Bug #1 » 0001-Fix-for-bug-1.-Update-distance-within-keyword-to-be.patch
| src/detect-content.c | ||
|---|---|---|
|
if (nm->offset >= pktoff) {
|
||
|
if ((!(nco->flags & DETECT_CONTENT_WITHIN) ||
|
||
|
(nco->within > 0 && (nm->offset > m->offset) &&
|
||
|
(((nm->offset + nco->content_len) - m->offset) <= (nco->within + co->content_len))))) {
|
||
|
(((nm->offset + nco->content_len) - m->offset) <=
|
||
|
(nco->within + co->content_len + nco->distance))))) {
|
||
|
SCLogDebug("MATCH: %" PRIu32 " <= WITHIN(%" PRIu32 ")",
|
||
|
(nm->offset + nco->content_len) - m->offset,
|
||
|
nco->within + co->content_len);
|
||
| ... | ... | |
|
SCFree(cd);
|
||
|
}
|
||
|
#ifdef UNITTESTS /* UNITTESTS */
|
||
|
/*******************************Unittests**************************************/
|
||
|
#ifdef UNITTESTS
|
||
|
/**
|
||
|
* \test DetectCotentParseTest01 this is a test to make sure we can deal with escaped colons
|
||
| ... | ... | |
|
return result;
|
||
|
}
|
||
|
static int SigTestPositiveTestContent(char *rule, uint8_t *buf)
|
||
|
static int DetectContentSigTestPositiveTestContent(char *rule, uint8_t *buf)
|
||
|
{
|
||
|
uint16_t buflen = strlen((char *)buf);
|
||
|
Packet p;
|
||
| ... | ... | |
|
return result;
|
||
|
}
|
||
|
static int SigTestNegativeTestContent(char *rule, uint8_t *buf)
|
||
|
static int DetectContentSigTestNegativeTestContent(char *rule, uint8_t *buf)
|
||
|
{
|
||
|
uint16_t buflen = strlen((char *)buf);
|
||
|
Packet p;
|
||
| ... | ... | |
|
* \test A positive test that checks that the content string doesn't contain
|
||
|
* the negated content
|
||
|
*/
|
||
|
static int SigTest41TestNegatedContent(void)
|
||
|
static int DetectContentSigTest41TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!GES; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!GES; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
}
|
||
|
/**
|
||
|
* \test A positive test that checks that the content string doesn't contain
|
||
|
* the negated content within the specified depth
|
||
|
*/
|
||
|
static int SigTest42TestNegatedContent(void)
|
||
|
static int DetectContentSigTest42TestNegatedContent(void)
|
||
|
{ // 01 5 10 15 20 24
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!twentythree; depth:22; offset:35; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!twentythree; depth:22; offset:35; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* specified offset. If it is present in the depth we get a failure
|
||
|
* anyways, and we don't do a check on the offset
|
||
|
*/
|
||
|
static int SigTest43TestNegatedContent(void)
|
||
|
static int DetectContentSigTest43TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!twentythree; depth:15; offset:22; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!twentythree; depth:15; offset:22; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* the negated content after the specified offset and within the specified
|
||
|
* depth.
|
||
|
*/
|
||
|
static int SigTest44TestNegatedContent(void)
|
||
|
static int DetectContentSigTest44TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!twentythree; offset:40; depth:35; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!twentythree; offset:40; depth:35; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A positive test that uses a combination of content string with negated
|
||
|
* content string
|
||
|
*/
|
||
|
static int SigTest45TestNegatedContent(void)
|
||
|
static int DetectContentSigTest45TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:5; content:!twentythree; depth:23; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:5; content:!twentythree; depth:23; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that uses a combination of content string with negated
|
||
|
* content string, with we receiving a failure for 'onee' itself.
|
||
|
*/
|
||
|
static int SigTest46TestNegatedContent(void)
|
||
|
static int DetectContentSigTest46TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:onee; content:!twentythree; depth:23; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:onee; content:!twentythree; depth:23; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
| ... | ... | |
|
* content string, with we receiving a failure of first content's offset
|
||
|
* condition
|
||
|
*/
|
||
|
static int SigTest47TestNegatedContent(void)
|
||
|
static int DetectContentSigTest47TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; offset:5; content:!twentythree; depth:23; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; offset:5; content:!twentythree; depth:23; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A positive test that checks that we don't have a negated content within
|
||
|
* the specified length from the previous content match.
