suricata
detect-ssl-state.c
Go to the documentation of this file.
1/* Copyright (C) 2007-2019 Open Information Security Foundation
2 *
3 * You can copy, redistribute or modify this Program under the terms of
4 * the GNU General Public License version 2 as published by the Free
5 * Software Foundation.
6 *
7 * This program is distributed in the hope that it will be useful,
8 * but WITHOUT ANY WARRANTY; without even the implied warranty of
9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10 * GNU General Public License for more details.
11 *
12 * You should have received a copy of the GNU General Public License
13 * version 2 along with this program; if not, write to the Free Software
14 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15 * 02110-1301, USA.
16 */
17
18/**
19 * \file
20 *
21 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
22 *
23 */
24
25#include "detect-engine-build.h"
26
27static int DetectSslStateTest01(void)
28{
29 DetectSslStateData *ssd = DetectSslStateParse("client_hello");
30 FAIL_IF_NULL(ssd);
31 FAIL_IF_NOT(ssd->flags == DETECT_SSL_STATE_CLIENT_HELLO);
32 SCFree(ssd);
33 PASS;
34}
35
36static int DetectSslStateTest02(void)
37{
38 DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_hello");
39 FAIL_IF_NULL(ssd);
40 FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
41 DETECT_SSL_STATE_CLIENT_HELLO));
42 SCFree(ssd);
43 PASS;
44}
45
46static int DetectSslStateTest03(void)
47{
48 DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , "
49 "client_hello");
50 FAIL_IF_NULL(ssd);
51 FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
52 DETECT_SSL_STATE_CLIENT_KEYX |
53 DETECT_SSL_STATE_CLIENT_HELLO));
54 SCFree(ssd);
55 PASS;
56}
57
58static int DetectSslStateTest04(void)
59{
60 DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , "
61 "client_hello , server_keyx , "
62 "unknown");
63 FAIL_IF_NULL(ssd);
64 FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
65 DETECT_SSL_STATE_CLIENT_KEYX |
66 DETECT_SSL_STATE_CLIENT_HELLO |
67 DETECT_SSL_STATE_SERVER_KEYX |
68 DETECT_SSL_STATE_UNKNOWN));
69 SCFree(ssd);
70 PASS;
71}
72
73static int DetectSslStateTest05(void)
74{
75 DetectSslStateData *ssd = DetectSslStateParse(", server_hello , client_keyx , "
76 "client_hello , server_keyx , "
77 "unknown");
78
79 FAIL_IF_NOT_NULL(ssd);
80 PASS;
81}
82
83static int DetectSslStateTest06(void)
84{
85 DetectSslStateData *ssd = DetectSslStateParse("server_hello , client_keyx , "
86 "client_hello , server_keyx , "
87 "unknown , ");
88 FAIL_IF_NOT_NULL(ssd);
89 PASS;
90}
91
92/**
93 * \brief Test that the "|" character still works as a separate for
94 * compatibility with older Suricata rules.
95 */
96static int DetectSslStateTest08(void)
97{
98 DetectSslStateData *ssd = DetectSslStateParse("server_hello|client_hello");
99 FAIL_IF_NULL(ssd);
100 FAIL_IF_NOT(ssd->flags == (DETECT_SSL_STATE_SERVER_HELLO |
101 DETECT_SSL_STATE_CLIENT_HELLO));
102 SCFree(ssd);
103 PASS;
104}
105
106/**
107 * \test Test parsing of negated states.
108 */
109static int DetectSslStateTestParseNegate(void)
110{
111 DetectSslStateData *ssd = DetectSslStateParse("!client_hello");
112 FAIL_IF_NULL(ssd);
113 uint32_t expected = DETECT_SSL_STATE_CLIENT_HELLO;
114 FAIL_IF(ssd->flags != expected || ssd->mask != expected);
115 SCFree(ssd);
116
117 ssd = DetectSslStateParse("!client_hello,!server_hello");
118 FAIL_IF_NULL(ssd);
119 expected = DETECT_SSL_STATE_CLIENT_HELLO | DETECT_SSL_STATE_SERVER_HELLO;
120 FAIL_IF(ssd->flags != expected || ssd->mask != expected);
121 SCFree(ssd);
122
123 PASS;
124}
125
126static void DetectSslStateRegisterTests(void)
127{
128 UtRegisterTest("DetectSslStateTest01", DetectSslStateTest01);
129 UtRegisterTest("DetectSslStateTest02", DetectSslStateTest02);
130 UtRegisterTest("DetectSslStateTest03", DetectSslStateTest03);
131 UtRegisterTest("DetectSslStateTest04", DetectSslStateTest04);
132 UtRegisterTest("DetectSslStateTest05", DetectSslStateTest05);
133 UtRegisterTest("DetectSslStateTest06", DetectSslStateTest06);
134 UtRegisterTest("DetectSslStateTest08", DetectSslStateTest08);
135 UtRegisterTest("DetectSslStateTestParseNegate",
136 DetectSslStateTestParseNegate);
137}
DETECT_SSL_STATE_CLIENT_KEYX
#define DETECT_SSL_STATE_CLIENT_KEYX
Definition detect-ssl-state.h:30
DETECT_SSL_STATE_SERVER_HELLO
#define DETECT_SSL_STATE_SERVER_HELLO
Definition detect-ssl-state.h:29
DETECT_SSL_STATE_UNKNOWN
#define DETECT_SSL_STATE_UNKNOWN
Definition detect-ssl-state.h:32
DETECT_SSL_STATE_CLIENT_HELLO
#define DETECT_SSL_STATE_CLIENT_HELLO
Definition detect-ssl-state.h:28
DETECT_SSL_STATE_SERVER_KEYX
#define DETECT_SSL_STATE_SERVER_KEYX
Definition detect-ssl-state.h:31
FAIL_IF_NULL
#define FAIL_IF_NULL(expr)
Fail a test if expression evaluates to NULL.
Definition util-unittest.h:89
UtRegisterTest
void UtRegisterTest(const char *name, int(*TestFn)(void))
Register unit test.
Definition util-unittest.c:103
FAIL_IF_NOT
#define FAIL_IF_NOT(expr)
Fail a test if expression evaluates to false.
Definition util-unittest.h:82
PASS
#define PASS
Pass the test.
Definition util-unittest.h:105
FAIL_IF
#define FAIL_IF(expr)
Fail a test if expression evaluates to true.
Definition util-unittest.h:71
FAIL_IF_NOT_NULL
#define FAIL_IF_NOT_NULL(expr)
Fail a test if expression evaluates to non-NULL.
Definition util-unittest.h:96
DetectSslStateData_
Definition detect-ssl-state.h:34
DetectSslStateData_::flags
uint32_t flags
Definition detect-ssl-state.h:35
DetectSslStateData_::mask
uint32_t mask
Definition detect-ssl-state.h:36
SCFree
#define SCFree(p)
Definition util-mem.h:61