54 #define DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT DETECT_BYTE_EXTRACT_ENDIAN_BIG
58 #define DETECT_BYTE_EXTRACT_BASE_NONE 0
59 #define DETECT_BYTE_EXTRACT_BASE_HEX 16
60 #define DETECT_BYTE_EXTRACT_BASE_DEC 10
61 #define DETECT_BYTE_EXTRACT_BASE_OCT 8
66 #define DETECT_BYTE_EXTRACT_MULTIPLIER_DEFAULT 1
68 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MIN_LIMIT 1
69 #define DETECT_BYTE_EXTRACT_MULTIPLIER_MAX_LIMIT 65535
73 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
74 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
75 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
77 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
79 #define PARSE_REGEX "^" \
81 ",\\s*(-?[0-9]+)\\s*" \
82 ",\\s*([^\\s,]+)\\s*" \
83 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
84 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
85 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
86 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
87 "(?:(?:,\\s*([^\\s,]+)\\s*)|(?:,\\s*([^\\s,]+)\\s+([^\\s,]+)\\s*))?" \
94 static void DetectByteExtractRegisterTests(
void);
120 const uint8_t *ptr = NULL;
133 SCLogDebug(
"relative, working with det_ctx->buffer_offset %"PRIu32
", "
150 ptr = payload + data->
offset;
155 if (ptr < payload || data->nbytes >
len) {
156 SCLogDebug(
"Data not within payload pkt=%p, ptr=%p, len=%"PRIu32
", nbytes=%d",
164 data->
nbytes, (
const char *)ptr);
171 SCLogDebug(
"error extracting %d bytes of string data: %d",
180 if (extbytes != data->
nbytes) {
181 SCLogDebug(
"error extracting %d bytes of numeric data: %d",
200 SCLogDebug(
"extracted value is %"PRIu64, val);
217 int ret = 0, res = 0;
222 if (ret < 3 || ret > 19) {
223 SCLogError(
"parse error, ret %" PRId32
", string \"%s\"", ret, arg);
224 SCLogError(
"Invalid arg to byte_extract : %s "
236 char nbytes_str[64] =
"";
237 pcre2len =
sizeof(nbytes_str);
238 res = pcre2_substring_copy_bynumber(
239 parse_regex.
match, 1, (PCRE2_UCHAR8 *)nbytes_str, &pcre2len);
241 SCLogError(
"pcre2_substring_copy_bynumber failed "
242 "for arg 1 for byte_extract");
246 (
const char *)nbytes_str) < 0) {
247 SCLogError(
"Invalid value for number of bytes"
248 " to be extracted: \"%s\".",
254 char offset_str[64] =
"";
255 pcre2len =
sizeof(offset_str);
256 res = pcre2_substring_copy_bynumber(
257 parse_regex.
match, 2, (PCRE2_UCHAR8 *)offset_str, &pcre2len);
259 SCLogError(
"pcre2_substring_copy_bynumber failed "
260 "for arg 2 for byte_extract");
265 SCLogError(
"Invalid value for offset: \"%s\".", offset_str);
271 char varname_str[256] =
"";
272 pcre2len =
sizeof(varname_str);
273 res = pcre2_substring_copy_bynumber(
274 parse_regex.
match, 3, (PCRE2_UCHAR8 *)varname_str, &pcre2len);
276 SCLogError(
"pcre2_substring_copy_bynumber failed "
277 "for arg 3 for byte_extract");
281 if (bed->
name == NULL)
285 for (i = 4; i < ret; i++) {
286 char opt_str[64] =
"";
287 pcre2len =
sizeof(opt_str);
290 SCLogError(
"pcre2_substring_copy_bynumber failed "
291 "for arg %d for byte_extract with %d",
296 if (strcmp(
"relative", opt_str) == 0) {
299 "than once for byte_extract");
303 }
else if (strcmp(
"multiplier", opt_str) == 0) {
306 "than once for byte_extract");
312 char multiplier_str[16] =
"";
313 pcre2len =
sizeof(multiplier_str);
314 res = pcre2_substring_copy_bynumber(
315 parse_regex.
