48 static int RunTest(
const uint8_t *buf,
const uint32_t size,
const char *sig_str,
const int expect)
56 memset(&th_v, 0,
sizeof(th_v));
57 memset(&f, 0,
sizeof(f));
58 memset(&ssn, 0,
sizeof(ssn));
65 f.
proto = IPPROTO_TCP;
108 static int DetectEngineHttpHHTest01(
void)
110 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
112 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
113 uint32_t http_len =
sizeof(http_buf) - 1;
114 return RunTest(http_buf, http_len,
115 "alert http any any -> any any "
116 "(msg:\"http host header test\"; "
117 "content:\"connect\"; http_host; "
126 static int DetectEngineHttpHHTest02(
void)
129 "GET /index.html HTTP/1.0\r\n"
131 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
132 uint32_t http_len =
sizeof(http_buf) - 1;
133 return RunTest(http_buf, http_len,
134 "alert http any any -> any any "
135 "(msg:\"http host header test\"; "
136 "content:\"co\"; depth:4; http_host; "
145 static int DetectEngineHttpHHTest03(
void)
148 "GET /index.html HTTP/1.0\r\n"
150 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
151 uint32_t http_len =
sizeof(http_buf) - 1;
152 return RunTest(http_buf, http_len,
153 "alert http any any -> any any "
154 "(msg:\"http_host header test\"; "
155 "content:!\"ect\"; depth:4; http_host; "
164 static int DetectEngineHttpHHTest04(
void)
167 "GET /index.html HTTP/1.0\r\n"
169 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
170 uint32_t http_len =
sizeof(http_buf) - 1;
171 return RunTest(http_buf, http_len,
172 "alert http any any -> any any "
173 "(msg:\"http host header test\"; "
174 "content:\"ect\"; depth:4; http_host; "
183 static int DetectEngineHttpHHTest05(
void)
185 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
187 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
188 uint32_t http_len =
sizeof(http_buf) - 1;
189 return RunTest(http_buf, http_len,
190 "alert http any any -> any any "
191 "(msg:\"http host header test\"; "
192 "content:!\"con\"; depth:4; http_host; "
201 static int DetectEngineHttpHHTest06(
void)
203 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
205 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
206 uint32_t http_len =
sizeof(http_buf) - 1;
207 return RunTest(http_buf, http_len,
208 "alert http any any -> any any "
209 "(msg:\"http host header test\"; "
210 "content:\"ect\"; offset:3; http_host; "
219 static int DetectEngineHttpHHTest07(
void)
222 "GET /index.html HTTP/1.0\r\n"
224 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
225 uint32_t http_len =
sizeof(http_buf) - 1;
226 return RunTest(http_buf, http_len,
227 "alert http any any -> any any "
228 "(msg:\"http host header test\"; "
229 "content:!\"co\"; offset:3; http_host; "
238 static int DetectEngineHttpHHTest08(
void)
241 "GET /index.html HTTP/1.0\r\n"
243 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
244 uint32_t http_len =
sizeof(http_buf) - 1;
245 return RunTest(http_buf, http_len,
246 "alert http any any -> any any "
247 "(msg:\"http host header test\"; "
248 "content:!\"ect\"; offset:3; http_host; "
257 static int DetectEngineHttpHHTest09(
void)
259 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
261 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
262 uint32_t http_len =
sizeof(http_buf) - 1;
263 return RunTest(http_buf, http_len,
264 "alert http any any -> any any "
265 "(msg:\"http host header test\"; "
266 "content:\"con\"; offset:3; http_host; "
275 static int DetectEngineHttpHHTest10(
void)
277 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
279 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
280 uint32_t http_len =
sizeof(http_buf) - 1;
281 return RunTest(http_buf, http_len,
282 "alert http any any -> any any "
283 "(msg:\"http_host header test\"; "
284 "content:\"co\"; http_host; "
285 "content:\"ec\"; within:4; http_host; "
294 static int DetectEngineHttpHHTest11(
void)
297 "GET /index.html HTTP/1.0\r\n"
299 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
300 uint32_t http_len =
sizeof(http_buf) - 1;
301 return RunTest(http_buf, http_len,
302 "alert http any any -> any any "
303 "(msg:\"http_host header test\"; "
304 "content:\"co\"; http_host; "
305 "content:!\"ec\"; within:3; http_host; "
314 static int DetectEngineHttpHHTest12(
void)
316 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
318 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
319 uint32_t http_len =
sizeof(http_buf) - 1;
320 return RunTest(http_buf, http_len,
321 "alert http any any -> any any "
322 "(msg:\"http_host header test\"; "
323 "content:\"co\"; http_host; "
324 "content:\"ec\"; within:3; http_host; "
333 static int DetectEngineHttpHHTest13(
void)
335 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
337 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
338 uint32_t http_len =
sizeof(http_buf) - 1;
339 return RunTest(http_buf, http_len,
340 "alert http any any -> any any "
341 "(msg:\"http_host header test\"; "
342 "content:\"co\"; http_host; "
343 "content:!\"ec\"; within:4; http_host; "
352 static int DetectEngineHttpHHTest14(
void)
354 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
356 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
357 uint32_t http_len =
sizeof(http_buf) - 1;
358 return RunTest(http_buf, http_len,
359 "alert http any any -> any any "
360 "(msg:\"http_host header test\"; "
361 "content:\"co\"; http_host; "
362 "content:\"ec\"; distance:2; http_host; "
371 static int DetectEngineHttpHHTest15(
void)
