/** * \test parsing: invalid reference. * * \retval 1 on succces. * \retval 0 on failure. */ static int DetectReferenceParseTest03(void) { int result = 0; Signature *s = NULL; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); if (de_ctx == NULL) { goto cleanup; } de_ctx->flags |= DE_QUIET; SCRConfGenerateValidDummyReferenceConfigFD01(); SCRConfLoadReferenceConfigFile(de_ctx); SCRConfDeleteDummyReferenceConfigFD(); s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " "(msg:\"invalid ref\"; " "reference:unknownkey,001-2010; sid:2;)"); if (s != NULL) { printf("sig parsed even though it's invalid: "); goto cleanup; } result = 1; cleanup: if (de_ctx != NULL) { DetectEngineCtxFree(de_ctx); } return result; }
/** * \test for two valid references. * * \retval 1 on succces. * \retval 0 on failure. */ static int DetectReferenceParseTest02(void) { int result = 0; Signature *s = NULL; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); if (de_ctx == NULL) { goto cleanup; } de_ctx->flags |= DE_QUIET; SCRConfGenerateValidDummyReferenceConfigFD01(); SCRConfLoadReferenceConfigFile(de_ctx); SCRConfDeleteDummyReferenceConfigFD(); s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " "(msg:\"Two references\"; " "reference:one,openinfosecdoundation.txt; " "reference:two,001-2010; sid:2;)"); if (s == NULL) { printf("sig parse failed: "); goto cleanup; } if (s->references == NULL || s->references->next == NULL) { printf("no ref or not enough refs: "); goto cleanup; } if (strcmp(s->references->key, "http://www.one.com") != 0 || strcmp(s->references->reference, "openinfosecdoundation.txt") != 0) { printf("first ref failed: "); goto cleanup; } if (strcmp(s->references->next->key, "http://www.two.com") != 0 || strcmp(s->references->next->reference, "001-2010") != 0) { printf("second ref failed: "); goto cleanup; } result = 1; cleanup: if (de_ctx != NULL) { DetectEngineCtxFree(de_ctx); } return result; }
/** * \test Check if the reference info from the reference.config file have * been loaded into the hash table. */ int SCRConfTest06(void) { DetectEngineCtx *de_ctx = DetectEngineCtxInit(); SCRConfReference *ref = NULL; int result = 1; if (de_ctx == NULL) return 0; SCRConfGenerateInValidDummyReferenceConfigFD02(); SCRConfLoadReferenceConfigFile(de_ctx); SCRConfDeleteDummyReferenceConfigFD(); if (de_ctx->reference_conf_ht == NULL) goto end; result = (de_ctx->reference_conf_ht->count == 1); ref = SCRConfAllocSCRConfReference("one", "one"); result &= (HashTableLookup(de_ctx->reference_conf_ht, ref, 0) != NULL); SCRConfDeAllocSCRConfReference(ref); ref = SCRConfAllocSCRConfReference("two", "two"); result &= (HashTableLookup(de_ctx->reference_conf_ht, ref, 0) == NULL); SCRConfDeAllocSCRConfReference(ref); ref = SCRConfAllocSCRConfReference("three", "three"); result &= (HashTableLookup(de_ctx->reference_conf_ht, ref, 0) == NULL); SCRConfDeAllocSCRConfReference(ref); ref = SCRConfAllocSCRConfReference("four", "four"); result &= (HashTableLookup(de_ctx->reference_conf_ht, ref, 0) == NULL); SCRConfDeAllocSCRConfReference(ref); ref = SCRConfAllocSCRConfReference("five", "five"); result &= (HashTableLookup(de_ctx->reference_conf_ht, ref, 0) == NULL); SCRConfDeAllocSCRConfReference(ref); end: if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); return result; }
/** * \test one valid reference. * * \retval 1 on succces. * \retval 0 on failure. */ static int DetectReferenceParseTest01(void) { int result = 0; Signature *s = NULL; DetectReference *ref = NULL; DetectEngineCtx *de_ctx = DetectEngineCtxInit(); if (de_ctx == NULL) { goto cleanup; } de_ctx->flags |= DE_QUIET; SCRConfGenerateValidDummyReferenceConfigFD01(); SCRConfLoadReferenceConfigFile(de_ctx); SCRConfDeleteDummyReferenceConfigFD(); s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any " "(msg:\"One reference\"; reference:one,001-2010; sid:2;)"); if (s == NULL) { goto cleanup; } if (s->references == NULL) { goto cleanup; } ref = s->references; if (strcmp(ref->key, "http://www.one.com") != 0 || strcmp(ref->reference, "001-2010") != 0) { goto cleanup; } result = 1; cleanup: if (de_ctx != NULL) { DetectEngineCtxFree(de_ctx); } return result; }
/** * \test Check that only valid references are loaded into the hash table from * the reference.config file. */ int SCRConfTest03(void) { DetectEngineCtx *de_ctx = DetectEngineCtxInit(); int result = 0; if (de_ctx == NULL) return result; SCRConfGenerateInValidDummyReferenceConfigFD02(); SCRConfLoadReferenceConfigFile(de_ctx); SCRConfDeleteDummyReferenceConfigFD(); if (de_ctx->reference_conf_ht == NULL) goto end; result = (de_ctx->reference_conf_ht->count == 1); end: if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); return result; }
/** * \test Check that the reference file is loaded and the detection engine * content reference_conf_ht loaded with the reference data. */ int SCRConfTest01(void) { DetectEngineCtx *de_ctx = DetectEngineCtxInit(); int result = 0; if (de_ctx == NULL) return result; SCRConfGenerateValidDummyReferenceConfigFD01(); SCRConfLoadReferenceConfigFile(de_ctx); SCRConfDeleteDummyReferenceConfigFD(); if (de_ctx->reference_conf_ht == NULL) goto end; result = (de_ctx->reference_conf_ht->count == 3); if (result == 0) printf("FAILED: de_ctx->reference_conf_ht->count %u: ", de_ctx->reference_conf_ht->count); end: if (de_ctx != NULL) DetectEngineCtxFree(de_ctx); return result; }