53 #define DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT DETECT_BYTE_EXTRACT_ENDIAN_BIG
57 #define DETECT_BYTE_EXTRACT_BASE_NONE 0
58 #define DETECT_BYTE_EXTRACT_BASE_HEX 16
59 #define DETECT_BYTE_EXTRACT_BASE_DEC 10
60 #define DETECT_BYTE_EXTRACT_BASE_OCT 8
65 #define DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT 1
67 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT 1
68 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT 65535
72 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
73 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
74 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
76 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
78 #define PARSE_REGEX "^" \
80 ",\\s*(-?[0-9]+)\\s*" \
81 ",\\s*([^\\s,]+)\\s*" \
82 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
83 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
84 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
85 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
86 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
93 static void DetectByteExtractRegisterTests(
void);
115 const Signature *s,
const uint8_t *payload,
120 const uint8_t *ptr = NULL;
133 SCLogDebug(
"relative, working with det_ctx->buffer_offset %"PRIu32
", "
150 ptr = payload + data->
offset;
155 if (ptr < payload || data->nbytes >
len) {
156 SCLogDebug(
"Data not within payload pkt=%p, ptr=%p, len=%"PRIu32
", nbytes=%d",
164 data->
nbytes, (
const char *)ptr);
171 SCLogDebug(
"error extracting %d bytes of string data: %d",
180 if (extbytes != data->
nbytes) {
181 SCLogDebug(
"error extracting %d bytes of numeric data: %d",
200 SCLogDebug(
"extracted value is %"PRIu64, val);
217 int ret = 0,
res = 0;
222 if (ret < 3 || ret > 19) {
224 ", string \"%s\"", ret, arg);
226 "for byte_extract", arg);
236 char nbytes_str[64] =
"";
237 pcre2len =
sizeof(nbytes_str);
238 res = pcre2_substring_copy_bynumber(
239 parse_regex.
match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
242 "for arg 1 for byte_extract");
246 (
const char *)nbytes_str) < 0) {
248 " to be extracted: \"%s\".", nbytes_str);
253 char offset_str[64] =
"";
254 pcre2len =
sizeof(offset_str);
255 res = pcre2_substring_copy_bynumber(
256 parse_regex.
match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
259 "for arg 2 for byte_extract");
270 char varname_str[256] =
"";
271 pcre2len =
sizeof(varname_str);
272 res = pcre2_substring_copy_bynumber(
273 parse_regex.
match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
276 "for arg 3 for byte_extract");
280 if (bed->
name == NULL)
284 for (i = 4; i < ret; i++) {
285 char opt_str[64] =
"";
286 pcre2len =
sizeof(opt_str);
290 "pcre2_substring_copy_bynumber failed "
291 "for arg %d for byte_extract with %d",
296 if (strcmp(
"relative", opt_str) == 0) {
299 "than once for byte_extract");
303 }
else if (strcmp(
"multiplier", opt_str) == 0) {
306 "than once for byte_extract");
312 char multiplier_str[16] =
"";
313 pcre2len =
sizeof(multiplier_str);
314 res = pcre2_substring_copy_bynumber(
315 parse_regex.
match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
318 "pcre2_substring_copy_bynumber failed "
319 "for arg %d for byte_extract",
325 (
const char *)multiplier_str,
329 "multiplier: \"%s\".", multiplier_str);
333 }
else if (strcmp(
"big", opt_str) == 0) {
336 "more than once for byte_extract");
341 }
else if (strcmp(
"little", opt_str) == 0) {
344 "more than once for byte_extract");
349 }
else if (strcmp(
"dce", opt_str) == 0) {
352 "more than once for byte_extract");
357 }
else if (strcmp(
"string", opt_str) == 0) {
360 "than once for byte_extract");
365 "base is (string, base) and not (base, string) "
370 }
else if (strcmp(
"hex", opt_str) == 0) {
373 "without specifying string. The right way is "
374 "(string, base) and not (base, string)");
379 "specified for byte_extract");
383 }
else if (strcmp(
"oct", opt_str) == 0) {
386 "without specifying string. The right way is "
387 "(string, base) and not (base, string)");
392 "specified for byte_extract");
396 }
else if (strcmp(
"dec", opt_str) == 0) {
399 "without specifying string. The right way is "
400 "(string, base) and not (base, string)");
405 "specified for byte_extract");
409 }
else if (strcmp(
"align", opt_str) == 0) {
412 "than once for byte_extract");
418 char align_str[16] =
"";
419 pcre2len =
sizeof(align_str);
420 res = pcre2_substring_copy_bynumber(
421 parse_regex.