373 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
375 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
376 uint32_t http_len =
sizeof(http_buf) - 1;
377 return RunTest(http_buf, http_len,
378 "alert http any any -> any any "
379 "(msg:\"http_host header test\"; "
380 "content:\"co\"; http_host; "
381 "content:!\"ec\"; distance:3; http_host; "
390 static int DetectEngineHttpHHTest16(
void)
392 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
394 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
395 uint32_t http_len =
sizeof(http_buf) - 1;
396 return RunTest(http_buf, http_len,
397 "alert http any any -> any any "
398 "(msg:\"http_host header test\"; "
399 "content:\"co\"; http_host; "
400 "content:\"ec\"; distance:3; http_host; "
409 static int DetectEngineHttpHHTest17(
void)
412 "GET /index.html HTTP/1.0\r\n"
414 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
415 uint32_t http_len =
sizeof(http_buf) - 1;
416 return RunTest(http_buf, http_len,
417 "alert http any any -> any any "
418 "(msg:\"http_host header test\"; "
419 "content:\"co\"; http_host; "
420 "content:!\"ec\"; distance:2; http_host; "
425 static int DetectEngineHttpHHTest18(
void)
427 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
428 "Host: www.kaboom.com\r\n"
429 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
430 uint32_t http_len =
sizeof(http_buf) - 1;
431 return RunTest(http_buf, http_len,
432 "alert http any any -> any any "
433 "(msg:\"http_host header test\"; "
434 "content:\"kaboom\"; http_host; "
439 static int DetectEngineHttpHHTest19(
void)
441 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
442 "Host: www.kaboom.com:8080\r\n"
443 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
444 uint32_t http_len =
sizeof(http_buf) - 1;
445 return RunTest(http_buf, http_len,
446 "alert http any any -> any any "
447 "(msg:\"http_host header test\"; "
448 "content:\"kaboom\"; http_host; "
453 static int DetectEngineHttpHHTest20(
void)
455 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
456 "Host: www.kaboom.com:8080\r\n"
457 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
458 uint32_t http_len =
sizeof(http_buf) - 1;
459 return RunTest(http_buf, http_len,
460 "alert http any any -> any any "
461 "(msg:\"http_host header test\"; "
462 "content:\"8080\"; http_host; "
467 static int DetectEngineHttpHHTest21(
void)
469 uint8_t http_buf[] =
"GET http://www.kaboom.com/index.html HTTP/1.0\r\n"
470 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
471 uint32_t http_len =
sizeof(http_buf) - 1;
472 return RunTest(http_buf, http_len,
473 "alert http any any -> any any "
474 "(msg:\"http_host header test\"; "
475 "content:\"kaboom\"; http_host; "
480 static int DetectEngineHttpHHTest22(
void)
482 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
483 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
484 uint32_t http_len =
sizeof(http_buf) - 1;
485 return RunTest(http_buf, http_len,
486 "alert http any any -> any any "
487 "(msg:\"http_host header test\"; "
488 "content:\"kaboom\"; http_host; "
493 static int DetectEngineHttpHHTest23(
void)
495 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
496 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
497 uint32_t http_len =
sizeof(http_buf) - 1;
498 return RunTest(http_buf, http_len,
499 "alert http any any -> any any "
500 "(msg:\"http_host header test\"; "
501 "content:\"8080\"; http_host; "
506 static int DetectEngineHttpHHTest24(
void)
508 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
509 "Host: www.rabbit.com\r\n"
510 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
511 uint32_t http_len =
sizeof(http_buf) - 1;
512 return RunTest(http_buf, http_len,
513 "alert http any any -> any any "
514 "(msg:\"http_host header test\"; "
515 "content:\"kaboom\"; http_host; "
520 static int DetectEngineHttpHHTest25(
void)
522 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
523 "Host: www.rabbit.com\r\n"
524 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
525 uint32_t http_len =
sizeof(http_buf) - 1;
526 return RunTest(http_buf, http_len,
527 "alert http any any -> any any "
528 "(msg:\"http_host header test\"; "
529 "content:\"rabbit\"; http_host; "
538 static int DetectHttpHHTest01(
void)
544 "content:\"one\"; http_host; sid:1;)");
554 static int DetectHttpHHTest03(
void)
560 "http_host; sid:1;)");
570 static int DetectHttpHHTest04(
void)
576 "content:\"one\"; rawbytes; http_host; sid:1;)");
585 static int DetectHttpHHTest05(
void)
591 "content:\"one\"; http_host; nocase; sid:1;)");
598 static int DetectHttpHHTest05a(
void)
605 "(content:\"ABC\"; http_host; sid:1;)");
616 static int DetectHttpHHTest06(
void)
618 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
619 "User-Agent: www.openinfosecfoundation.org\r\n"
620 "Host: This is dummy message body\r\n"
621 "Content-Type: text/html\r\n"
623 uint32_t http_len =
sizeof(http_buf) - 1;
624 return RunTest(http_buf, http_len,
625 "alert http any any -> any any "
626 "(msg:\"http host test\"; "
627 "content:\"message\"; http_host; "
636 static int DetectHttpHHTest07(
void)
645 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
646 "User-Agent: www.openinfosecfoundation.org\r\n"
647 "Host: This is dummy message";
648 uint8_t http2_buf[] =
"body1\r\n\r\n";
649 uint32_t http1_len =
sizeof(http1_buf) - 1;
650 uint32_t http2_len =
sizeof(http2_buf) - 1;
653 memset(&th_v, 0,
sizeof(th_v));
654 memset(&f, 0,
sizeof(f));
655 memset(&ssn, 0,
sizeof(ssn));
662 f.
