35 #include "../suricata-common.h"
36 #include "../suricata.h"
37 #include "../decode.h"
75 static int DetectHttpClientBodyParserTest01(
void)
78 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; nocase; http_client_body; sid:1;)",
true));
79 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; endswith; http_client_body; sid:1;)",
true));
80 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; startswith; http_client_body; sid:1;)",
true));
81 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; startswith; endswith; http_client_body; sid:1;)",
true));
83 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; rawbytes; http_client_body; sid:1;)",
false));
92 static int DetectHttpClientBodyParserTest02(
void)
95 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; nocase; sid:1;)",
true));
96 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; endswith; sid:1;)",
true));
97 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; startswith; sid:1;)",
true));
98 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; startswith; endswith; sid:1;)",
true));
101 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; rawbytes; sid:1;)",
false));
114 static int RunTest (
struct TestSteps *steps,
const char *sig,
const char *yaml)
123 memset(&th_v, 0,
sizeof(th_v));
124 memset(&f, 0,
sizeof(f));
125 memset(&ssn, 0,
sizeof(ssn));
144 f.
proto = IPPROTO_TCP;
158 while (b->
input != NULL) {
198 static int DetectEngineHttpClientBodyTest01(
void)
201 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
202 "Host: www.openinfosecfoundation.org\r\n"
203 "Content-Type: text/html\r\n"
204 "Content-Length: 46\r\n"
206 "This is dummy body1",
207 0, STREAM_TOSERVER, 0 },
208 { (
const uint8_t *)
"This is dummy message body2",
209 0, STREAM_TOSERVER, 1 },
213 const char *sig =
"alert http any any -> any any (content:\"body1This\"; http_client_body; sid:1;)";
214 return RunTest(steps, sig, NULL);
217 static int DetectEngineHttpClientBodyTest02(
void)
220 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
221 "Host: www.openinfosecfoundation.org\r\n"
222 "Content-Type: text/html\r\n"
223 "Content-Length: 19\r\n"
225 "This is dummy body1",
226 0, STREAM_TOSERVER, 1 },
230 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; offset:5; sid:1;)";
231 return RunTest(steps, sig, NULL);
234 static int DetectEngineHttpClientBodyTest03(
void)
237 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
238 "Host: www.openinfosecfoundation.org\r\n"
239 "Content-Type: text/html\r\n"
240 "Content-Length: 46\r\n"
242 "This is dummy body1",
243 0, STREAM_TOSERVER, 0 },
244 { (
const uint8_t *)
"This is dummy message body2",
245 0, STREAM_TOSERVER, 0 },
249 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; offset:16; sid:1;)";
250 return RunTest(steps, sig, NULL);
253 static int DetectEngineHttpClientBodyTest04(
void)
256 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
257 "Host: www.openinfosecfoundation.org\r\n"
258 "Content-Type: text/html\r\n"
259 "Content-Length: 46\r\n"
261 "This is dummy body1",
262 0, STREAM_TOSERVER, 0 },
263 { (
const uint8_t *)
"This is dummy message body2",
264 0, STREAM_TOSERVER, 1 },
268 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; offset:16; sid:1;)";
269 return RunTest(steps, sig, NULL);
272 static int DetectEngineHttpClientBodyTest05(
void)
275 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
276 "Host: www.openinfosecfoundation.org\r\n"
277 "Content-Type: text/html\r\n"
278 "Content-Length: 46\r\n"
280 "This is dummy body1",
281 0, STREAM_TOSERVER, 0 },
282 { (
const uint8_t *)
"This is dummy message body2",
283 0, STREAM_TOSERVER, 1 },
287 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; depth:25; sid:1;)";
288 return RunTest(steps, sig, NULL);
291 static int DetectEngineHttpClientBodyTest06(
void)
294 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
295 "Host: www.openinfosecfoundation.org\r\n"
296 "Content-Type: text/html\r\n"
297 "Content-Length: 46\r\n"
299 "This is dummy body1",
300 0, STREAM_TOSERVER, 0 },
301 { (
const uint8_t *)
"This is dummy message body2",
302 0, STREAM_TOSERVER, 0 },
306 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; depth:25; sid:1;)";
307 return RunTest(steps, sig, NULL);
310 static int DetectEngineHttpClientBodyTest07(
void)
313 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
314 "Host: www.openinfosecfoundation.org\r\n"
315 "Content-Type: text/html\r\n"
316 "Content-Length: 46\r\n"
318 "This is dummy body1",
319 0, STREAM_TOSERVER, 0 },
320 { (
const uint8_t *)
"This is dummy message body2",
321 0, STREAM_TOSERVER, 1 },
325 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; depth:15; sid:1;)";
326 return RunTest(steps, sig, NULL);
329 static int DetectEngineHttpClientBodyTest08(
void)
332 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
