34 #include "../suricata-common.h"
35 #include "../suricata.h"
36 #include "../flow-util.h"
38 #include "../app-layer-parser.h"
39 #include "../util-unittest.h"
40 #include "../util-unittest-helper.h"
41 #include "../app-layer.h"
42 #include "../app-layer-htp.h"
43 #include "../app-layer-protos.h"
44 #include "../detect-isdataat.h"
45 #include "../detect-engine-build.h"
46 #include "../detect-engine-alert.h"
50 static int g_http_uri_buffer_id = 0;
56 static int DetectEngineHttpCookieTest01(
void)
66 "GET /index.html HTTP/1.0\r\n"
68 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
69 uint32_t http_len =
sizeof(http_buf) - 1;
73 memset(&th_v, 0,
sizeof(th_v));
74 memset(&f, 0,
sizeof(f));
75 memset(&ssn, 0,
sizeof(ssn));
81 f.
proto = IPPROTO_TCP;
98 "(msg:\"http header test\"; "
99 "content:\"CONNECT\"; http_cookie; "
110 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
116 if (http_state == NULL) {
117 printf(
"no http state: ");
126 printf(
"sid 1 didn't match but should have: ");
148 static int DetectEngineHttpCookieTest02(
void)
158 "CONNECT /index.html HTTP/1.0\r\n"
159 "Cookie: CONNECT\r\n"
160 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
161 uint32_t http_len =
sizeof(http_buf) - 1;
165 memset(&th_v, 0,
sizeof(th_v));
166 memset(&f, 0,
sizeof(f));
167 memset(&ssn, 0,
sizeof(ssn));
173 f.
proto = IPPROTO_TCP;
190 "(msg:\"http header test\"; "
191 "content:\"CO\"; depth:4; http_cookie; "
202 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
208 if (http_state == NULL) {
209 printf(
"no http state: ");
218 printf(
"sid 1 didn't match but should have: ");
240 static int DetectEngineHttpCookieTest03(
void)
250 "CONNECT /index.html HTTP/1.0\r\n"
251 "Cookie: CONNECT\r\n"
252 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
253 uint32_t http_len =
sizeof(http_buf) - 1;
257 memset(&th_v, 0,
sizeof(th_v));
258 memset(&f, 0,
sizeof(f));
259 memset(&ssn, 0,
sizeof(ssn));
265 f.
proto = IPPROTO_TCP;
282 "(msg:\"http header test\"; "
283 "content:!\"ECT\"; depth:4; http_cookie; "
294 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
300 if (http_state == NULL) {
301 printf(
"no http state: ");
310 printf(
"sid 1 didn't match but should have: ");
332 static int DetectEngineHttpCookieTest04(
void)
342 "CONNECT /index.html HTTP/1.0\r\n"
343 "Cookie: CONNECT\r\n"
344 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
345 uint32_t http_len =
sizeof(http_buf) - 1;
349 memset(&th_v, 0,
sizeof(th_v));
350 memset(&f, 0,
sizeof(f));
351 memset(&ssn, 0,
sizeof(ssn));
357 f.
proto = IPPROTO_TCP;
374 "(msg:\"http header test\"; "
375 "content:\"ECT\"; depth:4; http_cookie; "
386 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
392 if (http_state == NULL) {
393 printf(
"no http state: ");
402 printf(
"sid 1 matched but shouldn't have: ");
424 static int DetectEngineHttpCookieTest05(
void)
434 "CONNECT /index.html HTTP/1.0\r\n"
435 "Cookie: CONNECT\r\n"
436 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
437 uint32_t http_len =
sizeof(http_buf) - 1;
441 memset(&th_v, 0,
sizeof(th_v));
442 memset(&f, 0,
sizeof(f));
443 memset(&ssn, 0,
sizeof(ssn));
449 f.
proto = IPPROTO_TCP;
466 "(msg:\"http header test\"; "
467 "content:!\"CON\"; depth:4; http_cookie; "
478 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
484 if (http_state == NULL) {
485 printf(
"no http state: ");
494 printf(
"sid 1 matched but shouldn't have: ");
516 static int DetectEngineHttpCookieTest06(
void)
526 "CONNECT /index.html HTTP/1.0\r\n"
527 "Cookie: CONNECT\r\n"
528 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
529 uint32_t http_len =
sizeof(http_buf) - 1;
533 memset(&th_v, 0,
sizeof(th_v));
534 memset(&f, 0,
sizeof(f));
535 memset(&ssn, 0,
sizeof(ssn));
541 f.
