34 #include "../suricata-common.h"
35 #include "../suricata.h"
36 #include "../flow-util.h"
38 #include "../app-layer-parser.h"
39 #include "../util-unittest.h"
40 #include "../util-unittest-helper.h"
41 #include "../app-layer.h"
42 #include "../app-layer-htp.h"
43 #include "../app-layer-protos.h"
44 #include "../detect-isdataat.h"
48 static int g_http_uri_buffer_id = 0;
54 static int DetectEngineHttpCookieTest01(
void)
64 "GET /index.html HTTP/1.0\r\n"
66 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
67 uint32_t http_len =
sizeof(http_buf) - 1;
71 memset(&th_v, 0,
sizeof(th_v));
72 memset(&f, 0,
sizeof(f));
73 memset(&ssn, 0,
sizeof(ssn));
79 f.
proto = IPPROTO_TCP;
96 "(msg:\"http header test\"; "
97 "content:\"CONNECT\"; http_cookie; "
108 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
114 if (http_state == NULL) {
115 printf(
"no http state: ");
124 printf(
"sid 1 didn't match but should have: ");
146 static int DetectEngineHttpCookieTest02(
void)
156 "CONNECT /index.html HTTP/1.0\r\n"
157 "Cookie: CONNECT\r\n"
158 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
159 uint32_t http_len =
sizeof(http_buf) - 1;
163 memset(&th_v, 0,
sizeof(th_v));
164 memset(&f, 0,
sizeof(f));
165 memset(&ssn, 0,
sizeof(ssn));
171 f.
proto = IPPROTO_TCP;
188 "(msg:\"http header test\"; "
189 "content:\"CO\"; depth:4; http_cookie; "
200 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
206 if (http_state == NULL) {
207 printf(
"no http state: ");
216 printf(
"sid 1 didn't match but should have: ");
238 static int DetectEngineHttpCookieTest03(
void)
248 "CONNECT /index.html HTTP/1.0\r\n"
249 "Cookie: CONNECT\r\n"
250 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
251 uint32_t http_len =
sizeof(http_buf) - 1;
255 memset(&th_v, 0,
sizeof(th_v));
256 memset(&f, 0,
sizeof(f));
257 memset(&ssn, 0,
sizeof(ssn));
263 f.
proto = IPPROTO_TCP;
280 "(msg:\"http header test\"; "
281 "content:!\"ECT\"; depth:4; http_cookie; "
292 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
298 if (http_state == NULL) {
299 printf(
"no http state: ");
308 printf(
"sid 1 didn't match but should have: ");
330 static int DetectEngineHttpCookieTest04(
void)
340 "CONNECT /index.html HTTP/1.0\r\n"
341 "Cookie: CONNECT\r\n"
342 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
343 uint32_t http_len =
sizeof(http_buf) - 1;
347 memset(&th_v, 0,
sizeof(th_v));
348 memset(&f, 0,
sizeof(f));
349 memset(&ssn, 0,
sizeof(ssn));
355 f.
proto = IPPROTO_TCP;
372 "(msg:\"http header test\"; "
373 "content:\"ECT\"; depth:4; http_cookie; "
384 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
390 if (http_state == NULL) {
391 printf(
"no http state: ");
400 printf(
"sid 1 matched but shouldn't have: ");
422 static int DetectEngineHttpCookieTest05(
void)
432 "CONNECT /index.html HTTP/1.0\r\n"
433 "Cookie: CONNECT\r\n"
434 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
435 uint32_t http_len =
sizeof(http_buf) - 1;
439 memset(&th_v, 0,
sizeof(th_v));
440 memset(&f, 0,
sizeof(f));
441 memset(&ssn, 0,
sizeof(ssn));
447 f.
proto = IPPROTO_TCP;
464 "(msg:\"http header test\"; "
465 "content:!\"CON\"; depth:4; http_cookie; "
476 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
482 if (http_state == NULL) {
483 printf(
"no http state: ");
492 printf(
"sid 1 matched but shouldn't have: ");
514 static int DetectEngineHttpCookieTest06(
void)
524 "CONNECT /index.html HTTP/1.0\r\n"
525 "Cookie: CONNECT\r\n"
526 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
527 uint32_t http_len =
sizeof(http_buf) - 1;
531 memset(&th_v, 0,
sizeof(th_v));
532 memset(&f, 0,
sizeof(f));
533 memset(&ssn, 0,
sizeof(ssn));
539 f.