proto = IPPROTO_TCP;
682 "(msg:\"http host test\"; "
683 "content:\"message\"; http_host; "
726 static int DetectHttpHHTest08(
void)
735 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
736 "User-Agent: www.openinfosecfoundation.org\r\n"
737 "host: This is dummy mess";
738 uint8_t http2_buf[] =
"age body\r\n\r\n";
739 uint32_t http1_len =
sizeof(http1_buf) - 1;
740 uint32_t http2_len =
sizeof(http2_buf) - 1;
743 memset(&th_v, 0,
sizeof(th_v));
744 memset(&f, 0,
sizeof(f));
745 memset(&ssn, 0,
sizeof(ssn));
752 f.
proto = IPPROTO_TCP;
772 "(msg:\"http host test\"; "
773 "content:\"message\"; http_host; "
817 static int DetectHttpHHTest09(
void)
826 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
827 "User-Agent: www.openinfosecfoundation.org\r\n"
828 "Host: This is dummy body1";
829 uint8_t http2_buf[] =
"This is dummy message body2\r\n"
830 "Content-Type: text/html\r\n"
831 "Content-Length: 46\r\n"
833 "This is dummy body1";
834 uint32_t http1_len =
sizeof(http1_buf) - 1;
835 uint32_t http2_len =
sizeof(http2_buf) - 1;
838 memset(&th_v, 0,
sizeof(th_v));
839 memset(&f, 0,
sizeof(f));
840 memset(&ssn, 0,
sizeof(ssn));
847 f.
proto = IPPROTO_TCP;
867 "(msg:\"http host test\"; "
868 "content:\"body1this\"; http_host; "
912 static int DetectHttpHHTest10(
void)
922 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
923 "User-Agent: www.openinfosecfoundation.org\r\n"
924 "Host: This is dummy bodY1";
925 uint8_t http2_buf[] =
"This is dummy message body2\r\n"
926 "Content-Type: text/html\r\n"
927 "Content-Length: 46\r\n"
929 "This is dummy bodY1";
930 uint32_t http1_len =
sizeof(http1_buf) - 1;
931 uint32_t http2_len =
sizeof(http2_buf) - 1;
935 memset(&th_v, 0,
sizeof(th_v));
936 memset(&f, 0,
sizeof(f));
937 memset(&ssn, 0,
sizeof(ssn));
944 f.
proto = IPPROTO_TCP;
966 "(msg:\"http host test\"; "
967 "content:\"body1this\"; http_host; "
978 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
984 if (http_state == NULL) {
985 printf(
"no http state: \n");
994 printf(
"sid 1 didn't match but should have\n");
1001 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: \n", r);
1010 printf(
"sid 1 didn't match but should have");
1034 static int DetectHttpHHTest11(
void)
1036 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
1037 "User-Agent: www.openinfosecfoundation.org\r\n"
1038 "Host: This is dummy message body\r\n"
1039 "Content-Type: text/html\r\n"
1041 uint32_t http_len =
sizeof(http_buf) - 1;
1042 return RunTest(http_buf, http_len,
1043 "alert http any any -> any any "
1044 "(msg:\"http host test\"; "
1045 "content:!\"message\"; http_host; "
1054 static int DetectHttpHHTest12(
void)
1056 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
1057 "User-Agent: www.openinfosecfoundation.org\r\n"
1058 "Host: This is dummy body\r\n"
1060 uint32_t http_len =
sizeof(http_buf) - 1;
1061 return RunTest(http_buf, http_len,
1062 "alert http any any -> any any "
1063 "(msg:\"http host test\"; "
1064 "content:!\"message\"; http_host; "
1073 static int DetectHttpHHTest13(
void)
1075 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
1076 "User-Agent: www.openinfosecfoundation.org\r\n"
1077 "Host: longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend\r\n"
1078 "Content-Type: text/html\r\n"
1080 uint32_t http_len =
sizeof(http_buf) - 1;
1081 return RunTest(http_buf, http_len,
1082 "alert http any any -> any any "
1083 "(msg:\"http host test\"; "
1084 "content:\"abcdefghijklmnopqrstuvwxyz0123456789\"; http_host; "
1092 static int DetectHttpHHTest14(
void)
1101 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
1102 uint8_t httpbuf2[] =
"Cookie: dummy1\r\n";
1103 uint8_t httpbuf3[] =
"Host: Body one!!\r\n\r\n";
1104 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1105 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1106 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1107 uint8_t httpbuf4[] =
"GET /?var=val HTTP/1.1\r\n";
1108 uint8_t httpbuf5[] =
"Cookie: dummy2\r\n";
1109 uint8_t httpbuf6[] =
"Host: Body two\r\n\r\n";
1110 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1111 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
1112 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
1115 memset(&th_v, 0,
sizeof(th_v));
1116 memset(&f, 0,
sizeof(f));
1117 memset(&ssn, 0,
sizeof(ssn));
1123 f.
