Skip to content

Commit

Permalink
detect/uri: remove tests that are now done elsewhere
Browse files Browse the repository at this point in the history 
Core logic of the tests moved to content inspection code in separate commit.
  • Loading branch information
@victorjulien
victorjulien committed Dec 5, 2023
1 parent 6a3d9c3 commit 6d3bfa9
Showing 1 changed file with 0 additions and 182 deletions.
182 changes: 0 additions & 182 deletions src/tests/detect-http-uri.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2803,186 +2803,6 @@ static int UriTestSig29(void)
return result;
}

static int UriTestSig30(void)
{
int result = 0;
uint8_t *http_buf = (uint8_t *)"POST /this_b5ig_string_now_in_http HTTP/1.0\r\n"
"User-Agent: Mozilla/1.0\r\n";
uint32_t http_buf_len = strlen((char *)http_buf);
Flow f;
TcpSession ssn;
HtpState *http_state = NULL;
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();

memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
memset(&ssn, 0, sizeof(TcpSession));

p = UTHBuildPacket(http_buf, http_buf_len, IPPROTO_TCP);

FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;

p->flow = &f;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
f.alproto = ALPROTO_HTTP1;

StreamTcpInitConfig(true);

DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;

de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any (msg:\"dummy\"; "
"uricontent:\"this\"; "
"byte_extract:1,2,one,string,dec,relative; "
"uricontent:\"_b5ig\"; offset:one; sid:1;)");
if (de_ctx->sig_list == NULL) {
goto end;
}

SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);

int r = AppLayerParserParse(
NULL, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
goto end;
}

http_state = f.alstate;
if (http_state == NULL) {
printf("no http state: ");
goto end;
}

/* do detect */
SigMatchSignatures(&tv, de_ctx, det_ctx, p);

if (!PacketAlertCheck(p, 1)) {
printf("sig 1 didn't alert, but should have: ");
goto end;
}

result = 1;

end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);

StreamTcpFreeConfig(true);
FLOW_DESTROY(&f);
UTHFreePacket(p);
return result;
}

static int UriTestSig31(void)
{
int result = 0;
uint8_t *http_buf = (uint8_t *)"POST /this_b5ig_string_now_in_http HTTP/1.0\r\n"
"User-Agent: Mozilla/1.0\r\n";
uint32_t http_buf_len = strlen((char *)http_buf);
Flow f;
TcpSession ssn;
HtpState *http_state = NULL;
Packet *p = NULL;
ThreadVars tv;
DetectEngineThreadCtx *det_ctx = NULL;
AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc();

memset(&tv, 0, sizeof(ThreadVars));
memset(&f, 0, sizeof(Flow));
memset(&ssn, 0, sizeof(TcpSession));

p = UTHBuildPacket(http_buf, http_buf_len, IPPROTO_TCP);

FLOW_INITIALIZE(&f);
f.protoctx = (void *)&ssn;
f.proto = IPPROTO_TCP;
f.flags |= FLOW_IPV4;

p->flow = &f;
p->flags |= PKT_HAS_FLOW|PKT_STREAM_EST;
p->flowflags |= FLOW_PKT_TOSERVER;
p->flowflags |= FLOW_PKT_ESTABLISHED;
f.alproto = ALPROTO_HTTP1;

StreamTcpInitConfig(true);

DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
de_ctx->flags |= DE_QUIET;

de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any (msg:\"dummy\"; "
"uricontent:\"this\"; "
"byte_extract:1,2,one,string,dec,relative; "
"uricontent:\"his\"; depth:one; sid:1;)");
if (de_ctx->sig_list == NULL) {
goto end;
}

SigGroupBuild(de_ctx);
DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx);

int r = AppLayerParserParse(
NULL, alp_tctx, &f, ALPROTO_HTTP1, STREAM_TOSERVER, http_buf, http_buf_len);
if (r != 0) {
printf("toserver chunk 1 returned %" PRId32 ", expected 0: ", r);
goto end;
}

http_state = f.alstate;
if (http_state == NULL) {
printf("no http state: ");
goto end;
}

/* do detect */
SigMatchSignatures(&tv, de_ctx, det_ctx, p);

if (!PacketAlertCheck(p, 1)) {
printf("sig 1 didn't alert, but should have: ");
goto end;
}

result = 1;

end:
if (alp_tctx != NULL)
AppLayerParserThreadCtxFree(alp_tctx);
if (det_ctx != NULL)
DetectEngineThreadCtxDeinit(&tv, det_ctx);
if (de_ctx != NULL)
SigGroupCleanup(de_ctx);
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);

StreamTcpFreeConfig(true);
FLOW_DESTROY(&f);
UTHFreePacket(p);
return result;
}

static int UriTestSig32(void)
{
int result = 0;
Expand Down Expand Up @@ -6793,8 +6613,6 @@ static void DetectHttpUriRegisterTests (void)

UtRegisterTest("UriTestSig28", UriTestSig28);
UtRegisterTest("UriTestSig29", UriTestSig29);
UtRegisterTest("UriTestSig30", UriTestSig30);
UtRegisterTest("UriTestSig31", UriTestSig31);
UtRegisterTest("UriTestSig32", UriTestSig32);
UtRegisterTest("UriTestSig33", UriTestSig33);
UtRegisterTest("UriTestSig34", UriTestSig34);
Expand Down

0 comments on commit 6d3bfa9

Please sign in to comment.