proto = IPPROTO_TCP;
558 "(msg:\"http header test\"; "
559 "content:\"ECT\"; offset:3; http_cookie; "
570 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
576 if (http_state == NULL) {
577 printf(
"no http state: ");
586 printf(
"sid 1 didn't match but should have: ");
608 static int DetectEngineHttpCookieTest07(
void)
618 "CONNECT /index.html HTTP/1.0\r\n"
619 "Cookie: CONNECT\r\n"
620 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
621 uint32_t http_len =
sizeof(http_buf) - 1;
625 memset(&th_v, 0,
sizeof(th_v));
626 memset(&f, 0,
sizeof(f));
627 memset(&ssn, 0,
sizeof(ssn));
633 f.
proto = IPPROTO_TCP;
650 "(msg:\"http header test\"; "
651 "content:!\"CO\"; offset:3; http_cookie; "
662 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
668 if (http_state == NULL) {
669 printf(
"no http state: ");
678 printf(
"sid 1 didn't match but should have: ");
700 static int DetectEngineHttpCookieTest08(
void)
710 "CONNECT /index.html HTTP/1.0\r\n"
711 "Cookie: CONNECT\r\n"
712 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
713 uint32_t http_len =
sizeof(http_buf) - 1;
717 memset(&th_v, 0,
sizeof(th_v));
718 memset(&f, 0,
sizeof(f));
719 memset(&ssn, 0,
sizeof(ssn));
725 f.
proto = IPPROTO_TCP;
742 "(msg:\"http header test\"; "
743 "content:!\"ECT\"; offset:3; http_cookie; "
754 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
760 if (http_state == NULL) {
761 printf(
"no http state: ");
770 printf(
"sid 1 matched but shouldn't have: ");
792 static int DetectEngineHttpCookieTest09(
void)
802 "CONNECT /index.html HTTP/1.0\r\n"
803 "Cookie: CONNECT\r\n"
804 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
805 uint32_t http_len =
sizeof(http_buf) - 1;
809 memset(&th_v, 0,
sizeof(th_v));
810 memset(&f, 0,
sizeof(f));
811 memset(&ssn, 0,
sizeof(ssn));
817 f.
proto = IPPROTO_TCP;
834 "(msg:\"http header test\"; "
835 "content:\"CON\"; offset:3; http_cookie; "
846 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
852 if (http_state == NULL) {
853 printf(
"no http state: ");
862 printf(
"sid 1 matched but shouldn't have: ");
884 static int DetectEngineHttpCookieTest10(
void)
894 "CONNECT /index.html HTTP/1.0\r\n"
895 "Cookie: CONNECT\r\n"
896 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
897 uint32_t http_len =
sizeof(http_buf) - 1;
901 memset(&th_v, 0,
sizeof(th_v));
902 memset(&f, 0,
sizeof(f));
903 memset(&ssn, 0,
sizeof(ssn));
909 f.
proto = IPPROTO_TCP;
926 "(msg:\"http header test\"; "
927 "content:\"CO\"; http_cookie; "
928 "content:\"EC\"; within:4; http_cookie; "
939 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
945 if (http_state == NULL) {
946 printf(
"no http state: ");
955 printf(
"sid 1 didn't match but should have: ");
977 static int DetectEngineHttpCookieTest11(
void)
987 "CONNECT /index.html HTTP/1.0\r\n"
988 "Cookie: CONNECT\r\n"
989 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
990 uint32_t http_len =
sizeof(http_buf) - 1;
994 memset(&th_v, 0,
sizeof(th_v));
995 memset(&f, 0,
sizeof(f));
996 memset(&ssn, 0,
sizeof(ssn));
1002 f.