333 "Host: www.openinfosecfoundation.org\r\n"
334 "Content-Type: text/html\r\n"
335 "Content-Length: 46\r\n"
337 "This is dummy body1",
338 0, STREAM_TOSERVER, 0 },
339 { (
const uint8_t *)
"This is dummy message body2",
340 0, STREAM_TOSERVER, 1 },
344 const char *sig =
"alert http any any -> any any (content:\"This is dummy body1This is dummy message body2\"; http_client_body; sid:1;)";
345 return RunTest(steps, sig, NULL);
348 static int DetectEngineHttpClientBodyTest09(
void)
351 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
352 "Host: www.openinfosecfoundation.org\r\n"
353 "Content-Type: text/html\r\n"
354 "Content-Length: 46\r\n"
356 "This is dummy body1",
357 0, STREAM_TOSERVER, 0 },
358 { (
const uint8_t *)
"This is dummy message body2",
359 0, STREAM_TOSERVER, 1 },
363 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"This\"; http_client_body; within:5; sid:1;)";
364 return RunTest(steps, sig, NULL);
367 static int DetectEngineHttpClientBodyTest10(
void)
370 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
371 "Host: www.openinfosecfoundation.org\r\n"
372 "Content-Type: text/html\r\n"
373 "Content-Length: 46\r\n"
375 "This is dummy body1",
376 0, STREAM_TOSERVER, 0 },
377 { (
const uint8_t *)
"This is dummy message body2",
378 0, STREAM_TOSERVER, 1 },
382 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"boom\"; http_client_body; within:5; sid:1;)";
383 return RunTest(steps, sig, NULL);
386 static int DetectEngineHttpClientBodyTest11(
void)
389 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
390 "Host: www.openinfosecfoundation.org\r\n"
391 "Content-Type: text/html\r\n"
392 "Content-Length: 46\r\n"
394 "This is dummy body1",
395 0, STREAM_TOSERVER, 0 },
396 { (
const uint8_t *)
"This is dummy message body2",
397 0, STREAM_TOSERVER, 0 },
401 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"boom\"; http_client_body; within:5; sid:1;)";
402 return RunTest(steps, sig, NULL);
405 static int DetectEngineHttpClientBodyTest12(
void)
408 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
409 "Host: www.openinfosecfoundation.org\r\n"
410 "Content-Type: text/html\r\n"
411 "Content-Length: 46\r\n"
413 "This is dummy body1",
414 0, STREAM_TOSERVER, 0 },
415 { (
const uint8_t *)
"This is dummy message body2",
416 0, STREAM_TOSERVER, 0 },
420 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"This\"; http_client_body; within:5; sid:1;)";
421 return RunTest(steps, sig, NULL);
424 static int DetectEngineHttpClientBodyTest13(
void)
427 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
428 "Host: www.openinfosecfoundation.org\r\n"
429 "Content-Type: text/html\r\n"
430 "Content-Length: 46\r\n"
432 "This is dummy body1",
433 0, STREAM_TOSERVER, 0 },
434 { (
const uint8_t *)
"This is dummy message body2",
435 0, STREAM_TOSERVER, 1 },
439 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"dummy\"; http_client_body; distance:5; sid:1;)";
440 return RunTest(steps, sig, NULL);
443 static int DetectEngineHttpClientBodyTest14(
void)
446 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
447 "Host: www.openinfosecfoundation.org\r\n"
448 "Content-Type: text/html\r\n"
449 "Content-Length: 46\r\n"
451 "This is dummy body1",
452 0, STREAM_TOSERVER, 0 },
453 { (
const uint8_t *)
"This is dummy message body2",
454 0, STREAM_TOSERVER, 1 },
458 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"dummy\"; http_client_body; distance:10; sid:1;)";
459 return RunTest(steps, sig, NULL);
462 static int DetectEngineHttpClientBodyTest15(
void)
465 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
466 "Host: www.openinfosecfoundation.org\r\n"
467 "Content-Type: text/html\r\n"
468 "Content-Length: 46\r\n"
470 "This is dummy body1",
471 0, STREAM_TOSERVER, 0 },
472 { (
const uint8_t *)
"This is dummy message body2",
473 0, STREAM_TOSERVER, 0 },
477 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"dummy\"; http_client_body; distance:10; sid:1;)";
478 return RunTest(steps, sig, NULL);
481 static int DetectEngineHttpClientBodyTest16(
void)
484 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
485 "Host: www.openinfosecfoundation.org\r\n"
486 "Content-Type: text/html\r\n"
487 "Content-Length: 46\r\n"
489 "This is dummy body1",
490 0, STREAM_TOSERVER, 0 },
491 { (
const uint8_t *)
"This is dummy message body2",
492 0, STREAM_TOSERVER, 0 },
496 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"dummy\"; http_client_body; distance:5; sid:1;)";
497 return RunTest(steps, sig, NULL);
500 static int DetectEngineHttpClientBodyTest17(
void)
503 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
504 "Host: www.openinfosecfoundation.org\r\n"
505 "Content-Type: text/html\r\n"
506 "Content-Length: 19\r\n"
508 "This is dummy body1",
509 0, STREAM_TOSERVER, 0 },
513 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"bambu\"; http_client_body; sid:1;)";
