35 #include "../suricata-common.h"
36 #include "../suricata.h"
37 #include "../decode.h"
75 static int DetectHttpClientBodyParserTest01(
void)
78 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; nocase; http_client_body; sid:1;)",
true));
79 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; endswith; http_client_body; sid:1;)",
true));
80 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; startswith; http_client_body; sid:1;)",
true));
81 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; startswith; endswith; http_client_body; sid:1;)",
true));
83 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; rawbytes; http_client_body; sid:1;)",
false));
92 static int DetectHttpClientBodyParserTest02(
void)
95 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; nocase; sid:1;)",
true));
96 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; endswith; sid:1;)",
true));
97 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; startswith; sid:1;)",
true));
98 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; startswith; endswith; sid:1;)",
true));
101 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; rawbytes; sid:1;)",
false));
114 static int RunTest (
struct TestSteps *steps,
const char *sig,
const char *yaml)
123 memset(&th_v, 0,
sizeof(th_v));
124 memset(&f, 0,
sizeof(f));
125 memset(&ssn, 0,
sizeof(ssn));
144 f.
proto = IPPROTO_TCP;
158 while (b->
input != NULL) {
201 static int DetectEngineHttpClientBodyTest01(
void)
204 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
205 "Host: www.openinfosecfoundation.org\r\n"
206 "Content-Type: text/html\r\n"
207 "Content-Length: 46\r\n"
209 "This is dummy body1",
210 0, STREAM_TOSERVER, 0 },
211 { (
const uint8_t *)
"This is dummy message body2",
212 0, STREAM_TOSERVER, 1 },
216 const char *sig =
"alert http any any -> any any (content:\"body1This\"; http_client_body; sid:1;)";
217 return RunTest(steps, sig, NULL);
220 static int DetectEngineHttpClientBodyTest02(
void)
223 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
224 "Host: www.openinfosecfoundation.org\r\n"
225 "Content-Type: text/html\r\n"
226 "Content-Length: 19\r\n"
228 "This is dummy body1",
229 0, STREAM_TOSERVER, 1 },
233 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; offset:5; sid:1;)";
234 return RunTest(steps, sig, NULL);
237 static int DetectEngineHttpClientBodyTest03(
void)
240 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
241 "Host: www.openinfosecfoundation.org\r\n"
242 "Content-Type: text/html\r\n"
243 "Content-Length: 46\r\n"
245 "This is dummy body1",
246 0, STREAM_TOSERVER, 0 },
247 { (
const uint8_t *)
"This is dummy message body2",
248 0, STREAM_TOSERVER, 0 },
252 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; offset:16; sid:1;)";
253 return RunTest(steps, sig, NULL);
256 static int DetectEngineHttpClientBodyTest04(
void)
259 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
260 "Host: www.openinfosecfoundation.org\r\n"
261 "Content-Type: text/html\r\n"
262 "Content-Length: 46\r\n"
264 "This is dummy body1",
265 0, STREAM_TOSERVER, 0 },
266 { (
const uint8_t *)
"This is dummy message body2",
267 0, STREAM_TOSERVER, 1 },
271 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; offset:16; sid:1;)";
272 return RunTest(steps, sig, NULL);
275 static int DetectEngineHttpClientBodyTest05(
void)
278 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
279 "Host: www.openinfosecfoundation.org\r\n"
280 "Content-Type: text/html\r\n"
281 "Content-Length: 46\r\n"
283 "This is dummy body1",
284 0, STREAM_TOSERVER, 0 },
285 { (
const uint8_t *)
"This is dummy message body2",
286 0, STREAM_TOSERVER, 1 },
290 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; depth:25; sid:1;)";
291 return RunTest(steps, sig, NULL);
294 static int DetectEngineHttpClientBodyTest06(
void)
297 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
298 "Host: www.openinfosecfoundation.org\r\n"
299 "Content-Type: text/html\r\n"
300 "Content-Length: 46\r\n"
302 "This is dummy body1",
303 0, STREAM_TOSERVER, 0 },
304 { (
const uint8_t *)
"This is dummy message body2",
305 0, STREAM_TOSERVER, 0 },
309 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; depth:25; sid:1;)";
310 return RunTest(steps, sig, NULL);
313 static int DetectEngineHttpClientBodyTest07(
void)
316 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
317 "Host: www.openinfosecfoundation.org\r\n"
318 "Content-Type: text/html\r\n"
319 "Content-Length: 46\r\n"
321 "This is dummy body1",
322 0, STREAM_TOSERVER, 0 },
323 { (
const uint8_t *)
"This is dummy message body2",
324 0, STREAM_TOSERVER, 1 },
328 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; depth:15; sid:1;)";
329 return RunTest(steps, sig, NULL);
332 static int DetectEngineHttpClientBodyTest08(
void)
335 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
