35 #include "../suricata-common.h"
36 #include "../suricata.h"
37 #include "../decode.h"
75 static int DetectHttpClientBodyParserTest01(
void)
78 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; nocase; http_client_body; sid:1;)",
true));
79 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; endswith; http_client_body; sid:1;)",
true));
80 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; startswith; http_client_body; sid:1;)",
true));
81 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; startswith; endswith; http_client_body; sid:1;)",
true));
83 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; content:\"abc\"; rawbytes; http_client_body; sid:1;)",
false));
92 static int DetectHttpClientBodyParserTest02(
void)
95 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; nocase; sid:1;)",
true));
96 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; endswith; sid:1;)",
true));
97 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; startswith; sid:1;)",
true));
98 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; startswith; endswith; sid:1;)",
true));
101 FAIL_IF_NOT(
UTHParseSignature(
"alert http any any -> any any (flow:to_server; http.request_body; content:\"abc\"; rawbytes; sid:1;)",
false));
114 static int RunTest (
struct TestSteps *steps,
const char *sig,
const char *yaml)
123 memset(&th_v, 0,
sizeof(th_v));
125 memset(&f, 0,
sizeof(f));
126 memset(&ssn, 0,
sizeof(ssn));
145 f.
proto = IPPROTO_TCP;
159 while (b->
input != NULL) {
202 static int DetectEngineHttpClientBodyTest01(
void)
205 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
206 "Host: www.openinfosecfoundation.org\r\n"
207 "Content-Type: text/html\r\n"
208 "Content-Length: 46\r\n"
210 "This is dummy body1",
211 0, STREAM_TOSERVER, 0 },
212 { (
const uint8_t *)
"This is dummy message body2",
213 0, STREAM_TOSERVER, 1 },
217 const char *sig =
"alert http any any -> any any (content:\"body1This\"; http_client_body; sid:1;)";
218 return RunTest(steps, sig, NULL);
221 static int DetectEngineHttpClientBodyTest02(
void)
224 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
225 "Host: www.openinfosecfoundation.org\r\n"
226 "Content-Type: text/html\r\n"
227 "Content-Length: 19\r\n"
229 "This is dummy body1",
230 0, STREAM_TOSERVER, 1 },
234 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; offset:5; sid:1;)";
235 return RunTest(steps, sig, NULL);
238 static int DetectEngineHttpClientBodyTest03(
void)
241 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
242 "Host: www.openinfosecfoundation.org\r\n"
243 "Content-Type: text/html\r\n"
244 "Content-Length: 46\r\n"
246 "This is dummy body1",
247 0, STREAM_TOSERVER, 0 },
248 { (
const uint8_t *)
"This is dummy message body2",
249 0, STREAM_TOSERVER, 0 },
253 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; offset:16; sid:1;)";
254 return RunTest(steps, sig, NULL);
257 static int DetectEngineHttpClientBodyTest04(
void)
260 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
261 "Host: www.openinfosecfoundation.org\r\n"
262 "Content-Type: text/html\r\n"
263 "Content-Length: 46\r\n"
265 "This is dummy body1",
266 0, STREAM_TOSERVER, 0 },
267 { (
const uint8_t *)
"This is dummy message body2",
268 0, STREAM_TOSERVER, 1 },
272 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; offset:16; sid:1;)";
273 return RunTest(steps, sig, NULL);
276 static int DetectEngineHttpClientBodyTest05(
void)
279 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
280 "Host: www.openinfosecfoundation.org\r\n"
281 "Content-Type: text/html\r\n"
282 "Content-Length: 46\r\n"
284 "This is dummy body1",
285 0, STREAM_TOSERVER, 0 },
286 { (
const uint8_t *)
"This is dummy message body2",
287 0, STREAM_TOSERVER, 1 },
291 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; depth:25; sid:1;)";
292 return RunTest(steps, sig, NULL);
295 static int DetectEngineHttpClientBodyTest06(
void)
298 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
299 "Host: www.openinfosecfoundation.org\r\n"
300 "Content-Type: text/html\r\n"
301 "Content-Length: 46\r\n"
303 "This is dummy body1",
304 0, STREAM_TOSERVER, 0 },
305 { (
const uint8_t *)
"This is dummy message body2",
306 0, STREAM_TOSERVER, 0 },
310 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; depth:25; sid:1;)";
311 return RunTest(steps, sig, NULL);
314 static int DetectEngineHttpClientBodyTest07(
void)
317 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
318 "Host: www.openinfosecfoundation.org\r\n"
319 "Content-Type: text/html\r\n"
320 "Content-Length: 46\r\n"
322 "This is dummy body1",
323 0, STREAM_TOSERVER, 0 },
324 { (
const uint8_t *)
"This is dummy message body2",
325 0, STREAM_TOSERVER, 1 },
329 const char *sig =
"alert http any any -> any any (content:!\"body1\"; http_client_body; depth:15; sid:1;)";
330 return RunTest(steps, sig, NULL);
333 static int DetectEngineHttpClientBodyTest08(
void)