514 return RunTest(steps, sig, NULL);
517 static int DetectEngineHttpClientBodyTest18(
void)
520 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
521 "Host: www.openinfosecfoundation.org\r\n"
522 "Content-Type: text/html\r\n"
523 "Content-Length: 19\r\n"
525 "This is dummy body1",
526 0, STREAM_TOSERVER, 0 },
530 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"bambu\"; http_client_body; fast_pattern; sid:1;)";
531 return RunTest(steps, sig, NULL);
534 static int DetectEngineHttpClientBodyTest19(
void)
537 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
538 "Host: www.openinfosecfoundation.org\r\n"
539 "Content-Type: text/html\r\n"
540 "Content-Length: 19\r\n"
542 "This is dummy body1",
543 0, STREAM_TOSERVER, 0 },
547 const char *sig =
"alert http any any -> any any (content:\"bambu\"; http_client_body; content:\"is\"; http_client_body; sid:1;)";
548 return RunTest(steps, sig, NULL);
551 static int DetectEngineHttpClientBodyTest20(
void)
554 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
555 "Host: www.openinfosecfoundation.org\r\n"
556 "Content-Type: text/html\r\n"
557 "Content-Length: 19\r\n"
559 "This is dummy body1",
560 0, STREAM_TOSERVER, 1 },
564 const char *sig =
"alert http any any -> any any (content:\"is\"; http_client_body; fast_pattern; sid:1;)";
565 return RunTest(steps, sig, NULL);
568 static int DetectEngineHttpClientBodyTest21(
void)
571 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
572 "Host: www.openinfosecfoundation.org\r\n"
573 "Content-Type: text/html\r\n"
574 "Content-Length: 46\r\n"
576 "This is dummy body1",
577 0, STREAM_TOSERVER, 0 },
578 { (
const uint8_t *)
"This is dummy message body2",
579 0, STREAM_TOSERVER, 1 },
583 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; http_client_body; within:7; sid:1;)";
584 return RunTest(steps, sig, NULL);
587 static int DetectEngineHttpClientBodyTest22(
void)
590 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
591 "Host: www.openinfosecfoundation.org\r\n"
592 "Content-Type: text/html\r\n"
593 "Content-Length: 46\r\n"
595 "This is dummy body1",
596 0, STREAM_TOSERVER, 0 },
597 { (
const uint8_t *)
"This is dummy message body2",
598 0, STREAM_TOSERVER, 1 },
602 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; within:7; http_client_body; sid:1;)";
603 return RunTest(steps, sig, NULL);
606 static int DetectEngineHttpClientBodyTest23(
void)
609 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
610 "Host: www.openinfosecfoundation.org\r\n"
611 "Content-Type: text/html\r\n"
612 "Content-Length: 46\r\n"
614 "This is dummy body1",
615 0, STREAM_TOSERVER, 0 },
616 { (
const uint8_t *)
"This is dummy message body2",
617 0, STREAM_TOSERVER, 0 },
621 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; distance:3; http_client_body; sid:1;)";
622 return RunTest(steps, sig, NULL);
625 static int DetectEngineHttpClientBodyTest24(
void)
628 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
629 "Host: www.openinfosecfoundation.org\r\n"
630 "Content-Type: text/html\r\n"
631 "Content-Length: 46\r\n"
633 "This is dummy body1",
634 0, STREAM_TOSERVER, 0 },
635 { (
const uint8_t *)
"This is dummy message body2",
636 0, STREAM_TOSERVER, 1 },
640 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; distance:13; http_client_body; sid:1;)";
641 return RunTest(steps, sig, NULL);
644 static int DetectEngineHttpClientBodyTest25(
void)
647 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
648 "Host: www.openinfosecfoundation.org\r\n"
649 "Content-Type: text/html\r\n"
650 "Content-Length: 46\r\n"
652 "This is dummy body1",
653 0, STREAM_TOSERVER, 0 },
654 { (
const uint8_t *)
"This is dummy message body2",
655 0, STREAM_TOSERVER, 1 },
659 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; within:15; http_client_body; sid:1;)";
660 return RunTest(steps, sig, NULL);
663 static int DetectEngineHttpClientBodyTest26(
void)
666 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
667 "Host: www.openinfosecfoundation.org\r\n"
668 "Content-Type: text/html\r\n"
669 "Content-Length: 46\r\n"
671 "This is dummy body1",
672 0, STREAM_TOSERVER, 0 },
673 { (
const uint8_t *)
"This is dummy message body2",
674 0, STREAM_TOSERVER, 0 },
678 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; within:10; http_client_body; sid:1;)";
679 return RunTest(steps, sig, NULL);
682 static int DetectEngineHttpClientBodyTest27(
void)
685 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
686 "Host: www.openinfosecfoundation.org\r\n"
687 "Content-Type: text/html\r\n"
688 "Content-Length: 46\r\n"
690 "This is dummy body1",
691 0, STREAM_TOSERVER, 0 },
692 { (
const uint8_t *)
"This is dummy message body2",
693 0, STREAM_TOSERVER, 1 },
697 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; distance:8; http_client_body; sid:1;)";
698 return RunTest(steps, sig, NULL);
