Go to the documentation of this file.
46 #define PARSE_REGEX "^\\s*([A-Za-z0-9]+)\\s*,\"?\\s*\"?\\s*([a-zA-Z0-9\\-_\\.\\/\\?\\=]+)\"?\\s*\"?"
51 static void ReferenceRegisterTests(
void);
106 "keyword argument - \"%s\". Invalid argument.", rawstr);
115 pcre2len =
sizeof(key);
116 res = pcre2_substring_copy_bynumber(parse_regex.
match, 1, (PCRE2_UCHAR8 *)key, &pcre2len);
122 pcre2len =
sizeof(content);
123 res = pcre2_substring_copy_bynumber(parse_regex.
match, 2, (PCRE2_UCHAR8 *)content, &pcre2len);
129 if (strlen(key) == 0 || strlen(content) == 0)
133 if (lookup_ref_conf != NULL) {
134 ref->
key = lookup_ref_conf->
url;
138 "unknown reference key \"%s\"", key);
143 "unknown reference key \"%s\"", key);
146 snprintf(
str,
sizeof(
str),
"config reference: %s undefined\n", key);
151 if (lookup_ref_conf == NULL)
199 while (sig_refs->
next != NULL) {
200 sig_refs = sig_refs->
next;
202 sig_refs->
next = ref;
219 static int DetectReferenceParseTest01(
void)
230 "(msg:\"One reference\"; reference:one,001-2010; sid:2;)");
235 FAIL_IF (strcmp(ref->
key,
"http://www.one.com") != 0);
248 static int DetectReferenceParseTest02(
void)
259 "(msg:\"Two references\"; "
260 "reference:one,openinfosecdoundation.txt; "
261 "reference:two,001-2010; sid:2;)");
267 FAIL_IF (strcmp(ref->
key,
"http://www.one.com") != 0);
271 FAIL_IF (strcmp(ref->
key,
"http://www.two.com") != 0);
284 static int DetectReferenceParseTest03(
void)
295 "(msg:\"invalid ref\"; "
296 "reference:unknownkey,001-2010; sid:2;)");
302 static void ReferenceRegisterTests(
void)
304 UtRegisterTest(
"DetectReferenceParseTest01", DetectReferenceParseTest01);
305 UtRegisterTest(
"DetectReferenceParseTest02", DetectReferenceParseTest02);
306 UtRegisterTest(
"DetectReferenceParseTest03", DetectReferenceParseTest03);
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
int DetectParsePcreExec(DetectParseRegex *parse_regex, const char *str, int start_offset, int options)
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
void DetectReferenceFree(DetectReference *ref)
Free a Reference object.
main detection engine ctx
@ SC_ERR_INVALID_SIGNATURE
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
@ SC_ERR_PCRE_GET_SUBSTRING
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
#define PASS
Pass the test.
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *detect_parse)
DetectReference * references
bool SigMatchStrictEnabled(const enum DetectKeywordId id)
Signature reference list.
#define REFERENCE_SYSTEM_NAME_MAX
int SCRConfLoadReferenceConfigFile(DetectEngineCtx *de_ctx, FILE *fd)
Loads the Reference info from the reference.config file.
#define SCReturnPtr(x, type)
void DetectReferenceRegister(void)
Registration function for the reference: keyword.
int SCRConfAddReference(DetectEngineCtx *de_ctx, const char *line)
Parses a line from the reference config file and adds it to Reference Config hash table DetectEngineC...
struct DetectReference_ * next
SCRConfReference * SCRConfGetReference(const char *rconf_name, DetectEngineCtx *de_ctx)
Gets the reference config from the corresponding hash table stored in the Detection Engine Context's ...
Signature * DetectEngineAppendSig(DetectEngineCtx *de_ctx, const char *sigstr)
Parse and append a Signature into the Detection Engine Context signature list.
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
SigTableElmt sigmatch_table[DETECT_TBLSIZE]
@ SC_ERR_REFERENCE_UNKNOWN
#define SCLogError(err_code,...)
Macro used to log ERROR messages.
Holds a reference from the file - reference.config.
#define SCLogWarning(err_code,...)
Macro used to log WARNING messages.
DetectEngineCtx * DetectEngineCtxInit(void)
FILE * SCRConfGenerateValidDummyReferenceConfigFD01(void)
Creates a dummy reference config, with all valid references, for testing purposes.
#define REFERENCE_CONTENT_NAME_MAX
void(* RegisterTests)(void)