"Fossies" - the Fresh Open Source Software Archive

Member "snort3_extra-3.0.3-1/src/inspectors/domain_filter/domain_filter_test.cc" (23 Sep 2020, 7910 Bytes) of package /linux/misc/snort3_extra-3.0.3-1.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "domain_filter_test.cc" see the Fossies "Dox" file reference documentation.

    1 //--------------------------------------------------------------------------
    2 // Copyright (C) 2018-2020 Cisco and/or its affiliates. All rights reserved.
    3 //
    4 // This program is free software; you can redistribute it and/or modify it
    5 // under the terms of the GNU General Public License Version 2 as published
    6 // by the Free Software Foundation.  You may not use, modify or distribute
    7 // this program under any other version of the GNU General Public License.
    8 //
    9 // This program is distributed in the hope that it will be useful, but
   10 // WITHOUT ANY WARRANTY; without even the implied warranty of
   11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
   12 // General Public License for more details.
   13 //
   14 // You should have received a copy of the GNU General Public License along
   15 // with this program; if not, write to the Free Software Foundation, Inc.,
   16 // 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
   17 //--------------------------------------------------------------------------
   18 
   19 // domain_filter_test.cc author Russ Combs <rucombs@cisco.com>
   20 
   21 #ifdef HAVE_CONFIG_H
   22 #include "config.h"
   23 #endif
   24 
   25 #include <string.h>
   26 
   27 #include <string>
   28 #include <sstream>
   29 
   30 #include "detection/detection_engine.h"
   31 #include "framework/data_bus.h"
   32 #include "framework/inspector.h"
   33 #include "framework/module.h"
   34 #include "profiler/memory_profiler_defs.h"
   35 #include "pub_sub/http_events.h"
   36 #include "utils/stats.h"
   37 
   38 #include <CppUTest/CommandLineTestRunner.h>
   39 #include <CppUTest/TestHarness.h>
   40 
   41 using namespace snort;
   42 extern const BaseApi* snort_plugins[];
   43 
   44 //--------------------------------------------------------------------------
   45 // clones
   46 //--------------------------------------------------------------------------
   47 
   48 Value::~Value()
   49 {
   50     if ( ss )
   51         delete ss;
   52 }
   53 
   54 void Value::set_first_token()
   55 {
   56     if ( ss )
   57         delete ss;
   58 
   59     ss = new std::stringstream(str);
   60 }
   61 
   62 bool Value::get_next_token(std::string& tok)
   63 {
   64     return ss and ( *ss >> tok );
   65 }
   66 
   67 //--------------------------------------------------------------------------
   68 // mocks
   69 //--------------------------------------------------------------------------
   70 
   71 static DataHandler* s_handler = nullptr;
   72 
   73 void DataBus::subscribe(char const*, DataHandler* dh)
   74 {
   75     s_handler = dh;
   76 }
   77 
   78 static const char* s_host = nullptr;
   79 
   80 const uint8_t* HttpEvent::get_host(int32_t& len)
   81 {
   82     len = s_host ? strlen(s_host) : 0;
   83     return (uint8_t*)s_host;
   84 }
   85 
   86 //--------------------------------------------------------------------------
   87 // spies
   88 //--------------------------------------------------------------------------
   89 
   90 static unsigned s_alerts = 0;
   91 
   92 int DetectionEngine::queue_event(unsigned, unsigned, Actions::Type)
   93 {
   94     ++s_alerts;
   95     return 0;
   96 }
   97 
   98 //--------------------------------------------------------------------------
   99 // stubs
  100 //--------------------------------------------------------------------------
  101 
  102 class StreamSplitter* Inspector::get_splitter(bool)
  103 {
  104     FAIL("get_splitter");
  105     return nullptr;
  106 }
  107 
  108 bool Inspector::likes(Packet*)
  109 {
  110     FAIL("likes");
  111     return false;
  112 }
  113 
  114 bool Inspector::get_buf(char const*, Packet*, InspectionBuffer&)
  115 {
  116     FAIL("get_buf");
  117     return false;
  118 }
  119 
  120 Inspector::Inspector() { }
  121 Inspector::~Inspector() { }
  122 
  123 void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { }
  124 void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*);
  125 
  126 void Module::show_stats() { }
  127 void Module::reset_stats() { }
  128 void Module::show_interval_stats(IndexVec&, FILE*) { }
  129 
  130 bool Module::set(char const*, Value&, SnortConfig*) { return false; }
  131 void Module::sum_stats(bool) { }
  132 
  133 Module::Module(const char* n, const char* h, const Parameter* p, bool, Trace*)
  134 { name = n; help = h; params = p; }
  135 
  136 MemoryContext::MemoryContext(MemoryTracker&) { }
  137 MemoryContext::~MemoryContext() { }
  138 
  139 //--------------------------------------------------------------------------
  140 
  141 TEST_GROUP(domain_filter_base)
  142 {
  143     const BaseApi* api;