701 static int DetectEngineHttpClientBodyTest28(
void)
704 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
705 "Host: www.openinfosecfoundation.org\r\n"
706 "Content-Type: text/html\r\n"
707 "Content-Length: 46\r\n"
709 "This is dummy body1",
710 0, STREAM_TOSERVER, 0 },
711 { (
const uint8_t *)
"This is dummy message body2",
712 0, STREAM_TOSERVER, 0 },
716 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; distance:14; http_client_body; sid:1;)";
717 return RunTest(steps, sig, NULL);
720 static int DetectEngineHttpClientBodyTest29(
void)
722 const char *request_buffer =
"GET /one HTTP/1.0\r\n"
723 "Host: localhost\r\n\r\n";
724 #define TOTAL_REQUESTS 45
729 memcpy(http_buf + i * strlen(request_buffer), request_buffer,
730 strlen(request_buffer));
733 #undef TOTAL_REQUESTS
736 { (
const uint8_t *)http_buf,
737 (
size_t)http_buf_len, STREAM_TOSERVER, 0 },
739 { (
const uint8_t *)
"HTTP/1.0 200 ok\r\n"
740 "Content-Type: text/html\r\n"
741 "Content-Length: 5\r\n"
744 0, STREAM_TOCLIENT, 0 },
749 const char *sig =
"alert http any any -> any any (content:\"dummyone\"; fast_pattern:0,3; http_server_body; sid:1;)";
750 int result = RunTest(steps, sig, NULL);
755 static int DetectEngineHttpClientBodyTest30(
void)
757 const char yaml[] =
"\
764 request-body-limit: 0\n\
765 response-body-limit: 0\n\
767 request-body-inspect-window: 0\n\
768 response-body-inspect-window: 0\n\
769 request-body-minimal-inspect-size: 0\n\
770 response-body-minimal-inspect-size: 0\n\
773 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
774 "Host: www.openinfosecfoundation.org\r\n"
775 "Content-Type: text/html\r\n"
776 "Content-Length: 46\r\n"
778 "This is dummy body1",
779 0, STREAM_TOSERVER, 0 },
780 { (
const uint8_t *)
"This is dummy message body2",
781 0, STREAM_TOSERVER, 0 },
785 const char *sig =
"alert http any any -> any any (content:\"bags\"; within:4; http_client_body; sid:1;)";
786 return RunTest(steps, sig, yaml);
789 static int DetectEngineHttpClientBodyTest31(
void)
791 const char yaml[] =
"\
798 request-body-limit: 0\n\
799 response-body-limit: 0\n\
801 request-body-inspect-window: 0\n\
802 response-body-inspect-window: 0\n\
803 request-body-minimal-inspect-size: 0\n\
804 response-body-minimal-inspect-size: 0\n\
808 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
809 "Host: www.openinfosecfoundation.org\r\n"
810 "Content-Type: text/html\r\n"
811 "Content-Length: 46\r\n"
813 "This is dummy body1",
814 0, STREAM_TOSERVER, 0 },
815 { (
const uint8_t *)
"This is dummy message body2",
816 0, STREAM_TOSERVER, 0 },
820 const char *sig =
"alert http any any -> any any (content:\"bags\"; depth:4; http_client_body; sid:1;)";
821 return RunTest(steps, sig, yaml);
828 static int DetectHttpClientBodyTest01(
void)
835 "(msg:\"Testing http_client_body\"; "
836 "content:\"one\"; http_client_body; sid:1;)");
851 static int DetectHttpClientBodyTest02(
void)
858 "(msg:\"Testing http_client_body\"; "
859 "content:\"one\"; http_client_body:; sid:1;)");
869 static int DetectHttpClientBodyTest03(
void)
875 const char *sigs[] = {
876 "alert tcp any any -> any any (http_client_body; sid:1;)",
877 "alert tcp any any -> any any "
878 "(msg:\"Testing http_client_body\"; "
879 "content:\"one\"; rawbytes; http_client_body; sid:2;)",
883 for (uint32_t i = 0; sigs[i] != NULL; i++) {
895 static int DetectHttpClientBodyTest05(
void)
901 const char *sigs[] = {
902 "alert tcp any any -> any any (content:\"one\"; http_client_body; nocase; sid:1;)",
906 for (uint32_t i = 0; sigs[i] != NULL; i++) {
918 static int DetectHttpClientBodyTest06(
void)
928 "GET /index.html HTTP/1.0\r\n"
929 "Host: www.openinfosecfoundation.org\r\n"
930 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
931 "Content-Type: text/html\r\n"
932 "Content-Length: 26\r\n"
934 "This is dummy message body";
935 uint32_t http_len =
sizeof(http_buf) - 1;
939 memset(&th_v, 0,
sizeof(th_v));
940 memset(&f, 0,
sizeof(f));
941 memset(&ssn, 0,
sizeof(ssn));
947 f.
proto = IPPROTO_TCP;
965 "(msg:\"http client body test\"; "
966 "content:\"message\"; http_client_body; "
976 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
982 if (http_state == NULL) {
983 printf(
"no http state: \n");
992 printf(
"sid 1 didn't match but should have\n");
1013 static int DetectHttpClientBodyTest07(
void)
1023 uint8_t http1_buf[] =
1024 "GET /index.html HTTP/1.0\r\n"
1025 "Host: www.openinfosecfoundation.org\r\n"
1026 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1027 "Content-Type: text/html\r\n"
1028 "Content-Length: 54\r\n"
1030 "This is dummy message body1";
1031 uint8_t http2_buf[] =
1032 "This is dummy message body2";
1033 uint32_t http1_len =
sizeof(http1_buf) - 1;
1034 uint32_t http2_len =
sizeof(http2_buf) - 1;
1038 memset(&th_v, 0,
sizeof(th_v));
1039 memset(&f, 0,
sizeof(f));
1040 memset(&ssn, 0,
sizeof(ssn));
1047 f.
