Bug #405 » 0001-Use-SigInitReal-instead-of-SigInit-in-raw-uri-tests..patch
| src/detect-engine-hrud.c | ||
|---|---|---|
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"../c/./d\"; http_raw_uri; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"/c/./d\"; http_raw_uri; offset:5; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"/a/b\"; http_raw_uri; offset:10; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:!\"/a/b\"; http_raw_uri; offset:10; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"a/b\"; http_raw_uri; depth:10; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:!\"/a/b\"; http_raw_uri; depth:25; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:!\"/c/./d\"; http_raw_uri; depth:12; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:!\"/c/./d\"; http_raw_uri; depth:18; "
|
||
|
"sid:1;)");
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"/a\"; http_raw_uri; "
|
||
|
"content:\"./c/.\"; http_raw_uri; within:9; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"/a\"; http_raw_uri; "
|
||
|
"content:!\"boom\"; http_raw_uri; within:5; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"./a\"; http_raw_uri; "
|
||
|
"content:\"boom\"; http_raw_uri; within:5; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"./a\"; http_raw_uri; "
|
||
|
"content:!\"/b/..\"; http_raw_uri; within:5; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"./a\"; http_raw_uri; "
|
||
|
"content:\"/c/.\"; http_raw_uri; distance:5; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"./a\"; http_raw_uri; "
|
||
|
"content:!\"b/..\"; http_raw_uri; distance:5; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"./a\"; http_raw_uri; "
|
||
|
"content:\"/c/\"; http_raw_uri; distance:7; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"./a\"; http_raw_uri; "
|
||
|
"content:!\"/c/\"; http_raw_uri; distance:4; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"body1\"; http_raw_uri; "
|
||
|
"content:\"bambu\"; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"body1\"; http_raw_uri; "
|
||
|
"content:\"bambu\"; http_raw_uri; fast_pattern; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"bambu\"; http_raw_uri; "
|
||
|
"content:\"is\"; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"content:\"bambu\"; http_raw_uri; "
|
||
|
"content:\"is\"; http_raw_uri; fast_pattern; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:!\"/c/\"; http_raw_uri; within:5; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:!\"/c/\"; within:5; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:!\"/c/\"; distance:3; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:!\"/c/\"; distance:10; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:\"/c/\"; within:10; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:\"/c/\"; within:5; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:\"/c/\"; distance:5; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx,"alert http any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx,"alert http any any -> any any "
|
||
|
"(msg:\"http raw uri test\"; "
|
||
|
"pcre:/\\.\\/a/I; "
|
||
|
"content:\"/c/\"; distance:10; http_raw_uri; "
|
||
| ... | ... | |
|
de_ctx->mpm_matcher = MPM_B2G;
|
||
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx, "alert tcp any any -> any any "
|
||
|
"(msg:\"test multiple relative raw uri contents\"; "
|
||
|
"content:\"/c/\"; http_raw_uri; "
|
||
|
"isdataat:4,relative; sid:1;)");
|
||
| ... | ... | |
|
de_ctx->mpm_matcher = MPM_B2G;
|
||
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
|
||
|
de_ctx->sig_list = SigInitReal(de_ctx, "alert tcp any any -> any any "
|
||
|
"(msg:\"test multiple relative raw uri contents\"; "
|
||
|
"uricontent:\"/c/\"; isdataat:!10,relative; sid:1;)");
|
||
|
if (de_ctx->sig_list == NULL) {
|
||