suricata
detect-http-uri.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2018 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /** \file
19  *
20  * \author Victor Julien <victor@inliniac.net>
21  * \author Pablo Rincon Crespo <pablo.rincon.crespo@gmail.com>
22  */
23 
24 #include "../suricata-common.h"
25 #include "../util-unittest.h"
26 
27 #include "../detect-isdataat.h"
28 #include "../detect-engine-register.h"
29 #include "../detect-engine.h"
30 #include "../detect-parse.h"
31 
32 static int DetectHttpUriIsdataatParseTest(void)
33 {
34  DetectEngineCtx *de_ctx = DetectEngineCtxInit();
35  FAIL_IF_NULL(de_ctx);
36  de_ctx->flags |= DE_QUIET;
37 
38  Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any ("
39  "content:\"one\"; http_uri; "
40  "isdataat:!4,relative; sid:1;)");
41  FAIL_IF_NULL(s);
42 
43  SigMatch *sm = DetectBufferGetLastSigMatch(s, g_http_uri_buffer_id);
44  FAIL_IF_NULL(sm);
45  FAIL_IF_NOT(sm->type == DETECT_ISDATAAT);
46 
47  DetectIsdataatData *data = (DetectIsdataatData *)sm->ctx;
48  FAIL_IF_NOT(data->flags & ISDATAAT_RELATIVE);
49  FAIL_IF_NOT(data->flags & ISDATAAT_NEGATED);
50  FAIL_IF(data->flags & ISDATAAT_RAWBYTES);
51 
52  DetectEngineCtxFree(de_ctx);
53  PASS;
54 }
55 
56 /**
57  * \brief Register the UNITTESTS for the http_uri keyword
58  */
59 static void DetectHttpUriRegisterTests (void)
60 {
61  UtRegisterTest("DetectHttpUriIsdataatParseTest", DetectHttpUriIsdataatParseTest);
62 }
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DetectIsdataatData_::flags
uint8_t flags
Definition: detect-isdataat.h:34
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:919
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition: detect-engine.c:2624
DE_QUIET
#define DE_QUIET
Definition: detect.h:330
DetectIsdataatData_
Definition: detect-isdataat.h:32
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition: detect-parse.c:3414
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:18
DetectBufferGetLastSigMatch
SigMatch * DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id)
Definition: detect-engine-buffer.c:167
SigMatch_::ctx
SigMatchCtx * ctx
Definition: detect.h:360
ISDATAAT_RELATIVE
#define ISDATAAT_RELATIVE
Definition: detect-isdataat.h:27
ISDATAAT_RAWBYTES
#define ISDATAAT_RAWBYTES
Definition: detect-isdataat.h:28
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
SigMatch_::type
uint16_t type
Definition: detect.h:358
ISDATAAT_NEGATED
#define ISDATAAT_NEGATED
Definition: detect-isdataat.h:29
Signature_
Signature container.
Definition: detect.h:657
SigMatch_
a single match condition for a signature
Definition: detect.h:357
DETECT_ISDATAAT
@ DETECT_ISDATAAT
Definition: detect-engine-register.h:93
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition: detect-engine.c:2585
DetectEngineCtx_::flags
uint8_t flags
Definition: detect.h:921