suricata
detect-rev.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2010 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Victor Julien <victor@inliniac.net>
22  *
23  * Implements the rev keyword
24  */
25 
26 #include "suricata-common.h"
27 #include "detect.h"
28 #include "detect-engine.h"
29 #include "detect-parse.h"
30 #include "detect-rev.h"
31 #include "util-byte.h"
32 #include "util-debug.h"
33 #include "util-error.h"
34 #include "util-unittest.h"
35 
36 static int DetectRevSetup (DetectEngineCtx *, Signature *, const char *);
37 #ifdef UNITTESTS
38 static void DetectRevRegisterTests(void);
39 #endif
40 
41 void DetectRevRegister (void)
42 {
44  sigmatch_table[DETECT_REV].desc = "set version of the rule";
45  sigmatch_table[DETECT_REV].url = "/rules/meta.html#rev-revision";
46  sigmatch_table[DETECT_REV].Setup = DetectRevSetup;
47 #ifdef UNITTESTS
48  sigmatch_table[DETECT_REV].RegisterTests = DetectRevRegisterTests;
49 #endif
50 }
51 
52 static int DetectRevSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
53 {
54  uint32_t rev = 0;
55  if (ByteExtractStringUint32(&rev, 10, strlen(rawstr), rawstr) <= 0) {
56  SCLogError("invalid input as arg to rev keyword");
57  goto error;
58  }
59  if (rev == 0) {
60  SCLogError("rev value 0 is invalid");
61  goto error;
62  }
63  if (s->rev > 0) {
64  SCLogError("duplicated 'rev' keyword detected");
65  goto error;
66  }
67 
68  s->rev = rev;
69  return 0;
70 
71 error:
72  return -1;
73 }
74 
75 #ifdef UNITTESTS
76 /**
77  * \test RevTestParse01 is a test for a valid rev value
78  */
79 static int RevTestParse01(void)
80 {
83 
84  Signature *s =
85  DetectEngineAppendSig(de_ctx, "alert tcp 1.2.3.4 any -> any any (sid:1; rev:1;)");
86 
87  FAIL_IF_NULL(s);
88  FAIL_IF(s->rev != 1);
89 
91  PASS;
92 }
93 
94 /**
95  * \test RevTestParse02 is a test for an invalid rev value
96  */
97 static int RevTestParse02(void)
98 {
101 
103  DetectEngineAppendSig(de_ctx, "alert tcp 1.2.3.4 any -> any any (sid:1; rev:a;)"));
104 
106  PASS;
107 }
108 
109 /**
110  * \test RevTestParse03 is a test for a rev containing of a single quote.
111  */
112 static int RevTestParse03(void)
113 {
116 
118  de_ctx, "alert tcp any any -> any any (content:\"ABC\"; rev:\";)"));
119 
121  PASS;
122 }
123 
124 /**
125  * \test RevTestParse04 is a test for a rev value of 0
126  */
127 static int RevTestParse04(void)
128 {
131 
133  de_ctx, "alert tcp any any -> any any (content:\"ABC\"; rev:0;)"));
134 
136  PASS;
137 }
138 
139 /**
140  * \brief this function registers unit tests for Rev
141  */
142 static void DetectRevRegisterTests(void)
143 {
144  UtRegisterTest("RevTestParse01", RevTestParse01);
145  UtRegisterTest("RevTestParse02", RevTestParse02);
146  UtRegisterTest("RevTestParse03", RevTestParse03);
147  UtRegisterTest("RevTestParse04", RevTestParse04);
148 }
149 #endif /* UNITTESTS */
util-byte.h
SigTableElmt_::url
const char * url
Definition: detect.h:1462
detect-engine.h
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
SigTableElmt_::desc
const char * desc
Definition: detect.h:1461
DetectRevRegister
void DetectRevRegister(void)
Definition: detect-rev.c:41
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:79
SigTableElmt_::name
const char * name
Definition: detect.h:1459
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:932
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2641
DETECT_REV
@ DETECT_REV
Definition: detect-engine-register.h:30
ByteExtractStringUint32
int ByteExtractStringUint32(uint32_t *res, int base, size_t len, const char *str)
Definition: util-byte.c:239
detect-rev.h
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:3437
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1441
util-unittest.h
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
util-debug.h
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
util-error.h
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
detect.h
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
suricata-common.h
Signature_::rev
uint32_t rev
Definition: detect.h:715
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:267
detect-parse.h
Signature_
Signature container.
Definition: detect.h:668
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2602
SigTableElmt_::RegisterTests
void(* RegisterTests)(void)
Definition: detect.h:1448