336 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
337 "Host: www.openinfosecfoundation.org\r\n"
338 "Content-Type: text/html\r\n"
339 "Content-Length: 46\r\n"
341 "This is dummy body1",
342 0, STREAM_TOSERVER, 0 },
343 { (
const uint8_t *)
"This is dummy message body2",
344 0, STREAM_TOSERVER, 1 },
348 const char *sig =
"alert http any any -> any any (content:\"This is dummy body1This is dummy message body2\"; http_client_body; sid:1;)";
349 return RunTest(steps, sig, NULL);
352 static int DetectEngineHttpClientBodyTest09(
void)
355 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
356 "Host: www.openinfosecfoundation.org\r\n"
357 "Content-Type: text/html\r\n"
358 "Content-Length: 46\r\n"
360 "This is dummy body1",
361 0, STREAM_TOSERVER, 0 },
362 { (
const uint8_t *)
"This is dummy message body2",
363 0, STREAM_TOSERVER, 1 },
367 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"This\"; http_client_body; within:5; sid:1;)";
368 return RunTest(steps, sig, NULL);
371 static int DetectEngineHttpClientBodyTest10(
void)
374 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
375 "Host: www.openinfosecfoundation.org\r\n"
376 "Content-Type: text/html\r\n"
377 "Content-Length: 46\r\n"
379 "This is dummy body1",
380 0, STREAM_TOSERVER, 0 },
381 { (
const uint8_t *)
"This is dummy message body2",
382 0, STREAM_TOSERVER, 1 },
386 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"boom\"; http_client_body; within:5; sid:1;)";
387 return RunTest(steps, sig, NULL);
390 static int DetectEngineHttpClientBodyTest11(
void)
393 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
394 "Host: www.openinfosecfoundation.org\r\n"
395 "Content-Type: text/html\r\n"
396 "Content-Length: 46\r\n"
398 "This is dummy body1",
399 0, STREAM_TOSERVER, 0 },
400 { (
const uint8_t *)
"This is dummy message body2",
401 0, STREAM_TOSERVER, 0 },
405 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"boom\"; http_client_body; within:5; sid:1;)";
406 return RunTest(steps, sig, NULL);
409 static int DetectEngineHttpClientBodyTest12(
void)
412 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
413 "Host: www.openinfosecfoundation.org\r\n"
414 "Content-Type: text/html\r\n"
415 "Content-Length: 46\r\n"
417 "This is dummy body1",
418 0, STREAM_TOSERVER, 0 },
419 { (
const uint8_t *)
"This is dummy message body2",
420 0, STREAM_TOSERVER, 0 },
424 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"This\"; http_client_body; within:5; sid:1;)";
425 return RunTest(steps, sig, NULL);
428 static int DetectEngineHttpClientBodyTest13(
void)
431 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
432 "Host: www.openinfosecfoundation.org\r\n"
433 "Content-Type: text/html\r\n"
434 "Content-Length: 46\r\n"
436 "This is dummy body1",
437 0, STREAM_TOSERVER, 0 },
438 { (
const uint8_t *)
"This is dummy message body2",
439 0, STREAM_TOSERVER, 1 },
443 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"dummy\"; http_client_body; distance:5; sid:1;)";
444 return RunTest(steps, sig, NULL);
447 static int DetectEngineHttpClientBodyTest14(
void)
450 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
451 "Host: www.openinfosecfoundation.org\r\n"
452 "Content-Type: text/html\r\n"
453 "Content-Length: 46\r\n"
455 "This is dummy body1",
456 0, STREAM_TOSERVER, 0 },
457 { (
const uint8_t *)
"This is dummy message body2",
458 0, STREAM_TOSERVER, 1 },
462 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"dummy\"; http_client_body; distance:10; sid:1;)";
463 return RunTest(steps, sig, NULL);
466 static int DetectEngineHttpClientBodyTest15(
void)
469 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
470 "Host: www.openinfosecfoundation.org\r\n"
471 "Content-Type: text/html\r\n"
472 "Content-Length: 46\r\n"
474 "This is dummy body1",
475 0, STREAM_TOSERVER, 0 },
476 { (
const uint8_t *)
"This is dummy message body2",
477 0, STREAM_TOSERVER, 0 },
481 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"dummy\"; http_client_body; distance:10; sid:1;)";
482 return RunTest(steps, sig, NULL);
485 static int DetectEngineHttpClientBodyTest16(
void)
488 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
489 "Host: www.openinfosecfoundation.org\r\n"
490 "Content-Type: text/html\r\n"
491 "Content-Length: 46\r\n"
493 "This is dummy body1",
494 0, STREAM_TOSERVER, 0 },
495 { (
const uint8_t *)
"This is dummy message body2",
496 0, STREAM_TOSERVER, 0 },
500 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:!\"dummy\"; http_client_body; distance:5; sid:1;)";
501 return RunTest(steps, sig, NULL);
504 static int DetectEngineHttpClientBodyTest17(
void)
507 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
508 "Host: www.openinfosecfoundation.org\r\n"
509 "Content-Type: text/html\r\n"
510 "Content-Length: 19\r\n"
512 "This is dummy body1",
513 0, STREAM_TOSERVER, 0 },
517 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"bambu\"; http_client_body; sid:1;)";
