suricata
detect-ssl-state.c
Go to the documentation of this file.
1 /* Copyright (C) 2007-2019 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 /**
19  * \file
20  *
21  * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22  *
23  */
24 
25 #include "detect-engine-build.h"
26 
27 static int DetectSslStateTest01(void)
28 {
29  DetectSslStateData *ssd = DetectSslStateParse("client_hello");
30  FAIL_IF_NULL(ssd);
31  FAIL_IF_NOT(ssd->flags == DETECT_SSL_STATE_CLIENT_HELLO);
32  SCFree(ssd);
33  PASS;
34 }
35 
36 static int DetectSslStateTest02(void)
37 {
38  DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_hello");
39  FAIL_IF_NULL(ssd);
40  FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
41  DETECT_SSL_STATE_CLIENT_HELLO));
42  SCFree(ssd);
43  PASS;
44 }
45 
46 static int DetectSslStateTest03(void)
47 {
48  DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , "
49  "client_hello");
50  FAIL_IF_NULL(ssd);
51  FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
52  DETECT_SSL_STATE_CLIENT_KEYX |
53  DETECT_SSL_STATE_CLIENT_HELLO));
54  SCFree(ssd);
55  PASS;
56 }
57 
58 static int DetectSslStateTest04(void)
59 {
60  DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , "
61  "client_hello , server_keyx , "
62  "unknown");
63  FAIL_IF_NULL(ssd);
64  FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
65  DETECT_SSL_STATE_CLIENT_KEYX |
66  DETECT_SSL_STATE_CLIENT_HELLO |
67  DETECT_SSL_STATE_SERVER_KEYX |
68  DETECT_SSL_STATE_UNKNOWN));
69  SCFree(ssd);
70  PASS;
71 }
72 
73 static int DetectSslStateTest05(void)
74 {
75  DetectSslStateData *ssd = DetectSslStateParse(", server_hello , client_keyx , "
76  "client_hello , server_keyx , "
77  "unknown");
78 
79  FAIL_IF_NOT_NULL(ssd);
80  PASS;
81 }
82 
83 static int DetectSslStateTest06(void)
84 {
85  DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , "
86  "client_hello , server_keyx , "
87  "unknown , ");
88  FAIL_IF_NOT_NULL(ssd);
89  PASS;
90 }
91 
92 /**
93  * \brief Test that the "|" character still works as a separate for
94  * compatibility with older Suricata rules.
95  */
96 static int DetectSslStateTest08(void)
97 {
98  DetectSslStateData *ssd = DetectSslStateParse("server_hello|client_hello");
99  FAIL_IF_NULL(ssd);
100  FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
101  DETECT_SSL_STATE_CLIENT_HELLO));
102  SCFree(ssd);
103  PASS;
104 }
105 
106 /**
107  * \test Test parsing of negated states.
108  */
109 static int DetectSslStateTestParseNegate(void)
110 {
111  DetectSslStateData *ssd = DetectSslStateParse("!client_hello");
112  FAIL_IF_NULL(ssd);
113  uint32_t expected = DETECT_SSL_STATE_CLIENT_HELLO;
114  FAIL_IF(ssd->flags != expected || ssd->mask != expected);
115  SCFree(ssd);
116 
117  ssd = DetectSslStateParse("!client_hello,!server_hello");
118  FAIL_IF_NULL(ssd);
119  expected = DETECT_SSL_STATE_CLIENT_HELLO | DETECT_SSL_STATE_SERVER_HELLO;
120  FAIL_IF(ssd->flags != expected || ssd->mask != expected);
121  SCFree(ssd);
122 
123  PASS;
124 }
125 
126 static void DetectSslStateRegisterTests(void)
127 {
128  UtRegisterTest("DetectSslStateTest01", DetectSslStateTest01);
129  UtRegisterTest("DetectSslStateTest02", DetectSslStateTest02);
130  UtRegisterTest("DetectSslStateTest03", DetectSslStateTest03);
131  UtRegisterTest("DetectSslStateTest04", DetectSslStateTest04);
132  UtRegisterTest("DetectSslStateTest05", DetectSslStateTest05);
133  UtRegisterTest("DetectSslStateTest06", DetectSslStateTest06);
134  UtRegisterTest("DetectSslStateTest08", DetectSslStateTest08);
135  UtRegisterTest("DetectSslStateTestParseNegate",
136  DetectSslStateTestParseNegate);
137 }
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition: util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition: util-unittest.c:103
DETECT_SSL_STATE_CLIENT_HELLO
#define DETECT_SSL_STATE_CLIENT_HELLO
Definition: detect-ssl-state.h:28
DETECT_SSL_STATE_UNKNOWN
#define DETECT_SSL_STATE_UNKNOWN
Definition: detect-ssl-state.h:32
DetectSslStateData_::mask
uint32_t mask
Definition: detect-ssl-state.h:36
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition: util-unittest.h:82
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition: util-unittest.h:96
PASS
#define PASS
Pass the test.
Definition: util-unittest.h:105
detect-engine-build.h
DetectSslStateData_::flags
uint32_t flags
Definition: detect-ssl-state.h:35
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition: util-unittest.h:71
DETECT_SSL_STATE_SERVER_KEYX
#define DETECT_SSL_STATE_SERVER_KEYX
Definition: detect-ssl-state.h:31
SCFree
#define SCFree(p)
Definition: util-mem.h:61
DetectSslStateData_
Definition: detect-ssl-state.h:34
DETECT_SSL_STATE_CLIENT_KEYX
#define DETECT_SSL_STATE_CLIENT_KEYX
Definition: detect-ssl-state.h:30
DETECT_SSL_STATE_SERVER_HELLO
#define DETECT_SSL_STATE_SERVER_HELLO
Definition: detect-ssl-state.h:29