/**
* \test DetectSshVersionTestParse03 is a test to make sure that we
* don't return a ssh_data with an invalid value specified
*/
int DetectSshVersionTestParse03 (void) {
DetectSshVersionData *ssh = NULL;
ssh = DetectSshVersionParse("2_com");
if (ssh != NULL) {
DetectSshVersionFree(ssh);
return 0;
}
ssh = DetectSshVersionParse("");
if (ssh != NULL) {
DetectSshVersionFree(ssh);
return 0;
}
ssh = DetectSshVersionParse(".1");
if (ssh != NULL) {
DetectSshVersionFree(ssh);
return 0;
}
ssh = DetectSshVersionParse("lalala");
if (ssh != NULL) {
DetectSshVersionFree(ssh);
return 0;
}
return 1;
}
/**
* \brief this function is used to add the parsed "id" option
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectSshVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectSshVersionData *ssh = NULL;
SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_SSH) != 0)
return -1;
ssh = DetectSshVersionParse(str);
if (ssh == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_SSH_PROTOVERSION;
sm->ctx = (void *)ssh;
SigMatchAppendSMToList(s, sm, g_ssh_banner_list_id);
return 0;
error:
if (ssh != NULL)
DetectSshVersionFree(ssh);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \test DetectSshVersionTestParse02 is a test to make sure that we parse
* the proto version (compatible with proto version 2) correctly
*/
int DetectSshVersionTestParse02 (void) {
DetectSshVersionData *ssh = NULL;
ssh = DetectSshVersionParse("2_compat");
if (ssh->flags & SSH_FLAG_PROTOVERSION_2_COMPAT) {
DetectSshVersionFree(ssh);
return 1;
}
return 0;
}
/**
* \test DetectSshVersionTestParse01 is a test to make sure that we parse
* a proto version correctly
*/
int DetectSshVersionTestParse01 (void) {
DetectSshVersionData *ssh = NULL;
ssh = DetectSshVersionParse("1.0");
if (ssh != NULL && strncmp((char *) ssh->ver, "1.0", 3) == 0) {
DetectSshVersionFree(ssh);
return 1;
}
return 0;
}
/**
* \brief this function is used to add the parsed "id" option
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectSshVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
DetectSshVersionData *ssh = NULL;
SigMatch *sm = NULL;
ssh = DetectSshVersionParse(str);
if (ssh == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_SSH) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
goto error;
}
sm->type = DETECT_AL_SSH_PROTOVERSION;
sm->ctx = (void *)ssh;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_SSH;
return 0;
error:
if (ssh != NULL)
DetectSshVersionFree(ssh);
if (sm != NULL)
SCFree(sm);
return -1;
}