proto = IPPROTO_TCP;
556 "(msg:\"http header test\"; "
557 "content:\"ECT\"; offset:3; http_cookie; "
568 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
574 if (http_state == NULL) {
575 printf(
"no http state: ");
584 printf(
"sid 1 didn't match but should have: ");
606 static int DetectEngineHttpCookieTest07(
void)
616 "CONNECT /index.html HTTP/1.0\r\n"
617 "Cookie: CONNECT\r\n"
618 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
619 uint32_t http_len =
sizeof(http_buf) - 1;
623 memset(&th_v, 0,
sizeof(th_v));
624 memset(&f, 0,
sizeof(f));
625 memset(&ssn, 0,
sizeof(ssn));
631 f.
proto = IPPROTO_TCP;
648 "(msg:\"http header test\"; "
649 "content:!\"CO\"; offset:3; http_cookie; "
660 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
666 if (http_state == NULL) {
667 printf(
"no http state: ");
676 printf(
"sid 1 didn't match but should have: ");
698 static int DetectEngineHttpCookieTest08(
void)
708 "CONNECT /index.html HTTP/1.0\r\n"
709 "Cookie: CONNECT\r\n"
710 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
711 uint32_t http_len =
sizeof(http_buf) - 1;
715 memset(&th_v, 0,
sizeof(th_v));
716 memset(&f, 0,
sizeof(f));
717 memset(&ssn, 0,
sizeof(ssn));
723 f.
proto = IPPROTO_TCP;
740 "(msg:\"http header test\"; "
741 "content:!\"ECT\"; offset:3; http_cookie; "
752 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
758 if (http_state == NULL) {
759 printf(
"no http state: ");
768 printf(
"sid 1 matched but shouldn't have: ");
790 static int DetectEngineHttpCookieTest09(
void)
800 "CONNECT /index.html HTTP/1.0\r\n"
801 "Cookie: CONNECT\r\n"
802 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
803 uint32_t http_len =
sizeof(http_buf) - 1;
807 memset(&th_v, 0,
sizeof(th_v));
808 memset(&f, 0,
sizeof(f));
809 memset(&ssn, 0,
sizeof(ssn));
815 f.
proto = IPPROTO_TCP;
832 "(msg:\"http header test\"; "
833 "content:\"CON\"; offset:3; http_cookie; "
844 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
850 if (http_state == NULL) {
851 printf(
"no http state: ");
860 printf(
"sid 1 matched but shouldn't have: ");
882 static int DetectEngineHttpCookieTest10(
void)
892 "CONNECT /index.html HTTP/1.0\r\n"
893 "Cookie: CONNECT\r\n"
894 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
895 uint32_t http_len =
sizeof(http_buf) - 1;
899 memset(&th_v, 0,
sizeof(th_v));
900 memset(&f, 0,
sizeof(f));
901 memset(&ssn, 0,
sizeof(ssn));
907 f.
proto = IPPROTO_TCP;
924 "(msg:\"http header test\"; "
925 "content:\"CO\"; http_cookie; "
926 "content:\"EC\"; within:4; http_cookie; "
937 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
943 if (http_state == NULL) {
944 printf(
"no http state: ");
953 printf(
"sid 1 didn't match but should have: ");
975 static int DetectEngineHttpCookieTest11(
void)
985 "CONNECT /index.html HTTP/1.0\r\n"
986 "Cookie: CONNECT\r\n"
987 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
988 uint32_t http_len =
sizeof(http_buf) - 1;
992 memset(&th_v, 0,
sizeof(th_v));
993 memset(&f, 0,
sizeof(f));
994 memset(&ssn, 0,
sizeof(ssn));
1000 f.
