static int DetectUrilenInitTest(DetectEngineCtx **de_ctx, Signature **sig,
DetectUrilenData **urilend, char *str)
{
char fullstr[1024];
int result = 0;
*de_ctx = NULL;
*sig = NULL;
if (snprintf(fullstr, 1024, "alert ip any any -> any any (msg:\"Urilen "
"test\"; urilen:%s; sid:1;)", str) >= 1024) {
goto end;
}
*de_ctx = DetectEngineCtxInit();
if (*de_ctx == NULL) {
goto end;
}
(*de_ctx)->flags |= DE_QUIET;
(*de_ctx)->sig_list = SigInit(*de_ctx, fullstr);
if ((*de_ctx)->sig_list == NULL) {
goto end;
}
*sig = (*de_ctx)->sig_list;
*urilend = DetectUrilenParse(str);
result = 1;
end:
return result;
}
/**
* \brief this function is used to parse urilen data into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param urilenstr pointer to the user provided urilen options
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectUrilenSetup (DetectEngineCtx *de_ctx, Signature *s, char *urilenstr)
{
SCEnter();
DetectUrilenData *urilend = NULL;
SigMatch *sm = NULL;
urilend = DetectUrilenParse(urilenstr);
if (urilend == NULL)
goto error;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_URILEN;
sm->ctx = (void *)urilend;
if (urilend->raw_buffer)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HRUDMATCH);
else
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH);
/* Flagged the signature as to inspect the app layer data */
s->flags |= SIG_FLAG_APPLAYER;
SCReturnInt(0);
error:
if (urilend != NULL) DetectUrilenFree(urilend);
if (sm != NULL) SCFree(sm);
SCReturnInt(-1);
}
/** \test Test the Urilen keyword setup */
static int DetectUrilenParseTest10(void)
{
int ret = 0;
DetectUrilenData *urilend = NULL;
urilend = DetectUrilenParse("<10, raw ");
if (urilend != NULL) {
if (urilend->urilen1 == 10 && urilend->mode == DETECT_URILEN_LT &&
urilend->raw_buffer)
ret = 1;
DetectUrilenFree(urilend);
}
return ret;
}
/** \test Test the Urilen keyword setup */
static int DetectUrilenParseTest05(void)
{
int ret = 0;
DetectUrilenData *urilend = NULL;
urilend = DetectUrilenParse("5<>10,norm");
if (urilend != NULL) {
if (urilend->urilen1 == 5 && urilend->urilen2 == 10 &&
urilend->mode == DETECT_URILEN_RA &&
!urilend->raw_buffer)
ret = 1;
DetectUrilenFree(urilend);
}
return ret;
}
/**
* \brief this function is used to parse urilen data into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param urilenstr pointer to the user provided urilen options
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectUrilenSetup (DetectEngineCtx *de_ctx, Signature *s, char *urilenstr)
{
SCEnter();
DetectUrilenData *urilend = NULL;
SigMatch *sm = NULL;
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains a non http "
"alproto set");
goto error;
}
urilend = DetectUrilenParse(urilenstr);
if (urilend == NULL)
goto error;
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_URILEN;
sm->ctx = (void *)urilend;
if (urilend->raw_buffer)
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_HRUDMATCH);
else
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_UMATCH);
/* Flagged the signature as to inspect the app layer data */
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_HTTP;
SCReturnInt(0);
error:
DetectUrilenFree(urilend);
SCReturnInt(-1);
}