336 "Host: www.openinfosecfoundation.org\r\n"
337 "Content-Type: text/html\r\n"
338 "Content-Length: 46\r\n"
340 "This is dummy body1",
341 0, STREAM_TOSERVER, 0 },
342 { (
const uint8_t *)
"This is dummy message body2",
343 0, STREAM_TOSERVER, 1 },
347 const char *sig =
"alert http any any -> any any (content:\"This is dummy body1This is dummy message body2\"; http_client_body; sid:1;)";
348 return RunTest(steps, sig, NULL);
351 static int DetectEngineHttpClientBodyTest09(
void)
354 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
355 "Host: www.openinfosecfoundation.org\r\n"
356 "Content-Type: text/html\r\n"
357 "Content-Length: 46\r\n"
359 "This is dummy body1",
360 0, STREAM_TOSERVER, 0 },
361 { (
const uint8_t *)
"This is dummy message body2",
362 0, STREAM_TOSERVER, 1 },
366 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"This\"; http_client_body; within:5; sid:1;)";
367 return RunTest(steps, sig, NULL);
370 static int DetectEngineHttpClientBodyTest10(
void)
373 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
374 "Host: www.openinfosecfoundation.org\r\n"
375 "Content-Type: text/html\r\n"
376 "Content-Length: 46\r\n"
378 "This is dummy body1",
379 0, STREAM_TOSERVER, 0 },
380 { (
const uint8_t *)
"This is dummy message body2",
381 0, STREAM_TOSERVER, 1 },
385 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"boom\"; http_client_body; within:5; sid:1;)";
386 return RunTest(steps, sig, NULL);
389 static int DetectEngineHttpClientBodyTest11(
void)
392 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
393 "Host: www.openinfosecfoundation.org\r\n"
394 "Content-Type: text/html\r\n"
395 "Content-Length: 46\r\n"
397 "This is dummy body1",
398 0, STREAM_TOSERVER, 0 },
399 { (
const uint8_t *)
"This is dummy message body2",
400 0, STREAM_TOSERVER, 0 },
404 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"boom\"; http_client_body; within:5; sid:1;)";
405 return RunTest(steps, sig, NULL);
408 static int DetectEngineHttpClientBodyTest12(
void)
411 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
412 "Host: www.openinfosecfoundation.org\r\n"
413 "Content-Type: text/html\r\n"
414 "Content-Length: 46\r\n"
416 "This is dummy body1",
417 0, STREAM_TOSERVER, 0 },
418 { (
const uint8_t *)
"This is dummy message body2",
419 0, STREAM_TOSERVER, 0 },
423 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"This\"; http_client_body; within:5; sid:1;)";
424 return RunTest(steps, sig, NULL);
427 static int DetectEngineHttpClientBodyTest13(
void)
430 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
431 "Host: www.openinfosecfoundation.org\r\n"
432 "Content-Type: text/html\r\n"
433 "Content-Length: 46\r\n"
435 "This is dummy body1",
436 0, STREAM_TOSERVER, 0 },
437 { (
const uint8_t *)
"This is dummy message body2",
438 0, STREAM_TOSERVER, 1 },
442 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"dummy\"; http_client_body; distance:5; sid:1;)";
443 return RunTest(steps, sig, NULL);
446 static int DetectEngineHttpClientBodyTest14(
void)
449 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
450 "Host: www.openinfosecfoundation.org\r\n"
451 "Content-Type: text/html\r\n"
452 "Content-Length: 46\r\n"
454 "This is dummy body1",
455 0, STREAM_TOSERVER, 0 },
456 { (
const uint8_t *)
"This is dummy message body2",
457 0, STREAM_TOSERVER, 1 },
461 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"dummy\"; http_client_body; distance:10; sid:1;)";
462 return RunTest(steps, sig, NULL);
465 static int DetectEngineHttpClientBodyTest15(
void)
468 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
469 "Host: www.openinfosecfoundation.org\r\n"
470 "Content-Type: text/html\r\n"
471 "Content-Length: 46\r\n"
473 "This is dummy body1",
474 0, STREAM_TOSERVER, 0 },
475 { (
const uint8_t *)
"This is dummy message body2",
476 0, STREAM_TOSERVER, 0 },
480 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"dummy\"; http_client_body; distance:10; sid:1;)";
481 return RunTest(steps, sig, NULL);
484 static int DetectEngineHttpClientBodyTest16(
void)
487 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
488 "Host: www.openinfosecfoundation.org\r\n"
489 "Content-Type: text/html\r\n"
490 "Content-Length: 46\r\n"
492 "This is dummy body1",
493 0, STREAM_TOSERVER, 0 },
494 { (
const uint8_t *)
"This is dummy message body2",
495 0, STREAM_TOSERVER, 0 },
499 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"dummy\"; http_client_body; distance:5; sid:1;)";
500 return RunTest(steps, sig, NULL);
503 static int DetectEngineHttpClientBodyTest17(
void)
506 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
507 "Host: www.openinfosecfoundation.org\r\n"
508 "Content-Type: text/html\r\n"
509 "Content-Length: 19\r\n"
511 "This is dummy body1",
512 0, STREAM_TOSERVER, 0 },
516 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"bambu\"; http_client_body; sid:1;)";