proto = IPPROTO_TCP;
1017 "(msg:\"http header test\"; "
1018 "content:\"CO\"; http_cookie; "
1019 "content:!\"EC\"; within:3; http_cookie; "
1030 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1036 if (http_state == NULL) {
1037 printf(
"no http state: ");
1046 printf(
"sid 1 didn't match but should have: ");
1068 static int DetectEngineHttpCookieTest12(
void)
1077 uint8_t http_buf[] =
1078 "CONNECT /index.html HTTP/1.0\r\n"
1079 "Cookie: CONNECT\r\n"
1080 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1081 uint32_t http_len =
sizeof(http_buf) - 1;
1085 memset(&th_v, 0,
sizeof(th_v));
1086 memset(&f, 0,
sizeof(f));
1087 memset(&ssn, 0,
sizeof(ssn));
1093 f.
proto = IPPROTO_TCP;
1110 "(msg:\"http header test\"; "
1111 "content:\"CO\"; http_cookie; "
1112 "content:\"EC\"; within:3; http_cookie; "
1123 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1129 if (http_state == NULL) {
1130 printf(
"no http state: ");
1139 printf(
"sid 1 matched but shouldn't have: ");
1161 static int DetectEngineHttpCookieTest13(
void)
1170 uint8_t http_buf[] =
1171 "CONNECT /index.html HTTP/1.0\r\n"
1172 "Cookie: CONNECT\r\n"
1173 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1174 uint32_t http_len =
sizeof(http_buf) - 1;
1178 memset(&th_v, 0,
sizeof(th_v));
1179 memset(&f, 0,
sizeof(f));
1180 memset(&ssn, 0,
sizeof(ssn));
1186 f.
proto = IPPROTO_TCP;
1203 "(msg:\"http header test\"; "
1204 "content:\"CO\"; http_cookie; "
1205 "content:!\"EC\"; within:4; http_cookie; "
1216 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1222 if (http_state == NULL) {
1223 printf(
"no http state: ");
1232 printf(
"sid 1 matched but shouldn't have: ");
1254 static int DetectEngineHttpCookieTest14(
void)
1263 uint8_t http_buf[] =
1264 "CONNECT /index.html HTTP/1.0\r\n"
1265 "Cookie: CONNECT\r\n"
1266 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1267 uint32_t http_len =
sizeof(http_buf) - 1;
1271 memset(&th_v, 0,
sizeof(th_v));
1272 memset(&f, 0,
sizeof(f));
1273 memset(&ssn, 0,
sizeof(ssn));
1279 f.
proto = IPPROTO_TCP;
1296 "(msg:\"http header test\"; "
1297 "content:\"CO\"; http_cookie; "
1298 "content:\"EC\"; distance:2; http_cookie; "
1309 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1315 if (http_state == NULL) {
1316 printf(
"no http state: ");
1325 printf(
"sid 1 didn't match but should have: ");
1347 static int DetectEngineHttpCookieTest15(
void)
1356 uint8_t http_buf[] =
1357 "CONNECT /index.html HTTP/1.0\r\n"
1358 "Cookie: CONNECT\r\n"
1359 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1360 uint32_t http_len =
sizeof(http_buf) - 1;
1364 memset(&th_v, 0,
sizeof(th_v));
1365 memset(&f, 0,
sizeof(f));
1366 memset(&ssn, 0,
sizeof(ssn));
1372 f.
proto = IPPROTO_TCP;
1389 "(msg:\"http header test\"; "
1390 "content:\"CO\"; http_cookie; "
1391 "content:!\"EC\"; distance:3; http_cookie; "
1402 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1408 if (http_state == NULL) {
1409 printf(
"no http state: ");
1418 printf(
"sid 1 didn't match but should have: ");
1440 static int DetectEngineHttpCookieTest16(
void)
1449 uint8_t http_buf[] =
1450 "CONNECT /index.html HTTP/1.0\r\n"
1451 "Cookie: CONNECT\r\n"
1452 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1453 uint32_t http_len =
sizeof(http_buf) - 1;
1457 memset(&th_v, 0,
sizeof(th_v));
1458 memset(&f, 0,
sizeof(f));
1459 memset(&ssn, 0,
sizeof(ssn));
1465 f.