proto = IPPROTO_TCP;
1069 "(msg:\"http client body test\"; "
1070 "content:\"message\"; http_client_body; "
1080 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1086 if (http_state == NULL) {
1087 printf(
"no http state: ");
1095 printf(
"sid 1 matched on p1 but shouldn't have: ");
1102 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1109 printf(
"sid 1 didn't match on p2 but should have: ");
1131 static int DetectHttpClientBodyTest08(
void)
1141 uint8_t http1_buf[] =
1142 "GET /index.html HTTP/1.0\r\n"
1143 "Host: www.openinfosecfoundation.org\r\n"
1144 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1145 "Content-Type: text/html\r\n"
1146 "Content-Length: 46\r\n"
1148 "This is dummy body1";
1149 uint8_t http2_buf[] =
1150 "This is dummy message body2";
1151 uint32_t http1_len =
sizeof(http1_buf) - 1;
1152 uint32_t http2_len =
sizeof(http2_buf) - 1;
1156 memset(&th_v, 0,
sizeof(th_v));
1157 memset(&f, 0,
sizeof(f));
1158 memset(&ssn, 0,
sizeof(ssn));
1165 f.
proto = IPPROTO_TCP;
1187 "(msg:\"http client body test\"; "
1188 "content:\"message\"; http_client_body; "
1198 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1204 if (http_state == NULL) {
1205 printf(
"no http state: ");
1214 printf(
"sid 1 didn't match but should have");
1221 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1230 printf(
"sid 1 didn't match but should have");
1252 static int DetectHttpClientBodyTest09(
void)
1262 uint8_t http1_buf[] =
1263 "GET /index.html HTTP/1.0\r\n"
1264 "Host: www.openinfosecfoundation.org\r\n"
1265 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1266 "Content-Type: text/html\r\n"
1267 "Content-Length: 46\r\n"
1269 "This is dummy body1";
1270 uint8_t http2_buf[] =
1271 "This is dummy message body2";
1272 uint32_t http1_len =
sizeof(http1_buf) - 1;
1273 uint32_t http2_len =
sizeof(http2_buf) - 1;
1277 memset(&th_v, 0,
sizeof(th_v));
1278 memset(&f, 0,
sizeof(f));
1279 memset(&ssn, 0,
sizeof(ssn));
1286 f.
proto = IPPROTO_TCP;
1308 "(msg:\"http client body test\"; "
1309 "content:\"body1This\"; http_client_body; "
1319 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1325 if (http_state == NULL) {
1326 printf(
"no http state: ");
1335 printf(
"sid 1 didn't match but should have");
1342 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1351 printf(
"sid 1 didn't match but should have");
1373 static int DetectHttpClientBodyTest10(
void)
1383 uint8_t http1_buf[] =
1384 "GET /index.html HTTP/1.0\r\n"
1385 "Host: www.openinfosecfoundation.org\r\n"
1386 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1387 "Content-Type: text/html\r\n"
1388 "Content-Length: 46\r\n"
1390 "This is dummy bodY1";
1391 uint8_t http2_buf[] =
1392 "This is dummy message body2";
1393 uint32_t http1_len =
sizeof(http1_buf) - 1;
1394 uint32_t http2_len =
sizeof(http2_buf) - 1;
1398 memset(&th_v, 0,
sizeof(th_v));
1399 memset(&f, 0,
sizeof(f));
1400 memset(&ssn, 0,
sizeof(ssn));
1407 f.
proto = IPPROTO_TCP;
1429 "(msg:\"http client body test\"; "
1430 "content:\"body1This\"; http_client_body; nocase;"
1440 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1446 if (http_state == NULL) {
1447 printf(
"no http state: \n");
1456 printf(
"sid 1 didn't match but should have\n");
1463 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: \n", r);
1472 printf(
"sid 1 didn't match but should have");
1494 static int DetectHttpClientBodyTest11(
void)
1503 uint8_t http_buf[] =
1504 "GET /index.html HTTP/1.0\r\n"
1505 "Host: www.openinfosecfoundation.org\r\n"
1506 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1507 "Content-Type: text/html\r\n"
1508 "Content-Length: 26\r\n"
1510 "This is dummy message body";
1511 uint32_t http_len =
sizeof(http_buf) - 1;
1515 memset(&th_v, 0,
sizeof(th_v));
1516 memset(&f, 0,
sizeof(f));
1517 memset(&ssn, 0,
sizeof(ssn));
1523 f.
proto = IPPROTO_TCP;
1541 "(msg:\"http client body test\"; "
1542 "content:!\"message1\"; http_client_body; "
1552 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1558 if (http_state == NULL) {
1559 printf(
"no http state: ");
1568 printf(
"sid 1 didn't match but should have");
1589 static int DetectHttpClientBodyTest12(
void)
1598 uint8_t http_buf[] =
1599 "GET /index.html HTTP/1.0\r\n"
1600 "Host: www.openinfosecfoundation.org\r\n"
1601 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1602 "Content-Type: text/html\r\n"
1603 "Content-Length: 26\r\n"
1605 "This is dummy message body";
1606 uint32_t http_len =
sizeof(http_buf) - 1;
1610 memset(&th_v, 0,
sizeof(th_v));
1611 memset(&f, 0,
sizeof(f));
1612 memset(&ssn, 0,
sizeof(ssn));
1618 f.