517 return RunTest(steps, sig, NULL);
520 static int DetectEngineHttpClientBodyTest18(
void)
523 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
524 "Host: www.openinfosecfoundation.org\r\n"
525 "Content-Type: text/html\r\n"
526 "Content-Length: 19\r\n"
528 "This is dummy body1",
529 0, STREAM_TOSERVER, 0 },
533 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"bambu\"; http_client_body; fast_pattern; sid:1;)";
534 return RunTest(steps, sig, NULL);
537 static int DetectEngineHttpClientBodyTest19(
void)
540 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
541 "Host: www.openinfosecfoundation.org\r\n"
542 "Content-Type: text/html\r\n"
543 "Content-Length: 19\r\n"
545 "This is dummy body1",
546 0, STREAM_TOSERVER, 0 },
550 const char *sig =
"alert http any any -> any any (content:\"bambu\"; http_client_body; content:\"is\"; http_client_body; sid:1;)";
551 return RunTest(steps, sig, NULL);
554 static int DetectEngineHttpClientBodyTest20(
void)
557 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
558 "Host: www.openinfosecfoundation.org\r\n"
559 "Content-Type: text/html\r\n"
560 "Content-Length: 19\r\n"
562 "This is dummy body1",
563 0, STREAM_TOSERVER, 1 },
567 const char *sig =
"alert http any any -> any any (content:\"is\"; http_client_body; fast_pattern; sid:1;)";
568 return RunTest(steps, sig, NULL);
571 static int DetectEngineHttpClientBodyTest21(
void)
574 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
575 "Host: www.openinfosecfoundation.org\r\n"
576 "Content-Type: text/html\r\n"
577 "Content-Length: 46\r\n"
579 "This is dummy body1",
580 0, STREAM_TOSERVER, 0 },
581 { (
const uint8_t *)
"This is dummy message body2",
582 0, STREAM_TOSERVER, 1 },
586 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; http_client_body; within:7; sid:1;)";
587 return RunTest(steps, sig, NULL);
590 static int DetectEngineHttpClientBodyTest22(
void)
593 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
594 "Host: www.openinfosecfoundation.org\r\n"
595 "Content-Type: text/html\r\n"
596 "Content-Length: 46\r\n"
598 "This is dummy body1",
599 0, STREAM_TOSERVER, 0 },
600 { (
const uint8_t *)
"This is dummy message body2",
601 0, STREAM_TOSERVER, 1 },
605 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; within:7; http_client_body; sid:1;)";
606 return RunTest(steps, sig, NULL);
609 static int DetectEngineHttpClientBodyTest23(
void)
612 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
613 "Host: www.openinfosecfoundation.org\r\n"
614 "Content-Type: text/html\r\n"
615 "Content-Length: 46\r\n"
617 "This is dummy body1",
618 0, STREAM_TOSERVER, 0 },
619 { (
const uint8_t *)
"This is dummy message body2",
620 0, STREAM_TOSERVER, 0 },
624 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; distance:3; http_client_body; sid:1;)";
625 return RunTest(steps, sig, NULL);
628 static int DetectEngineHttpClientBodyTest24(
void)
631 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
632 "Host: www.openinfosecfoundation.org\r\n"
633 "Content-Type: text/html\r\n"
634 "Content-Length: 46\r\n"
636 "This is dummy body1",
637 0, STREAM_TOSERVER, 0 },
638 { (
const uint8_t *)
"This is dummy message body2",
639 0, STREAM_TOSERVER, 1 },
643 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; distance:13; http_client_body; sid:1;)";
644 return RunTest(steps, sig, NULL);
647 static int DetectEngineHttpClientBodyTest25(
void)
650 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
651 "Host: www.openinfosecfoundation.org\r\n"
652 "Content-Type: text/html\r\n"
653 "Content-Length: 46\r\n"
655 "This is dummy body1",
656 0, STREAM_TOSERVER, 0 },
657 { (
const uint8_t *)
"This is dummy message body2",
658 0, STREAM_TOSERVER, 1 },
662 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; within:15; http_client_body; sid:1;)";
663 return RunTest(steps, sig, NULL);
666 static int DetectEngineHttpClientBodyTest26(
void)
669 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
670 "Host: www.openinfosecfoundation.org\r\n"
671 "Content-Type: text/html\r\n"
672 "Content-Length: 46\r\n"
674 "This is dummy body1",
675 0, STREAM_TOSERVER, 0 },
676 { (
const uint8_t *)
"This is dummy message body2",
677 0, STREAM_TOSERVER, 0 },
681 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; within:10; http_client_body; sid:1;)";
682 return RunTest(steps, sig, NULL);
685 static int DetectEngineHttpClientBodyTest27(
void)
688 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
689 "Host: www.openinfosecfoundation.org\r\n"
690 "Content-Type: text/html\r\n"
691 "Content-Length: 46\r\n"
693 "This is dummy body1",
694 0, STREAM_TOSERVER, 0 },
695 { (
const uint8_t *)
"This is dummy message body2",
696 0, STREAM_TOSERVER, 1 },
700 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; distance:8; http_client_body; sid:1;)";
701 return RunTest(steps, sig, NULL);