match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
424 "pcre2_substring_copy_bynumber failed "
425 "for arg %d in byte_extract",
430 (
const char *)align_str) < 0) {
432 "\"%s\".", align_str);
440 }
else if (strcmp(
"", opt_str) == 0) {
444 "specified in byte_extract", opt_str);
462 "endian \"big\" or \"little\" specified along with "
471 "more than %d bytes in \"string\" extraction",
480 "more than %d bytes in \"string\" extraction",
489 "more than %d bytes in \"string\" extraction",
499 "more than %d bytes in \"non-string\" extraction",
512 DetectByteExtractFree(
de_ctx, bed);
536 data = DetectByteExtractParse(
de_ctx, arg);
552 if (prev_pm == NULL) {
572 if (prev_pm == NULL) {
595 "A byte_jump keyword with dce holds other invalid modifiers.");
602 if (prev_bed_sm == NULL)
614 sm->
ctx = (
void *)data;
636 DetectByteExtractFree(
de_ctx, data);
649 if (bed->
name != NULL)
668 for (
int list = 0; list < nlists; list++) {
673 if (strcmp(bed->
name, arg) == 0) {
688 static int g_file_data_buffer_id = 0;
689 static int g_http_uri_buffer_id = 0;
691 static int DetectByteExtractTest01(
void)
701 strcmp(bed->
name,
"one") != 0 ||
713 DetectByteExtractFree(NULL, bed);
717 static int DetectByteExtractTest02(
void)
727 strcmp(bed->
name,
"one") != 0 ||
739 DetectByteExtractFree(NULL, bed);
743 static int DetectByteExtractTest03(
void)
753 strcmp(bed->
name,
"one") != 0 ||
765 DetectByteExtractFree(NULL, bed);
769 static int DetectByteExtractTest04(
void)
779 strcmp(bed->
name,
"one") != 0 ||
792 DetectByteExtractFree(NULL, bed);
796 static int DetectByteExtractTest05(
void)
806 strcmp(bed->
name,
"one") != 0 ||
818 DetectByteExtractFree(NULL, bed);
822 static int DetectByteExtractTest06(
void)
832 strcmp(bed->
name,
"one") != 0 ||
844 DetectByteExtractFree(NULL, bed);
848 static int DetectByteExtractTest07(
void)
858 strcmp(bed->
name,
"one") != 0 ||
870 DetectByteExtractFree(NULL, bed);
874 static int DetectByteExtractTest08(
void)
884 strcmp(bed->
name,
"one") != 0 ||
896 DetectByteExtractFree(NULL, bed);
900 static int DetectByteExtractTest09(
void)
910 strcmp(bed->
name,
"one") != 0 ||
922 DetectByteExtractFree(NULL, bed);
926 static int DetectByteExtractTest10(
void)
936 strcmp(bed->
name,
"one") != 0 ||
948 DetectByteExtractFree(NULL, bed);
952 static int DetectByteExtractTest11(
void)
962 strcmp(bed->
name,
"one") != 0 ||
974 DetectByteExtractFree(NULL, bed);
978 static int DetectByteExtractTest12(
void)
988 strcmp(bed->
name,
"one") != 0 ||
1001 DetectByteExtractFree(NULL, bed);
1005 static int DetectByteExtractTest13(
void)
1015 strcmp(bed->
name,
"one") != 0 ||
1029 DetectByteExtractFree(NULL, bed);
1033 static int DetectByteExtractTest14(
void)
1043 strcmp(bed->
name,
"one") != 0 ||
1057 DetectByteExtractFree(NULL, bed);
1061 static int DetectByteExtractTest15(
void)
1071 strcmp(bed->
name,
"one") != 0 ||
1085 DetectByteExtractFree(NULL, bed);
1089 static int DetectByteExtractTest16(
void)