proto = IPPROTO_TCP;
1636 "(msg:\"http client body test\"; "
1637 "content:!\"message\"; http_client_body; "
1647 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1653 if (http_state == NULL) {
1654 printf(
"no http state: ");
1663 printf(
"sid 1 didn't match but should have");
1684 static int DetectHttpClientBodyTest13(
void)
1693 uint8_t http_buf[] =
1694 "GET /index.html HTTP/1.0\r\n"
1695 "Host: www.openinfosecfoundation.org\r\n"
1696 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1697 "Content-Type: text/html\r\n"
1698 "Content-Length: 55\r\n"
1700 "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend";
1701 uint32_t http_len =
sizeof(http_buf) - 1;
1705 memset(&th_v, 0,
sizeof(th_v));
1706 memset(&f, 0,
sizeof(f));
1707 memset(&ssn, 0,
sizeof(ssn));
1713 f.
proto = IPPROTO_TCP;
1731 "alert http any any -> any any "
1732 "(msg:\"http client body test\"; "
1733 "content:\"abcdefghijklmnopqrstuvwxyz0123456789\"; http_client_body; "
1743 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1749 if (http_state == NULL) {
1750 printf(
"no http state: ");
1759 printf(
"sid 1 didn't match but should have");
1777 static int DetectHttpClientBodyTest14(
void)
1786 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
1787 uint8_t httpbuf2[] =
"User-Agent: Mozilla/1.0\r\nContent-Length: 10\r\n";
1788 uint8_t httpbuf3[] =
"Cookie: dummy\r\n\r\n";
1789 uint8_t httpbuf4[] =
"Body one!!";
1790 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1791 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1792 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1793 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1794 uint8_t httpbuf5[] =
"GET /?var=val HTTP/1.1\r\n";
1795 uint8_t httpbuf6[] =
"User-Agent: Firefox/1.0\r\n";
1796 uint8_t httpbuf7[] =
"Cookie: dummy2\r\nContent-Length: 10\r\n\r\nBody two!!";
1797 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
1798 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
1799 uint32_t httplen7 =
sizeof(httpbuf7) - 1;
1802 memset(&th_v, 0,
sizeof(th_v));
1803 memset(&f, 0,
sizeof(f));
1804 memset(&ssn, 0,
sizeof(ssn));
1810 f.
proto = IPPROTO_TCP;
1828 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"POST\"; http_method; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"one\"; http_client_body; sid:1; rev:1;)");
1830 printf(
"sig parse failed: ");
1833 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; content:\"two\"; http_client_body; sid:2; rev:1;)");
1835 printf(
"sig2 parse failed: ");
1845 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1852 printf(
"sig 1 alerted: ");
1859 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
1866 printf(
"sig 1 alerted (2): ");
1873 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
1880 printf(
"signature matched, but shouldn't have: ");
1887 printf(
"toserver chunk 4 returned %" PRId32
", expected 0: ", r);
1895 printf(
"sig 1 didn't alert: ");
1902 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
1909 printf(
"sig 1 alerted (5): ");
1916 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
1923 printf(
"sig 1 alerted (request 2, chunk 6): ");
1932 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
1939 printf(
"signature 2 didn't match, but should have: ");
1945 if (htp_state == NULL) {
1946 printf(
"no http state: ");
1952 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
1960 if (det_ctx != NULL) {
1974 static int DetectHttpClientBodyTest15(
void)
1983 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
1984 uint8_t httpbuf2[] =
"User-Agent: Mozilla/1.0\r\nContent-Length: 10\r\n";
1985 uint8_t httpbuf3[] =
"Cookie: dummy\r\n\r\n";
1986 uint8_t httpbuf4[] =
"Body one!!";
1987 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1988 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1989 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1990 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1991 uint8_t httpbuf5[] =
"GET /?var=val HTTP/1.1\r\n";
1992 uint8_t httpbuf6[] =
"User-Agent: Firefox/1.0\r\n";
1993 uint8_t httpbuf7[] =
"Cookie: dummy2\r\nContent-Length: 10\r\n\r\nBody two!!";
1994 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
1995 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
1996 uint32_t httplen7 =
sizeof(httpbuf7) - 1;
1999 memset(&th_v, 0,
sizeof(th_v));
2000 memset(&f, 0,
sizeof(f));
2001 memset(&ssn, 0,
sizeof(ssn));
2007 f.