proto = IPPROTO_TCP;
1482 "(msg:\"http header test\"; "
1483 "content:\"CO\"; http_cookie; "
1484 "content:\"EC\"; distance:3; http_cookie; "
1495 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1501 if (http_state == NULL) {
1502 printf(
"no http state: ");
1511 printf(
"sid 1 matched but shouldn't have: ");
1533 static int DetectEngineHttpCookieTest17(
void)
1542 uint8_t http_buf[] =
1543 "CONNECT /index.html HTTP/1.0\r\n"
1544 "Cookie: CONNECT\r\n"
1545 "Host: www.onetwothreefourfivesixseven.org\r\n\r\n";
1546 uint32_t http_len =
sizeof(http_buf) - 1;
1550 memset(&th_v, 0,
sizeof(th_v));
1551 memset(&f, 0,
sizeof(f));
1552 memset(&ssn, 0,
sizeof(ssn));
1558 f.
proto = IPPROTO_TCP;
1575 "(msg:\"http header test\"; "
1576 "content:\"CO\"; http_cookie; "
1577 "content:!\"EC\"; distance:2; http_cookie; "
1588 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1594 if (http_state == NULL) {
1595 printf(
"no http state: ");
1604 printf(
"sid 1 matched but shouldn't have: ");
1626 static int DetectHttpCookieTest01(
void)
1636 "(msg:\"Testing http_cookie\"; http_cookie;sid:1;)");
1650 static int DetectHttpCookieTest02(
void)
1660 "(msg:\"Testing http_cookie\"; content:\"me\"; "
1661 "http_cookie:woo; sid:1;)");
1674 static int DetectHttpCookieTest03(
void)
1685 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1686 "http_cookie; content:\"two\"; http_cookie; "
1687 "content:\"two\"; http_cookie; "
1690 printf(
"sig parse failed: ");
1697 printf(
"no sigmatch(es): ");
1701 while (sm != NULL) {
1705 printf(
"expected DETECT_CONTENT for http_cookie, got %d: ", sm->
type);
1721 static int DetectHttpCookieTest04(
void)
1731 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1732 "fast_pattern; http_cookie; sid:1;)");
1745 static int DetectHttpCookieTest05(
void)
1755 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1756 "rawbytes; http_cookie; sid:1;)");
1769 static int DetectHttpCookieTest06(
void)
1779 "(msg:\"Testing http_cookie\"; content:\"one\"; "
1780 "http_cookie; uricontent:\"abc\"; sid:1;)");
1786 BUG_ON(s->sm_lists[g_http_cookie_buffer_id] == NULL);
1788 if (s->sm_lists[g_http_cookie_buffer_id]->type !=
DETECT_CONTENT)
1791 if (s->sm_lists[g_http_uri_buffer_id] == NULL) {
1792 printf(
"expected another SigMatch, got NULL: ");
1809 static int DetectHttpCookieSigTest01(
void)
1813 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\nCookie:"
1814 " hellocatchme\r\n\r\n";
1815 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1824 memset(&th_v, 0,
sizeof(th_v));
1825 memset(&f, 0,
sizeof(f));
1826 memset(&ssn, 0,
sizeof(ssn));
1832 f.
proto = IPPROTO_TCP;
1851 "\"HTTP cookie\"; content:\"me\"; "
1852 "http_cookie; sid:1;)");
1858 "cookie\"; content:\"go\"; http_cookie; sid:2;)");
1859 if (s->
next == NULL) {
1870 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1876 if (http_state == NULL) {
1877 printf(
"no http state: ");
1886 printf(
"sid 1 didn't match but should have: ");
1890 printf(
"sid 2 matched but shouldn't: ");
1898 if (det_ctx != NULL) {
1912 static int DetectHttpCookieSigTest02(
void)
1916 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n\r\n";
1917 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1926 memset(&th_v, 0,
sizeof(th_v));
1927 memset(&p, 0,
sizeof(p));
1928 memset(&f, 0,
sizeof(f));
1929 memset(&ssn, 0,
sizeof(ssn));
1935 f.
proto = IPPROTO_TCP;
1954 "\"HTTP cookie\"; content:\"me\"; "
1955 "http_cookie; sid:1;)");
1966 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1972 if (http_state == NULL) {
1973 printf(
"no http state: ");
1990 if (det_ctx != NULL) {
2002 static int DetectHttpCookieSigTest03(
void)
2006 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2007 "Cookie: dummy\r\n\r\n";
2008 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2017 memset(&th_v, 0,
sizeof(th_v));
2018 memset(&f, 0,
sizeof(f));
2019 memset(&ssn, 0,
sizeof(ssn));
2025 f.