proto = IPPROTO_TCP;
1019 "(msg:\"http header test\"; "
1020 "content:\"CO\"; http_cookie; "
1021 "content:!\"EC\"; within:3; http_cookie; "
1032 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1038 if (http_state == NULL) {
1039 printf(
"no http state: ");
1048 printf(
"sid 1 didn't match but should have: ");
1070 static int DetectEngineHttpCookieTest12(
void)
1079 uint8_t http_buf[] =
1080 "CONNECT /index.html HTTP/1.0\r\n"
1081 "Cookie: CONNECT\r\n"
1082 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1083 uint32_t http_len =
sizeof(http_buf) - 1;
1087 memset(&th_v, 0,
sizeof(th_v));
1088 memset(&f, 0,
sizeof(f));
1089 memset(&ssn, 0,
sizeof(ssn));
1095 f.
proto = IPPROTO_TCP;
1112 "(msg:\"http header test\"; "
1113 "content:\"CO\"; http_cookie; "
1114 "content:\"EC\"; within:3; http_cookie; "
1125 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1131 if (http_state == NULL) {
1132 printf(
"no http state: ");
1141 printf(
"sid 1 matched but shouldn't have: ");
1163 static int DetectEngineHttpCookieTest13(
void)
1172 uint8_t http_buf[] =
1173 "CONNECT /index.html HTTP/1.0\r\n"
1174 "Cookie: CONNECT\r\n"
1175 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1176 uint32_t http_len =
sizeof(http_buf) - 1;
1180 memset(&th_v, 0,
sizeof(th_v));
1181 memset(&f, 0,
sizeof(f));
1182 memset(&ssn, 0,
sizeof(ssn));
1188 f.
proto = IPPROTO_TCP;
1205 "(msg:\"http header test\"; "
1206 "content:\"CO\"; http_cookie; "
1207 "content:!\"EC\"; within:4; http_cookie; "
1218 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1224 if (http_state == NULL) {
1225 printf(
"no http state: ");
1234 printf(
"sid 1 matched but shouldn't have: ");
1256 static int DetectEngineHttpCookieTest14(
void)
1265 uint8_t http_buf[] =
1266 "CONNECT /index.html HTTP/1.0\r\n"
1267 "Cookie: CONNECT\r\n"
1268 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1269 uint32_t http_len =
sizeof(http_buf) - 1;
1273 memset(&th_v, 0,
sizeof(th_v));
1274 memset(&f, 0,
sizeof(f));
1275 memset(&ssn, 0,
sizeof(ssn));
1281 f.
proto = IPPROTO_TCP;
1298 "(msg:\"http header test\"; "
1299 "content:\"CO\"; http_cookie; "
1300 "content:\"EC\"; distance:2; http_cookie; "
1311 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1317 if (http_state == NULL) {
1318 printf(
"no http state: ");
1327 printf(
"sid 1 didn't match but should have: ");
1349 static int DetectEngineHttpCookieTest15(
void)
1358 uint8_t http_buf[] =
1359 "CONNECT /index.html HTTP/1.0\r\n"
1360 "Cookie: CONNECT\r\n"
1361 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1362 uint32_t http_len =
sizeof(http_buf) - 1;
1366 memset(&th_v, 0,
sizeof(th_v));
1367 memset(&f, 0,
sizeof(f));
1368 memset(&ssn, 0,
sizeof(ssn));
1374 f.
proto = IPPROTO_TCP;
1391 "(msg:\"http header test\"; "
1392 "content:\"CO\"; http_cookie; "
1393 "content:!\"EC\"; distance:3; http_cookie; "
1404 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1410 if (http_state == NULL) {
1411 printf(
"no http state: ");
1420 printf(
"sid 1 didn't match but should have: ");
1442 static int DetectEngineHttpCookieTest16(
void)
1451 uint8_t http_buf[] =
1452 "CONNECT /index.html HTTP/1.0\r\n"
1453 "Cookie: CONNECT\r\n"
1454 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1455 uint32_t http_len =
sizeof(http_buf) - 1;
1459 memset(&th_v, 0,
sizeof(th_v));
1460 memset(&f, 0,
sizeof(f));
1461 memset(&ssn, 0,
sizeof(ssn));
1467 f.