704 static int DetectEngineHttpClientBodyTest28(
void)
707 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
708 "Host: www.openinfosecfoundation.org\r\n"
709 "Content-Type: text/html\r\n"
710 "Content-Length: 46\r\n"
712 "This is dummy body1",
713 0, STREAM_TOSERVER, 0 },
714 { (
const uint8_t *)
"This is dummy message body2",
715 0, STREAM_TOSERVER, 0 },
719 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; distance:14; http_client_body; sid:1;)";
720 return RunTest(steps, sig, NULL);
723 static int DetectEngineHttpClientBodyTest29(
void)
725 const char *request_buffer =
"GET /one HTTP/1.0\r\n"
726 "Host: localhost\r\n\r\n";
727 #define TOTAL_REQUESTS 45
732 memcpy(http_buf + i * strlen(request_buffer), request_buffer,
733 strlen(request_buffer));
736 #undef TOTAL_REQUESTS
739 { (
const uint8_t *)http_buf,
740 (
size_t)http_buf_len, STREAM_TOSERVER, 0 },
742 { (
const uint8_t *)
"HTTP/1.0 200 ok\r\n"
743 "Content-Type: text/html\r\n"
744 "Content-Length: 5\r\n"
747 0, STREAM_TOCLIENT, 0 },
752 const char *sig =
"alert http any any -> any any (content:\"dummyone\"; fast_pattern:0,3; http_server_body; sid:1;)";
753 int result = RunTest(steps, sig, NULL);
758 static int DetectEngineHttpClientBodyTest30(
void)
760 const char yaml[] =
"\
767 request-body-limit: 0\n\
768 response-body-limit: 0\n\
770 request-body-inspect-window: 0\n\
771 response-body-inspect-window: 0\n\
772 request-body-minimal-inspect-size: 0\n\
773 response-body-minimal-inspect-size: 0\n\
776 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
777 "Host: www.openinfosecfoundation.org\r\n"
778 "Content-Type: text/html\r\n"
779 "Content-Length: 46\r\n"
781 "This is dummy body1",
782 0, STREAM_TOSERVER, 0 },
783 { (
const uint8_t *)
"This is dummy message body2",
784 0, STREAM_TOSERVER, 0 },
788 const char *sig =
"alert http any any -> any any (content:\"bags\"; within:4; http_client_body; sid:1;)";
789 return RunTest(steps, sig, yaml);
792 static int DetectEngineHttpClientBodyTest31(
void)
794 const char yaml[] =
"\
801 request-body-limit: 0\n\
802 response-body-limit: 0\n\
804 request-body-inspect-window: 0\n\
805 response-body-inspect-window: 0\n\
806 request-body-minimal-inspect-size: 0\n\
807 response-body-minimal-inspect-size: 0\n\
811 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
812 "Host: www.openinfosecfoundation.org\r\n"
813 "Content-Type: text/html\r\n"
814 "Content-Length: 46\r\n"
816 "This is dummy body1",
817 0, STREAM_TOSERVER, 0 },
818 { (
const uint8_t *)
"This is dummy message body2",
819 0, STREAM_TOSERVER, 0 },
823 const char *sig =
"alert http any any -> any any (content:\"bags\"; depth:4; http_client_body; sid:1;)";
824 return RunTest(steps, sig, yaml);
831 static int DetectHttpClientBodyTest01(
void)
838 "(msg:\"Testing http_client_body\"; "
839 "content:\"one\"; http_client_body; sid:1;)");
854 static int DetectHttpClientBodyTest02(
void)
861 "(msg:\"Testing http_client_body\"; "
862 "content:\"one\"; http_client_body:; sid:1;)");
872 static int DetectHttpClientBodyTest03(
void)
878 const char *sigs[] = {
879 "alert tcp any any -> any any (http_client_body; sid:1;)",
880 "alert tcp any any -> any any "
881 "(msg:\"Testing http_client_body\"; "
882 "content:\"one\"; rawbytes; http_client_body; sid:2;)",
886 for (uint32_t i = 0; sigs[i] != NULL; i++) {
898 static int DetectHttpClientBodyTest05(
void)
904 const char *sigs[] = {
905 "alert tcp any any -> any any (content:\"one\"; http_client_body; nocase; sid:1;)",
909 for (uint32_t i = 0; sigs[i] != NULL; i++) {
921 static int DetectHttpClientBodyTest06(
void)
931 "GET /index.html HTTP/1.0\r\n"
932 "Host: www.openinfosecfoundation.org\r\n"
933 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
934 "Content-Type: text/html\r\n"
935 "Content-Length: 26\r\n"
937 "This is dummy message body";
938 uint32_t http_len =
sizeof(http_buf) - 1;
942 memset(&th_v, 0,
sizeof(th_v));
943 memset(&f, 0,
sizeof(f));
944 memset(&ssn, 0,
sizeof(ssn));
950 f.
proto = IPPROTO_TCP;
968 "(msg:\"http client body test\"; "
969 "content:\"message\"; http_client_body; "
979 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
985 if (http_state == NULL) {
986 printf(
"no http state: \n");
995 printf(
"sid 1 didn't match but should have\n");
1003 if (det_ctx != NULL) {
1020 static int DetectHttpClientBodyTest07(
void)
1030 uint8_t http1_buf[] =
1031 "GET /index.html HTTP/1.0\r\n"
1032 "Host: www.openinfosecfoundation.org\r\n"
1033 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1034 "Content-Type: text/html\r\n"
1035 "Content-Length: 54\r\n"
1037 "This is dummy message body1";
1038 uint8_t http2_buf[] =
1039 "This is dummy message body2";
1040 uint32_t http1_len =
sizeof(http1_buf) - 1;
1041 uint32_t http2_len =
sizeof(http2_buf) - 1;
1045 memset(&th_v, 0,
sizeof(th_v));
1046 memset(&f, 0,
sizeof(f));
1047 memset(&ssn, 0,
sizeof(ssn));
1054 f.