proto = IPPROTO_TCP;
1142 "alert tcp any any -> any any (content:\"POST\"; http_method; content:\"dummy1\"; "
1143 "http_cookie; content:\"body one\"; http_host; sid:1; rev:1;)");
1145 printf(
"sig parse failed: ");
1149 "alert tcp any any -> any any (content:\"GET\"; http_method; content:\"dummy2\"; "
1150 "http_cookie; content:\"body two\"; http_host; sid:2; rev:1;)");
1152 printf(
"sig2 parse failed: ");
1162 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1169 printf(
"sig 1 alerted: ");
1176 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
1183 printf(
"sig 1 alerted (2): ");
1190 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
1197 printf(
"sig 1 didn't alert: ");
1204 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
1211 printf(
"sig 1 alerted (4): ");
1218 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
1225 printf(
"sig 1 alerted (request 2, chunk 6): ");
1234 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
1241 printf(
"signature 2 didn't match or sig 1 matched, but shouldn't have: ");
1247 if (htp_state == NULL) {
1248 printf(
"no http state: ");
1254 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
1262 if (det_ctx != NULL) {
1280 static int DetectHttpHRHTest06(
void)
1282 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
1283 "User-Agent: www.openinfosecfoundation.org\r\n"
1284 "Host: This is dummy message body\r\n"
1285 "Content-Type: text/html\r\n"
1287 uint32_t http_len =
sizeof(http_buf) - 1;
1288 return RunTest(http_buf, http_len,
1289 "alert http any any -> any any "
1290 "(msg:\"http host test\"; "
1291 "content:\"message\"; http_raw_host; "
1300 static int DetectHttpHRHTest07(
void)
1310 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
1311 "User-Agent: www.openinfosecfoundation.org\r\n"
1312 "Host: This is dummy message";
1313 uint8_t http2_buf[] =
"body1\r\n\r\n";
1314 uint32_t http1_len =
sizeof(http1_buf) - 1;
1315 uint32_t http2_len =
sizeof(http2_buf) - 1;
1319 memset(&th_v, 0,
sizeof(th_v));
1320 memset(&f, 0,
sizeof(f));
1321 memset(&ssn, 0,
sizeof(ssn));
1328 f.
proto = IPPROTO_TCP;
1350 "(msg:\"http host test\"; "
1351 "content:\"message\"; http_raw_host; "
1362 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1368 if (http_state == NULL) {
1369 printf(
"no http state: ");
1377 printf(
"sid 1 matched on p1 but shouldn't have: ");
1384 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1391 printf(
"sid 1 didn't match on p2 but should have: ");
1415 static int DetectHttpHRHTest08(
void)
1425 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
1426 "User-Agent: www.openinfosecfoundation.org\r\n"
1427 "host: This is dummy mess";
1428 uint8_t http2_buf[] =
"age body\r\n\r\n";
1429 uint32_t http1_len =
sizeof(http1_buf) - 1;
1430 uint32_t http2_len =
sizeof(http2_buf) - 1;
1434 memset(&th_v, 0,
sizeof(th_v));
1435 memset(&f, 0,
sizeof(f));
1436 memset(&ssn, 0,
sizeof(ssn));
1443 f.
proto = IPPROTO_TCP;
1465 "(msg:\"http host test\"; "
1466 "content:\"message\"; http_raw_host; "
1477 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1483 if (http_state == NULL) {
1484 printf(
"no http state: ");
1493 printf(
"sid 1 didn't match but should have");
1500 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1509 printf(
"sid 1 didn't match but should have");
1533 static int DetectHttpHRHTest09(
void)
1543 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
1544 "User-Agent: www.openinfosecfoundation.org\r\n"
1545 "Host: This is dummy body1";
1546 uint8_t http2_buf[] =
"This is dummy message body2\r\n"
1547 "Content-Type: text/html\r\n"
1548 "Content-Length: 46\r\n"
1550 "This is dummy body1";
1551 uint32_t http1_len =
sizeof(http1_buf) - 1;
1552 uint32_t http2_len =
sizeof(http2_buf) - 1;
1556 memset(&th_v, 0,
sizeof(th_v));
1557 memset(&f, 0,
sizeof(f));
1558 memset(&ssn, 0,
sizeof(ssn));
1565 f.
proto = IPPROTO_TCP;
1587 "(msg:\"http host test\"; "
1588 "content:\"body1This\"; http_raw_host; "
1599 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1605 if (http_state == NULL) {
1606 printf(
"no http state: ");
1615 printf(
"sid 1 didn't match but should have");
1622 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1631 printf(
"sid 1 didn't match but should have");
1655 static int DetectHttpHRHTest10(
void)
1665 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
1666 "User-Agent: www.openinfosecfoundation.org\r\n"
1667 "Host: This is dummy bodY1";
1668 uint8_t http2_buf[] =
"This is dummy message body2\r\n"
1669 "Content-Type: text/html\r\n"
1670 "Content-Length: 46\r\n"
1672 "This is dummy bodY1";
1673 uint32_t http1_len =
sizeof(http1_buf) - 1;
1674 uint32_t http2_len =
sizeof(http2_buf) - 1;
1678 memset(&th_v, 0,
sizeof(th_v));
1679 memset(&f, 0,
sizeof(f));
1680 memset(&ssn, 0,
sizeof(ssn));
1687 f.