proto = IPPROTO_TCP;
1484 "(msg:\"http header test\"; "
1485 "content:\"CO\"; http_cookie; "
1486 "content:\"EC\"; distance:3; http_cookie; "
1497 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1503 if (http_state == NULL) {
1504 printf(
"no http state: ");
1513 printf(
"sid 1 matched but shouldn't have: ");
1535 static int DetectEngineHttpCookieTest17(
void)
1544 uint8_t http_buf[] =
1545 "CONNECT /index.html HTTP/1.0\r\n"
1546 "Cookie: CONNECT\r\n"
1547 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1548 uint32_t http_len =
sizeof(http_buf) - 1;
1552 memset(&th_v, 0,
sizeof(th_v));
1553 memset(&f, 0,
sizeof(f));
1554 memset(&ssn, 0,
sizeof(ssn));
1560 f.
proto = IPPROTO_TCP;
1577 "(msg:\"http header test\"; "
1578 "content:\"CO\"; http_cookie; "
1579 "content:!\"EC\"; distance:2; http_cookie; "
1590 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1596 if (http_state == NULL) {
1597 printf(
"no http state: ");
1606 printf(
"sid 1 matched but shouldn't have: ");
1628 static int DetectHttpCookieTest01(
void)
1638 "(msg:\"Testing http_cookie\"; http_cookie;sid:1;)");
1652 static int DetectHttpCookieTest02(
void)
1662 "(msg:\"Testing http_cookie\"; content:\"me\"; "
1663 "http_cookie:woo; sid:1;)");
1676 static int DetectHttpCookieTest03(
void)
1687 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1688 "http_cookie; content:\"two\"; http_cookie; "
1689 "content:\"two\"; http_cookie; "
1692 printf(
"sig parse failed: ");
1699 printf(
"no sigmatch(es): ");
1703 while (sm != NULL) {
1707 printf(
"expected DETECT_CONTENT for http_cookie, got %d: ", sm->
type);
1723 static int DetectHttpCookieTest04(
void)
1733 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1734 "fast_pattern; http_cookie; sid:1;)");
1747 static int DetectHttpCookieTest05(
void)
1757 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1758 "rawbytes; http_cookie; sid:1;)");
1771 static int DetectHttpCookieTest06(
void)
1781 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1782 "http_cookie; uricontent:\"abc\"; sid:1;)");
1788 BUG_ON(s->sm_lists[g_http_cookie_buffer_id] == NULL);
1790 if (s->sm_lists[g_http_cookie_buffer_id]->type !=
DETECT_CONTENT)
1793 if (s->sm_lists[g_http_uri_buffer_id] == NULL) {
1794 printf(
"expected another SigMatch, got NULL: ");
1811 static int DetectHttpCookieSigTest01(
void)
1815 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\nCookie:"
1816 " hellocatchme\r\n\r\n";
1817 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1826 memset(&th_v, 0,
sizeof(th_v));
1827 memset(&f, 0,
sizeof(f));
1828 memset(&ssn, 0,
sizeof(ssn));
1834 f.
proto = IPPROTO_TCP;
1853 "\"HTTP cookie\"; content:\"me\"; "
1854 "http_cookie; sid:1;)");
1860 "cookie\"; content:\"go\"; http_cookie; sid:2;)");
1861 if (s->
next == NULL) {
1872 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1878 if (http_state == NULL) {
1879 printf(
"no http state: ");
1888 printf(
"sid 1 didn't match but should have: ");
1892 printf(
"sid 2 matched but shouldn't: ");
1900 if (det_ctx != NULL) {
1914 static int DetectHttpCookieSigTest02(
void)
1918 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n\r\n";
1919 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1928 memset(&th_v, 0,
sizeof(th_v));
1929 memset(&p, 0,
sizeof(p));
1930 memset(&f, 0,
sizeof(f));
1931 memset(&ssn, 0,
sizeof(ssn));
1937 f.
proto = IPPROTO_TCP;
1956 "\"HTTP cookie\"; content:\"me\"; "
1957 "http_cookie; sid:1;)");
1968 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1974 if (http_state == NULL) {
1975 printf(
"no http state: ");
1992 if (det_ctx != NULL) {
2004 static int DetectHttpCookieSigTest03(
void)
2008 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2009 "Cookie: dummy\r\n\r\n";
2010 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2019 memset(&th_v, 0,
sizeof(th_v));
2020 memset(&f, 0,
sizeof(f));
2021 memset(&ssn, 0,
sizeof(ssn));
2027 f.