proto = IPPROTO_TCP;
1076 "(msg:\"http client body test\"; "
1077 "content:\"message\"; http_client_body; "
1087 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1093 if (http_state == NULL) {
1094 printf(
"no http state: ");
1102 printf(
"sid 1 matched on p1 but shouldn't have: ");
1109 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1116 printf(
"sid 1 didn't match on p2 but should have: ");
1124 if (det_ctx != NULL) {
1142 static int DetectHttpClientBodyTest08(
void)
1152 uint8_t http1_buf[] =
1153 "GET /index.html HTTP/1.0\r\n"
1154 "Host: www.openinfosecfoundation.org\r\n"
1155 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1156 "Content-Type: text/html\r\n"
1157 "Content-Length: 46\r\n"
1159 "This is dummy body1";
1160 uint8_t http2_buf[] =
1161 "This is dummy message body2";
1162 uint32_t http1_len =
sizeof(http1_buf) - 1;
1163 uint32_t http2_len =
sizeof(http2_buf) - 1;
1167 memset(&th_v, 0,
sizeof(th_v));
1168 memset(&f, 0,
sizeof(f));
1169 memset(&ssn, 0,
sizeof(ssn));
1176 f.
proto = IPPROTO_TCP;
1198 "(msg:\"http client body test\"; "
1199 "content:\"message\"; http_client_body; "
1209 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1215 if (http_state == NULL) {
1216 printf(
"no http state: ");
1225 printf(
"sid 1 didn't match but should have");
1232 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1241 printf(
"sid 1 didn't match but should have");
1249 if (det_ctx != NULL) {
1267 static int DetectHttpClientBodyTest09(
void)
1277 uint8_t http1_buf[] =
1278 "GET /index.html HTTP/1.0\r\n"
1279 "Host: www.openinfosecfoundation.org\r\n"
1280 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1281 "Content-Type: text/html\r\n"
1282 "Content-Length: 46\r\n"
1284 "This is dummy body1";
1285 uint8_t http2_buf[] =
1286 "This is dummy message body2";
1287 uint32_t http1_len =
sizeof(http1_buf) - 1;
1288 uint32_t http2_len =
sizeof(http2_buf) - 1;
1292 memset(&th_v, 0,
sizeof(th_v));
1293 memset(&f, 0,
sizeof(f));
1294 memset(&ssn, 0,
sizeof(ssn));
1301 f.
proto = IPPROTO_TCP;
1323 "(msg:\"http client body test\"; "
1324 "content:\"body1This\"; http_client_body; "
1334 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1340 if (http_state == NULL) {
1341 printf(
"no http state: ");
1350 printf(
"sid 1 didn't match but should have");
1357 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1366 printf(
"sid 1 didn't match but should have");
1374 if (det_ctx != NULL) {
1392 static int DetectHttpClientBodyTest10(
void)
1402 uint8_t http1_buf[] =
1403 "GET /index.html HTTP/1.0\r\n"
1404 "Host: www.openinfosecfoundation.org\r\n"
1405 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1406 "Content-Type: text/html\r\n"
1407 "Content-Length: 46\r\n"
1409 "This is dummy bodY1";
1410 uint8_t http2_buf[] =
1411 "This is dummy message body2";
1412 uint32_t http1_len =
sizeof(http1_buf) - 1;
1413 uint32_t http2_len =
sizeof(http2_buf) - 1;
1417 memset(&th_v, 0,
sizeof(th_v));
1418 memset(&f, 0,
sizeof(f));
1419 memset(&ssn, 0,
sizeof(ssn));
1426 f.
proto = IPPROTO_TCP;
1448 "(msg:\"http client body test\"; "
1449 "content:\"body1This\"; http_client_body; nocase;"
1459 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1465 if (http_state == NULL) {
1466 printf(
"no http state: \n");
1475 printf(
"sid 1 didn't match but should have\n");
1482 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: \n", r);
1491 printf(
"sid 1 didn't match but should have");
1499 if (det_ctx != NULL) {
1517 static int DetectHttpClientBodyTest11(
void)
1526 uint8_t http_buf[] =
1527 "GET /index.html HTTP/1.0\r\n"
1528 "Host: www.openinfosecfoundation.org\r\n"
1529 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1530 "Content-Type: text/html\r\n"
1531 "Content-Length: 26\r\n"
1533 "This is dummy message body";
1534 uint32_t http_len =
sizeof(http_buf) - 1;
1538 memset(&th_v, 0,
sizeof(th_v));
1539 memset(&f, 0,
sizeof(f));
1540 memset(&ssn, 0,
sizeof(ssn));
1546 f.
proto = IPPROTO_TCP;
1564 "(msg:\"http client body test\"; "
1565 "content:!\"message1\"; http_client_body; "
1575 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1581 if (http_state == NULL) {
1582 printf(
"no http state: ");
1591 printf(
"sid 1 didn't match but should have");
1599 if (det_ctx != NULL) {
1616 static int DetectHttpClientBodyTest12(
void)
1625 uint8_t http_buf[] =
1626 "GET /index.html HTTP/1.0\r\n"
1627 "Host: www.openinfosecfoundation.org\r\n"
1628 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1629 "Content-Type: text/html\r\n"
1630 "Content-Length: 26\r\n"
1632 "This is dummy message body";
1633 uint32_t http_len =
sizeof(http_buf) - 1;
1637 memset(&th_v, 0,
sizeof(th_v));
1638 memset(&f, 0,
sizeof(f));
1639 memset(&ssn, 0,
sizeof(ssn));
1645 f.