proto = IPPROTO_TCP;
2025 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"POST\"; http_method; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"one\"; http_client_body; sid:1; rev:1;)");
2027 printf(
"sig parse failed: ");
2030 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; content:\"two\"; http_client_body; sid:2; rev:1;)");
2032 printf(
"sig2 parse failed: ");
2042 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2049 printf(
"sig 1 alerted: ");
2056 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
2063 printf(
"sig 1 alerted (2): ");
2070 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
2077 printf(
"signature matched, but shouldn't have: ");
2084 printf(
"toserver chunk 4 returned %" PRId32
", expected 0: ", r);
2092 printf(
"sig 1 didn't alert: ");
2099 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
2106 printf(
"sig 1 alerted (5): ");
2113 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
2120 printf(
"sig 1 alerted (request 2, chunk 6): ");
2129 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
2136 printf(
"signature 2 didn't match, but should have: ");
2142 if (htp_state == NULL) {
2143 printf(
"no http state: ");
2150 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
2161 SCLogDebug(
"No body data in t1 (it should be removed only when the tx is destroyed): ");
2166 (uint8_t *)
"Body one!!", 10) != 1)
2168 SCLogDebug(
"Body data in t1 is not correctly set: ");
2176 SCLogDebug(
"No body data in t1 (it should be removed only when the tx is destroyed): ");
2181 (uint8_t *)
"Body two!!", 10) != 1)
2183 SCLogDebug(
"Body data in t1 is not correctly set: ");
2191 if (det_ctx != NULL) {
2204 static int DetectHttpClientBodyTest22(
void)
2210 "alert icmp any any -> any any "
2211 "(content:\"one\"; content:\"two\"; http_client_body; "
2212 "content:\"three\"; distance:10; http_client_body; content:\"four\"; sid:1;)");
2231 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2246 static int DetectHttpClientBodyTest23(
void)
2253 "alert icmp any any -> any any "
2254 "(content:\"one\"; http_client_body; pcre:/two/; "
2255 "content:\"three\"; distance:10; http_client_body; content:\"four\"; sid:1;)");
2273 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2286 static int DetectHttpClientBodyTest24(
void)
2296 "(content:\"one\"; http_client_body; pcre:/two/; "
2297 "content:\"three\"; distance:10; within:15; "
2298 "http_client_body; content:\"four\"; sid:1;)");
2300 printf(
"de_ctx->sig_list == NULL\n");
2305 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2310 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2325 if (pd1->
flags != 0 ||
2326 cd2->flags != 0 || memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
2347 static int DetectHttpClientBodyTest25(
void)
2358 "(content:\"one\"; http_client_body; pcre:/two/; "
2359 "content:\"three\"; distance:10; http_client_body; "
2360 "content:\"four\"; distance:10; sid:1;)");
2362 printf(
"de_ctx->sig_list == NULL\n");
2367 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2372 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2389 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
2410 static int DetectHttpClientBodyTest26(
void)
2420 "alert icmp any any -> any any "
2421 "(content:\"one\"; offset:10; http_client_body; pcre:/two/; "
2422 "content:\"three\"; distance:10; http_client_body; within:10; "
2423 "content:\"four\"; distance:10; sid:1;)");
2425 printf(
"de_ctx->sig_list == NULL\n");
2430 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2435 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2452 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
2457 printf (
"failed: http_client_body incorrect flags");
2474 static int DetectHttpClientBodyTest27(
void)
2484 "alert icmp any any -> any any "
2485 "(content:\"one\"; offset:10; http_client_body; pcre:/two/; "
2486 "content:\"three\"; distance:10; http_client_body; within:10; "
2487 "content:\"four\"; distance:10; sid:1;)");
2497 static int DetectHttpClientBodyTest28(
void)
2507 "(content:\"one\"; http_client_body; pcre:/two/; "
2508 "content:\"three\"; http_client_body; depth:10; "
2509 "content:\"four\"; distance:10; sid:1;)");
2511 printf(
"de_ctx->sig_list == NULL\n");
2516 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2521 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2538 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
2539 hcbd1->
flags != 0 ||
2559 static int DetectHttpClientBodyTest29(
void)
2570 "(content:\"one\"; http_client_body; "
2571 "content:\"two\"; distance:0; http_client_body; sid:1;)");
2573 printf(
"de_ctx->sig_list == NULL\n");
2578 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2583 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2606 static int DetectHttpClientBodyTest30(
void)
2617 "(content:\"one\"; http_client_body; "
2618 "content:\"two\"; within:5; http_client_body; sid:1;)");
2620 printf(
"de_ctx->sig_list == NULL\n");
2625 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2630 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2653 static int DetectHttpClientBodyTest31(
