/src/suricata7/src/detect-gid.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* Copyright (C) 2007-2021 Open Information Security Foundation |
2 | | * |
3 | | * You can copy, redistribute or modify this Program under the terms of |
4 | | * the GNU General Public License version 2 as published by the Free |
5 | | * Software Foundation. |
6 | | * |
7 | | * This program is distributed in the hope that it will be useful, |
8 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
9 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
10 | | * GNU General Public License for more details. |
11 | | * |
12 | | * You should have received a copy of the GNU General Public License |
13 | | * version 2 along with this program; if not, write to the Free Software |
14 | | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
15 | | * 02110-1301, USA. |
16 | | */ |
17 | | |
18 | | /** |
19 | | * \file |
20 | | * |
21 | | * \author Breno Silva <breno.silva@gmail.com> |
22 | | * |
23 | | * Implements the gid keyword |
24 | | */ |
25 | | |
26 | | #include "suricata-common.h" |
27 | | #include "suricata.h" |
28 | | #include "decode.h" |
29 | | #include "detect.h" |
30 | | #include "detect-engine.h" |
31 | | #include "detect-parse.h" |
32 | | #include "flow-var.h" |
33 | | #include "decode-events.h" |
34 | | |
35 | | #include "detect-gid.h" |
36 | | #include "util-unittest.h" |
37 | | #include "util-debug.h" |
38 | | |
39 | | static int DetectGidSetup (DetectEngineCtx *, Signature *, const char *); |
40 | | #ifdef UNITTESTS |
41 | | static void GidRegisterTests(void); |
42 | | #endif |
43 | | |
44 | | /** |
45 | | * \brief Registration function for gid: keyword |
46 | | */ |
47 | | |
48 | | void DetectGidRegister (void) |
49 | 73 | { |
50 | 73 | sigmatch_table[DETECT_GID].name = "gid"; |
51 | 73 | sigmatch_table[DETECT_GID].desc = "give different groups of signatures another id value"; |
52 | 73 | sigmatch_table[DETECT_GID].url = "/rules/meta.html#gid-group-id"; |
53 | 73 | sigmatch_table[DETECT_GID].Match = NULL; |
54 | 73 | sigmatch_table[DETECT_GID].Setup = DetectGidSetup; |
55 | 73 | sigmatch_table[DETECT_GID].Free = NULL; |
56 | | #ifdef UNITTESTS |
57 | | sigmatch_table[DETECT_GID].RegisterTests = GidRegisterTests; |
58 | | #endif |
59 | 73 | } |
60 | | |
61 | | /** |
62 | | * \internal |
63 | | * \brief this function is used to add the parsed gid into the current signature |
64 | | * |
65 | | * \param de_ctx pointer to the Detection Engine Context |
66 | | * \param s pointer to the Current Signature |
67 | | * \param rawstr pointer to the user provided gid options |
68 | | * |
69 | | * \retval 0 on Success |
70 | | * \retval -1 on Failure |
71 | | */ |
72 | | static int DetectGidSetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr) |
73 | 390 | { |
74 | 390 | unsigned long gid = 0; |
75 | 390 | char *endptr = NULL; |
76 | 390 | gid = strtoul(rawstr, &endptr, 10); |
77 | 390 | if (endptr == NULL || *endptr != '\0') { |
78 | 5 | SCLogError("invalid character as arg " |
79 | 5 | "to gid keyword"); |
80 | 5 | goto error; |
81 | 5 | } |
82 | 385 | if (gid >= UINT_MAX) { |
83 | 91 | SCLogError("gid value to high, max %u", UINT_MAX); |
84 | 91 | goto error; |
85 | 91 | } |
86 | | |
87 | 294 | s->gid = (uint32_t)gid; |
88 | | |
89 | 294 | return 0; |
90 | | |
91 | 96 | error: |
92 | 96 | return -1; |
93 | 385 | } |
94 | | |
95 | | /* |
96 | | * ONLY TESTS BELOW THIS COMMENT |
97 | | */ |
98 | | |
99 | | #ifdef UNITTESTS |
100 | | /** |
101 | | * \test GidTestParse01 is a test for a valid gid value |
102 | | */ |
103 | | static int GidTestParse01 (void) |
104 | | { |
105 | | DetectEngineCtx *de_ctx = DetectEngineCtxInit(); |
106 | | FAIL_IF_NULL(de_ctx); |
107 | | |
108 | | Signature *s = |
109 | | DetectEngineAppendSig(de_ctx, "alert tcp 1.2.3.4 any -> any any (sid:1; gid:1;)"); |
110 | | |
111 | | FAIL_IF_NULL(s); |
112 | | FAIL_IF(s->gid != 1); |
113 | | |
114 | | DetectEngineCtxFree(de_ctx); |
115 | | PASS; |
116 | | } |
117 | | |
118 | | /** |
119 | | * \test GidTestParse02 is a test for an invalid gid value |
120 | | */ |
121 | | static int GidTestParse02 (void) |
122 | | { |
123 | | DetectEngineCtx *de_ctx = DetectEngineCtxInit(); |
124 | | FAIL_IF_NULL(de_ctx); |
125 | | |
126 | | FAIL_IF_NOT_NULL( |
127 | | DetectEngineAppendSig(de_ctx, "alert tcp 1.2.3.4 any -> any any (sid:1; gid:a;)")); |
128 | | |
129 | | DetectEngineCtxFree(de_ctx); |
130 | | PASS; |
131 | | } |
132 | | |
133 | | /** |
134 | | * \test Test a gid consisting of a single quote. |
135 | | */ |
136 | | static int GidTestParse03 (void) |
137 | | { |
138 | | DetectEngineCtx *de_ctx = DetectEngineCtxInit(); |
139 | | FAIL_IF_NULL(de_ctx); |
140 | | |
141 | | FAIL_IF_NOT_NULL(DetectEngineAppendSig( |
142 | | de_ctx, "alert tcp any any -> any any (content:\"ABC\"; gid:\";)")); |
143 | | |
144 | | DetectEngineCtxFree(de_ctx); |
145 | | PASS; |
146 | | } |
147 | | |
148 | | /** |
149 | | * \brief this function registers unit tests for Gid |
150 | | */ |
151 | | static void GidRegisterTests(void) |
152 | | { |
153 | | UtRegisterTest("GidTestParse01", GidTestParse01); |
154 | | UtRegisterTest("GidTestParse02", GidTestParse02); |
155 | | UtRegisterTest("GidTestParse03", GidTestParse03); |
156 | | } |
157 | | #endif /* UNITTESTS */ |