518 return RunTest(steps, sig, NULL);
521 static int DetectEngineHttpClientBodyTest18(
void)
524 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
525 "Host: www.openinfosecfoundation.org\r\n"
526 "Content-Type: text/html\r\n"
527 "Content-Length: 19\r\n"
529 "This is dummy body1",
530 0, STREAM_TOSERVER, 0 },
534 const char *sig =
"alert http any any -> any any (content:\"body1\"; http_client_body; content:\"bambu\"; http_client_body; fast_pattern; sid:1;)";
535 return RunTest(steps, sig, NULL);
538 static int DetectEngineHttpClientBodyTest19(
void)
541 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
542 "Host: www.openinfosecfoundation.org\r\n"
543 "Content-Type: text/html\r\n"
544 "Content-Length: 19\r\n"
546 "This is dummy body1",
547 0, STREAM_TOSERVER, 0 },
551 const char *sig =
"alert http any any -> any any (content:\"bambu\"; http_client_body; content:\"is\"; http_client_body; sid:1;)";
552 return RunTest(steps, sig, NULL);
555 static int DetectEngineHttpClientBodyTest20(
void)
558 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
559 "Host: www.openinfosecfoundation.org\r\n"
560 "Content-Type: text/html\r\n"
561 "Content-Length: 19\r\n"
563 "This is dummy body1",
564 0, STREAM_TOSERVER, 1 },
568 const char *sig =
"alert http any any -> any any (content:\"is\"; http_client_body; fast_pattern; sid:1;)";
569 return RunTest(steps, sig, NULL);
572 static int DetectEngineHttpClientBodyTest21(
void)
575 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
576 "Host: www.openinfosecfoundation.org\r\n"
577 "Content-Type: text/html\r\n"
578 "Content-Length: 46\r\n"
580 "This is dummy body1",
581 0, STREAM_TOSERVER, 0 },
582 { (
const uint8_t *)
"This is dummy message body2",
583 0, STREAM_TOSERVER, 1 },
587 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; http_client_body; within:7; sid:1;)";
588 return RunTest(steps, sig, NULL);
591 static int DetectEngineHttpClientBodyTest22(
void)
594 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
595 "Host: www.openinfosecfoundation.org\r\n"
596 "Content-Type: text/html\r\n"
597 "Content-Length: 46\r\n"
599 "This is dummy body1",
600 0, STREAM_TOSERVER, 0 },
601 { (
const uint8_t *)
"This is dummy message body2",
602 0, STREAM_TOSERVER, 1 },
606 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; within:7; http_client_body; sid:1;)";
607 return RunTest(steps, sig, NULL);
610 static int DetectEngineHttpClientBodyTest23(
void)
613 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
614 "Host: www.openinfosecfoundation.org\r\n"
615 "Content-Type: text/html\r\n"
616 "Content-Length: 46\r\n"
618 "This is dummy body1",
619 0, STREAM_TOSERVER, 0 },
620 { (
const uint8_t *)
"This is dummy message body2",
621 0, STREAM_TOSERVER, 0 },
625 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; distance:3; http_client_body; sid:1;)";
626 return RunTest(steps, sig, NULL);
629 static int DetectEngineHttpClientBodyTest24(
void)
632 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
633 "Host: www.openinfosecfoundation.org\r\n"
634 "Content-Type: text/html\r\n"
635 "Content-Length: 46\r\n"
637 "This is dummy body1",
638 0, STREAM_TOSERVER, 0 },
639 { (
const uint8_t *)
"This is dummy message body2",
640 0, STREAM_TOSERVER, 1 },
644 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:!\"dummy\"; distance:13; http_client_body; sid:1;)";
645 return RunTest(steps, sig, NULL);
648 static int DetectEngineHttpClientBodyTest25(
void)
651 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
652 "Host: www.openinfosecfoundation.org\r\n"
653 "Content-Type: text/html\r\n"
654 "Content-Length: 46\r\n"
656 "This is dummy body1",
657 0, STREAM_TOSERVER, 0 },
658 { (
const uint8_t *)
"This is dummy message body2",
659 0, STREAM_TOSERVER, 1 },
663 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; within:15; http_client_body; sid:1;)";
664 return RunTest(steps, sig, NULL);
667 static int DetectEngineHttpClientBodyTest26(
void)
670 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
671 "Host: www.openinfosecfoundation.org\r\n"
672 "Content-Type: text/html\r\n"
673 "Content-Length: 46\r\n"
675 "This is dummy body1",
676 0, STREAM_TOSERVER, 0 },
677 { (
const uint8_t *)
"This is dummy message body2",
678 0, STREAM_TOSERVER, 0 },
682 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; within:10; http_client_body; sid:1;)";
683 return RunTest(steps, sig, NULL);
686 static int DetectEngineHttpClientBodyTest27(
void)
689 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
690 "Host: www.openinfosecfoundation.org\r\n"
691 "Content-Type: text/html\r\n"
692 "Content-Length: 46\r\n"
694 "This is dummy body1",
695 0, STREAM_TOSERVER, 0 },
696 { (
const uint8_t *)
"This is dummy message body2",
697 0, STREAM_TOSERVER, 1 },
701 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; distance:8; http_client_body; sid:1;)";
702 return RunTest(steps, sig, NULL);
