/** * \test Check if replace is working when depth block match used */ static int DetectReplaceMatchTest09(void) { char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";" " content:\"big\"; depth:16; replace:\"pig\"; sid:1;)"; char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";" " content:\"this is a pig test\"; sid:2;)"; return !DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2); }
/** * \test Check if replace is not done when second content match and not * first */ static int DetectReplaceMatchTest06(void) { char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";" " content:\"nutella\"; replace:\"commode\"; content:\"this is\"; sid:1;)"; char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";" " content:\"commode\"; sid:2;)"; return !DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2); }
/** * \test Check if replace is working with second content */ static int DetectReplaceMatchTest04(void) { char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";" " content:\"th\"; replace:\"TH\"; content:\"patter\"; replace:\"matter\"; sid:1;)"; char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";" " content:\"THis\"; content:\"matterns\"; sid:2;)"; return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2); }
/** * \test Check if replace is working with within */ static int DetectReplaceMatchTest14(void) { char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";" " content:\"big\"; replace:\"pig\"; content:\"test\"; distance: 2; sid:1;)"; char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";" " content:\"pig\"; depth:17; offset:14; sid:2;)"; return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2); }
/** * \test Check if replace is working when nocase used */ int DetectReplaceMatchTest07() { char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";" " content:\"BiG\"; nocase; replace:\"pig\"; sid:1;)"; char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";" " content:\"this is a pig test\"; sid:2;)"; return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2); }
/** * \test Check if replace is not done when second content don't match */ int DetectReplaceMatchTest05() { char *sig = "alert tcp any any -> any any (msg:\"Nothing..\";" " content:\"th\"; replace:\"TH\"; content:\"nutella\"; sid:1;)"; char *sig_rep = "alert tcp any any -> any any (msg:\"replace worked\";" " content:\"TH\"; sid:2;)"; return DetectReplaceLongPatternMatchTestWrp(sig, 1, sig_rep, 2); }