1093 DetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little, multiplier 2");
1099 strcmp(bed->
name,
"one") != 0 ||
1114 DetectByteExtractFree(NULL, bed);
1118 static int DetectByteExtractTest17(
void)
1123 "relative, little, "
1124 "multiplier 2, string hex");
1131 DetectByteExtractFree(NULL, bed);
1135 static int DetectByteExtractTest18(
void)
1140 "relative, little, "
1149 DetectByteExtractFree(NULL, bed);
1153 static int DetectByteExtractTest19(
void)
1158 "relative, little, "
1167 DetectByteExtractFree(NULL, bed);
1171 static int DetectByteExtractTest20(
void)
1185 DetectByteExtractFree(NULL, bed);
1189 static int DetectByteExtractTest21(
void)
1203 DetectByteExtractFree(NULL, bed);
1207 static int DetectByteExtractTest22(
void)
1221 DetectByteExtractFree(NULL, bed);
1225 static int DetectByteExtractTest23(
void)
1239 DetectByteExtractFree(NULL, bed);
1243 static int DetectByteExtractTest24(
void)
1256 DetectByteExtractFree(NULL, bed);
1260 static int DetectByteExtractTest25(
void)
1273 DetectByteExtractFree(NULL, bed);
1277 static int DetectByteExtractTest26(
void)
1284 "multiplier 65536");
1291 DetectByteExtractFree(NULL, bed);
1295 static int DetectByteExtractTest27(
void)
1309 DetectByteExtractFree(NULL, bed);
1313 static int DetectByteExtractTest28(
void)
1324 DetectByteExtractFree(NULL, bed);
1328 static int DetectByteExtractTest29(
void)
1339 DetectByteExtractFree(NULL, bed);
1343 static int DetectByteExtractTest30(
void)
1354 DetectByteExtractFree(NULL, bed);
1358 static int DetectByteExtractTest31(
void)
1369 DetectByteExtractFree(NULL, bed);
1373 static int DetectByteExtractTest32(
void)
1384 DetectByteExtractFree(NULL, bed);
1388 static int DetectByteExtractTest33(
void)
1399 DetectByteExtractFree(NULL, bed);
1403 static int DetectByteExtractTest34(
void)
1418 "(msg:\"Testing bytejump_body\"; "
1420 "byte_extract:4,2,two,relative,string,hex; "
1446 printf(
"one failed\n");
1479 static int DetectByteExtractTest35(
void)
1495 "(msg:\"Testing bytejump_body\"; "
1496 "content:\"one\"; pcre:/asf/; "
1497 "byte_extract:4,0,two,relative,string,hex; "
1523 printf(
"one failed\n");
1547 strcmp(bed->
name,
"two") != 0 ||
1567 static int DetectByteExtractTest36(
void)
1583 "(msg:\"Testing bytejump_body\"; "
1584 "content:\"one\"; byte_jump:1,13; "
1585 "byte_extract:4,0,two,relative,string,hex; "
1611 printf(
"one failed\n");
1622 if (bjd->
flags != 0) {
1635 strcmp(bed->
name,
"two") != 0 ||
1655 static int DetectByteExtractTest37(
void)
1671 "(msg:\"Testing bytejump_body\"; "
1672 "content:\"one\"; uricontent:\"two\"; "
1673 "byte_extract:4,0,two,relative,string,hex; "
1699 printf(
"one failed\n");
1704 if (sm->
next != NULL) {
1709 sm = s->sm_lists[g_http_uri_buffer_id];
1723 printf(
"two failed\n");
1736 strcmp(bed->
name,
"two") != 0 ||
1756 static int DetectByteExtractTest38(
void)
1772 "(msg:\"Testing bytejump_body\"; "
1773 "content:\"one\"; uricontent:\"two\"; "
1774 "byte_extract:4,0,two,string,hex; "