705 static int DetectEngineHttpClientBodyTest28(
void)
708 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
709 "Host: www.openinfosecfoundation.org\r\n"
710 "Content-Type: text/html\r\n"
711 "Content-Length: 46\r\n"
713 "This is dummy body1",
714 0, STREAM_TOSERVER, 0 },
715 { (
const uint8_t *)
"This is dummy message body2",
716 0, STREAM_TOSERVER, 0 },
720 const char *sig =
"alert http any any -> any any (pcre:/body1/P; content:\"dummy\"; distance:14; http_client_body; sid:1;)";
721 return RunTest(steps, sig, NULL);
724 static int DetectEngineHttpClientBodyTest29(
void)
726 const char *request_buffer =
"GET /one HTTP/1.0\r\n"
727 "Host: localhost\r\n\r\n";
728 #define TOTAL_REQUESTS 45
733 memcpy(http_buf + i * strlen(request_buffer), request_buffer,
734 strlen(request_buffer));
737 #undef TOTAL_REQUESTS
740 { (
const uint8_t *)http_buf,
741 (
size_t)http_buf_len, STREAM_TOSERVER, 0 },
743 { (
const uint8_t *)
"HTTP/1.0 200 ok\r\n"
744 "Content-Type: text/html\r\n"
745 "Content-Length: 5\r\n"
748 0, STREAM_TOCLIENT, 0 },
753 const char *sig =
"alert http any any -> any any (content:\"dummyone\"; fast_pattern:0,3; http_server_body; sid:1;)";
754 int result = RunTest(steps, sig, NULL);
759 static int DetectEngineHttpClientBodyTest30(
void)
761 const char yaml[] =
"\
768 request-body-limit: 0\n\
769 response-body-limit: 0\n\
771 request-body-inspect-window: 0\n\
772 response-body-inspect-window: 0\n\
773 request-body-minimal-inspect-size: 0\n\
774 response-body-minimal-inspect-size: 0\n\
777 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
778 "Host: www.openinfosecfoundation.org\r\n"
779 "Content-Type: text/html\r\n"
780 "Content-Length: 46\r\n"
782 "This is dummy body1",
783 0, STREAM_TOSERVER, 0 },
784 { (
const uint8_t *)
"This is dummy message body2",
785 0, STREAM_TOSERVER, 0 },
789 const char *sig =
"alert http any any -> any any (content:\"bags\"; within:4; http_client_body; sid:1;)";
790 return RunTest(steps, sig, yaml);
793 static int DetectEngineHttpClientBodyTest31(
void)
795 const char yaml[] =
"\
802 request-body-limit: 0\n\
803 response-body-limit: 0\n\
805 request-body-inspect-window: 0\n\
806 response-body-inspect-window: 0\n\
807 request-body-minimal-inspect-size: 0\n\
808 response-body-minimal-inspect-size: 0\n\
812 { (
const uint8_t *)
"GET /index.html HTTP/1.1\r\n"
813 "Host: www.openinfosecfoundation.org\r\n"
814 "Content-Type: text/html\r\n"
815 "Content-Length: 46\r\n"
817 "This is dummy body1",
818 0, STREAM_TOSERVER, 0 },
819 { (
const uint8_t *)
"This is dummy message body2",
820 0, STREAM_TOSERVER, 0 },
824 const char *sig =
"alert http any any -> any any (content:\"bags\"; depth:4; http_client_body; sid:1;)";
825 return RunTest(steps, sig, yaml);
832 static int DetectHttpClientBodyTest01(
void)
839 "(msg:\"Testing http_client_body\"; "
840 "content:\"one\"; http_client_body; sid:1;)");
855 static int DetectHttpClientBodyTest02(
void)
862 "(msg:\"Testing http_client_body\"; "
863 "content:\"one\"; http_client_body:; sid:1;)");
873 static int DetectHttpClientBodyTest03(
void)
879 const char *sigs[] = {
880 "alert tcp any any -> any any (http_client_body; sid:1;)",
881 "alert tcp any any -> any any "
882 "(msg:\"Testing http_client_body\"; "
883 "content:\"one\"; rawbytes; http_client_body; sid:2;)",
887 for (uint32_t i = 0; sigs[i] != NULL; i++) {
899 static int DetectHttpClientBodyTest05(
void)
905 const char *sigs[] = {
906 "alert tcp any any -> any any (content:\"one\"; http_client_body; nocase; sid:1;)",
910 for (uint32_t i = 0; sigs[i] != NULL; i++) {
922 static int DetectHttpClientBodyTest06(
void)
932 "GET /index.html HTTP/1.0\r\n"
933 "Host: www.openinfosecfoundation.org\r\n"
934 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
935 "Content-Type: text/html\r\n"
936 "Content-Length: 26\r\n"
938 "This is dummy message body";
939 uint32_t http_len =
sizeof(http_buf) - 1;
943 memset(&th_v, 0,
sizeof(th_v));
945 memset(&f, 0,
sizeof(f));
946 memset(&ssn, 0,
sizeof(ssn));
952 f.
proto = IPPROTO_TCP;
970 "(msg:\"http client body test\"; "
971 "content:\"message\"; http_client_body; "
981 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
987 if (http_state == NULL) {
988 printf(
"no http state: \n");
997 printf(
"sid 1 didn't match but should have\n");
1005 if (det_ctx != NULL) {
1022 static int DetectHttpClientBodyTest07(
void)
1032 uint8_t http1_buf[] =
1033 "GET /index.html HTTP/1.0\r\n"
1034 "Host: www.openinfosecfoundation.org\r\n"
1035 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1036 "Content-Type: text/html\r\n"
1037 "Content-Length: 54\r\n"
1039 "This is dummy message body1";
1040 uint8_t http2_buf[] =
1041 "This is dummy message body2";
1042 uint32_t http1_len =
sizeof(http1_buf) - 1;
1043 uint32_t http2_len =
sizeof(http2_buf) - 1;
1047 memset(&th_v, 0,
sizeof(th_v));
1049 memset(&f, 0,
sizeof(f));
1050 memset(&ssn, 0,
sizeof(ssn));
1057 f.