proto = IPPROTO_TCP;
2046 "\"HTTP cookie\"; content:\"boo\"; "
2047 "http_cookie; sid:1;)");
2058 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2064 if (http_state == NULL) {
2065 printf(
"no http state: ");
2081 if (det_ctx != NULL) {
2094 static int DetectHttpCookieSigTest04(
void)
2098 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2099 "Cookie: dummy\r\n\r\n";
2100 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2109 memset(&th_v, 0,
sizeof(th_v));
2110 memset(&p, 0,
sizeof(p));
2111 memset(&f, 0,
sizeof(f));
2112 memset(&ssn, 0,
sizeof(ssn));
2118 f.
proto = IPPROTO_TCP;
2137 "\"HTTP cookie\"; content:!\"boo\"; "
2138 "http_cookie; sid:1;)");
2149 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2155 if (http_state == NULL) {
2156 printf(
"no http state: ");
2172 if (det_ctx != NULL) {
2185 static int DetectHttpCookieSigTest05(
void)
2189 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2190 "Cookie: DuMmY\r\n\r\n";
2191 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2200 memset(&th_v, 0,
sizeof(th_v));
2201 memset(&p, 0,
sizeof(p));
2202 memset(&f, 0,
sizeof(f));
2203 memset(&ssn, 0,
sizeof(ssn));
2209 f.
proto = IPPROTO_TCP;
2228 "\"HTTP cookie\"; content:\"dummy\"; nocase; "
2229 "http_cookie; sid:1;)");
2240 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2246 if (http_state == NULL) {
2247 printf(
"no http state: ");
2263 if (det_ctx != NULL) {
2276 static int DetectHttpCookieSigTest06(
void)
2280 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2281 "Cookie: DuMmY\r\n\r\n";
2282 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2291 memset(&th_v, 0,
sizeof(th_v));
2292 memset(&p, 0,
sizeof(p));
2293 memset(&f, 0,
sizeof(f));
2294 memset(&ssn, 0,
sizeof(ssn));
2300 f.
proto = IPPROTO_TCP;
2319 "\"HTTP cookie\"; content:\"dummy\"; "
2320 "http_cookie; nocase; sid:1;)");
2322 printf(
"sig parse failed: ");
2332 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2337 if (http_state == NULL) {
2338 printf(
"no http state: ");
2346 printf(
"sig 1 failed to match: ");
2354 if (det_ctx != NULL) {
2367 static int DetectHttpCookieSigTest07(
void)
2371 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2372 "Cookie: dummy\r\n\r\n";
2373 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2382 memset(&th_v, 0,
sizeof(th_v));
2383 memset(&f, 0,
sizeof(f));
2384 memset(&ssn, 0,
sizeof(ssn));
2390 f.
proto = IPPROTO_TCP;
2409 "\"HTTP cookie\"; content:!\"dummy\"; "
2410 "http_cookie; sid:1;)");
2421 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2427 if (http_state == NULL) {
2428 printf(
"no http state: ");
2444 if (det_ctx != NULL) {
2459 static int DetectHttpCookieSigTest08(
void)
2464 uint8_t httpbuf_request[] =
2465 "GET / HTTP/1.1\r\n"
2466 "User-Agent: Mozilla/1.0\r\n"
2468 uint32_t httpbuf_request_len =
sizeof(httpbuf_request) - 1;
2470 uint8_t httpbuf_response[] =
2471 "HTTP/1.1 200 OK\r\n"
2472 "Set-Cookie: response_user_agent\r\n"
2474 uint32_t httpbuf_response_len =
sizeof(httpbuf_response) - 1;
2477 Packet *p1 = NULL, *p2 = NULL;
2484 memset(&th_v, 0,
sizeof(th_v));
2485 memset(&f, 0,
sizeof(f));
2486 memset(&ssn, 0,
sizeof(ssn));
2490 f.