1800 printf(
"one failed\n");
1813 strcmp(bed->
name,
"two") != 0 ||
1822 sm = s->sm_lists[g_http_uri_buffer_id];
1836 printf(
"two failed\n");
1841 if (sm->
next != NULL) {
1856 static int DetectByteExtractTest39(
void)
1872 "(msg:\"Testing bytejump_body\"; "
1873 "content:\"one\"; content:\"two\"; http_uri; "
1874 "byte_extract:4,0,two,relative,string,hex; "
1900 printf(
"one failed\n");
1905 if (sm->
next != NULL) {
1910 sm = s->sm_lists[g_http_uri_buffer_id];
1924 printf(
"two failed\n");
1937 strcmp(bed->
name,
"two") != 0 ||
1957 static int DetectByteExtractTest40(
void)
1973 "(msg:\"Testing bytejump_body\"; "
1974 "content:\"one\"; content:\"two\"; http_uri; "
1975 "byte_extract:4,0,two,string,hex; "
2001 printf(
"one failed\n");
2014 strcmp(bed->
name,
"two") != 0 ||
2023 sm = s->sm_lists[g_http_uri_buffer_id];
2037 printf(
"two failed\n");
2042 if (sm->
next != NULL) {
2057 static int DetectByteExtractTest41(
void)
2072 "(msg:\"Testing bytejump_body\"; "
2074 "byte_extract:4,0,two,string,hex; "
2075 "byte_extract:4,0,three,string,hex; "
2101 printf(
"one failed\n");
2114 strcmp(bed->
name,
"two") != 0 ||
2135 strcmp(bed->
name,
"three") != 0 ||
2158 static int DetectByteExtractTest42(
void)
2174 "(msg:\"Testing bytejump_body\"; "
2176 "byte_extract:4,0,two,string,hex; "
2177 "uricontent: \"three\"; "
2178 "byte_extract:4,0,four,string,hex,relative; "
2179 "byte_extract:4,0,five,string,hex; "
2205 printf(
"one failed\n");
2218 strcmp(bed->
name,
"two") != 0 ||
2239 strcmp(bed->
name,
"five") != 0 ||
2252 if (sm->
next != NULL)
2255 sm = s->sm_lists[g_http_uri_buffer_id];
2269 printf(
"two failed\n");
2282 strcmp(bed->
name,
"four") != 0 ||
2296 if (sm->
next != NULL)
2309 static int DetectByteExtractTest43(
void)
2324 "(msg:\"Testing bytejump_body\"; "
2326 "byte_extract:4,0,two,string,hex; "
2327 "content: \"three\"; offset:two; "
2353 printf(
"one failed\n");
2366 strcmp(bed->
name,
"two") != 0 ||
2389 printf(
"three failed\n");
2394 if (sm->
next != NULL)
2407 static int DetectByteExtractTest44(
void)
2423 "(msg:\"Testing bytejump_body\"; "
2425 "byte_extract:4,0,two,string,hex; "
2426 "byte_extract:4,0,three,string,hex; "
2427 "content: \"four\"; offset:two; "
2428 "content: \"five\"; offset:three; "
2454 printf(
"one failed\n");
2467 strcmp(bed1->
name,
"two") != 0 ||
2497 printf(
"four failed\n");
2512 printf(
"five failed\n");
2517 if (sm->
next != NULL)
2530 static int DetectByteExtractTest45(
void)
2545 "(msg:\"Testing bytejump_body\"; "
2547 "byte_extract:4,0,two,string,hex; "
2548 "content: \"three\"; depth:two; "
2574 printf(
"one failed\n");
2587 strcmp(bed->
name,
"two") != 0 ||
2611 printf(
"three failed\n");
2616 if (sm->
next != NULL)
2629 static int DetectByteExtractTest46(
void)
2645 "(msg:\"Testing bytejump_body\"; "
2647 "byte_extract:4,0,two,string,hex; "
2648 "byte_extract:4,0,three,string,hex; "
2649 "content: \"four\"; depth:two; "
2650 "content: \"five\"; depth:three; "
2676 printf(
