"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/ips_options/ips_hash.cc" between
snort3-3.1.31.0.tar.gz and snort3-3.1.32.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

ips_hash.cc  (snort3-3.1.31.0):ips_hash.cc  (snort3-3.1.32.0)
skipping to change at line 146 skipping to change at line 146
return false; return false;
} }
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
// runtime functions // runtime functions
//------------------------------------------------------------------------- //-------------------------------------------------------------------------
int HashOption::match(Cursor& c) int HashOption::match(Cursor& c)
{ {
int offset; unsigned offset;
/* Get byte_extract variables */ /* Get byte_extract variables */
if (config->offset_var >= 0 && config->offset_var < NUM_IPS_OPTIONS_VARS) if (config->offset_var >= 0 && config->offset_var < NUM_IPS_OPTIONS_VARS)
{ {
uint32_t extract; uint32_t extract;
GetVarValueByIndex(&extract, config->offset_var); GetVarValueByIndex(&extract, config->offset_var);
offset = (int)extract; offset = extract;
} }
else else
offset = config->offset; offset = config->offset;
int pos = c.get_delta(); unsigned pos = c.get_delta();
if ( !pos ) if ( !pos )
{ {
if ( config->relative ) if ( config->relative )
pos = c.get_pos(); pos = c.get_pos();
pos += offset; pos += offset;
} }
if ( pos < 0 )
pos = 0;
// If the pattern size is greater than the amount of data we have to // If the pattern size is greater than the amount of data we have to
// search, there's no way we can match, but return 0 here for the // search, there's no way we can match, but return 0 here for the
// case where the match is inverted and there is at least some data. // case where the match is inverted and there is at least some data.
if ( config->length > c.size() - pos ) if ( config->length > c.size() - pos )
{ {
if ( config->negated ) if ( config->negated )
return 0; return 0;
return -1; return -1;
} }
skipping to change at line 507 skipping to change at line 504
// &md5_api.base, // &md5_api.base,
// &sha256_api.base, // &sha256_api.base,
// &sha512_api.base, // &sha512_api.base,
// nullptr // nullptr
//}; //};
//#else //#else
const BaseApi* ips_md5 = &md5_api.base; const BaseApi* ips_md5 = &md5_api.base;
const BaseApi* ips_sha256 = &sha256_api.base; const BaseApi* ips_sha256 = &sha256_api.base;
const BaseApi* ips_sha512 = &sha512_api.base; const BaseApi* ips_sha512 = &sha512_api.base;
//#endif //#endif
//-------------------------------------------------------------------------
// UNIT TESTS
//-------------------------------------------------------------------------
#ifdef UNIT_TEST
#include "catch/snort_catch.h"
#define NO_MATCH snort::IpsOption::EvalStatus::NO_MATCH
#define MATCH snort::IpsOption::EvalStatus::MATCH
TEST_CASE("HashOption test", "[ips_hash]")
{
SECTION("operator ==")
{
HashMatchData* hmd = new HashMatchData();
HashOption hash_opt("sha256", HPI_SHA256, hmd, sha256, SHA256_HASH_SIZE)
;
SECTION("not equal as IpsOptions")
{
HashMatchData* hmd_other = new HashMatchData();
HashOption hash_other("not_sha256", HPI_SHA256, hmd_other, sha256, S
HA256_HASH_SIZE);
REQUIRE_FALSE(hash_opt == hash_other);
}
SECTION("equal as HashOptions")
{
HashMatchData* hmd_other = new HashMatchData();
HashOption hash_other("sha256", HPI_SHA256, hmd_other, sha256, SHA25
6_HASH_SIZE);
REQUIRE(hash_opt == hash_other);
}
SECTION("hash is different")
{
HashMatchData* hmd_other = new HashMatchData();
hmd_other->hash = "other";
HashOption hash_other("sha256", HPI_SHA256, hmd_other, sha256, SHA25
6_HASH_SIZE);
REQUIRE_FALSE(hash_opt == hash_other);
}
SECTION("length is different")
{
HashMatchData* hmd_other = new HashMatchData();
hmd_other->length = 42;
HashOption hash_other("sha256", HPI_SHA256, hmd_other, sha256, SHA25
6_HASH_SIZE);
REQUIRE_FALSE(hash_opt == hash_other);
}
SECTION("offset is different")
{
HashMatchData* hmd_other = new HashMatchData();
hmd_other->offset = 42;
HashOption hash_other("sha256", HPI_SHA256, hmd_other, sha256, SHA25
6_HASH_SIZE);
REQUIRE_FALSE(hash_opt == hash_other);
}
SECTION("offset_var is different")
{
HashMatchData* hmd_other = new HashMatchData();
hmd_other->offset_var = 42;
HashOption hash_other("sha256", HPI_SHA256, hmd_other, sha256, SHA25
6_HASH_SIZE);
REQUIRE_FALSE(hash_opt == hash_other);
}
SECTION("negated is different")
{
HashMatchData* hmd_other = new HashMatchData();
hmd_other->relative = true;
HashOption hash_other("sha256", HPI_SHA256, hmd_other, sha256, SHA25
6_HASH_SIZE);
REQUIRE_FALSE(hash_opt == hash_other);
}
SECTION("relative is different")
{
HashMatchData* hmd_other = new HashMatchData();
hmd_other->negated = true;
HashOption hash_other("sha256", HPI_SHA256, hmd_other, sha256, SHA25
6_HASH_SIZE);
REQUIRE_FALSE(hash_opt == hash_other);
}
}
SECTION("HashOption::match")
{
SECTION("config->offset_var is zero")
{
HashMatchData* hmd = new HashMatchData();
hmd->offset_var = 0;
HashOption hash_opt("sha256", HPI_SHA256, hmd, sha256, SHA256_HASH_S
IZE);
Cursor c;
REQUIRE(0 == hash_opt.match(c));
}
SECTION("cursor->delta is not zero")
{
HashMatchData* hmd = new HashMatchData();
HashOption hash_opt("sha256", HPI_SHA256, hmd, sha256, SHA256_HASH_S
IZE);
Cursor c;
c.set_delta(1);
REQUIRE(0 == hash_opt.match(c));
}
SECTION("pattern size > data size")
{
HashMatchData* hmd = new HashMatchData();
hmd->length = 10;
HashOption hash_opt("sha256", HPI_SHA256, hmd, sha256, SHA256_HASH_S
IZE);
Cursor c;
SECTION("config is negated")
{
hmd->negated = true;
REQUIRE(0 == hash_opt.match(c));
}
SECTION("config is not negated")
{
hmd->negated = false;
REQUIRE(-1 == hash_opt.match(c));
}
}
}
SECTION("HashOption::eval")
{
SECTION("on match error")
{
HashMatchData* hmd = new HashMatchData();
hmd->length = 10;
hmd->negated = false;
HashOption hash_opt("sha256", HPI_SHA256, hmd, sha256, SHA256_HASH_S
IZE);
Cursor c;
REQUIRE(NO_MATCH == hash_opt.eval(c, nullptr));
}
}
}
#endif
 End of changes. 5 change blocks. 
6 lines changed or deleted 3 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)