  144 
  145     void setup() override
  146     {
  147         api = snort_plugins[0];
  148         CHECK(api != nullptr);
  149     }
  150 };
  151 
  152 TEST(domain_filter_base, base)
  153 {
  154     CHECK(api->type == PT_INSPECTOR);
  155     CHECK(api->size == sizeof(InspectApi));
  156 
  157     CHECK(api->name and !strcmp(api->name, "domain_filter"));
  158     CHECK(api->help);
  159 
  160     CHECK(api->mod_ctor != nullptr);
  161     CHECK(api->mod_dtor != nullptr);
  162 }
  163 
  164 //--------------------------------------------------------------------------
  165 
  166 TEST_GROUP(domain_filter_ins)
  167 {
  168     const InspectApi* api;
  169 
  170     void setup() override
  171     {
  172         CHECK(snort_plugins[0] != nullptr);
  173         CHECK(snort_plugins[0]->type == PT_INSPECTOR);
  174         api = (InspectApi*)snort_plugins[0];
  175     }
  176 };
  177 
  178 TEST(domain_filter_ins, api)
  179 {
  180     CHECK(api->type == IT_PASSIVE);
  181     CHECK(api->proto_bits == 0);
  182 
  183     CHECK(api->ctor != nullptr);
  184     CHECK(api->dtor != nullptr);
  185 }
  186 
  187 TEST(domain_filter_ins, module)
  188 {
  189     Module* mod = api->base.mod_ctor();
  190     CHECK(mod != nullptr);
  191 
  192     CHECK(mod->get_name() != nullptr);
  193     CHECK(mod->get_help() != nullptr);
  194     CHECK(mod->get_gid() == 175);
  195 
  196     CHECK(mod->get_parameters() != nullptr);
  197     CHECK(!strcmp(mod->get_parameters()->name, "hosts"));
  198 
  199     CHECK(mod->get_rules() != nullptr);
  200     CHECK(mod->get_rules()->msg != nullptr);
  201 
  202     CHECK(mod->get_usage() == Module::INSPECT);
  203     CHECK(mod->get_profile() != nullptr);
  204 
  205     CHECK(mod->get_counts() != nullptr);
  206     CHECK(mod->get_pegs() != nullptr);
  207 
  208     CHECK(!strcmp(mod->get_pegs()[0].name, "checked"));
  209     CHECK(!strcmp(mod->get_pegs()[1].name, "filtered"));
  210 
  211     api->base.mod_dtor(mod);
  212 }
  213 
  214 TEST(domain_filter_ins, basic)
  215 {
  216     Module* mod = api->base.mod_ctor();
  217     CHECK(mod != nullptr);
  218 
  219     Inspector* pi = api->ctor(mod);
  220     CHECK(pi != nullptr);
  221     CHECK(s_handler == nullptr);
  222 
  223     api->base.mod_dtor(mod);
  224     api->dtor(pi);
  225 }
  226 
  227 //--------------------------------------------------------------------------
  228 
  229 TEST_GROUP(domain_filter_events)
  230 {
  231     const InspectApi* api;
  232     Inspector* ins;
  233     Module* mod;
  234 
  235     void setup() override
  236     {
  237         CHECK(snort_plugins[0] != nullptr);
  238         CHECK(snort_plugins[0]->type == PT_INSPECTOR);
  239         api = (InspectApi*)snort_plugins[0];
  240 
  241         mod = api->base.mod_ctor();
  242         CHECK(mod != nullptr);
  243 
  244         Value val("zombie.com\ntest.com apocalypse.com ");
  245         mod->set("hosts", val, nullptr);
  246         mod->end(nullptr, 0, nullptr);
  247 
  248         ins = api->ctor(mod);
  249         CHECK(ins != nullptr);
  250 
  251         CHECK(s_handler != nullptr);
  252 
  253         mod->get_counts()[0] = 0;
  254         mod->get_counts()[1] = 0;
  255     }
  256 
  257     void teardown() override
  258     {
  259         api->dtor(ins);
  260         api->base.mod_dtor(mod);
  261         delete s_handler;
  262         s_handler = nullptr;
  263         s_alerts = 0;
  264     }
  265 };
  266 
  267 TEST(domain_filter_events, no_host)
  268 {
  269     HttpEvent he(nullptr);
  270     s_host = nullptr;
  271     s_handler->handle(he, nullptr);
  272     CHECK(s_alerts == 0);
  273     CHECK(mod->get_counts()[0] == 0);
  274     CHECK(mod->get_counts()[1] == 0);
  275 }
  276 
  277 TEST(domain_filter_events, no_alert)
  278 {
  279     HttpEvent he(nullptr);
  280     s_host = "jest.com";
  281     s_handler->handle(he, nullptr);
  282     s_host = "xtest.com";
  283     s_handler->handle(he, nullptr);
  284     s_host = "test.co";
  285     s_handler->handle(he, nullptr);
  286     CHECK(s_alerts == 0);
  287     CHECK(mod->get_counts()[0] == 3);
  288     CHECK(mod->get_counts()[1] == 0);
  289 }
  290 
  291 TEST(domain_filter_events, one_alert)
  292 {
  293     HttpEvent he(nullptr);
  294     s_host = "test.com";
  295     s_handler->handle(he, nullptr);
  296     CHECK(s_alerts == 1);
  297     CHECK(mod->get_counts()[0] == 1);
  298     CHECK(mod->get_counts()[1] == 1);
  299 }
  300 
  301 TEST(domain_filter_events, mixed_case_alert)
  302 {
  303     HttpEvent he(nullptr);
  304     s_host = "TEST.com";
  305     s_handler->handle(he, nullptr);
  306     CHECK(s_alerts == 1);
  307     CHECK(mod->get_counts()[0] == 1);
  308     CHECK(mod->get_counts()[1] == 1);
  309 }
  310 
  311 //--------------------------------------------------------------------------
  312 
  313 int main(int argc, char** argv)
  314 {
  315     return CommandLineTestRunner::RunAllTests(argc, argv);
  316 }
  317