match, i, (PCRE2_UCHAR8 *)multiplier_str, &pcre2len);
317 SCLogError(
"pcre2_substring_copy_bynumber failed "
318 "for arg %d for byte_extract",
327 "multiplier: \"%s\".",
332 }
else if (strcmp(
"big", opt_str) == 0) {
335 "more than once for byte_extract");
340 }
else if (strcmp(
"little", opt_str) == 0) {
343 "more than once for byte_extract");
348 }
else if (strcmp(
"dce", opt_str) == 0) {
351 "more than once for byte_extract");
356 }
else if (strcmp(
"string", opt_str) == 0) {
359 "than once for byte_extract");
364 "base is (string, base) and not (base, string) "
369 }
else if (strcmp(
"hex", opt_str) == 0) {
372 "without specifying string. The right way is "
373 "(string, base) and not (base, string)");
378 "specified for byte_extract");
382 }
else if (strcmp(
"oct", opt_str) == 0) {
385 "without specifying string. The right way is "
386 "(string, base) and not (base, string)");
391 "specified for byte_extract");
395 }
else if (strcmp(
"dec", opt_str) == 0) {
398 "without specifying string. The right way is "
399 "(string, base) and not (base, string)");
404 "specified for byte_extract");
408 }
else if (strcmp(
"align", opt_str) == 0) {
411 "than once for byte_extract");
417 char align_str[16] =
"";
418 pcre2len =
sizeof(align_str);
419 res = pcre2_substring_copy_bynumber(
420 parse_regex.
match, i, (PCRE2_UCHAR8 *)align_str, &pcre2len);
422 SCLogError(
"pcre2_substring_copy_bynumber failed "
423 "for arg %d in byte_extract",
428 (
const char *)align_str) < 0) {
436 "byte_extract - \"%d\"",
440 }
else if (strcmp(
"", opt_str) == 0) {
444 "specified in byte_extract",
463 "endian \"big\" or \"little\" specified along with "
472 "more than %d bytes in \"string\" extraction",
481 "more than %d bytes in \"string\" extraction",
490 "more than %d bytes in \"string\" extraction",
500 "more than %d bytes in \"non-string\" extraction",
513 DetectByteExtractFree(
de_ctx, bed);
537 data = DetectByteExtractParse(
de_ctx, arg);
553 if (prev_pm == NULL) {
573 if (prev_pm == NULL) {
596 "A byte_jump keyword with dce holds other invalid modifiers.");
603 if (prev_bed_sm == NULL)
615 sm->
ctx = (
void *)data;
637 DetectByteExtractFree(
de_ctx, data);
650 if (bed->
name != NULL)
669 for (
int list = 0; list < nlists; list++) {
674 if (strcmp(bed->
name, arg) == 0) {
689 static int g_file_data_buffer_id = 0;
690 static int g_http_uri_buffer_id = 0;
692 static int DetectByteExtractTest01(
void)
702 strcmp(bed->
name,
"one") != 0 ||
714 DetectByteExtractFree(NULL, bed);
718 static int DetectByteExtractTest02(
void)
728 strcmp(bed->
name,
"one") != 0 ||
740 DetectByteExtractFree(NULL, bed);
744 static int DetectByteExtractTest03(
void)
754 strcmp(bed->
name,
"one") != 0 ||
766 DetectByteExtractFree(NULL, bed);
770 static int DetectByteExtractTest04(
void)
780 strcmp(bed->
name,
"one") != 0 ||
793 DetectByteExtractFree(NULL, bed);
797 static int DetectByteExtractTest05(
void)
807 strcmp(bed->
name,
"one") != 0 ||
819 DetectByteExtractFree(NULL, bed);
823 static int DetectByteExtractTest06(
void)
833 strcmp(bed->
name,
"one") != 0 ||
845 DetectByteExtractFree(NULL, bed);
849 static int DetectByteExtractTest07(
void)