proto = IPPROTO_TCP;
2516 "(flow:to_client; content:\"response_user_agent\"; "
2517 "http_cookie; sid:1;)");
2527 httpbuf_request_len);
2529 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2535 if (http_state == NULL) {
2536 printf(
"no http state: ");
2548 httpbuf_response_len);
2550 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2566 if (det_ctx != NULL) {
2582 static int DetectHttpCookieSigTest09(
void)
2587 uint8_t httpbuf_request[] =
2588 "GET / HTTP/1.1\r\n"
2589 "Cookie: request_user_agent\r\n"
2590 "User-Agent: Mozilla/1.0\r\n"
2592 uint32_t httpbuf_request_len =
sizeof(httpbuf_request) - 1;
2594 uint8_t httpbuf_response[] =
2595 "HTTP/1.1 200 OK\r\n"
2596 "Set-Cookie: response_user_agent\r\n"
2598 uint32_t httpbuf_response_len =
sizeof(httpbuf_response) - 1;
2601 Packet *p1 = NULL, *p2 = NULL;
2608 memset(&th_v, 0,
sizeof(th_v));
2609 memset(&f, 0,
sizeof(f));
2610 memset(&ssn, 0,
sizeof(ssn));
2614 f.
proto = IPPROTO_TCP;
2640 "(flow:to_server; content:\"request_user_agent\"; "
2641 "http_cookie; sid:1;)");
2646 "(flow:to_client; content:\"response_user_agent\"; "
2647 "http_cookie; sid:2;)");
2657 httpbuf_request_len);
2659 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2665 if (http_state == NULL) {
2666 printf(
"no http state: ");
2678 httpbuf_response_len);
2680 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2696 if (det_ctx != NULL) {
2709 static int DetectHttpCookieIsdataatParseTest(
void)
2716 "alert tcp any any -> any any ("
2717 "content:\"one\"; http_cookie; "
2718 "isdataat:!4,relative; sid:1;)");
2741 UtRegisterTest(
"DetectHttpCookieTest01", DetectHttpCookieTest01);
2742 UtRegisterTest(
"DetectHttpCookieTest02", DetectHttpCookieTest02);
2743 UtRegisterTest(
"DetectHttpCookieTest03", DetectHttpCookieTest03);
2744 UtRegisterTest(
"DetectHttpCookieTest04", DetectHttpCookieTest04);
2745 UtRegisterTest(
"DetectHttpCookieTest05", DetectHttpCookieTest05);
2746 UtRegisterTest(
"DetectHttpCookieTest06", DetectHttpCookieTest06);
2747 UtRegisterTest(
"DetectHttpCookieSigTest01", DetectHttpCookieSigTest01);
2748 UtRegisterTest(
"DetectHttpCookieSigTest02", DetectHttpCookieSigTest02);
2749 UtRegisterTest(
"DetectHttpCookieSigTest03", DetectHttpCookieSigTest03);
2750 UtRegisterTest(
"DetectHttpCookieSigTest04", DetectHttpCookieSigTest04);
2751 UtRegisterTest(
"DetectHttpCookieSigTest05", DetectHttpCookieSigTest05);
2752 UtRegisterTest(
"DetectHttpCookieSigTest06", DetectHttpCookieSigTest06);
2753 UtRegisterTest(
"DetectHttpCookieSigTest07", DetectHttpCookieSigTest07);
2754 UtRegisterTest(
"DetectHttpCookieSigTest08", DetectHttpCookieSigTest08);
2755 UtRegisterTest(
"DetectHttpCookieSigTest09", DetectHttpCookieSigTest09);
2757 DetectHttpCookieIsdataatParseTest);
2759 DetectEngineHttpCookieTest01);
2761 DetectEngineHttpCookieTest02);
2763 DetectEngineHttpCookieTest03);
2765 DetectEngineHttpCookieTest04);
2767 DetectEngineHttpCookieTest05);
2769 DetectEngineHttpCookieTest06);
2771 DetectEngineHttpCookieTest07);
2773 DetectEngineHttpCookieTest08);
2775 DetectEngineHttpCookieTest09);
2777 DetectEngineHttpCookieTest10);
2779 DetectEngineHttpCookieTest11);
2781 DetectEngineHttpCookieTest12);
2783 DetectEngineHttpCookieTest13);
2785 DetectEngineHttpCookieTest14);
2787 DetectEngineHttpCookieTest15);
2789 DetectEngineHttpCookieTest16);
2791 DetectEngineHttpCookieTest17);