"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.1.53.0/src/inspectors/domain_filter/domain_filter_test.cc" (20 Dec 2022, 7855 Bytes) of package /linux/misc/snort3_extra-3.1.53.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "domain_filter_test.cc" see the Fossies "Dox" file reference documentation.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2018-2022 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 
   19 // domain_filter_test.cc author Russ Combs <rucombs@cisco.com>
   20 
   21 #include <string.h>
   22 
   23 #include <string>
   24 #include <sstream>
   25 
   26 #include "detection/detection_engine.h"
   27 #include "framework/data_bus.h"
   28 #include "framework/inspector.h"
   29 #include "framework/module.h"
   30 #include "profiler/memory_profiler_defs.h"
   31 #include "pub_sub/http_events.h"
   32 #include "utils/stats.h"
   33 
   34 #include <CppUTest/CommandLineTestRunner.h>
   35 #include <CppUTest/TestHarness.h>
   36 
   37 using namespace snort;
   38 extern const BaseApi* snort_plugins[];
   39 
   40 //--------------------------------------------------------------------------
   41 // clones
   42 //--------------------------------------------------------------------------
   43 
   44 Value::~Value()
   45 {
   46     if ( ss )
   47         delete ss;
   48 }
   49 
   50 void Value::set_first_token()
   51 {
   52     if ( ss )
   53         delete ss;
   54 
   55     ss = new std::stringstream(str);
   56 }
   57 
   58 bool Value::get_next_token(std::string& tok)
   59 {
   60     return ss and ( *ss >> tok );
   61 }
   62 
   63 //--------------------------------------------------------------------------
   64 // mocks
   65 //--------------------------------------------------------------------------
   66 
   67 static DataHandler* s_handler = nullptr;
   68 
   69 void DataBus::subscribe(char const*, DataHandler* dh)
   70 {
   71     s_handler = dh;
   72 }
   73 
   74 static const char* s_host = nullptr;
   75 
   76 const uint8_t* HttpEvent::get_host(int32_t& len)
   77 {
   78     len = s_host ? strlen(s_host) : 0;
   79     return (uint8_t*)s_host;
   80 }
   81 
   82 //--------------------------------------------------------------------------
   83 // spies
   84 //--------------------------------------------------------------------------
   85 
   86 static unsigned s_alerts = 0;
   87 
   88 int DetectionEngine::queue_event(unsigned, unsigned, uint8_t)
   89 {
   90     ++s_alerts;
   91     return 0;
   92 }
   93 
   94 //--------------------------------------------------------------------------
   95 // stubs
   96 //--------------------------------------------------------------------------
   97 
   98 class StreamSplitter* Inspector::get_splitter(bool)
   99 {
  100     FAIL("get_splitter");
  101     return nullptr;
  102 }
  103 
  104 bool Inspector::likes(Packet*)
  105 {
  106     FAIL("likes");
  107     return false;
  108 }
  109 
  110 bool Inspector::get_buf(char const*, Packet*, InspectionBuffer&)
  111 {
  112     FAIL("get_buf");
  113     return false;
  114 }
  115 
  116 Inspector::Inspector() { }
  117 Inspector::~Inspector() { }
  118 
  119 void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
  120 void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*);
  121 
  122 void Module::show_stats() { }
  123 void Module::reset_stats() { }
  124 void Module::show_interval_stats(IndexVec&, FILE*) { }
  125 
  126 bool Module::set(char const*, Value&, SnortConfig*) { return false; }
  127 void Module::sum_stats(bool) { }
  128 
  129 Module::Module(const char* n, const char* h, const Parameter* p, bool, Trace*)
  130 { name = n; help = h; params = p; }
  131 
  132 MemoryContext::MemoryContext(MemoryTracker&) { }
  133 MemoryContext::~MemoryContext() { }
  134 
  135 //--------------------------------------------------------------------------
  136 
  137 TEST_GROUP(domain_filter_base)
  138 {
  139     const BaseApi* api;
  140 
  141     void setup() override
  142     {
  143         api = snort_plugins[0];
  144         CHECK(api != nullptr);
  145     }
  146 };
  147 
  148 TEST(domain_filter_base, base)
  149 {
  150     CHECK(api->type == PT_INSPECTOR);
  151     CHECK(api->size == sizeof(InspectApi));
  152 
  153     CHECK(api->name and !strcmp(api->name, "domain_filter"));
  154     CHECK(api->help);
  155 
  156     CHECK(api->mod_ctor != nullptr);
  157     CHECK(api->mod_dtor != nullptr);
  158 }
  159 