859 strcmp(bed->
name,
"one") != 0 ||
871 DetectByteExtractFree(NULL, bed);
875 static int DetectByteExtractTest08(
void)
885 strcmp(bed->
name,
"one") != 0 ||
897 DetectByteExtractFree(NULL, bed);
901 static int DetectByteExtractTest09(
void)
911 strcmp(bed->
name,
"one") != 0 ||
923 DetectByteExtractFree(NULL, bed);
927 static int DetectByteExtractTest10(
void)
937 strcmp(bed->
name,
"one") != 0 ||
949 DetectByteExtractFree(NULL, bed);
953 static int DetectByteExtractTest11(
void)
963 strcmp(bed->
name,
"one") != 0 ||
975 DetectByteExtractFree(NULL, bed);
979 static int DetectByteExtractTest12(
void)
989 strcmp(bed->
name,
"one") != 0 ||
1002 DetectByteExtractFree(NULL, bed);
1006 static int DetectByteExtractTest13(
void)
1016 strcmp(bed->
name,
"one") != 0 ||
1030 DetectByteExtractFree(NULL, bed);
1034 static int DetectByteExtractTest14(
void)
1044 strcmp(bed->
name,
"one") != 0 ||
1058 DetectByteExtractFree(NULL, bed);
1062 static int DetectByteExtractTest15(
void)
1072 strcmp(bed->
name,
"one") != 0 ||
1086 DetectByteExtractFree(NULL, bed);
1090 static int DetectByteExtractTest16(
void)
1094 DetectByteExtractData *bed = DetectByteExtractParse(NULL,
"4, 2, one, align 4, relative, little, multiplier 2");
1100 strcmp(bed->
name,
"one") != 0 ||
1115 DetectByteExtractFree(NULL, bed);
1119 static int DetectByteExtractTest17(
void)
1124 "relative, little, "
1125 "multiplier 2, string hex");
1132 DetectByteExtractFree(NULL, bed);
1136 static int DetectByteExtractTest18(
void)
1141 "relative, little, "
1150 DetectByteExtractFree(NULL, bed);
1154 static int DetectByteExtractTest19(
void)
1159 "relative, little, "
1168 DetectByteExtractFree(NULL, bed);
1172 static int DetectByteExtractTest20(
void)
1186 DetectByteExtractFree(NULL, bed);
1190 static int DetectByteExtractTest21(
void)
1204 DetectByteExtractFree(NULL, bed);
1208 static int DetectByteExtractTest22(
void)
1222 DetectByteExtractFree(NULL, bed);
1226 static int DetectByteExtractTest23(
void)
1240 DetectByteExtractFree(NULL, bed);
1244 static int DetectByteExtractTest24(
void)
1257 DetectByteExtractFree(NULL, bed);
1261 static int DetectByteExtractTest25(
void)
1274 DetectByteExtractFree(NULL, bed);
1278 static int DetectByteExtractTest26(
void)
1285 "multiplier 65536");
1292 DetectByteExtractFree(NULL, bed);
1296 static int DetectByteExtractTest27(
void)
1310 DetectByteExtractFree(NULL, bed);
1314 static int DetectByteExtractTest28(
void)
1325 DetectByteExtractFree(NULL, bed);
1329 static int DetectByteExtractTest29(
void)
1340 DetectByteExtractFree(NULL, bed);
1344 static int DetectByteExtractTest30(
void)
1355 DetectByteExtractFree(NULL, bed);
1359 static int DetectByteExtractTest31(
void)
1370 DetectByteExtractFree(NULL, bed);
1374 static int DetectByteExtractTest32(
void)
1385 DetectByteExtractFree(NULL, bed);
1389 static int DetectByteExtractTest33(
void)
1400 DetectByteExtractFree(NULL, bed);
1404 static int DetectByteExtractTest34(
void)
1419 "(msg:\"Testing bytejump_body\"; "
1421 "byte_extract:4,2,two,relative,string,hex; "
1447 printf(
"one failed\n");
1480 static int DetectByteExtractTest35(
void)
1496 "(msg:\"Testing bytejump_body\"; "