proto = IPPROTO_TCP;
1079 "(msg:\"http client body test\"; "
1080 "content:\"message\"; http_client_body; "
1090 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1096 if (http_state == NULL) {
1097 printf(
"no http state: ");
1105 printf(
"sid 1 matched on p1 but shouldn't have: ");
1112 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1119 printf(
"sid 1 didn't match on p2 but should have: ");
1127 if (det_ctx != NULL) {
1145 static int DetectHttpClientBodyTest08(
void)
1155 uint8_t http1_buf[] =
1156 "GET /index.html HTTP/1.0\r\n"
1157 "Host: www.openinfosecfoundation.org\r\n"
1158 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1159 "Content-Type: text/html\r\n"
1160 "Content-Length: 46\r\n"
1162 "This is dummy body1";
1163 uint8_t http2_buf[] =
1164 "This is dummy message body2";
1165 uint32_t http1_len =
sizeof(http1_buf) - 1;
1166 uint32_t http2_len =
sizeof(http2_buf) - 1;
1170 memset(&th_v, 0,
sizeof(th_v));
1172 memset(&f, 0,
sizeof(f));
1173 memset(&ssn, 0,
sizeof(ssn));
1180 f.
proto = IPPROTO_TCP;
1202 "(msg:\"http client body test\"; "
1203 "content:\"message\"; http_client_body; "
1213 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1219 if (http_state == NULL) {
1220 printf(
"no http state: ");
1229 printf(
"sid 1 didn't match but should have");
1236 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1245 printf(
"sid 1 didn't match but should have");
1253 if (det_ctx != NULL) {
1271 static int DetectHttpClientBodyTest09(
void)
1281 uint8_t http1_buf[] =
1282 "GET /index.html HTTP/1.0\r\n"
1283 "Host: www.openinfosecfoundation.org\r\n"
1284 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1285 "Content-Type: text/html\r\n"
1286 "Content-Length: 46\r\n"
1288 "This is dummy body1";
1289 uint8_t http2_buf[] =
1290 "This is dummy message body2";
1291 uint32_t http1_len =
sizeof(http1_buf) - 1;
1292 uint32_t http2_len =
sizeof(http2_buf) - 1;
1296 memset(&th_v, 0,
sizeof(th_v));
1298 memset(&f, 0,
sizeof(f));
1299 memset(&ssn, 0,
sizeof(ssn));
1306 f.
proto = IPPROTO_TCP;
1328 "(msg:\"http client body test\"; "
1329 "content:\"body1This\"; http_client_body; "
1339 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1345 if (http_state == NULL) {
1346 printf(
"no http state: ");
1355 printf(
"sid 1 didn't match but should have");
1362 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1371 printf(
"sid 1 didn't match but should have");
1379 if (det_ctx != NULL) {
1397 static int DetectHttpClientBodyTest10(
void)
1407 uint8_t http1_buf[] =
1408 "GET /index.html HTTP/1.0\r\n"
1409 "Host: www.openinfosecfoundation.org\r\n"
1410 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1411 "Content-Type: text/html\r\n"
1412 "Content-Length: 46\r\n"
1414 "This is dummy bodY1";
1415 uint8_t http2_buf[] =
1416 "This is dummy message body2";
1417 uint32_t http1_len =
sizeof(http1_buf) - 1;
1418 uint32_t http2_len =
sizeof(http2_buf) - 1;
1422 memset(&th_v, 0,
sizeof(th_v));
1424 memset(&f, 0,
sizeof(f));
1425 memset(&ssn, 0,
sizeof(ssn));
1432 f.
proto = IPPROTO_TCP;
1454 "(msg:\"http client body test\"; "
1455 "content:\"body1This\"; http_client_body; nocase;"
1465 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1471 if (http_state == NULL) {
1472 printf(
"no http state: \n");
1481 printf(
"sid 1 didn't match but should have\n");
1488 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: \n", r);
1497 printf(
"sid 1 didn't match but should have");
1505 if (det_ctx != NULL) {
1523 static int DetectHttpClientBodyTest11(
void)
1532 uint8_t http_buf[] =
1533 "GET /index.html HTTP/1.0\r\n"
1534 "Host: www.openinfosecfoundation.org\r\n"
1535 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1536 "Content-Type: text/html\r\n"
1537 "Content-Length: 26\r\n"
1539 "This is dummy message body";
1540 uint32_t http_len =
sizeof(http_buf) - 1;
1544 memset(&th_v, 0,
sizeof(th_v));
1546 memset(&f, 0,
sizeof(f));
1547 memset(&ssn, 0,
sizeof(ssn));
1553 f.
proto = IPPROTO_TCP;
1571 "(msg:\"http client body test\"; "
1572 "content:!\"message1\"; http_client_body; "
1582 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1588 if (http_state == NULL) {
1589 printf(
"no http state: ");
1598 printf(
"sid 1 didn't match but should have");
1606 if (det_ctx != NULL) {
1623 static int DetectHttpClientBodyTest12(
void)
1632 uint8_t http_buf[] =
1633 "GET /index.html HTTP/1.0\r\n"
1634 "Host: www.openinfosecfoundation.org\r\n"
1635 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1636 "Content-Type: text/html\r\n"
1637 "Content-Length: 26\r\n"
1639 "This is dummy message body";
1640 uint32_t http_len =
sizeof(http_buf) - 1;
1644 memset(&th_v, 0,
sizeof(th_v));
1646 memset(&f, 0,
sizeof(f));
1647 memset(&ssn, 0,
sizeof(ssn));
1653 f.