proto = IPPROTO_TCP;
1663 "(msg:\"http client body test\"; "
1664 "content:!\"message\"; http_client_body; "
1674 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1680 if (http_state == NULL) {
1681 printf(
"no http state: ");
1690 printf(
"sid 1 didn't match but should have");
1698 if (det_ctx != NULL) {
1715 static int DetectHttpClientBodyTest13(
void)
1724 uint8_t http_buf[] =
1725 "GET /index.html HTTP/1.0\r\n"
1726 "Host: www.openinfosecfoundation.org\r\n"
1727 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1728 "Content-Type: text/html\r\n"
1729 "Content-Length: 55\r\n"
1731 "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend";
1732 uint32_t http_len =
sizeof(http_buf) - 1;
1736 memset(&th_v, 0,
sizeof(th_v));
1737 memset(&f, 0,
sizeof(f));
1738 memset(&ssn, 0,
sizeof(ssn));
1744 f.
proto = IPPROTO_TCP;
1762 "alert http any any -> any any "
1763 "(msg:\"http client body test\"; "
1764 "content:\"abcdefghijklmnopqrstuvwxyz0123456789\"; http_client_body; "
1774 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1780 if (http_state == NULL) {
1781 printf(
"no http state: ");
1790 printf(
"sid 1 didn't match but should have");
1798 if (det_ctx != NULL) {
1812 static int DetectHttpClientBodyTest14(
void)
1821 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
1822 uint8_t httpbuf2[] =
"User-Agent: Mozilla/1.0\r\nContent-Length: 10\r\n";
1823 uint8_t httpbuf3[] =
"Cookie: dummy\r\n\r\n";
1824 uint8_t httpbuf4[] =
"Body one!!";
1825 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1826 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1827 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1828 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1829 uint8_t httpbuf5[] =
"GET /?var=val HTTP/1.1\r\n";
1830 uint8_t httpbuf6[] =
"User-Agent: Firefox/1.0\r\n";
1831 uint8_t httpbuf7[] =
"Cookie: dummy2\r\nContent-Length: 10\r\n\r\nBody two!!";
1832 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
1833 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
1834 uint32_t httplen7 =
sizeof(httpbuf7) - 1;
1837 memset(&th_v, 0,
sizeof(th_v));
1838 memset(&f, 0,
sizeof(f));
1839 memset(&ssn, 0,
sizeof(ssn));
1845 f.
proto = IPPROTO_TCP;
1863 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"POST\"; http_method; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"one\"; http_client_body; sid:1; rev:1;)");
1865 printf(
"sig parse failed: ");
1868 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; content:\"two\"; http_client_body; sid:2; rev:1;)");
1870 printf(
"sig2 parse failed: ");
1880 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1887 printf(
"sig 1 alerted: ");
1894 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
1901 printf(
"sig 1 alerted (2): ");
1908 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
1915 printf(
"signature matched, but shouldn't have: ");
1922 printf(
"toserver chunk 4 returned %" PRId32
", expected 0: ", r);
1930 printf(
"sig 1 didn't alert: ");
1937 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
1944 printf(
"sig 1 alerted (5): ");
1951 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
1958 printf(
"sig 1 alerted (request 2, chunk 6): ");
1967 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
1974 printf(
"signature 2 didn't match, but should have: ");
1980 if (htp_state == NULL) {
1981 printf(
"no http state: ");
1987 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
1995 if (det_ctx != NULL) {
2010 static int DetectHttpClientBodyTest15(
void)
2019 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
2020 uint8_t httpbuf2[] =
"User-Agent: Mozilla/1.0\r\nContent-Length: 10\r\n";
2021 uint8_t httpbuf3[] =
"Cookie: dummy\r\n\r\n";
2022 uint8_t httpbuf4[] =
"Body one!!";
2023 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2024 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2025 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
2026 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
2027 uint8_t httpbuf5[] =
"GET /?var=val HTTP/1.1\r\n";
2028 uint8_t httpbuf6[] =
"User-Agent: Firefox/1.0\r\n";
2029 uint8_t httpbuf7[] =
"Cookie: dummy2\r\nContent-Length: 10\r\n\r\nBody two!!";
2030 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
2031 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
2032 uint32_t httplen7 =
sizeof(httpbuf7) - 1;
2035 memset(&th_v, 0,
sizeof(th_v));
2036 memset(&f, 0,
sizeof(f));
2037 memset(&ssn, 0,
sizeof(ssn));
2043 f.