  160 //--------------------------------------------------------------------------
  161 
  162 TEST_GROUP(domain_filter_ins)
  163 {
  164     const InspectApi* api;
  165 
  166     void setup() override
  167     {
  168         CHECK(snort_plugins[0] != nullptr);
  169         CHECK(snort_plugins[0]->type == PT_INSPECTOR);
  170         api = (InspectApi*)snort_plugins[0];
  171     }
  172 };
  173 
  174 TEST(domain_filter_ins, api)
  175 {
  176     CHECK(api->type == IT_PASSIVE);
  177     CHECK(api->proto_bits == 0);
  178 
  179     CHECK(api->ctor != nullptr);
  180     CHECK(api->dtor != nullptr);
  181 }
  182 
  183 TEST(domain_filter_ins, module)
  184 {
  185     Module* mod = api->base.mod_ctor();
  186     CHECK(mod != nullptr);
  187 
  188     CHECK(mod->get_name() != nullptr);
  189     CHECK(mod->get_help() != nullptr);
  190     CHECK(mod->get_gid() == 175);
  191 
  192     CHECK(mod->get_parameters() != nullptr);
  193     CHECK(!strcmp(mod->get_parameters()->name, "hosts"));
  194 
  195     CHECK(mod->get_rules() != nullptr);
  196     CHECK(mod->get_rules()->msg != nullptr);
  197 
  198     CHECK(mod->get_usage() == Module::INSPECT);
  199     CHECK(mod->get_profile() != nullptr);
  200 
  201     CHECK(mod->get_counts() != nullptr);
  202     CHECK(mod->get_pegs() != nullptr);
  203 
  204     CHECK(!strcmp(mod->get_pegs()[0].name, "checked"));
  205     CHECK(!strcmp(mod->get_pegs()[1].name, "filtered"));
  206 
  207     api->base.mod_dtor(mod);
  208 }
  209 
  210 TEST(domain_filter_ins, basic)
  211 {
  212     Module* mod = api->base.mod_ctor();
  213     CHECK(mod != nullptr);
  214 
  215     Inspector* pi = api->ctor(mod);
  216     CHECK(pi != nullptr);
  217     CHECK(s_handler == nullptr);
  218 
  219     api->base.mod_dtor(mod);
  220     api->dtor(pi);
  221 }
  222 
  223 //--------------------------------------------------------------------------
  224 
  225 TEST_GROUP(domain_filter_events)
  226 {
  227     const InspectApi* api;
  228     Inspector* ins;
  229     Module* mod;
  230 
  231     void setup() override
  232     {
  233         CHECK(snort_plugins[0] != nullptr);
  234         CHECK(snort_plugins[0]->type == PT_INSPECTOR);
  235         api = (InspectApi*)snort_plugins[0];
  236 
  237         mod = api->base.mod_ctor();
  238         CHECK(mod != nullptr);
  239 
  240         Value val("zombie.com\ntest.com apocalypse.com ");
  241         mod->set("hosts", val, nullptr);
  242         mod->end(nullptr, 0, nullptr);
  243 
  244         ins = api->ctor(mod);
  245         CHECK(ins != nullptr);
  246 
  247         CHECK(s_handler != nullptr);
  248 
  249         mod->get_counts()[0] = 0;
  250         mod->get_counts()[1] = 0;
  251     }
  252 
  253     void teardown() override
  254     {
  255         api->dtor(ins);
  256         api->base.mod_dtor(mod);
  257         delete s_handler;
  258         s_handler = nullptr;
  259         s_alerts = 0;
  260     }
  261 };
  262 
  263 TEST(domain_filter_events, no_host)
  264 {
  265     HttpEvent he(nullptr);
  266     s_host = nullptr;
  267     s_handler->handle(he, nullptr);
  268     CHECK(s_alerts == 0);
  269     CHECK(mod->get_counts()[0] == 0);
  270     CHECK(mod->get_counts()[1] == 0);
  271 }
  272 
  273 TEST(domain_filter_events, no_alert)
  274 {
  275     HttpEvent he(nullptr);
  276     s_host = "jest.com";
  277     s_handler->handle(he, nullptr);
  278     s_host = "xtest.com";
  279     s_handler->handle(he, nullptr);
  280     s_host = "test.co";
  281     s_handler->handle(he, nullptr);
  282     CHECK(s_alerts == 0);
  283     CHECK(mod->get_counts()[0] == 3);
  284     CHECK(mod->get_counts()[1] == 0);
  285 }
  286 
  287 TEST(domain_filter_events, one_alert)
  288 {
  289     HttpEvent he(nullptr);
  290     s_host = "test.com";
  291     s_handler->handle(he, nullptr);
  292     CHECK(s_alerts == 1);
  293     CHECK(mod->get_counts()[0] == 1);
  294     CHECK(mod->get_counts()[1] == 1);
  295 }
  296 
  297 TEST(domain_filter_events, mixed_case_alert)
  298 {
  299     HttpEvent he(nullptr);
  300     s_host = "TEST.com";
  301     s_handler->handle(he, nullptr);
  302     CHECK(s_alerts == 1);
  303     CHECK(mod->get_counts()[0] == 1);
  304     CHECK(mod->get_counts()[1] == 1);
  305 }
  306 
  307 //--------------------------------------------------------------------------
  308 
  309 int main(int argc, char** argv)
  310 {
  311     return CommandLineTestRunner::RunAllTests(argc, argv);
  312 }
  313