suricata
detect-file-data.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2022 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Giuseppe Longo <giuseppelng@gmail.com>
22 * \author Victor Julien <victor@inliniac.net>
23 *
24 */
25
26#ifdef UNITTESTS
27
28#include "../stream-tcp.h"
29#include "../detect.h"
30#include "../detect-isdataat.h"
31
32static int DetectEngineSMTPFiledataTest02(void)
33{
34 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
35 FAIL_IF_NOT(de_ctx);
36 de_ctx->flags |= DE_QUIET;
37
38 Signature *s = DetectEngineAppendSig(de_ctx, "alert smtp any any -> any any "
39 "(msg:\"file_data smtp test\"; "
40 "file_data; content:\"message\"; sid:1;)");
41 FAIL_IF_NULL(s);
42
43 FAIL_IF_NOT(s->flags & SIG_FLAG_TOSERVER);
44 DetectEngineCtxFree(de_ctx);
45 PASS;
46}
47
48/**
49 * \test Test the file_data fails with flow:to_server.
50 */
51static int DetectFiledataParseTest04(void)
52{
53 DetectEngineCtx *de_ctx = DetectEngineCtxInit();
54 FAIL_IF_NULL(de_ctx);
55 de_ctx->flags |= DE_QUIET;
56 Signature *s = DetectEngineAppendSig(de_ctx,
57 "alert smtp any any -> any any "
58 "(msg:\"test\"; flow:to_client,established; file_data; content:\"abc\"; sid:1;)");
59 FAIL_IF_NOT_NULL(s);
60 DetectEngineCtxFree(de_ctx);
61 PASS;
62}
63
64void DetectFiledataRegisterTests(void)
65{
66 UtRegisterTest("DetectEngineSMTPFiledataTest02", DetectEngineSMTPFiledataTest02);
67 UtRegisterTest("DetectFiledataParseTest04", DetectFiledataParseTest04);
68}
69#endif
DetectEngineCtxInit
DetectEngineCtx * DetectEngineCtxInit(void)
Definition detect-engine.c:2602
DetectEngineCtxFree
void DetectEngineCtxFree(DetectEngineCtx *)
Free a DetectEngineCtx::
Definition detect-engine.c:2641
DetectEngineAppendSig
Signature * DetectEngineAppendSig(DetectEngineCtx *, const char *)
Parse and append a Signature into the Detection Engine Context signature list.
Definition detect-parse.c:3437
DE_QUIET
#define DE_QUIET
Definition detect.h:330
SIG_FLAG_TOSERVER
#define SIG_FLAG_TOSERVER
Definition detect.h:271
de_ctx
DetectEngineCtx * de_ctx
Definition fuzz_siginit.c:18
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition util-unittest.h:96
DetectEngineCtx_
main detection engine ctx
Definition detect.h:932
DetectEngineCtx_::flags
uint8_t flags
Definition detect.h:934
Signature_
Signature container.
Definition detect.h:668
Signature_::flags
uint32_t flags
Definition detect.h:669