proto = IPPROTO_TCP;
1671 "(msg:\"http client body test\"; "
1672 "content:!\"message\"; http_client_body; "
1682 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1688 if (http_state == NULL) {
1689 printf(
"no http state: ");
1698 printf(
"sid 1 didn't match but should have");
1706 if (det_ctx != NULL) {
1723 static int DetectHttpClientBodyTest13(
void)
1732 uint8_t http_buf[] =
1733 "GET /index.html HTTP/1.0\r\n"
1734 "Host: www.openinfosecfoundation.org\r\n"
1735 "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.7) Gecko/20091221 Firefox/3.5.7\r\n"
1736 "Content-Type: text/html\r\n"
1737 "Content-Length: 55\r\n"
1739 "longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend";
1740 uint32_t http_len =
sizeof(http_buf) - 1;
1744 memset(&th_v, 0,
sizeof(th_v));
1746 memset(&f, 0,
sizeof(f));
1747 memset(&ssn, 0,
sizeof(ssn));
1753 f.
proto = IPPROTO_TCP;
1771 "alert http any any -> any any "
1772 "(msg:\"http client body test\"; "
1773 "content:\"abcdefghijklmnopqrstuvwxyz0123456789\"; http_client_body; "
1783 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1789 if (http_state == NULL) {
1790 printf(
"no http state: ");
1799 printf(
"sid 1 didn't match but should have");
1807 if (det_ctx != NULL) {
1821 static int DetectHttpClientBodyTest14(
void)
1830 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
1831 uint8_t httpbuf2[] =
"User-Agent: Mozilla/1.0\r\nContent-Length: 10\r\n";
1832 uint8_t httpbuf3[] =
"Cookie: dummy\r\n\r\n";
1833 uint8_t httpbuf4[] =
"Body one!!";
1834 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1835 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1836 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1837 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1838 uint8_t httpbuf5[] =
"GET /?var=val HTTP/1.1\r\n";
1839 uint8_t httpbuf6[] =
"User-Agent: Firefox/1.0\r\n";
1840 uint8_t httpbuf7[] =
"Cookie: dummy2\r\nContent-Length: 10\r\n\r\nBody two!!";
1841 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
1842 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
1843 uint32_t httplen7 =
sizeof(httpbuf7) - 1;
1846 memset(&th_v, 0,
sizeof(th_v));
1848 memset(&f, 0,
sizeof(f));
1849 memset(&ssn, 0,
sizeof(ssn));
1855 f.
proto = IPPROTO_TCP;
1873 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"POST\"; http_method; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"one\"; http_client_body; sid:1; rev:1;)");
1875 printf(
"sig parse failed: ");
1878 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; content:\"two\"; http_client_body; sid:2; rev:1;)");
1880 printf(
"sig2 parse failed: ");
1890 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1897 printf(
"sig 1 alerted: ");
1904 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
1911 printf(
"sig 1 alerted (2): ");
1918 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
1925 printf(
"signature matched, but shouldn't have: ");
1932 printf(
"toserver chunk 4 returned %" PRId32
", expected 0: ", r);
1940 printf(
"sig 1 didn't alert: ");
1947 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
1954 printf(
"sig 1 alerted (5): ");
1961 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
1968 printf(
"sig 1 alerted (request 2, chunk 6): ");
1977 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
1984 printf(
"signature 2 didn't match, but should have: ");
1990 if (htp_state == NULL) {
1991 printf(
"no http state: ");
1997 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
2005 if (det_ctx != NULL) {
2020 static int DetectHttpClientBodyTest15(
void)
2029 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
2030 uint8_t httpbuf2[] =
"User-Agent: Mozilla/1.0\r\nContent-Length: 10\r\n";
2031 uint8_t httpbuf3[] =
"Cookie: dummy\r\n\r\n";
2032 uint8_t httpbuf4[] =
"Body one!!";
2033 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2034 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
2035 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
2036 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
2037 uint8_t httpbuf5[] =
"GET /?var=val HTTP/1.1\r\n";
2038 uint8_t httpbuf6[] =
"User-Agent: Firefox/1.0\r\n";
2039 uint8_t httpbuf7[] =
"Cookie: dummy2\r\nContent-Length: 10\r\n\r\nBody two!!";
2040 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
2041 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
2042 uint32_t httplen7 =
sizeof(httpbuf7) - 1;
2045 memset(&th_v, 0,
sizeof(th_v));
2047 memset(&f, 0,
sizeof(f));
2048 memset(&ssn, 0,
sizeof(ssn));
2054 f.