"one failed\n");
2689 strcmp(bed1->
name,
"two") != 0 ||
2719 printf(
"four failed\n");
2734 printf(
"five failed\n");
2739 if (sm->
next != NULL)
2752 static int DetectByteExtractTest47(
void)
2767 "(msg:\"Testing bytejump_body\"; "
2769 "byte_extract:4,0,two,string,hex; "
2770 "content: \"three\"; distance:two; "
2796 printf(
"one failed\n");
2809 strcmp(bed->
name,
"two") != 0 ||
2834 printf(
"three failed\n");
2839 if (sm->
next != NULL)
2852 static int DetectByteExtractTest48(
void)
2868 "(msg:\"Testing bytejump_body\"; "
2870 "byte_extract:4,0,two,string,hex; "
2871 "byte_extract:4,0,three,string,hex; "
2872 "content: \"four\"; distance:two; "
2873 "content: \"five\"; distance:three; "
2899 printf(
"one failed\n");
2912 strcmp(bed1->
name,
"two") != 0 ||
2945 printf(
"four failed\n");
2962 printf(
"five failed\n");
2967 if (sm->
next != NULL)
2980 static int DetectByteExtractTest49(
void)
2995 "(msg:\"Testing bytejump_body\"; "
2997 "byte_extract:4,0,two,string,hex; "
2998 "content: \"three\"; within:two; "
3024 printf(
"one failed\n");
3037 strcmp(bed->
name,
"two") != 0 ||
3063 printf(
"three failed\n");
3068 if (sm->
next != NULL)
3081 static int DetectByteExtractTest50(
void)
3097 "(msg:\"Testing bytejump_body\"; "
3099 "byte_extract:4,0,two,string,hex; "
3100 "byte_extract:4,0,three,string,hex; "
3101 "content: \"four\"; within:two; "
3102 "content: \"five\"; within:three; "
3128 printf(
"one failed\n");
3141 strcmp(bed1->
name,
"two") != 0 ||
3175 printf(
"four failed\n");
3193 printf(
"five failed\n");
3198 if (sm->
next != NULL)
3211 static int DetectByteExtractTest51(
void)
3227 "(msg:\"Testing bytejump_body\"; "
3229 "byte_extract:4,0,two,string,hex; "
3230 "byte_test: 2,=,10, two; "
3256 printf(
"one failed\n");
3269 strcmp(bed->
name,
"two") != 0 ||
3291 printf(
"three failed\n");
3296 if (sm->
next != NULL)
3309 static int DetectByteExtractTest52(
void)
3325 "(msg:\"Testing bytejump_body\"; "
3327 "byte_extract:4,0,two,string,hex; "
3328 "byte_extract:4,0,three,string,hex; "
3329 "byte_test: 2,=,two,three; "
3330 "byte_test: 3,=,10,three; "
3356 printf(
"one failed\n");
3369 strcmp(bed1->
name,
"two") != 0 ||
3398 printf(
"three failed\n");
3412 printf(
"four failed\n");
3417 if (sm->
next != NULL)
3430 static int DetectByteExtractTest53(
void)
3446 "(msg:\"Testing bytejump_body\"; "
3448 "byte_extract:4,0,two,string,hex; "
3449 "byte_jump: 2,two; "
3475 printf(
"one failed\n");
3488 strcmp(bed->
name,
"two") != 0 ||
3509 printf(
"three failed\n");
3514 if (sm->
next != NULL)
3527 static int DetectByteExtractTest54(
void)
3543 "(msg:\"Testing bytejump_body\"; "
3545 "byte_extract:4,0,two,string,hex; "
3546 "byte_extract:4,0,three,string,hex; "
3547 "byte_jump: 2,two; "
3548 "byte_jump: 3,three; "
3574 printf(
"one failed\n");
3587 strcmp(bed1->
name,
"two") != 0 ||
3614 printf(
"three failed\n");
3627 printf(
"four failed\n");
3632 if (sm->
next != NULL)
3645 static int DetectByteExtractTest55(
