
result &= (DetectBytejumpSetup(NULL, s, "4,0, string, oct, dce") == -1);
result &= (DetectBytejumpSetup(NULL, s, "4,0, string, hex, dce") == -1);
result &= (DetectBytejumpSetup(NULL, s, "4,0, from_beginning, dce") == -1);
result &= (s->sm_lists[DETECT_SM_LIST_DMATCH] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);
SigFree(s);
return result;
}
/**
* \test Test isdataat option for dce sig.
*/
int DetectIsdataatTestParse04(void)
{
Signature *s = SigAlloc();
int result = 1;
s->alproto = ALPROTO_DCERPC;
result &= (DetectIsdataatSetup(NULL, s, "30") == 0);
result &= (s->sm_lists[DETECT_SM_LIST_DMATCH] == NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL);
SigFree(s);
s = SigAlloc();
s->alproto = ALPROTO_DCERPC;
/* failure since we have no preceding content/pcre/bytejump */
result &= (DetectIsdataatSetup(NULL, s, "30,relative") == 0);
result &= (s->sm_lists[DETECT_SM_LIST_DMATCH] != NULL && s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL);
SigFree(s);
return result;
}
/**
* \test DetectFtpbounceTestSetup01 is a test for the Setup ftpbounce
*/
static int DetectFtpbounceTestSetup01(void)
{
DetectEngineCtx *de_ctx = NULL;
Signature *s = SigAlloc();
FAIL_IF (s == NULL);
/* ftpbounce doesn't accept options so the str is NULL */
FAIL_IF_NOT(DetectFtpbounceSetup(de_ctx, s, NULL) == 0);
FAIL_IF(s->sm_lists[g_ftp_request_list_id] == NULL);
FAIL_IF_NOT(s->sm_lists[g_ftp_request_list_id]->type & DETECT_FTPBOUNCE);
SigFree(s);
PASS;
}
/**
* \test DetectFtpbounceTestSetup01 is a test for the Setup ftpbounce
*/
int DetectFtpbounceTestSetup01(void)
{
int res = 0;
DetectEngineCtx *de_ctx = NULL;
Signature *s = SigAlloc();
if (s == NULL)
return 0;
/* ftpbounce doesn't accept options so the str is NULL */
res = !DetectFtpbounceSetup(de_ctx, s, NULL);
res &= s->sm_lists[DETECT_SM_LIST_AMATCH] != NULL && s->sm_lists[DETECT_SM_LIST_AMATCH]->type & DETECT_FTPBOUNCE;
SigFree(s);
return res;
}
/**
* \test Test dce option.
*/
static int DetectBytetestTestParse19(void)
{
Signature *s = SigAlloc();
if (s == NULL)
return 0;
int result = 1;
s->alproto = ALPROTO_DCERPC;
result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,dce") == 0);
result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,string,dce") == -1);
result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,big,dce") == -1);
result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,little,dce") == -1);
result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,hex,dce") == -1);
result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,oct,dce") == -1);
result &= (DetectBytetestSetup(NULL, s, "1,=,1,6,dec,dce") == -1);
SigFree(s);
return result;
}
int main(int argc, char* argv[])
{
TB_p terms;
GCAdmin_p collector;
VarBank_p freshvars;
Sig_p sig;
ClauseSet_p clauses;
FormulaSet_p formulas, f_ax_archive;
Scanner_p in;
int i;
CLState_p state;
StrTree_p skip_includes = NULL;
ClauseSet_p demodulators[1];
OCB_p ocb;
assert(argv[0]);
InitIO(NAME);
#ifdef STACK_SIZE
IncreaseMaxStackSize(argv, STACK_SIZE);
#endif
ESignalSetup(SIGXCPU);
state = process_options(argc, argv);
OpenGlobalOut(outname);
if(state->argc == 0)
{
CLStateInsertArg(state, "-");
}
sig = SigAlloc();
SigInsertInternalCodes(sig);
terms = TBAlloc(sig);
collector = GCAdminAlloc(terms);
clauses = ClauseSetAlloc();
formulas = FormulaSetAlloc();
f_ax_archive = FormulaSetAlloc();
GCRegisterClauseSet(collector, clauses);
GCRegisterFormulaSet(collector, formulas);
GCRegisterFormulaSet(collector, f_ax_archive);
for(i=0; state->argv[i]; i++)
{
in = CreateScanner(StreamTypeFile, state->argv[i], true, NULL);
ScannerSetFormat(in, parse_format);
/* ClauseSetParseList(in, clauses, terms); */
FormulaAndClauseSetParse(in,clauses, formulas, terms,
NULL, &skip_includes);
CheckInpTok(in, NoToken);
DestroyScanner(in);
}
CLStateFree(state);
if(FormulaSetPreprocConjectures(formulas, f_ax_archive, false, false))
{
VERBOUT("Negated conjectures.\n");
}
freshvars = VarBankAlloc();
if(FormulaSetCNF(formulas, f_ax_archive,
clauses, terms, freshvars, collector))
{
VERBOUT("CNFization done\n");
}
VarBankFree(freshvars);
GCDeregisterFormulaSet(collector, formulas);
FormulaSetFree(formulas);
GCDeregisterFormulaSet(collector, f_ax_archive);
FormulaSetFree(f_ax_archive);
demodulators[0] = ClauseSetAlloc();
demodulators[0]->demod_index = PDTreeAlloc();
GCRegisterClauseSet(collector, demodulators[0]);
build_rw_system(demodulators[0], clauses);
GCDeregisterClauseSet(collector, clauses);
ClauseSetFree(clauses);
VERBOUT("# Demodulators\n");
VERBOSE(ClauseSetPrint(stderr, demodulators[0], true););
