static int FlowBitsTestSig02(void) { Signature *s = NULL; ThreadVars th_v; DetectEngineCtx *de_ctx = NULL; memset(&th_v, 0, sizeof(th_v)); de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"isset rule need an option\"; flowbits:isset; content:\"GET \"; sid:1;)"); FAIL_IF_NOT_NULL(s); s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"isnotset rule need an option\"; flowbits:isnotset; content:\"GET \"; sid:2;)"); FAIL_IF_NOT_NULL(s); s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"set rule need an option\"; flowbits:set; content:\"GET \"; sid:3;)"); FAIL_IF_NOT_NULL(s); s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"unset rule need an option\"; flowbits:unset; content:\"GET \"; sid:4;)"); FAIL_IF_NOT_NULL(s); s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"toggle rule need an option\"; flowbits:toggle; content:\"GET \"; sid:5;)"); FAIL_IF_NOT_NULL(s); DetectEngineCtxFree(de_ctx); PASS; }
/** * \test Test that a signature containing a tls_cert_issuer is correctly parsed * and that the keyword is registered. */ static int DetectTlsIssuerTest01(void) { DetectEngineCtx *de_ctx = NULL; SigMatch *sm = NULL; de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; de_ctx->sig_list = SigInit(de_ctx, "alert tls any any -> any any " "(msg:\"Testing tls_cert_issuer\"; " "tls_cert_issuer; content:\"test\"; sid:1;)"); FAIL_IF_NULL(de_ctx->sig_list); /* sm should not be in the MATCH list */ sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_MATCH]; FAIL_IF_NOT_NULL(sm); sm = de_ctx->sig_list->sm_lists[DETECT_SM_LIST_TLSISSUER_MATCH]; FAIL_IF_NULL(sm); FAIL_IF(sm->type != DETECT_CONTENT); FAIL_IF_NOT_NULL(sm->next); SigGroupCleanup(de_ctx); SigCleanSignatures(de_ctx); DetectEngineCtxFree(de_ctx); PASS; }
/** * \test DetectFlowTestParse14 is a test for a empty option */ int DetectFlowTestParse14 (void) { DetectFlowData *fd = NULL; fd = DetectFlowParse(""); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test DetectFlowTestParse13 is a test for an invalid option */ int DetectFlowTestParse13 (void) { DetectFlowData *fd = NULL; fd = DetectFlowParse("invalidoptiontest"); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test DetectFlowTestParse12 is a test for setting an invalid seperator : */ int DetectFlowTestParse12 (void) { DetectFlowData *fd = NULL; fd = DetectFlowParse("from_server:stateless"); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test DetectFlowTestParse16 is a test for an invalid combo of options to_client,from_server * flowbit flags are the same */ int DetectFlowTestParse17 (void) { DetectFlowData *fd = NULL; fd = DetectFlowParse("to_client,from_server"); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test DetectFlowTestParse19 is a test for one to many options passed to DetectFlowParse */ int DetectFlowTestParse19 (void) { DetectFlowData *fd = NULL; fd = DetectFlowParse("from_server,established,only_stream,a"); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test DetectFlowTestParse21 is a test for an invalid opt between to valid opts */ int DetectFlowTestParse21 (void) { DetectFlowData *fd = NULL; fd = DetectFlowParse("from_server,a,no_stream"); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test This is a test for a invalid value 1490000000<>1430000000. * * \retval 1 on success. * \retval 0 on failure. */ static int ValidityTestParse11 (void) { DetectNfsVersionData *dd = NULL; dd = DetectNfsVersionParse("1490000000<>1430000000"); FAIL_IF_NOT_NULL(dd); PASS; }
/** * \test This is a test for a invalid value "". * * \retval 1 on success. * \retval 0 on failure. */ static int ValidityTestParse09 (void) { DetectNfsVersionData *dd = NULL; dd = DetectNfsVersionParse(""); FAIL_IF_NOT_NULL(dd); PASS; }
/** * \test DetectFlowTestParse15 is a test for an invalid combo of options established,stateless */ int DetectFlowTestParse15 (void) { DetectFlowData *fd = NULL; fd = DetectFlowParse("established,stateless"); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test Test that parsing of only_frag and no_frag together fails. */ static int DetectFlowTestParseNoFragOnlyFrag(void) { DetectFlowData *fd = NULL; fd = DetectFlowParse("no_frag,only_frag"); FAIL_IF_NOT_NULL(fd); PASS; }
/** * \test DetectSslVersionTestParse02 is a test to make sure that we parse the * "ssl_version" option correctly when given an invalid ssl_version option * it should return ssl = NULL */ static int DetectSslVersionTestParse02(void) { DetectSslVersionData *ssl = NULL; ssl = DetectSslVersionParse("2.5"); FAIL_IF_NOT_NULL(ssl); DetectSslVersionFree(ssl); PASS; }
int DetectSslStateTest06(void) { DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , " "client_hello , server_keyx , " "unknown , "); FAIL_IF_NOT_NULL(ssd); PASS; }
static int DetectAppLayerProtocolTest10(void) { Signature *s = NULL; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any " "(app-layer-protocol:smtp; app-layer-protocol:!http; sid:1;)"); FAIL_IF_NOT_NULL(s); DetectEngineCtxFree(de_ctx); PASS; }
static int FlowBitsTestSig03(void) { Signature *s = NULL; DetectEngineCtx *de_ctx = NULL; de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Unknown cmd\"; flowbits:wrongcmd; content:\"GET \"; sid:1;)"); FAIL_IF_NOT_NULL(s); DetectEngineCtxFree(de_ctx); PASS; }
static int FlowBitsTestSig01(void) { Signature *s = NULL; DetectEngineCtx *de_ctx = NULL; de_ctx = DetectEngineCtxInit(); FAIL_IF_NULL(de_ctx); de_ctx->flags |= DE_QUIET; s = de_ctx->sig_list = SigInit(de_ctx,"alert ip any any -> any any (msg:\"Noalert\"; flowbits:noalert,wrongusage; content:\"GET \"; sid:1;)"); FAIL_IF_NOT_NULL(s); SigGroupBuild(de_ctx); DetectEngineCtxFree(de_ctx); PASS; }
/* * The purpose of this test is to confirm that * filestore and bypass keywords can't * can't work together */ static int DetectFilestoreTest01(void) { DetectEngineCtx *de_ctx = NULL; int result = 1; de_ctx = DetectEngineCtxInit(); FAIL_IF(de_ctx == NULL); de_ctx->flags |= DE_QUIET; de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any " "(bypass; filestore; " "content:\"message\"; http_host; " "sid:1;)"); FAIL_IF_NOT_NULL(de_ctx->sig_list); DetectEngineCtxFree(de_ctx); return result; }