proto = IPPROTO_TCP;
2061 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"POST\"; http_method; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"one\"; http_client_body; sid:1; rev:1;)");
2063 printf(
"sig parse failed: ");
2066 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; content:\"two\"; http_client_body; sid:2; rev:1;)");
2068 printf(
"sig2 parse failed: ");
2078 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2085 printf(
"sig 1 alerted: ");
2092 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
2099 printf(
"sig 1 alerted (2): ");
2106 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
2113 printf(
"signature matched, but shouldn't have: ");
2120 printf(
"toserver chunk 4 returned %" PRId32
", expected 0: ", r);
2128 printf(
"sig 1 didn't alert: ");
2135 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
2142 printf(
"sig 1 alerted (5): ");
2149 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
2156 printf(
"sig 1 alerted (request 2, chunk 6): ");
2165 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
2172 printf(
"signature 2 didn't match, but should have: ");
2178 if (htp_state == NULL) {
2179 printf(
"no http state: ");
2186 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
2197 SCLogDebug(
"No body data in t1 (it should be removed only when the tx is destroyed): ");
2202 (uint8_t *)
"Body one!!", 10) != 1)
2204 SCLogDebug(
"Body data in t1 is not correctly set: ");
2212 SCLogDebug(
"No body data in t1 (it should be removed only when the tx is destroyed): ");
2217 (uint8_t *)
"Body two!!", 10) != 1)
2219 SCLogDebug(
"Body data in t1 is not correctly set: ");
2227 if (det_ctx != NULL) {
2241 static int DetectHttpClientBodyTest22(
void)
2247 "alert icmp any any -> any any "
2248 "(content:\"one\"; content:\"two\"; http_client_body; "
2249 "content:\"three\"; distance:10; http_client_body; content:\"four\"; sid:1;)");
2268 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2283 static int DetectHttpClientBodyTest23(
void)
2290 "alert icmp any any -> any any "
2291 "(content:\"one\"; http_client_body; pcre:/two/; "
2292 "content:\"three\"; distance:10; http_client_body; content:\"four\"; sid:1;)");
2310 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2323 static int DetectHttpClientBodyTest24(
void)
2329 "(content:\"one\"; http_client_body; pcre:/two/; "
2330 "content:\"three\"; distance:10; within:15; "
2331 "http_client_body; content:\"four\"; sid:1;)");
2350 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2364 static int DetectHttpClientBodyTest25(
void)
2371 "(content:\"one\"; http_client_body; pcre:/two/; "
2372 "content:\"three\"; distance:10; http_client_body; "
2373 "content:\"four\"; distance:10; sid:1;)");
2391 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2405 static int DetectHttpClientBodyTest26(
void)
2415 "alert icmp any any -> any any "
2416 "(content:\"one\"; offset:10; http_client_body; pcre:/two/; "
2417 "content:\"three\"; distance:10; http_client_body; within:10; "
2418 "content:\"four\"; distance:10; sid:1;)");
2420 printf(
"de_ctx->sig_list == NULL\n");
2425 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2430 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2446 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
2452 printf (
"failed: http_client_body incorrect flags");
2469 static int DetectHttpClientBodyTest27(
void)
2479 "alert icmp any any -> any any "
2480 "(content:\"one\"; offset:10; http_client_body; pcre:/two/; "
2481 "content:\"three\"; distance:10; http_client_body; within:10; "
2482 "content:\"four\"; distance:10; sid:1;)");
2492 static int DetectHttpClientBodyTest28(
void)
2502 "(content:\"one\"; http_client_body; pcre:/two/; "
2503 "content:\"three\"; http_client_body; depth:10; "
2504 "content:\"four\"; distance:10; sid:1;)");
2506 printf(
"de_ctx->sig_list == NULL\n");
2511 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2516 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2532 memcmp(cd2->content,
"four", cd2->content_len) != 0 || hcbd1->
flags != 0 ||
2552 static int DetectHttpClientBodyTest29(
void)
2563 "(content:\"one\"; http_client_body; "
2564 "content:\"two\"; distance:0; http_client_body; sid:1;)");
2566 printf(
"de_ctx->sig_list == NULL\n");
2571 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2576 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2597 static int DetectHttpClientBodyTest30(
void)
2608 "(content:\"one\"; http_client_body; "
2609 "content:\"two\"; within:5; http_client_body; sid:1;)");
2611 printf(
"de_ctx->sig_list == NULL\n");
2616 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2621 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2642 static int DetectHttpClientBodyTest31(
void)
2653 "(content:\"one\"; within:5; http_client_body; sid:1;)");
2663 static int DetectHttpClientBodyTest32(
void)
2674 "(content:\"one\"; http_client_body; within:5; sid:1;)");