proto = IPPROTO_TCP;
1709 "(msg:\"http host test\"; "
1710 "content:\"bodY1This\"; http_raw_host; "
1721 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1727 if (http_state == NULL) {
1728 printf(
"no http state: \n");
1737 printf(
"sid 1 didn't match but should have\n");
1744 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: \n", r);
1753 printf(
"sid 1 didn't match but should have");
1777 static int DetectHttpHRHTest11(
void)
1779 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
1780 "User-Agent: www.openinfosecfoundation.org\r\n"
1781 "Host: This is dummy message body\r\n"
1782 "Content-Type: text/html\r\n"
1784 uint32_t http_len =
sizeof(http_buf) - 1;
1785 return RunTest(http_buf, http_len,
1786 "alert http any any -> any any "
1787 "(msg:\"http host test\"; "
1788 "content:!\"message\"; http_raw_host; "
1797 static int DetectHttpHRHTest12(
void)
1799 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
1800 "User-Agent: www.openinfosecfoundation.org\r\n"
1801 "Host: This is dummy body\r\n"
1803 uint32_t http_len =
sizeof(http_buf) - 1;
1804 return RunTest(http_buf, http_len,
1805 "alert http any any -> any any "
1806 "(msg:\"http host test\"; "
1807 "content:!\"message\"; http_raw_host; "
1816 static int DetectHttpHRHTest13(
void)
1818 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
1819 "User-Agent: www.openinfosecfoundation.org\r\n"
1820 "Host: longbufferabcdefghijklmnopqrstuvwxyz0123456789bufferend\r\n"
1821 "Content-Type: text/html\r\n"
1823 uint32_t http_len =
sizeof(http_buf) - 1;
1824 return RunTest(http_buf, http_len,
1825 "alert http any any -> any any "
1826 "(msg:\"http host test\"; "
1827 "content:\"abcdefghijklmnopqrstuvwxyz0123456789\"; http_raw_host; "
1835 static int DetectHttpHRHTest14(
void)
1844 uint8_t httpbuf1[] =
"POST / HTTP/1.1\r\n";
1845 uint8_t httpbuf2[] =
"Cookie: dummy1\r\n";
1846 uint8_t httpbuf3[] =
"Host: Body one!!\r\n\r\n";
1847 uint32_t httplen1 =
sizeof(httpbuf1) - 1;
1848 uint32_t httplen2 =
sizeof(httpbuf2) - 1;
1849 uint32_t httplen3 =
sizeof(httpbuf3) - 1;
1850 uint8_t httpbuf4[] =
"GET /?var=val HTTP/1.1\r\n";
1851 uint8_t httpbuf5[] =
"Cookie: dummy2\r\n";
1852 uint8_t httpbuf6[] =
"Host: Body two\r\n\r\n";
1853 uint32_t httplen4 =
sizeof(httpbuf4) - 1;
1854 uint32_t httplen5 =
sizeof(httpbuf5) - 1;
1855 uint32_t httplen6 =
sizeof(httpbuf6) - 1;
1858 memset(&th_v, 0,
sizeof(th_v));
1859 memset(&f, 0,
sizeof(f));
1860 memset(&ssn, 0,
sizeof(ssn));
1866 f.
proto = IPPROTO_TCP;
1885 "alert tcp any any -> any any (content:\"POST\"; http_method; content:\"dummy1\"; "
1886 "http_cookie; content:\"Body one\"; http_raw_host; sid:1; rev:1;)");
1888 printf(
"sig parse failed: ");
1892 "alert tcp any any -> any any (content:\"GET\"; http_method; content:\"dummy2\"; "
1893 "http_cookie; content:\"Body two\"; http_raw_host; sid:2; rev:1;)");
1895 printf(
"sig2 parse failed: ");
1905 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
1912 printf(
"sig 1 alerted: ");
1919 printf(
"toserver chunk 2 returned %" PRId32
", expected 0: ", r);
1926 printf(
"sig 1 alerted (2): ");
1933 printf(
"toserver chunk 3 returned %" PRId32
", expected 0: ", r);
1940 printf(
"sig 1 didn't alert: ");
1947 printf(
"toserver chunk 5 returned %" PRId32
", expected 0: ", r);
1954 printf(
"sig 1 alerted (4): ");
1961 printf(
"toserver chunk 6 returned %" PRId32
", expected 0: ", r);
1968 printf(
"sig 1 alerted (request 2, chunk 6): ");
1977 printf(
"toserver chunk 7 returned %" PRId32
", expected 0: ", r);
1984 printf(
"signature 2 didn't match or sig 1 matched, but shouldn't have: ");
1990 if (htp_state == NULL) {
1991 printf(
"no http state: ");
1997 printf(
"The http app layer doesn't have 2 transactions, but it should: ");
2005 if (det_ctx != NULL) {
2023 static int DetectHttpHRHTest37(
void)
2033 uint8_t http1_buf[] =
"GET /index.html HTTP/1.0\r\n"
2034 "User-Agent: www.openinfosecfoundation.org\r\n"
2035 "Host: This is dummy bodY1";
2036 uint8_t http2_buf[] =
"This is dummy message body2\r\n"
2037 "Content-Type: text/html\r\n"
2038 "Content-Length: 46\r\n"
2040 "This is dummy bodY1";
2041 uint32_t http1_len =
sizeof(http1_buf) - 1;
2042 uint32_t http2_len =
sizeof(http2_buf) - 1;
2046 memset(&th_v, 0,
sizeof(th_v));
2047 memset(&f, 0,
sizeof(f));
2048 memset(&ssn, 0,
sizeof(ssn));
2055 f.