1497 "content:\"one\"; pcre:/asf/; "
1498 "byte_extract:4,0,two,relative,string,hex; "
1524 printf(
"one failed\n");
1548 strcmp(bed->
name,
"two") != 0 ||
1568 static int DetectByteExtractTest36(
void)
1584 "(msg:\"Testing bytejump_body\"; "
1585 "content:\"one\"; byte_jump:1,13; "
1586 "byte_extract:4,0,two,relative,string,hex; "
1612 printf(
"one failed\n");
1623 if (bjd->
flags != 0) {
1636 strcmp(bed->
name,
"two") != 0 ||
1656 static int DetectByteExtractTest37(
void)
1672 "(msg:\"Testing bytejump_body\"; "
1673 "content:\"one\"; uricontent:\"two\"; "
1674 "byte_extract:4,0,two,relative,string,hex; "
1700 printf(
"one failed\n");
1705 if (sm->
next != NULL) {
1710 sm = s->sm_lists[g_http_uri_buffer_id];
1724 printf(
"two failed\n");
1737 strcmp(bed->
name,
"two") != 0 ||
1757 static int DetectByteExtractTest38(
void)
1773 "(msg:\"Testing bytejump_body\"; "
1774 "content:\"one\"; uricontent:\"two\"; "
1775 "byte_extract:4,0,two,string,hex; "
1801 printf(
"one failed\n");
1814 strcmp(bed->
name,
"two") != 0 ||
1823 sm = s->sm_lists[g_http_uri_buffer_id];
1837 printf(
"two failed\n");
1842 if (sm->
next != NULL) {
1857 static int DetectByteExtractTest39(
void)
1873 "(msg:\"Testing bytejump_body\"; "
1874 "content:\"one\"; content:\"two\"; http_uri; "
1875 "byte_extract:4,0,two,relative,string,hex; "
1901 printf(
"one failed\n");
1906 if (sm->
next != NULL) {
1911 sm = s->sm_lists[g_http_uri_buffer_id];
1925 printf(
"two failed\n");
1938 strcmp(bed->
name,
"two") != 0 ||
1958 static int DetectByteExtractTest40(
void)
1974 "(msg:\"Testing bytejump_body\"; "
1975 "content:\"one\"; content:\"two\"; http_uri; "
1976 "byte_extract:4,0,two,string,hex; "
2002 printf(
"one failed\n");
2015 strcmp(bed->
name,
"two") != 0 ||
2024 sm = s->sm_lists[g_http_uri_buffer_id];
2038 printf(
"two failed\n");
2043 if (sm->
next != NULL) {
2058 static int DetectByteExtractTest41(
void)
2073 "(msg:\"Testing bytejump_body\"; "
2075 "byte_extract:4,0,two,string,hex; "
2076 "byte_extract:4,0,three,string,hex; "
2102 printf(
"one failed\n");
2115 strcmp(bed->
name,
"two") != 0 ||
2136 strcmp(bed->
name,
"three") != 0 ||
2159 static int DetectByteExtractTest42(
void)
2175 "(msg:\"Testing bytejump_body\"; "
2177 "byte_extract:4,0,two,string,hex; "
2178 "uricontent: \"three\"; "
2179 "byte_extract:4,0,four,string,hex,relative; "
2180 "byte_extract:4,0,five,string,hex; "
2206 printf(
"one failed\n");
2219 strcmp(bed->
name,
"two") != 0 ||
2240 strcmp(bed->
name,
"five") != 0 ||
2253 if (sm->
next != NULL)
2256 sm = s->sm_lists[g_http_uri_buffer_id];
2270 printf(
"two failed\n");
2283 strcmp(bed->
name,
"four") != 0 ||
2297 if (sm->
next != NULL)
2310 static int DetectByteExtractTest43(
void)
2325 "(msg:\"Testing bytejump_body\"; "
2327 "byte_extract:4,0,two,string,hex; "
2328 "content: \"three\"; offset:two; "
2354 printf(
"one failed\n");
2367 strcmp(bed->
name,
"two") != 0 ||
2390 printf(
"three failed\n");
2395 if (sm->
next != NULL)
2408 static int DetectByteExtractTest44(
void)
2424 "(msg:\"Testing bytejump_body\"; "
2426 "byte_extract:4,0,two,string,hex; "
2427 "byte_extract:4,0,three,string,hex; "
2428 "content: \"four\"; offset:two; "