proto = IPPROTO_TCP;
2072 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"POST\"; http_method; content:\"Mozilla\"; http_header; content:\"dummy\"; http_cookie; content:\"one\"; http_client_body; sid:1; rev:1;)");
2074 printf(
"sig parse failed: ");
2077 s =
DetectEngineAppendSig(
de_ctx,
"alert tcp any any -> any any (content:\"GET\"; http_method; content:\"Firefox\"; http_header; content:\"dummy2\"; http_cookie; content:\"two\"; http_client_body; sid:2; rev:1;)");
2079 printf(
"sig2 parse failed: ");
2089 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2096 printf(
"sig 1 alerted: ");
2103 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
2110 printf(
"sig 1 alerted (2): ");
2117 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
2124 printf(
"signature matched, but shouldn't have: ");
2131 printf(
"toserver chunk 4 returned %" PRId32
", expected 0: ", r);
2139 printf(
"sig 1 didn't alert: ");
2146 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
2153 printf(
"sig 1 alerted (5): ");
2160 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
2167 printf(
"sig 1 alerted (request 2, chunk 6): ");
2176 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
2183 printf(
"signature 2 didn't match, but should have: ");
2189 if (htp_state == NULL) {
2190 printf(
"no http state: ");
2197 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
2208 SCLogDebug(
"No body data in t1 (it should be removed only when the tx is destroyed): ");
2213 (uint8_t *)
"Body one!!", 10) != 1)
2215 SCLogDebug(
"Body data in t1 is not correctly set: ");
2223 SCLogDebug(
"No body data in t1 (it should be removed only when the tx is destroyed): ");
2228 (uint8_t *)
"Body two!!", 10) != 1)
2230 SCLogDebug(
"Body data in t1 is not correctly set: ");
2238 if (det_ctx != NULL) {
2252 static int DetectHttpClientBodyTest22(
void)
2258 "alert icmp any any -> any any "
2259 "(content:\"one\"; content:\"two\"; http_client_body; "
2260 "content:\"three\"; distance:10; http_client_body; content:\"four\"; sid:1;)");
2279 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2294 static int DetectHttpClientBodyTest23(
void)
2301 "alert icmp any any -> any any "
2302 "(content:\"one\"; http_client_body; pcre:/two/; "
2303 "content:\"three\"; distance:10; http_client_body; content:\"four\"; sid:1;)");
2321 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2334 static int DetectHttpClientBodyTest24(
void)
2340 "(content:\"one\"; http_client_body; pcre:/two/; "
2341 "content:\"three\"; distance:10; within:15; "
2342 "http_client_body; content:\"four\"; sid:1;)");
2361 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2375 static int DetectHttpClientBodyTest25(
void)
2382 "(content:\"one\"; http_client_body; pcre:/two/; "
2383 "content:\"three\"; distance:10; http_client_body; "
2384 "content:\"four\"; distance:10; sid:1;)");
2402 FAIL_IF(memcmp(cd2->content,
"four", cd2->content_len) != 0);
2416 static int DetectHttpClientBodyTest26(
void)
2426 "alert icmp any any -> any any "
2427 "(content:\"one\"; offset:10; http_client_body; pcre:/two/; "
2428 "content:\"three\"; distance:10; http_client_body; within:10; "
2429 "content:\"four\"; distance:10; sid:1;)");
2431 printf(
"de_ctx->sig_list == NULL\n");
2436 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2441 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2457 memcmp(cd2->content,
"four", cd2->content_len) != 0 ||
2463 printf (
"failed: http_client_body incorrect flags");
2480 static int DetectHttpClientBodyTest27(
void)
2490 "alert icmp any any -> any any "
2491 "(content:\"one\"; offset:10; http_client_body; pcre:/two/; "
2492 "content:\"three\"; distance:10; http_client_body; within:10; "
2493 "content:\"four\"; distance:10; sid:1;)");
2503 static int DetectHttpClientBodyTest28(
void)
2513 "(content:\"one\"; http_client_body; pcre:/two/; "
2514 "content:\"three\"; http_client_body; depth:10; "
2515 "content:\"four\"; distance:10; sid:1;)");
2517 printf(
"de_ctx->sig_list == NULL\n");
2522 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] == NULL\n");
2527 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2543 memcmp(cd2->content,
"four", cd2->content_len) != 0 || hcbd1->
flags != 0 ||
2563 static int DetectHttpClientBodyTest29(
void)
2574 "(content:\"one\"; http_client_body; "
2575 "content:\"two\"; distance:0; http_client_body; sid:1;)");
2577 printf(
"de_ctx->sig_list == NULL\n");
2582 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2587 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2608 static int DetectHttpClientBodyTest30(
void)
2619 "(content:\"one\"; http_client_body; "
2620 "content:\"two\"; within:5; http_client_body; sid:1;)");
2622 printf(
"de_ctx->sig_list == NULL\n");
2627 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2632 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2653 static int DetectHttpClientBodyTest31(
void)
2664 "(content:\"one\"; within:5; http_client_body; sid:1;)");
2674 static int DetectHttpClientBodyTest32(
void)