proto = IPPROTO_TCP;
2077 "(msg:\"http host test\"; "
2078 "content:\"body1this\"; http_raw_host; nocase; "
2089 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: ", r);
2095 if (http_state == NULL) {
2096 printf(
"no http state: \n");
2105 printf(
"sid 1 didn't match but should have\n");
2112 printf(
"toserver chunk 1 returned %" PRId32
", expected 0: \n", r);
2121 printf(
"sid 1 didn't match but should have");
2145 static int DetectEngineHttpHRHTest01(
void)
2147 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2149 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2150 uint32_t http_len =
sizeof(http_buf) - 1;
2151 return RunTest(http_buf, http_len,
2152 "alert http any any -> any any "
2153 "(msg:\"http host header test\"; "
2154 "content:\"CONNECT\"; http_raw_host; "
2163 static int DetectEngineHttpHRHTest02(
void)
2165 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2167 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2168 uint32_t http_len =
sizeof(http_buf) - 1;
2169 return RunTest(http_buf, http_len,
2170 "alert http any any -> any any "
2171 "(msg:\"http host header test\"; "
2172 "content:\"CO\"; depth:4; http_raw_host; "
2181 static int DetectEngineHttpHRHTest03(
void)
2183 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2185 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2186 uint32_t http_len =
sizeof(http_buf) - 1;
2187 return RunTest(http_buf, http_len,
2188 "alert http any any -> any any "
2189 "(msg:\"http_raw_host header test\"; "
2190 "content:!\"ECT\"; depth:4; http_raw_host; "
2199 static int DetectEngineHttpHRHTest04(
void)
2201 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2203 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2204 uint32_t http_len =
sizeof(http_buf) - 1;
2205 return RunTest(http_buf, http_len,
2206 "alert http any any -> any any "
2207 "(msg:\"http host header test\"; "
2208 "content:\"ECT\"; depth:4; http_raw_host; "
2217 static int DetectEngineHttpHRHTest05(
void)
2219 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2221 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2222 uint32_t http_len =
sizeof(http_buf) - 1;
2223 return RunTest(http_buf, http_len,
2224 "alert http any any -> any any "
2225 "(msg:\"http host header test\"; "
2226 "content:!\"CON\"; depth:4; http_raw_host; "
2235 static int DetectEngineHttpHRHTest06(
void)
2237 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2239 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2240 uint32_t http_len =
sizeof(http_buf) - 1;
2241 return RunTest(http_buf, http_len,
2242 "alert http any any -> any any "
2243 "(msg:\"http host header test\"; "
2244 "content:\"ECT\"; offset:3; http_raw_host; "
2253 static int DetectEngineHttpHRHTest07(
void)
2255 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2257 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2258 uint32_t http_len =
sizeof(http_buf) - 1;
2259 return RunTest(http_buf, http_len,
2260 "alert http any any -> any any "
2261 "(msg:\"http host header test\"; "
2262 "content:!\"CO\"; offset:3; http_raw_host; "
2271 static int DetectEngineHttpHRHTest08(
void)
2273 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2275 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2276 uint32_t http_len =
sizeof(http_buf) - 1;
2277 return RunTest(http_buf, http_len,
2278 "alert http any any -> any any "
2279 "(msg:\"http host header test\"; "
2280 "content:!\"ECT\"; offset:3; http_raw_host; "
2289 static int DetectEngineHttpHRHTest09(
void)
2291 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2293 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2294 uint32_t http_len =
sizeof(http_buf) - 1;
2295 return RunTest(http_buf, http_len,
2296 "alert http any any -> any any "
2297 "(msg:\"http host header test\"; "
2298 "content:\"CON\"; offset:3; http_raw_host; "
2307 static int DetectEngineHttpHRHTest10(
void)
2309 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2311 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2312 uint32_t http_len =
sizeof(http_buf) - 1;
2313 return RunTest(http_buf, http_len,
2314 "alert http any any -> any any "
2315 "(msg:\"http_raw_host header test\"; "
2316 "content:\"CO\"; http_raw_host; "
2317 "content:\"EC\"; within:4; http_raw_host; "
2326 static int DetectEngineHttpHRHTest11(
void)
2328 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2330 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2331 uint32_t http_len =
sizeof(http_buf) - 1;
2332 return RunTest(http_buf, http_len,
2333 "alert http any any -> any any "
2334 "(msg:\"http_raw_host header test\"; "
2335 "content:\"CO\"; http_raw_host; "
2336 "content:!\"EC\"; within:3; http_raw_host; "
2345 static int DetectEngineHttpHRHTest12(
void)
