28 static void DetectBase64DataRegisterTests(
void);
34 "Content match base64 decoded data.";
39 DetectBase64DataRegisterTests;
53 "\"base64_data\" keyword seen without preceding base64_decode.");
78 static int g_file_data_buffer_id = 0;
80 static int DetectBase64DataSetupTest01(
void)
93 "alert smtp any any -> any any (msg:\"DetectBase64DataSetupTest\"; " 94 "base64_decode; base64_data; content:\"content\"; sid:1; rev:1;)");
96 printf(
"SigInit failed: ");
102 printf(
"DETECT_SM_LIST_PMATCH should not be NULL: ");
106 printf(
"sm->type should be DETECT_BASE64_DECODE: ");
111 printf(
"DETECT_SM_LIST_BASE64_DATA should not be NULL: ");
117 if (de_ctx != NULL) {
125 static int DetectBase64DataSetupTest02(
void)
132 if (de_ctx == NULL) {
138 "alert smtp any any -> any any ( " 139 "msg:\"DetectBase64DataSetupTest\"; " 142 "base64_decode: bytes 16; " 144 "content:\"content\"; " 147 printf(
"SigInit failed: ");
153 printf(
"DETECT_SM_LIST_PMATCH is not NULL: ");
157 sm = de_ctx->
sig_list->sm_lists[g_file_data_buffer_id];
159 printf(
"DETECT_SM_LIST_FILEDATA is NULL: ");
165 printf(
"DETECT_SM_LIST_BASE64_DATA is NULL: ");
171 if (de_ctx != NULL) {
183 static int DetectBase64DataSetupTest03(
void)
189 if (de_ctx == NULL) {
195 "alert smtp any any -> any any ( " 196 "msg:\"DetectBase64DataSetupTest\"; " 197 "base64_decode: bytes 16; " 199 "content:\"content\"; " 204 printf(
"SigInit should have failed: ");
210 if (de_ctx != NULL) {
222 static int DetectBase64DataSetupTest04(
void)
228 if (de_ctx == NULL) {
234 "alert tcp any any -> any any (msg:\"some b64thing\"; flow:established,from_server; file_data; content:\"sometext\"; fast_pattern; base64_decode:relative; base64_data; content:\"foobar\"; nocase; tag:session,120,seconds; sid:1111111; rev:1;)");
236 printf(
"SigInit failed: ");
242 if (de_ctx != NULL) {
252 static void DetectBase64DataRegisterTests(
void)
257 UtRegisterTest(
"DetectBase64DataSetupTest01", DetectBase64DataSetupTest01);
258 UtRegisterTest(
"DetectBase64DataSetupTest02", DetectBase64DataSetupTest02);
259 UtRegisterTest(
"DetectBase64DataSetupTest03", DetectBase64DataSetupTest03);
260 UtRegisterTest(
"DetectBase64DataSetupTest04", DetectBase64DataSetupTest04);
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
SignatureInitData * init_data
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Signature * SigInit(DetectEngineCtx *, const char *)
Parses a signature and adds it to the Detection Engine Context.
void SigCleanSignatures(DetectEngineCtx *de_ctx)
int DetectBase64DataDoMatch(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f)
main detection engine ctx
int DetectBufferTypeGetByName(const char *name)
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void DetectBase64DataRegister(void)
SigMatchData * sm_arrays[DETECT_SM_LIST_MAX]
int SigGroupCleanup(DetectEngineCtx *de_ctx)
SigMatch * DetectGetLastSMFromLists(const Signature *s,...)
Returns the sm with the largest index (added latest) from the lists passed to us. ...
int DetectEngineContentInspection(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx, const Signature *s, const SigMatchData *smd, Packet *p, Flow *f, const uint8_t *buffer, uint32_t buffer_len, uint32_t stream_start_offset, uint8_t flags, uint8_t inspection_mode)
Run the actual payload match functions.
#define DETECT_CI_FLAGS_SINGLE
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
void(* RegisterTests)(void)
a single match condition for a signature
DetectEngineCtx * DetectEngineCtxInit(void)