2685 "(content:\"one\"; http_client_body; within:5; sid:1;)");
2695 static int DetectHttpClientBodyTest33(
void)
2705 "(content:\"one\"; within:5; sid:1;)");
2715 static int DetectHttpClientBodyTest34(
void)
2727 "content:\"two\"; within:5; http_client_body; sid:1;)");
2729 printf(
"de_ctx->sig_list == NULL\n");
2734 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2739 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2768 static int DetectHttpClientBodyTest35(
void)
2778 "(content:\"two\"; http_client_body; "
2779 "pcre:/one/PR; sid:1;)");
2781 printf(
"de_ctx->sig_list == NULL\n");
2786 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2791 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2820 static int DetectHttpClientBodyTest36(
void)
2832 "content:\"two\"; distance:5; http_client_body; sid:1;)");
2834 printf(
"de_ctx->sig_list == NULL\n");
2839 printf(
"de_ctx->sig_list->init_data->smlists[DETECT_SM_LIST_PMATCH] != NULL\n");
2844 printf(
"DetectBufferGetFirstSigMatch(s, g_http_client_body_buffer_id) == NULL\n");
2873 static int DetectHttpClientBodyIsdataatParseTest(
void)
2880 "alert tcp any any -> any any ("
2881 "content:\"one\"; http_client_body; "
2882 "isdataat:!4,relative; sid:1;)");
2900 UtRegisterTest(
"DetectHttpClientBodyParserTest01", DetectHttpClientBodyParserTest01);
2901 UtRegisterTest(
"DetectHttpClientBodyParserTest02", DetectHttpClientBodyParserTest02);
2902 UtRegisterTest(
"DetectHttpClientBodyTest01", DetectHttpClientBodyTest01);
2903 UtRegisterTest(
"DetectHttpClientBodyTest02", DetectHttpClientBodyTest02);
2904 UtRegisterTest(
"DetectHttpClientBodyTest03", DetectHttpClientBodyTest03);
2905 UtRegisterTest(
"DetectHttpClientBodyTest05", DetectHttpClientBodyTest05);
2906 UtRegisterTest(
"DetectHttpClientBodyTest06", DetectHttpClientBodyTest06);
2907 UtRegisterTest(
"DetectHttpClientBodyTest07", DetectHttpClientBodyTest07);
2908 UtRegisterTest(
"DetectHttpClientBodyTest08", DetectHttpClientBodyTest08);
2909 UtRegisterTest(
"DetectHttpClientBodyTest09", DetectHttpClientBodyTest09);
2910 UtRegisterTest(
"DetectHttpClientBodyTest10", DetectHttpClientBodyTest10);
2911 UtRegisterTest(
"DetectHttpClientBodyTest11", DetectHttpClientBodyTest11);
2912 UtRegisterTest(
"DetectHttpClientBodyTest12", DetectHttpClientBodyTest12);
2913 UtRegisterTest(
"DetectHttpClientBodyTest13", DetectHttpClientBodyTest13);
2914 UtRegisterTest(
"DetectHttpClientBodyTest14", DetectHttpClientBodyTest14);
2915 UtRegisterTest(
"DetectHttpClientBodyTest15", DetectHttpClientBodyTest15);
2917 UtRegisterTest(
"DetectHttpClientBodyTest22", DetectHttpClientBodyTest22);
2918 UtRegisterTest(
"DetectHttpClientBodyTest23", DetectHttpClientBodyTest23);
2919 UtRegisterTest(
"DetectHttpClientBodyTest24", DetectHttpClientBodyTest24);
2920 UtRegisterTest(
"DetectHttpClientBodyTest25", DetectHttpClientBodyTest25);
2921 UtRegisterTest(
"DetectHttpClientBodyTest26", DetectHttpClientBodyTest26);
2922 UtRegisterTest(
"DetectHttpClientBodyTest27", DetectHttpClientBodyTest27);
2923 UtRegisterTest(
"DetectHttpClientBodyTest28", DetectHttpClientBodyTest28);
2924 UtRegisterTest(
"DetectHttpClientBodyTest29", DetectHttpClientBodyTest29);
2925 UtRegisterTest(
"DetectHttpClientBodyTest30", DetectHttpClientBodyTest30);
2926 UtRegisterTest(
"DetectHttpClientBodyTest31", DetectHttpClientBodyTest31);
2927 UtRegisterTest(
"DetectHttpClientBodyTest32", DetectHttpClientBodyTest32);
2928 UtRegisterTest(
"DetectHttpClientBodyTest33", DetectHttpClientBodyTest33);
2929 UtRegisterTest(
"DetectHttpClientBodyTest34", DetectHttpClientBodyTest34);
2930 UtRegisterTest(
"DetectHttpClientBodyTest35", DetectHttpClientBodyTest35);
2931 UtRegisterTest(
"DetectHttpClientBodyTest36", DetectHttpClientBodyTest36);
2934 DetectHttpClientBodyIsdataatParseTest);
2937 DetectEngineHttpClientBodyTest01);
2939 DetectEngineHttpClientBodyTest02);
2941 DetectEngineHttpClientBodyTest03);
2943 DetectEngineHttpClientBodyTest04);
2945 DetectEngineHttpClientBodyTest05);
2947 DetectEngineHttpClientBodyTest06);
2949 DetectEngineHttpClientBodyTest07);
2951 DetectEngineHttpClientBodyTest08);
2953 DetectEngineHttpClientBodyTest09);
2955 DetectEngineHttpClientBodyTest10);
2957 DetectEngineHttpClientBodyTest11);
2959 DetectEngineHttpClientBodyTest12);
2961 DetectEngineHttpClientBodyTest13);
2963 DetectEngineHttpClientBodyTest14);
2965 DetectEngineHttpClientBodyTest15);
2967 DetectEngineHttpClientBodyTest16);
2969 DetectEngineHttpClientBodyTest17);
2971 DetectEngineHttpClientBodyTest18);
2973 DetectEngineHttpClientBodyTest19);
2975 DetectEngineHttpClientBodyTest20);
2977 DetectEngineHttpClientBodyTest21);
2979 DetectEngineHttpClientBodyTest22);
2981 DetectEngineHttpClientBodyTest23);
2983 DetectEngineHttpClientBodyTest24);
2985 DetectEngineHttpClientBodyTest25);
2987 DetectEngineHttpClientBodyTest26);
2989 DetectEngineHttpClientBodyTest27);
2991 DetectEngineHttpClientBodyTest28);
2993 DetectEngineHttpClientBodyTest29);
2996 DetectEngineHttpClientBodyTest30);
2998 DetectEngineHttpClientBodyTest31);
1.8.18