2347 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2349 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2350 uint32_t http_len =
sizeof(http_buf) - 1;
2351 return RunTest(http_buf, http_len,
2352 "alert http any any -> any any "
2353 "(msg:\"http_raw_host header test\"; "
2354 "content:\"CO\"; http_raw_host; "
2355 "content:\"EC\"; within:3; http_raw_host; "
2364 static int DetectEngineHttpHRHTest13(
void)
2366 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2368 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2369 uint32_t http_len =
sizeof(http_buf) - 1;
2370 return RunTest(http_buf, http_len,
2371 "alert http any any -> any any "
2372 "(msg:\"http_raw_host header test\"; "
2373 "content:\"CO\"; http_raw_host; "
2374 "content:!\"EC\"; within:4; http_raw_host; "
2383 static int DetectEngineHttpHRHTest14(
void)
2385 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2387 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2388 uint32_t http_len =
sizeof(http_buf) - 1;
2389 return RunTest(http_buf, http_len,
2390 "alert http any any -> any any "
2391 "(msg:\"http_raw_host header test\"; "
2392 "content:\"CO\"; http_raw_host; "
2393 "content:\"EC\"; distance:2; http_raw_host; "
2402 static int DetectEngineHttpHRHTest15(
void)
2404 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2406 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2407 uint32_t http_len =
sizeof(http_buf) - 1;
2408 return RunTest(http_buf, http_len,
2409 "alert http any any -> any any "
2410 "(msg:\"http_raw_host header test\"; "
2411 "content:\"CO\"; http_raw_host; "
2412 "content:!\"EC\"; distance:3; http_raw_host; "
2421 static int DetectEngineHttpHRHTest16(
void)
2423 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2425 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2426 uint32_t http_len =
sizeof(http_buf) - 1;
2427 return RunTest(http_buf, http_len,
2428 "alert http any any -> any any "
2429 "(msg:\"http_raw_host header test\"; "
2430 "content:\"CO\"; http_raw_host; "
2431 "content:\"EC\"; distance:3; http_raw_host; "
2440 static int DetectEngineHttpHRHTest17(
void)
2442 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2444 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2445 uint32_t http_len =
sizeof(http_buf) - 1;
2446 return RunTest(http_buf, http_len,
2447 "alert http any any -> any any "
2448 "(msg:\"http_raw_host header test\"; "
2449 "content:\"CO\"; http_raw_host; "
2450 "content:!\"EC\"; distance:2; http_raw_host; "
2455 static int DetectEngineHttpHRHTest18(
void)
2457 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2458 "Host: www.kaboom.com:8080\r\n"
2459 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2460 uint32_t http_len =
sizeof(http_buf) - 1;
2461 return RunTest(http_buf, http_len,
2462 "alert http any any -> any any "
2463 "(msg:\"http_raw_host header test\"; "
2464 "content:\"kaboom\"; http_raw_host; nocase; "
2469 static int DetectEngineHttpHRHTest19(
void)
2471 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2472 "Host: www.kaboom.com:8080\r\n"
2473 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2474 uint32_t http_len =
sizeof(http_buf) - 1;
2475 return RunTest(http_buf, http_len,
2476 "alert http any any -> any any "
2477 "(msg:\"http_raw_host header test\"; "
2478 "content:\"kaboom\"; http_raw_host; nocase; "
2483 static int DetectEngineHttpHRHTest20(
void)
2485 uint8_t http_buf[] =
"GET /index.html HTTP/1.0\r\n"
2486 "Host: www.kaboom.com:8080\r\n"
2487 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2488 uint32_t http_len =
sizeof(http_buf) - 1;
2489 return RunTest(http_buf, http_len,
2490 "alert http any any -> any any "
2491 "(msg:\"http_raw_host header test\"; "
2492 "content:\"8080\"; http_raw_host; nocase; "
2497 static int DetectEngineHttpHRHTest21(
void)
2499 uint8_t http_buf[] =
"GET http://www.kaboom.com/index.html HTTP/1.0\r\n"
2500 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2501 uint32_t http_len =
sizeof(http_buf) - 1;
2502 return RunTest(http_buf, http_len,
2503 "alert http any any -> any any "
2504 "(msg:\"http_raw_host header test\"; "
2505 "content:\"kaboom\"; http_raw_host; nocase; "
2510 static int DetectEngineHttpHRHTest22(
void)
2512 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
2513 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2514 uint32_t http_len =
sizeof(http_buf) - 1;
2515 return RunTest(http_buf, http_len,
2516 "alert http any any -> any any "
2517 "(msg:\"http_raw_host header test\"; "
2518 "content:\"kaboom\"; http_raw_host; nocase; "
2523 static int DetectEngineHttpHRHTest23(
void)
2525 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
2526 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2527 uint32_t http_len =
sizeof(http_buf) - 1;
2528 return RunTest(http_buf, http_len,
2529 "alert http any any -> any any "