proto = IPPROTO_TCP;
2044 "\"HTTP cookie\"; content:\"boo\"; "
2045 "http_cookie; sid:1;)");
2056 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2062 if (http_state == NULL) {
2063 printf(
"no http state: ");
2079 if (det_ctx != NULL) {
2092 static int DetectHttpCookieSigTest04(
void)
2096 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2097 "Cookie: dummy\r\n\r\n";
2098 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2107 memset(&th_v, 0,
sizeof(th_v));
2108 memset(&p, 0,
sizeof(p));
2109 memset(&f, 0,
sizeof(f));
2110 memset(&ssn, 0,
sizeof(ssn));
2116 f.
proto = IPPROTO_TCP;
2135 "\"HTTP cookie\"; content:!\"boo\"; "
2136 "http_cookie; sid:1;)");
2147 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2153 if (http_state == NULL) {
2154 printf(
"no http state: ");
2170 if (det_ctx != NULL) {
2183 static int DetectHttpCookieSigTest05(
void)
2187 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2188 "Cookie: DuMmY\r\n\r\n";
2189 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2198 memset(&th_v, 0,
sizeof(th_v));
2199 memset(&p, 0,
sizeof(p));
2200 memset(&f, 0,
sizeof(f));
2201 memset(&ssn, 0,
sizeof(ssn));
2207 f.
proto = IPPROTO_TCP;
2226 "\"HTTP cookie\"; content:\"dummy\"; nocase; "
2227 "http_cookie; sid:1;)");
2238 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2244 if (http_state == NULL) {
2245 printf(
"no http state: ");
2261 if (det_ctx != NULL) {
2274 static int DetectHttpCookieSigTest06(
void)
2278 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2279 "Cookie: DuMmY\r\n\r\n";
2280 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2289 memset(&th_v, 0,
sizeof(th_v));
2290 memset(&p, 0,
sizeof(p));
2291 memset(&f, 0,
sizeof(f));
2292 memset(&ssn, 0,
sizeof(ssn));
2298 f.
proto = IPPROTO_TCP;
2317 "\"HTTP cookie\"; content:\"dummy\"; "
2318 "http_cookie; nocase; sid:1;)");
2320 printf(
"sig parse failed: ");
2330 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2335 if (http_state == NULL) {
2336 printf(
"no http state: ");
2344 printf(
"sig 1 failed to match: ");
2352 if (det_ctx != NULL) {
2365 static int DetectHttpCookieSigTest07(
void)
2369 uint8_t httpbuf1[] =
"POST / HTTP/1.0\r\nUser-Agent: Mozilla/1.0\r\n"
2370 "Cookie: dummy\r\n\r\n";
2371 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
2380 memset(&th_v, 0,
sizeof(th_v));
2381 memset(&f, 0,
sizeof(f));
2382 memset(&ssn, 0,
sizeof(ssn));
2388 f.
proto = IPPROTO_TCP;
2407 "\"HTTP cookie\"; content:!\"dummy\"; "
2408 "http_cookie; sid:1;)");
2419 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2425 if (http_state == NULL) {
2426 printf(
"no http state: ");
2442 if (det_ctx != NULL) {
2457 static int DetectHttpCookieSigTest08(
void)
2462 uint8_t httpbuf_request[] =
2463 "GET / HTTP/1.1\r\n"
2464 "User-Agent: Mozilla/1.0\r\n"
2466 uint32_t httpbuf_request_len =
sizeof(httpbuf_request) - 1;
2468 uint8_t httpbuf_response[] =
2469 "HTTP/1.1 200 OK\r\n"
2470 "Set-Cookie: response_user_agent\r\n"
2472 uint32_t httpbuf_response_len =
sizeof(httpbuf_response) - 1;
2475 Packet *p1 = NULL, *p2 = NULL;
2482 memset(&th_v, 0,
sizeof(th_v));
2483 memset(&f, 0,
sizeof(f));
2484 memset(&ssn, 0,
sizeof(ssn));
2488 f.