2429 "content: \"five\"; offset:three; "
2455 printf(
"one failed\n");
2468 strcmp(bed1->
name,
"two") != 0 ||
2498 printf(
"four failed\n");
2513 printf(
"five failed\n");
2518 if (sm->
next != NULL)
2531 static int DetectByteExtractTest45(
void)
2546 "(msg:\"Testing bytejump_body\"; "
2548 "byte_extract:4,0,two,string,hex; "
2549 "content: \"three\"; depth:two; "
2575 printf(
"one failed\n");
2588 strcmp(bed->
name,
"two") != 0 ||
2612 printf(
"three failed\n");
2617 if (sm->
next != NULL)
2630 static int DetectByteExtractTest46(
void)
2646 "(msg:\"Testing bytejump_body\"; "
2648 "byte_extract:4,0,two,string,hex; "
2649 "byte_extract:4,0,three,string,hex; "
2650 "content: \"four\"; depth:two; "
2651 "content: \"five\"; depth:three; "
2677 printf(
"one failed\n");
2690 strcmp(bed1->
name,
"two") != 0 ||
2720 printf(
"four failed\n");
2735 printf(
"five failed\n");
2740 if (sm->
next != NULL)
2753 static int DetectByteExtractTest47(
void)
2768 "(msg:\"Testing bytejump_body\"; "
2770 "byte_extract:4,0,two,string,hex; "
2771 "content: \"three\"; distance:two; "
2797 printf(
"one failed\n");
2810 strcmp(bed->
name,
"two") != 0 ||
2835 printf(
"three failed\n");
2840 if (sm->
next != NULL)
2853 static int DetectByteExtractTest48(
void)
2869 "(msg:\"Testing bytejump_body\"; "
2871 "byte_extract:4,0,two,string,hex; "
2872 "byte_extract:4,0,three,string,hex; "
2873 "content: \"four\"; distance:two; "
2874 "content: \"five\"; distance:three; "
2900 printf(
"one failed\n");
2913 strcmp(bed1->
name,
"two") != 0 ||
2946 printf(
"four failed\n");
2963 printf(
"five failed\n");
2968 if (sm->
next != NULL)
2981 static int DetectByteExtractTest49(
void)
2996 "(msg:\"Testing bytejump_body\"; "
2998 "byte_extract:4,0,two,string,hex; "
2999 "content: \"three\"; within:two; "
3025 printf(
"one failed\n");
3038 strcmp(bed->
name,
"two") != 0 ||
3064 printf(
"three failed\n");
3069 if (sm->
next != NULL)
3082 static int DetectByteExtractTest50(
void)
3098 "(msg:\"Testing bytejump_body\"; "
3100 "byte_extract:4,0,two,string,hex; "
3101 "byte_extract:4,0,three,string,hex; "
3102 "content: \"four\"; within:two; "
3103 "content: \"five\"; within:three; "
3129 printf(
"one failed\n");
3142 strcmp(bed1->
name,
"two") != 0 ||
3176 printf(
"four failed\n");
3194 printf(
"five failed\n");
3199 if (sm->
next != NULL)
3212 static int DetectByteExtractTest51(
void)
3228 "(msg:\"Testing bytejump_body\"; "
3230 "byte_extract:4,0,two,string,hex; "
3231 "byte_test: 2,=,10, two; "
3257 printf(
"one failed\n");
3270 strcmp(bed->
name,
"two") != 0 ||
3292 printf(
"three failed\n");
3297 if (sm->
next != NULL)
3310 static int DetectByteExtractTest52(
void)
3326 "(msg:\"Testing bytejump_body\"; "
3328 "byte_extract:4,0,two,string,hex; "
3329 "byte_extract:4,0,three,string,hex; "
3330 "byte_test: 2,=,two,three; "
3331 "byte_test: 3,=,10,three; "
3357 printf(
"one failed\n");
3370 strcmp(bed1->
name,
"two") != 0 ||
3399 printf(
"three failed\n");
3413 printf(
"four failed\n");
3418 if (sm->
next != NULL)
3431 static int DetectByteExtractTest53(
void)
3447 "(msg:\"Testing bytejump_body\"; "
3449 "byte_extract:4,0,two,string,hex; "