2530 "(msg:\"http_raw_host header test\"; "
2531 "content:\"8080\"; http_raw_host; nocase; "
2536 static int DetectEngineHttpHRHTest24(
void)
2538 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
2539 "Host: www.rabbit.com\r\n"
2540 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2541 uint32_t http_len =
sizeof(http_buf) - 1;
2542 return RunTest(http_buf, http_len,
2543 "alert http any any -> any any "
2544 "(msg:\"http_raw_host header test\"; "
2545 "content:\"kaboom\"; http_raw_host; nocase; "
2550 static int DetectEngineHttpHRHTest25(
void)
2552 uint8_t http_buf[] =
"GET http://www.kaboom.com:8080/index.html HTTP/1.0\r\n"
2553 "Host: www.rabbit.com\r\n"
2554 "User-Agent: www.onetwothreefourfivesixseven.org\r\n\r\n";
2555 uint32_t http_len =
sizeof(http_buf) - 1;
2556 return RunTest(http_buf, http_len,
2557 "alert http any any -> any any "
2558 "(msg:\"http_raw_host header test\"; "
2559 "content:\"rabbit\"; http_raw_host; nocase; "
2581 UtRegisterTest(
"DetectEngineHttpHHTest01", DetectEngineHttpHHTest01);
2582 UtRegisterTest(
"DetectEngineHttpHHTest02", DetectEngineHttpHHTest02);
2583 UtRegisterTest(
"DetectEngineHttpHHTest03", DetectEngineHttpHHTest03);
2584 UtRegisterTest(
"DetectEngineHttpHHTest04", DetectEngineHttpHHTest04);
2585 UtRegisterTest(
"DetectEngineHttpHHTest05", DetectEngineHttpHHTest05);
2586 UtRegisterTest(
"DetectEngineHttpHHTest06", DetectEngineHttpHHTest06);
2587 UtRegisterTest(
"DetectEngineHttpHHTest07", DetectEngineHttpHHTest07);
2588 UtRegisterTest(
"DetectEngineHttpHHTest08", DetectEngineHttpHHTest08);
2589 UtRegisterTest(
"DetectEngineHttpHHTest09", DetectEngineHttpHHTest09);
2590 UtRegisterTest(
"DetectEngineHttpHHTest10", DetectEngineHttpHHTest10);
2591 UtRegisterTest(
"DetectEngineHttpHHTest11", DetectEngineHttpHHTest11);
2592 UtRegisterTest(
"DetectEngineHttpHHTest12", DetectEngineHttpHHTest12);
2593 UtRegisterTest(
"DetectEngineHttpHHTest13", DetectEngineHttpHHTest13);
2594 UtRegisterTest(
"DetectEngineHttpHHTest14", DetectEngineHttpHHTest14);
2595 UtRegisterTest(
"DetectEngineHttpHHTest15", DetectEngineHttpHHTest15);
2596 UtRegisterTest(
"DetectEngineHttpHHTest16", DetectEngineHttpHHTest16);
2597 UtRegisterTest(
"DetectEngineHttpHHTest17", DetectEngineHttpHHTest17);
2598 UtRegisterTest(
"DetectEngineHttpHHTest18", DetectEngineHttpHHTest18);
2599 UtRegisterTest(
"DetectEngineHttpHHTest19", DetectEngineHttpHHTest19);
2600 UtRegisterTest(
"DetectEngineHttpHHTest20", DetectEngineHttpHHTest20);
2601 UtRegisterTest(
"DetectEngineHttpHHTest21", DetectEngineHttpHHTest21);
2602 UtRegisterTest(
"DetectEngineHttpHHTest22", DetectEngineHttpHHTest22);
2603 UtRegisterTest(
"DetectEngineHttpHHTest23", DetectEngineHttpHHTest23);
2604 UtRegisterTest(
"DetectEngineHttpHHTest24", DetectEngineHttpHHTest24);
2605 UtRegisterTest(
"DetectEngineHttpHHTest25", DetectEngineHttpHHTest25);
2619 UtRegisterTest(
"DetectEngineHttpHRHTest01", DetectEngineHttpHRHTest01);
2620 UtRegisterTest(
"DetectEngineHttpHRHTest02", DetectEngineHttpHRHTest02);
2621 UtRegisterTest(
"DetectEngineHttpHRHTest03", DetectEngineHttpHRHTest03);
2622 UtRegisterTest(
"DetectEngineHttpHRHTest04", DetectEngineHttpHRHTest04);
2623 UtRegisterTest(
"DetectEngineHttpHRHTest05", DetectEngineHttpHRHTest05);
2624 UtRegisterTest(
"DetectEngineHttpHRHTest06", DetectEngineHttpHRHTest06);
2625 UtRegisterTest(
"DetectEngineHttpHRHTest07", DetectEngineHttpHRHTest07);
2626 UtRegisterTest(
"DetectEngineHttpHRHTest08", DetectEngineHttpHRHTest08);
2627 UtRegisterTest(
"DetectEngineHttpHRHTest09", DetectEngineHttpHRHTest09);
2628 UtRegisterTest(
"DetectEngineHttpHRHTest10", DetectEngineHttpHRHTest10);
2629 UtRegisterTest(
"DetectEngineHttpHRHTest11", DetectEngineHttpHRHTest11);
2630 UtRegisterTest(
"DetectEngineHttpHRHTest12", DetectEngineHttpHRHTest12);
2631 UtRegisterTest(
"DetectEngineHttpHRHTest13", DetectEngineHttpHRHTest13);
2632 UtRegisterTest(
"DetectEngineHttpHRHTest14", DetectEngineHttpHRHTest14);
2633 UtRegisterTest(
"DetectEngineHttpHRHTest15", DetectEngineHttpHRHTest15);
2634 UtRegisterTest(
"DetectEngineHttpHRHTest16", DetectEngineHttpHRHTest16);
2635 UtRegisterTest(
"DetectEngineHttpHRHTest17", DetectEngineHttpHRHTest17);
2636 UtRegisterTest(
"DetectEngineHttpHRHTest18", DetectEngineHttpHRHTest18);
2637 UtRegisterTest(
"DetectEngineHttpHRHTest19", DetectEngineHttpHRHTest19);
2638 UtRegisterTest(
"DetectEngineHttpHRHTest20", DetectEngineHttpHRHTest20);
2639 UtRegisterTest(
"DetectEngineHttpHRHTest21", DetectEngineHttpHRHTest21);
2640 UtRegisterTest(
"DetectEngineHttpHRHTest22", DetectEngineHttpHRHTest22);
2641 UtRegisterTest(
"DetectEngineHttpHRHTest23", DetectEngineHttpHRHTest23);
2642 UtRegisterTest(
"DetectEngineHttpHRHTest24", DetectEngineHttpHRHTest24);
2643 UtRegisterTest(
"DetectEngineHttpHRHTest25", DetectEngineHttpHRHTest25);