suricata
detect-file-data.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2022 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Giuseppe Longo <giuseppelng@gmail.com>
22  * \author Victor Julien <victor@inliniac.net>
23  *
24  */
25 
26 #ifdef UNITTESTS
27 
28 #include "../stream-tcp.h"
29 #include "../detect.h"
30 #include "../detect-isdataat.h"
31 
32 static int DetectEngineSMTPFiledataTest02(void)
33 {
34  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
35  FAIL_IF_NOT(de_ctx);
36  de_ctx->flags |= DE_QUIET;
37 
38  Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
39  "(msg:\"file_data smtp test\"; "
40  "file_data; content:\"message\"; sid:1;)");
41  FAIL_IF_NULL(s);
42 
43  FAIL_IF_NOT(s->flags & SIG_FLAG_TOSERVER);
44  DetectEngineCtxFree(de_ctx);
45  PASS;
46 }
47 
48 /**
49  * \test Test the file_data fails with flow:to_server.
50  */
51 static int DetectFiledataParseTest04(void)
52 {
53  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
54  FAIL_IF_NULL(de_ctx);
55  de_ctx->flags |= DE_QUIET;
56  Signature *s = DetectEngineAppendSig(de_ctx,
57  "alert smtp any any -> any any "
58  "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)");
59  FAIL_IF_NOT_NULL(s);
60  DetectEngineCtxFree(de_ctx);
61  PASS;
62 }
63 
64 void DetectFiledataRegisterTests(void)
65 {
66  UtRegisterTest("DetectEngineSMTPFiledataTest02", DetectEngineSMTPFiledataTest02);
67  UtRegisterTest("DetectFiledataParseTest04", DetectFiledataParseTest04);
68 }
69 #endif
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:841
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2611
DE_QUIET
#define DE_QUIET
Definition: detect.h:323
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:2587
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition: detect.h:267
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
Signature_::flags
uint32_t flags
Definition: detect.h:602
DetectFiledataRegisterTests
void DetectFiledataRegisterTests(void)
Definition: detect-file-data.c:64
Signature_
Signature container.
Definition: detect.h:601
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2572
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:843