3450 "byte_jump: 2,two; "
3476 printf(
"one failed\n");
3489 strcmp(bed->
name,
"two") != 0 ||
3510 printf(
"three failed\n");
3515 if (sm->
next != NULL)
3528 static int DetectByteExtractTest54(
void)
3544 "(msg:\"Testing bytejump_body\"; "
3546 "byte_extract:4,0,two,string,hex; "
3547 "byte_extract:4,0,three,string,hex; "
3548 "byte_jump: 2,two; "
3549 "byte_jump: 3,three; "
3575 printf(
"one failed\n");
3588 strcmp(bed1->
name,
"two") != 0 ||
3615 printf(
"three failed\n");
3628 printf(
"four failed\n");
3633 if (sm->
next != NULL)
3646 static int DetectByteExtractTest55(
void)
3662 "(msg:\"Testing byte_extract\"; "
3664 "byte_extract:4,0,two,string,hex; "
3665 "byte_extract:4,0,three,string,hex; "
3666 "byte_extract:4,0,four,string,hex; "
3667 "byte_extract:4,0,five,string,hex; "
3668 "content: \"four\"; within:two; distance:three; "
3691 printf(
"one failed: ");
3702 strcmp(bed1->
name,
"two") != 0 ||
3742 printf(
"four failed: ");
3746 if (sm->
next != NULL) {
3760 static int DetectByteExtractTest56(
void)
3776 "(msg:\"Testing bytejump_body\"; "
3777 "uricontent:\"urione\"; "
3779 "byte_extract:4,0,two,string,hex; "
3780 "byte_extract:4,0,three,string,hex; "
3781 "byte_extract:4,0,four,string,hex; "
3782 "byte_extract:4,0,five,string,hex; "
3783 "content: \"four\"; within:two; distance:three; "
3795 sm = s->sm_lists[g_http_uri_buffer_id];
3809 printf(
"one failed\n");
3814 if (sm->
next != NULL)
3831 printf(
"one failed\n");
3844 strcmp(bed1->
name,
"two") != 0 ||
3889 printf(
"four failed\n");
3894 if (sm->
next != NULL) {
3908 static int DetectByteExtractTest57(
void)
3926 "(msg:\"Testing bytejump_body\"; "
3928 "uricontent: \"urione\"; "
3929 "byte_extract:4,0,two,string,hex,relative; "
3930 "byte_extract:4,0,three,string,hex,relative; "
3931 "byte_extract:4,0,four,string,hex,relative; "
3932 "byte_extract:4,0,five,string,hex,relative; "
3933 "uricontent: \"four\"; within:two; distance:three; "
3959 printf(
"one failed\n");
3964 if (sm->
next != NULL)
3967 sm = s->sm_lists[g_http_uri_buffer_id];
3981 printf(
"one failed\n");
3994 strcmp(bed1->
name,
"two") != 0 ||
4054 printf(
"four failed\n");
4059 if (sm->
next != NULL) {
4073 static int DetectByteExtractTest58(
void)
4090 "(msg:\"Testing bytejump_body\"; "
4092 "byte_extract:4,0,two,string,hex; "
4093 "byte_extract:4,0,three,string,hex; "
4094 "byte_jump: 2,two; "
4095 "byte_jump: 3,three; "
4122 printf(
"one failed\n");
4135 strcmp(bed1->
name,
"two") != 0 ||
4162 printf(
"three failed\n");
4175 printf(
"four failed\n");
4188 printf(
"isdataat failed\n");
4193 if (sm->
next != NULL)
4206 static int DetectByteExtractTest59(
void)
4223 "(msg:\"Testing bytejump_body\"; "
4225 "byte_extract:4,0,two,string,hex; "
4226 "byte_extract:4,0,three,string,hex; "
4227 "byte_jump: 2,two; "
4228 "byte_jump: 3,three; "
4229 "isdataat: three,relative; "
4255 printf(
"one failed\n");
4268 strcmp(bed1->
name,
"two") != 0 ||
4295 printf(
"three failed\n");
4308 printf(
"four failed\n");
4322 printf(
"isdataat failed\n");
4327 if (sm->
next != NULL)
4340 static int DetectByteExtractTest60(
void)
4356 "(msg:\"Testing bytejump_body\"; "