2684 static int DetectHttpClientBodyTest33(
void)
2694 "(content:\"one\"; within:5; sid:1;)");
2704 static int DetectHttpClientBodyTest34(
void)
2716 "content:\"two\"; within:5; http_client_body; sid:1;)");
2718 printf(
"de_ctx->sig_list == NULL\n");
2723 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2728 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2757 static int DetectHttpClientBodyTest35(
void)
2767 "(content:\"two\"; http_client_body; "
2768 "pcre:/one/PR; sid:1;)");
2770 printf(
"de_ctx->sig_list == NULL\n");
2775 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2780 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2809 static int DetectHttpClientBodyTest36(
void)
2821 "content:\"two\"; distance:5; http_client_body; sid:1;)");
2823 printf(
"de_ctx->sig_list == NULL\n");
2828 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2833 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2862 static int DetectHttpClientBodyIsdataatParseTest(
void)
2869 "alert tcp any any -> any any ("
2870 "content:\"one\"; http_client_body; "
2871 "isdataat:!4,relative; sid:1;)");
2889 UtRegisterTest(
"DetectHttpClientBodyParserTest01", DetectHttpClientBodyParserTest01);
2890 UtRegisterTest(
"DetectHttpClientBodyParserTest02", DetectHttpClientBodyParserTest02);
2891 UtRegisterTest(
"DetectHttpClientBodyTest01", DetectHttpClientBodyTest01);
2892 UtRegisterTest(
"DetectHttpClientBodyTest02", DetectHttpClientBodyTest02);
2893 UtRegisterTest(
"DetectHttpClientBodyTest03", DetectHttpClientBodyTest03);
2894 UtRegisterTest(
"DetectHttpClientBodyTest05", DetectHttpClientBodyTest05);
2895 UtRegisterTest(
"DetectHttpClientBodyTest06", DetectHttpClientBodyTest06);
2896 UtRegisterTest(
"DetectHttpClientBodyTest07", DetectHttpClientBodyTest07);
2897 UtRegisterTest(
"DetectHttpClientBodyTest08", DetectHttpClientBodyTest08);
2898 UtRegisterTest(
"DetectHttpClientBodyTest09", DetectHttpClientBodyTest09);
2899 UtRegisterTest(
"DetectHttpClientBodyTest10", DetectHttpClientBodyTest10);
2900 UtRegisterTest(
"DetectHttpClientBodyTest11", DetectHttpClientBodyTest11);
2901 UtRegisterTest(
"DetectHttpClientBodyTest12", DetectHttpClientBodyTest12);
2902 UtRegisterTest(
"DetectHttpClientBodyTest13", DetectHttpClientBodyTest13);
2903 UtRegisterTest(
"DetectHttpClientBodyTest14", DetectHttpClientBodyTest14);
2904 UtRegisterTest(
"DetectHttpClientBodyTest15", DetectHttpClientBodyTest15);
2906 UtRegisterTest(
"DetectHttpClientBodyTest22", DetectHttpClientBodyTest22);
2907 UtRegisterTest(
"DetectHttpClientBodyTest23", DetectHttpClientBodyTest23);
2908 UtRegisterTest(
"DetectHttpClientBodyTest24", DetectHttpClientBodyTest24);
2909 UtRegisterTest(
"DetectHttpClientBodyTest25", DetectHttpClientBodyTest25);
2910 UtRegisterTest(
"DetectHttpClientBodyTest26", DetectHttpClientBodyTest26);
2911 UtRegisterTest(
"DetectHttpClientBodyTest27", DetectHttpClientBodyTest27);
2912 UtRegisterTest(
"DetectHttpClientBodyTest28", DetectHttpClientBodyTest28);
2913 UtRegisterTest(
"DetectHttpClientBodyTest29", DetectHttpClientBodyTest29);
2914 UtRegisterTest(
"DetectHttpClientBodyTest30", DetectHttpClientBodyTest30);
2915 UtRegisterTest(
"DetectHttpClientBodyTest31", DetectHttpClientBodyTest31);
2916 UtRegisterTest(
"DetectHttpClientBodyTest32", DetectHttpClientBodyTest32);
2917 UtRegisterTest(
"DetectHttpClientBodyTest33", DetectHttpClientBodyTest33);
2918 UtRegisterTest(
"DetectHttpClientBodyTest34", DetectHttpClientBodyTest34);
2919 UtRegisterTest(
"DetectHttpClientBodyTest35", DetectHttpClientBodyTest35);
2920 UtRegisterTest(
"DetectHttpClientBodyTest36", DetectHttpClientBodyTest36);
2923 DetectHttpClientBodyIsdataatParseTest);
2926 DetectEngineHttpClientBodyTest01);
2928 DetectEngineHttpClientBodyTest02);
2930 DetectEngineHttpClientBodyTest03);
2932 DetectEngineHttpClientBodyTest04);
2934 DetectEngineHttpClientBodyTest05);
2936 DetectEngineHttpClientBodyTest06);
2938 DetectEngineHttpClientBodyTest07);
2940 DetectEngineHttpClientBodyTest08);
2942 DetectEngineHttpClientBodyTest09);
2944 DetectEngineHttpClientBodyTest10);
2946 DetectEngineHttpClientBodyTest11);
2948 DetectEngineHttpClientBodyTest12);
2950 DetectEngineHttpClientBodyTest13);
2952 DetectEngineHttpClientBodyTest14);
2954 DetectEngineHttpClientBodyTest15);
2956 DetectEngineHttpClientBodyTest16);
2958 DetectEngineHttpClientBodyTest17);
2960 DetectEngineHttpClientBodyTest18);
2962 DetectEngineHttpClientBodyTest19);
2964 DetectEngineHttpClientBodyTest20);
2966 DetectEngineHttpClientBodyTest21);
2968 DetectEngineHttpClientBodyTest22);
2970 DetectEngineHttpClientBodyTest23);
2972 DetectEngineHttpClientBodyTest24);
2974 DetectEngineHttpClientBodyTest25);
2976 DetectEngineHttpClientBodyTest26);
2978 DetectEngineHttpClientBodyTest27);
2980 DetectEngineHttpClientBodyTest28);
2982 DetectEngineHttpClientBodyTest29);
2985 DetectEngineHttpClientBodyTest30);
2987 DetectEngineHttpClientBodyTest31);
1.8.18