proto = IPPROTO_TCP;
2514 "(flow:to_client; content:\"response_user_agent\"; "
2515 "http_cookie; sid:1;)");
2525 httpbuf_request_len);
2527 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2533 if (http_state == NULL) {
2534 printf(
"no http state: ");
2546 httpbuf_response_len);
2548 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2564 if (det_ctx != NULL) {
2580 static int DetectHttpCookieSigTest09(
void)
2585 uint8_t httpbuf_request[] =
2586 "GET / HTTP/1.1\r\n"
2587 "Cookie: request_user_agent\r\n"
2588 "User-Agent: Mozilla/1.0\r\n"
2590 uint32_t httpbuf_request_len =
sizeof(httpbuf_request) - 1;
2592 uint8_t httpbuf_response[] =
2593 "HTTP/1.1 200 OK\r\n"
2594 "Set-Cookie: response_user_agent\r\n"
2596 uint32_t httpbuf_response_len =
sizeof(httpbuf_response) - 1;
2599 Packet *p1 = NULL, *p2 = NULL;
2606 memset(&th_v, 0,
sizeof(th_v));
2607 memset(&f, 0,
sizeof(f));
2608 memset(&ssn, 0,
sizeof(ssn));
2612 f.
proto = IPPROTO_TCP;
2638 "(flow:to_server; content:\"request_user_agent\"; "
2639 "http_cookie; sid:1;)");
2644 "(flow:to_client; content:\"response_user_agent\"; "
2645 "http_cookie; sid:2;)");
2655 httpbuf_request_len);
2657 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2663 if (http_state == NULL) {
2664 printf(
"no http state: ");
2676 httpbuf_response_len);
2678 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2694 if (det_ctx != NULL) {
2707 static int DetectHttpCookieIsdataatParseTest(
void)
2714 "alert tcp any any -> any any ("
2715 "content:\"one\"; http_cookie; "
2716 "isdataat:!4,relative; sid:1;)");
2739 UtRegisterTest(
"DetectHttpCookieTest01", DetectHttpCookieTest01);
2740 UtRegisterTest(
"DetectHttpCookieTest02", DetectHttpCookieTest02);
2741 UtRegisterTest(
"DetectHttpCookieTest03", DetectHttpCookieTest03);
2742 UtRegisterTest(
"DetectHttpCookieTest04", DetectHttpCookieTest04);
2743 UtRegisterTest(
"DetectHttpCookieTest05", DetectHttpCookieTest05);
2744 UtRegisterTest(
"DetectHttpCookieTest06", DetectHttpCookieTest06);
2745 UtRegisterTest(
"DetectHttpCookieSigTest01", DetectHttpCookieSigTest01);
2746 UtRegisterTest(
"DetectHttpCookieSigTest02", DetectHttpCookieSigTest02);
2747 UtRegisterTest(
"DetectHttpCookieSigTest03", DetectHttpCookieSigTest03);
2748 UtRegisterTest(
"DetectHttpCookieSigTest04", DetectHttpCookieSigTest04);
2749 UtRegisterTest(
"DetectHttpCookieSigTest05", DetectHttpCookieSigTest05);
2750 UtRegisterTest(
"DetectHttpCookieSigTest06", DetectHttpCookieSigTest06);
2751 UtRegisterTest(
"DetectHttpCookieSigTest07", DetectHttpCookieSigTest07);
2752 UtRegisterTest(
"DetectHttpCookieSigTest08", DetectHttpCookieSigTest08);
2753 UtRegisterTest(
"DetectHttpCookieSigTest09", DetectHttpCookieSigTest09);
2755 DetectHttpCookieIsdataatParseTest);
2757 DetectEngineHttpCookieTest01);
2759 DetectEngineHttpCookieTest02);
2761 DetectEngineHttpCookieTest03);
2763 DetectEngineHttpCookieTest04);
2765 DetectEngineHttpCookieTest05);
2767 DetectEngineHttpCookieTest06);
2769 DetectEngineHttpCookieTest07);
2771 DetectEngineHttpCookieTest08);
2773 DetectEngineHttpCookieTest09);
2775 DetectEngineHttpCookieTest10);
2777 DetectEngineHttpCookieTest11);
2779 DetectEngineHttpCookieTest12);
2781 DetectEngineHttpCookieTest13);
2783 DetectEngineHttpCookieTest14);
2785 DetectEngineHttpCookieTest15);
2787 DetectEngineHttpCookieTest16);
2789 DetectEngineHttpCookieTest17);