4358 "byte_extract:4,0,two,string,hex,relative; "
4359 "uricontent: \"three\"; "
4360 "byte_extract:4,0,four,string,hex,relative; "
4387 printf(
"one failed\n");
4400 strcmp(bed1->
name,
"two") != 0 ||
4422 printf(
"isdataat failed\n");
4427 if (sm->
next != NULL)
4430 if (s->sm_lists_tail[g_http_uri_buffer_id] == NULL) {
4435 sm = s->sm_lists[g_http_uri_buffer_id];
4443 printf(
"one failed\n");
4456 strcmp(bed1->
name,
"four") != 0 ||
4470 if (sm->
next != NULL)
4483 static int DetectByteExtractTest61(
void)
4499 "(msg:\"Testing bytejump_body\"; "
4501 "byte_extract:4,0,two,string,hex,relative; "
4502 "uricontent: \"three\"; "
4503 "byte_extract:4,0,four,string,hex,relative; "
4504 "isdataat: four, relative; "
4530 printf(
"one failed\n");
4543 strcmp(bed1->
name,
"two") != 0 ||
4557 if (sm->
next != NULL)
4560 if (s->sm_lists_tail[g_http_uri_buffer_id] == NULL) {
4565 sm = s->sm_lists[g_http_uri_buffer_id];
4573 printf(
"one failed\n");
4586 strcmp(bed1->
name,
"four") != 0 ||
4609 printf(
"isdataat failed\n");
4614 if (sm->
next != NULL)
4627 static int DetectByteExtractTest62(
void)
4641 "(file_data; byte_extract:4,2,two,relative,string,hex; "
4647 if (s->sm_lists_tail[g_file_data_buffer_id] == NULL) {
4651 sm = s->sm_lists[g_file_data_buffer_id];
4659 strncmp(bed->
name,
"two", 3) != 0 ||
4678 static int DetectByteExtractTest63(
void)
4688 strcmp(bed->
name,
"one") != 0 ||
4700 DetectByteExtractFree(NULL, bed);
4704 static int DetectByteExtractTestParseNoBase(
void)
4718 if (strcmp(bed->
name,
"one") != 0) {
4740 DetectByteExtractFree(NULL, bed);
4744 static void DetectByteExtractRegisterTests(
void)
4749 UtRegisterTest(
"DetectByteExtractTest01", DetectByteExtractTest01);
4750 UtRegisterTest(
"DetectByteExtractTest02", DetectByteExtractTest02);
4751 UtRegisterTest(
"DetectByteExtractTest03", DetectByteExtractTest03);
4752 UtRegisterTest(
"DetectByteExtractTest04", DetectByteExtractTest04);
4753 UtRegisterTest(
"DetectByteExtractTest05", DetectByteExtractTest05);
4754 UtRegisterTest(
"DetectByteExtractTest06", DetectByteExtractTest06);
4755 UtRegisterTest(
"DetectByteExtractTest07", DetectByteExtractTest07);
4756 UtRegisterTest(
"DetectByteExtractTest08", DetectByteExtractTest08);
4757 UtRegisterTest(
"DetectByteExtractTest09", DetectByteExtractTest09);
4758 UtRegisterTest(
"DetectByteExtractTest10", DetectByteExtractTest10);
4759 UtRegisterTest(
"DetectByteExtractTest11", DetectByteExtractTest11);
4760 UtRegisterTest(
"DetectByteExtractTest12", DetectByteExtractTest12);
4761 UtRegisterTest(
"DetectByteExtractTest13", DetectByteExtractTest13);
4762 UtRegisterTest(
"DetectByteExtractTest14", DetectByteExtractTest14);
4763 UtRegisterTest(
"DetectByteExtractTest15", DetectByteExtractTest15);
4764 UtRegisterTest(
"DetectByteExtractTest16", DetectByteExtractTest16);
4765 UtRegisterTest(
"DetectByteExtractTest17", DetectByteExtractTest17);
4766 UtRegisterTest(
"DetectByteExtractTest18", DetectByteExtractTest18);
4767 UtRegisterTest(
"DetectByteExtractTest19", DetectByteExtractTest19);
4768 UtRegisterTest(
"DetectByteExtractTest20", DetectByteExtractTest20);
4769 UtRegisterTest(
"DetectByteExtractTest21", DetectByteExtractTest21);