void)
3661 "(msg:\"Testing byte_extract\"; "
3663 "byte_extract:4,0,two,string,hex; "
3664 "byte_extract:4,0,three,string,hex; "
3665 "byte_extract:4,0,four,string,hex; "
3666 "byte_extract:4,0,five,string,hex; "
3667 "content: \"four\"; within:two; distance:three; "
3690 printf(
"one failed: ");
3701 strcmp(bed1->
name,
"two") != 0 ||
3741 printf(
"four failed: ");
3745 if (sm->
next != NULL) {
3759 static int DetectByteExtractTest56(
void)
3775 "(msg:\"Testing bytejump_body\"; "
3776 "uricontent:\"urione\"; "
3778 "byte_extract:4,0,two,string,hex; "
3779 "byte_extract:4,0,three,string,hex; "
3780 "byte_extract:4,0,four,string,hex; "
3781 "byte_extract:4,0,five,string,hex; "
3782 "content: \"four\"; within:two; distance:three; "
3794 sm = s->sm_lists[g_http_uri_buffer_id];
3808 printf(
"one failed\n");
3813 if (sm->
next != NULL)
3830 printf(
"one failed\n");
3843 strcmp(bed1->
name,
"two") != 0 ||
3888 printf(
"four failed\n");
3893 if (sm->
next != NULL) {
3907 static int DetectByteExtractTest57(
void)
3925 "(msg:\"Testing bytejump_body\"; "
3927 "uricontent: \"urione\"; "
3928 "byte_extract:4,0,two,string,hex,relative; "
3929 "byte_extract:4,0,three,string,hex,relative; "
3930 "byte_extract:4,0,four,string,hex,relative; "
3931 "byte_extract:4,0,five,string,hex,relative; "
3932 "uricontent: \"four\"; within:two; distance:three; "
3958 printf(
"one failed\n");
3963 if (sm->
next != NULL)
3966 sm = s->sm_lists[g_http_uri_buffer_id];
3980 printf(
"one failed\n");
3993 strcmp(bed1->
name,
"two") != 0 ||
4053 printf(
"four failed\n");
4058 if (sm->
next != NULL) {
4072 static int DetectByteExtractTest58(
void)
4089 "(msg:\"Testing bytejump_body\"; "
4091 "byte_extract:4,0,two,string,hex; "
4092 "byte_extract:4,0,three,string,hex; "
4093 "byte_jump: 2,two; "
4094 "byte_jump: 3,three; "
4121 printf(
"one failed\n");
4134 strcmp(bed1->
name,
"two") != 0 ||
4161 printf(
"three failed\n");
4174 printf(
"four failed\n");
4187 printf(
"isdataat failed\n");
4192 if (sm->
next != NULL)
4205 static int DetectByteExtractTest59(
void)
4222 "(msg:\"Testing bytejump_body\"; "
4224 "byte_extract:4,0,two,string,hex; "
4225 "byte_extract:4,0,three,string,hex; "
4226 "byte_jump: 2,two; "
4227 "byte_jump: 3,three; "
4228 "isdataat: three,relative; "
4254 printf(
"one failed\n");
4267 strcmp(bed1->
name,
"two") != 0 ||
4294 printf(
"three failed\n");
4307 printf(
"four failed\n");
4321 printf(
"isdataat failed\n");
4326 if (sm->
next != NULL)
4339 static int DetectByteExtractTest60(
void)
4355 "(msg:\"Testing bytejump_body\"; "
4357 "byte_extract:4,0,two,string,hex,relative; "
4358 "uricontent: \"three\"; "
4359 "byte_extract:4,0,four,string,hex,relative; "
4386 printf(
"one failed\n");
4399 strcmp(bed1->
name,
"two") != 0 ||
4421 printf(
"isdataat failed\n");
4426 if (sm->
next != NULL)
4429 if (s->sm_lists_tail[g_http_uri_buffer_id] == NULL) {
4434 sm = s->sm_lists[g_http_uri_buffer_id];
4442 printf(
"one failed\n");