void)
2664 "(content:\"one\"; within:5; http_client_body; sid:1;)");
2674 static int DetectHttpClientBodyTest32(
void)
2685 "(content:\"one\"; http_client_body; within:5; sid:1;)");
2695 static int DetectHttpClientBodyTest33(
void)
2705 "(content:\"one\"; within:5; sid:1;)");
2715 static int DetectHttpClientBodyTest34(
void)
2727 "content:\"two\"; within:5; http_client_body; sid:1;)");
2729 printf(
"de_ctx->sig_list == NULL\n");
2734 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2739 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2770 static int DetectHttpClientBodyTest35(
void)
2780 "(content:\"two\"; http_client_body; "
2781 "pcre:/one/PR; sid:1;)");
2783 printf(
"de_ctx->sig_list == NULL\n");
2788 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2793 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2824 static int DetectHttpClientBodyTest36(
void)
2836 "content:\"two\"; distance:5; http_client_body; sid:1;)");
2838 printf(
"de_ctx->sig_list == NULL\n");
2843 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2848 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2879 static int DetectHttpClientBodyIsdataatParseTest(
void)
2886 "alert tcp any any -> any any ("
2887 "content:\"one\"; http_client_body; "
2888 "isdataat:!4,relative; sid:1;)");
2906 UtRegisterTest(
"DetectHttpClientBodyParserTest01", DetectHttpClientBodyParserTest01);
2907 UtRegisterTest(
"DetectHttpClientBodyParserTest02", DetectHttpClientBodyParserTest02);
2908 UtRegisterTest(
"DetectHttpClientBodyTest01", DetectHttpClientBodyTest01);
2909 UtRegisterTest(
"DetectHttpClientBodyTest02", DetectHttpClientBodyTest02);
2910 UtRegisterTest(
"DetectHttpClientBodyTest03", DetectHttpClientBodyTest03);
2911 UtRegisterTest(
"DetectHttpClientBodyTest05", DetectHttpClientBodyTest05);
2912 UtRegisterTest(
"DetectHttpClientBodyTest06", DetectHttpClientBodyTest06);
2913 UtRegisterTest(
"DetectHttpClientBodyTest07", DetectHttpClientBodyTest07);
2914 UtRegisterTest(
"DetectHttpClientBodyTest08", DetectHttpClientBodyTest08);
2915 UtRegisterTest(
"DetectHttpClientBodyTest09", DetectHttpClientBodyTest09);
2916 UtRegisterTest(
"DetectHttpClientBodyTest10", DetectHttpClientBodyTest10);
2917 UtRegisterTest(
"DetectHttpClientBodyTest11", DetectHttpClientBodyTest11);
2918 UtRegisterTest(
"DetectHttpClientBodyTest12", DetectHttpClientBodyTest12);
2919 UtRegisterTest(
"DetectHttpClientBodyTest13", DetectHttpClientBodyTest13);
2920 UtRegisterTest(
"DetectHttpClientBodyTest14", DetectHttpClientBodyTest14);
2921 UtRegisterTest(
"DetectHttpClientBodyTest15", DetectHttpClientBodyTest15);
2923 UtRegisterTest(
"DetectHttpClientBodyTest22", DetectHttpClientBodyTest22);
2924 UtRegisterTest(
"DetectHttpClientBodyTest23", DetectHttpClientBodyTest23);
2925 UtRegisterTest(
"DetectHttpClientBodyTest24", DetectHttpClientBodyTest24);
2926 UtRegisterTest(
"DetectHttpClientBodyTest25", DetectHttpClientBodyTest25);
2927 UtRegisterTest(
"DetectHttpClientBodyTest26", DetectHttpClientBodyTest26);
2928 UtRegisterTest(
"DetectHttpClientBodyTest27", DetectHttpClientBodyTest27);
2929 UtRegisterTest(
"DetectHttpClientBodyTest28", DetectHttpClientBodyTest28);
2930 UtRegisterTest(
"DetectHttpClientBodyTest29", DetectHttpClientBodyTest29);
2931 UtRegisterTest(
"DetectHttpClientBodyTest30", DetectHttpClientBodyTest30);
2932 UtRegisterTest(
"DetectHttpClientBodyTest31", DetectHttpClientBodyTest31);
2933 UtRegisterTest(
"DetectHttpClientBodyTest32", DetectHttpClientBodyTest32);
2934 UtRegisterTest(
"DetectHttpClientBodyTest33", DetectHttpClientBodyTest33);
2935 UtRegisterTest(
"DetectHttpClientBodyTest34", DetectHttpClientBodyTest34);
2936 UtRegisterTest(
"DetectHttpClientBodyTest35", DetectHttpClientBodyTest35);
2937 UtRegisterTest(
"DetectHttpClientBodyTest36", DetectHttpClientBodyTest36);
2940 DetectHttpClientBodyIsdataatParseTest);
2943 DetectEngineHttpClientBodyTest01);
2945 DetectEngineHttpClientBodyTest02);
2947 DetectEngineHttpClientBodyTest03);
2949 DetectEngineHttpClientBodyTest04);
2951 DetectEngineHttpClientBodyTest05);
2953 DetectEngineHttpClientBodyTest06);
2955 DetectEngineHttpClientBodyTest07);
2957 DetectEngineHttpClientBodyTest08);
2959 DetectEngineHttpClientBodyTest09);
2961 DetectEngineHttpClientBodyTest10);
2963 DetectEngineHttpClientBodyTest11);
2965 DetectEngineHttpClientBodyTest12);
2967 DetectEngineHttpClientBodyTest13);
2969 DetectEngineHttpClientBodyTest14);
2971 DetectEngineHttpClientBodyTest15);
2973 DetectEngineHttpClientBodyTest16);
2975 DetectEngineHttpClientBodyTest17);
2977 DetectEngineHttpClientBodyTest18);
2979 DetectEngineHttpClientBodyTest19);
2981 DetectEngineHttpClientBodyTest20);
2983 DetectEngineHttpClientBodyTest21);
2985 DetectEngineHttpClientBodyTest22);
2987 DetectEngineHttpClientBodyTest23);
2989 DetectEngineHttpClientBodyTest24);
2991 DetectEngineHttpClientBodyTest25);
2993 DetectEngineHttpClientBodyTest26);
2995 DetectEngineHttpClientBodyTest27);
2997 DetectEngineHttpClientBodyTest28);
2999 DetectEngineHttpClientBodyTest29);
3002 DetectEngineHttpClientBodyTest30);
3004 DetectEngineHttpClientBodyTest31);
1.8.18