4770 UtRegisterTest(
"DetectByteExtractTest22", DetectByteExtractTest22);
4771 UtRegisterTest(
"DetectByteExtractTest23", DetectByteExtractTest23);
4772 UtRegisterTest(
"DetectByteExtractTest24", DetectByteExtractTest24);
4773 UtRegisterTest(
"DetectByteExtractTest25", DetectByteExtractTest25);
4774 UtRegisterTest(
"DetectByteExtractTest26", DetectByteExtractTest26);
4775 UtRegisterTest(
"DetectByteExtractTest27", DetectByteExtractTest27);
4776 UtRegisterTest(
"DetectByteExtractTest28", DetectByteExtractTest28);
4777 UtRegisterTest(
"DetectByteExtractTest29", DetectByteExtractTest29);
4778 UtRegisterTest(
"DetectByteExtractTest30", DetectByteExtractTest30);
4779 UtRegisterTest(
"DetectByteExtractTest31", DetectByteExtractTest31);
4780 UtRegisterTest(
"DetectByteExtractTest32", DetectByteExtractTest32);
4781 UtRegisterTest(
"DetectByteExtractTest33", DetectByteExtractTest33);
4782 UtRegisterTest(
"DetectByteExtractTest34", DetectByteExtractTest34);
4783 UtRegisterTest(
"DetectByteExtractTest35", DetectByteExtractTest35);
4784 UtRegisterTest(
"DetectByteExtractTest36", DetectByteExtractTest36);
4785 UtRegisterTest(
"DetectByteExtractTest37", DetectByteExtractTest37);
4786 UtRegisterTest(
"DetectByteExtractTest38", DetectByteExtractTest38);
4787 UtRegisterTest(
"DetectByteExtractTest39", DetectByteExtractTest39);
4788 UtRegisterTest(
"DetectByteExtractTest40", DetectByteExtractTest40);
4789 UtRegisterTest(
"DetectByteExtractTest41", DetectByteExtractTest41);
4790 UtRegisterTest(
"DetectByteExtractTest42", DetectByteExtractTest42);
4792 UtRegisterTest(
"DetectByteExtractTest43", DetectByteExtractTest43);
4793 UtRegisterTest(
"DetectByteExtractTest44", DetectByteExtractTest44);
4795 UtRegisterTest(
"DetectByteExtractTest45", DetectByteExtractTest45);
4796 UtRegisterTest(
"DetectByteExtractTest46", DetectByteExtractTest46);
4798 UtRegisterTest(
"DetectByteExtractTest47", DetectByteExtractTest47);
4799 UtRegisterTest(
"DetectByteExtractTest48", DetectByteExtractTest48);
4801 UtRegisterTest(
"DetectByteExtractTest49", DetectByteExtractTest49);
4802 UtRegisterTest(
"DetectByteExtractTest50", DetectByteExtractTest50);
4804 UtRegisterTest(
"DetectByteExtractTest51", DetectByteExtractTest51);
4805 UtRegisterTest(
"DetectByteExtractTest52", DetectByteExtractTest52);
4807 UtRegisterTest(
"DetectByteExtractTest53", DetectByteExtractTest53);
4808 UtRegisterTest(
"DetectByteExtractTest54", DetectByteExtractTest54);
4810 UtRegisterTest(
"DetectByteExtractTest55", DetectByteExtractTest55);
4811 UtRegisterTest(
"DetectByteExtractTest56", DetectByteExtractTest56);
4812 UtRegisterTest(
"DetectByteExtractTest57", DetectByteExtractTest57);
4814 UtRegisterTest(
"DetectByteExtractTest58", DetectByteExtractTest58);
4815 UtRegisterTest(
"DetectByteExtractTest59", DetectByteExtractTest59);
4816 UtRegisterTest(
"DetectByteExtractTest60", DetectByteExtractTest60);
4817 UtRegisterTest(
"DetectByteExtractTest61", DetectByteExtractTest61);
4818 UtRegisterTest(
"DetectByteExtractTest62", DetectByteExtractTest62);
4819 UtRegisterTest(
"DetectByteExtractTest63", DetectByteExtractTest63);
4822 DetectByteExtractTestParseNoBase);