4455 strcmp(bed1->
name,
"four") != 0 ||
4469 if (sm->
next != NULL)
4482 static int DetectByteExtractTest61(
void)
4498 "(msg:\"Testing bytejump_body\"; "
4500 "byte_extract:4,0,two,string,hex,relative; "
4501 "uricontent: \"three\"; "
4502 "byte_extract:4,0,four,string,hex,relative; "
4503 "isdataat: four, relative; "
4529 printf(
"one failed\n");
4542 strcmp(bed1->
name,
"two") != 0 ||
4556 if (sm->
next != NULL)
4559 if (s->sm_lists_tail[g_http_uri_buffer_id] == NULL) {
4564 sm = s->sm_lists[g_http_uri_buffer_id];
4572 printf(
"one failed\n");
4585 strcmp(bed1->
name,
"four") != 0 ||
4608 printf(
"isdataat failed\n");
4613 if (sm->
next != NULL)
4626 static int DetectByteExtractTest62(
void)
4640 "(file_data; byte_extract:4,2,two,relative,string,hex; "
4646 if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) {
4650 sm = s->sm_lists[g_file_data_buffer_id];
4658 strncmp(bed->
name,
"two", 3) != 0 ||
4677 static int DetectByteExtractTest63(
void)
4687 strcmp(bed->
name,
"one") != 0 ||
4699 DetectByteExtractFree(NULL, bed);
4703 static int DetectByteExtractTestParseNoBase(
void)
4717 if (strcmp(bed->
name,
"one") != 0) {
4739 DetectByteExtractFree(NULL, bed);
4743 static void DetectByteExtractRegisterTests(
void)
4748 UtRegisterTest(
"DetectByteExtractTest01", DetectByteExtractTest01);
4749 UtRegisterTest(
"DetectByteExtractTest02", DetectByteExtractTest02);
4750 UtRegisterTest(
"DetectByteExtractTest03", DetectByteExtractTest03);
4751 UtRegisterTest(
"DetectByteExtractTest04", DetectByteExtractTest04);
4752 UtRegisterTest(
"DetectByteExtractTest05", DetectByteExtractTest05);
4753 UtRegisterTest(
"DetectByteExtractTest06", DetectByteExtractTest06);
4754 UtRegisterTest(
"DetectByteExtractTest07", DetectByteExtractTest07);
4755 UtRegisterTest(
"DetectByteExtractTest08", DetectByteExtractTest08);
4756 UtRegisterTest(
"DetectByteExtractTest09", DetectByteExtractTest09);
4757 UtRegisterTest(
"DetectByteExtractTest10", DetectByteExtractTest10);
4758 UtRegisterTest(
"DetectByteExtractTest11", DetectByteExtractTest11);
4759 UtRegisterTest(
"DetectByteExtractTest12", DetectByteExtractTest12);
4760 UtRegisterTest(
"DetectByteExtractTest13", DetectByteExtractTest13);
4761 UtRegisterTest(
"DetectByteExtractTest14", DetectByteExtractTest14);
4762 UtRegisterTest(
"DetectByteExtractTest15", DetectByteExtractTest15);
4763 UtRegisterTest(
"DetectByteExtractTest16", DetectByteExtractTest16);
4764 UtRegisterTest(
"DetectByteExtractTest17", DetectByteExtractTest17);
4765 UtRegisterTest(
"DetectByteExtractTest18", DetectByteExtractTest18);
4766 UtRegisterTest(
"DetectByteExtractTest19", DetectByteExtractTest19);
4767 UtRegisterTest(
"DetectByteExtractTest20", DetectByteExtractTest20);
4768 UtRegisterTest(
"DetectByteExtractTest21", DetectByteExtractTest21);
4769 UtRegisterTest(
"DetectByteExtractTest22", DetectByteExtractTest22);
4770 UtRegisterTest(
"DetectByteExtractTest23", DetectByteExtractTest23);
4771 UtRegisterTest(
"DetectByteExtractTest24", DetectByteExtractTest24);
4772 UtRegisterTest(
"DetectByteExtractTest25", DetectByteExtractTest25);
4773 UtRegisterTest(
"DetectByteExtractTest26", DetectByteExtractTest26);
4774 UtRegisterTest(
"DetectByteExtractTest27", DetectByteExtractTest27);
4775 UtRegisterTest(
"DetectByteExtractTest28", DetectByteExtractTest28);
4776 UtRegisterTest(
"DetectByteExtractTest29", DetectByteExtractTest29);
4777 UtRegisterTest(
"DetectByteExtractTest30", DetectByteExtractTest30);
4778 UtRegisterTest(
"DetectByteExtractTest31", DetectByteExtractTest31);
4779 UtRegisterTest(
"DetectByteExtractTest32", DetectByteExtractTest32);
4780 UtRegisterTest(
"DetectByteExtractTest33", DetectByteExtractTest33);
4781 UtRegisterTest(
"DetectByteExtractTest34", DetectByteExtractTest34);
4782 UtRegisterTest(
"DetectByteExtractTest35", DetectByteExtractTest35);
4783 UtRegisterTest(
"DetectByteExtractTest36", DetectByteExtractTest36);
4784 UtRegisterTest(
"DetectByteExtractTest37", DetectByteExtractTest37);
4785 UtRegisterTest(
"DetectByteExtractTest38", DetectByteExtractTest38);
4786 UtRegisterTest(
"DetectByteExtractTest39", DetectByteExtractTest39);
4787 UtRegisterTest(
"DetectByteExtractTest40", DetectByteExtractTest40);
4788 UtRegisterTest(
"DetectByteExtractTest41", DetectByteExtractTest41);
4789 UtRegisterTest(
"DetectByteExtractTest42", DetectByteExtractTest42);
4791 UtRegisterTest(
"DetectByteExtractTest43", DetectByteExtractTest43);
4792 UtRegisterTest(
"DetectByteExtractTest44", DetectByteExtractTest44);
4794 UtRegisterTest(
"DetectByteExtractTest45", DetectByteExtractTest45);
4795 UtRegisterTest(
"DetectByteExtractTest46", DetectByteExtractTest46);
4797 UtRegisterTest(
"DetectByteExtractTest47", DetectByteExtractTest47);
4798 UtRegisterTest(
"DetectByteExtractTest48", DetectByteExtractTest48);
4800 UtRegisterTest(
"DetectByteExtractTest49", DetectByteExtractTest49);
4801 UtRegisterTest(
"DetectByteExtractTest50", DetectByteExtractTest50);
4803 UtRegisterTest(
"DetectByteExtractTest51", DetectByteExtractTest51);
4804 UtRegisterTest(
"DetectByteExtractTest52", DetectByteExtractTest52);
4806 UtRegisterTest(
"DetectByteExtractTest53", DetectByteExtractTest53);
4807 UtRegisterTest(
"DetectByteExtractTest54", DetectByteExtractTest54);
4809 UtRegisterTest(
"DetectByteExtractTest55", DetectByteExtractTest55);
4810 UtRegisterTest(
"DetectByteExtractTest56", DetectByteExtractTest56);
4811 UtRegisterTest(
"DetectByteExtractTest57", DetectByteExtractTest57);
4813 UtRegisterTest(
"DetectByteExtractTest58", DetectByteExtractTest58);
4814 UtRegisterTest(
"DetectByteExtractTest59", DetectByteExtractTest59);
4815 UtRegisterTest(
"DetectByteExtractTest60", DetectByteExtractTest60);
4816 UtRegisterTest(
"DetectByteExtractTest61", DetectByteExtractTest61);
4817 UtRegisterTest(
"DetectByteExtractTest62", DetectByteExtractTest62);
4818 UtRegisterTest(
"DetectByteExtractTest63", DetectByteExtractTest63);
4821 DetectByteExtractTestParseNoBase);