|
||
|
*/
|
||
|
static int SigTest48TestNegatedContent(void)
|
||
|
static int DetectContentSigTest48TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!GES; within:26; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!GES; within:26; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that checks the combined use of content and negated
|
||
|
* content with the use of within
|
||
|
*/
|
||
|
static int SigTest49TestNegatedContent(void)
|
||
|
static int DetectContentSigTest49TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!Host; within:26; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!Host; within:26; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
}
|
||
|
/**
|
||
|
* \test A positive test that checks the combined use of content and negated
|
||
|
* content with the use of distance
|
||
|
*/
|
||
|
static int SigTest50TestNegatedContent(void)
|
||
|
static int DetectContentSigTest50TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!GES; distance:25; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!GES; distance:25; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that checks the combined use of content and negated
|
||
|
* content with the use of distance
|
||
|
*/
|
||
|
static int SigTest51TestNegatedContent(void)
|
||
|
static int DetectContentSigTest51TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!Host; distance:18; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GET; content:!Host; distance:18; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that checks the combined use of content and negated
|
||
|
* content, with the content not being present
|
||
|
*/
|
||
|
static int SigTest52TestNegatedContent(void)
|
||
|
static int DetectContentSigTest52TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GES; content:!BOO; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:GES; content:!BOO; sid:1;)", (uint8_t *)"GET /one/ HTTP/1.1\r\n Host: one.example.org\r\n\r\n\r\nGET /two/ HTTP/1.1\r\nHost: two.example.org\r\n\r\n\r\n");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that checks the combined use of content and negated
|
||
|
* content, in the presence of within
|
||
|
*/
|
||
|
static int SigTest53TestNegatedContent(void)
|
||
|
static int DetectContentSigTest53TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A positive test that checks the combined use of content and negated
|
||
|
* content, in the presence of within
|
||
|
*/
|
||
|
static int SigTest54TestNegatedContent(void)
|
||
|
static int DetectContentSigTest54TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:20; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:20; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that checks the use of negated content along with
|
||
|
* the presence of depth
|
||
|
*/
|
||
|
static int SigTest55TestNegatedContent(void)
|
||
|
static int DetectContentSigTest55TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!one; depth:5; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!one; depth:5; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A positive test that checks the combined use of 2 contents in the
|
||
|
* presence of within
|
||
|
*/
|
||
|
static int SigTest56TestNegatedContent(void)
|
||
|
static int DetectContentSigTest56TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that checks the combined use of content and negated
|
||
|
* content, in the presence of within
|
||
|
*/
|
||
|
static int SigTest57TestNegatedContent(void)
|
||
|
static int DetectContentSigTest57TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A positive test that checks the combined use of content and negated
|
||
|
* content, in the presence of distance
|
||
|
*/
|
||
|
static int SigTest58TestNegatedContent(void)
|
||
|
static int DetectContentSigTest58TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; distance:57; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; distance:57; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
/**
|
||
|
* \test A negative test that checks the combined use of content and negated
|
||
|
* content, in the presence of distance
|
||
|
*/
|
||
|
static int SigTest59TestNegatedContent(void)
|
||
|
static int DetectContentSigTest59TestNegatedContent(void)
|
||
|
{
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; distance:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int DetectContentSigTest60TestNegatedContent(void)
|
||
|
{
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!one; content:fourty; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int DetectContentSigTest61TestNegatedContent(void)
|
||
|
{
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int DetectContentSigTest62TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; distance:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; depth:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest60TestNegatedContent(void)
|
||
|
static int DetectContentSigTest63TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:!one; content:fourty; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest61TestNegatedContent(void)
|
||
|
static int DetectContentSigTest64TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; depth:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest62TestNegatedContent(void)
|
||
|
static int DetectContentSigTest65TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; depth:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; offset:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest63TestNegatedContent(void)
|
||
|
static int DetectContentSigTest66TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; offset:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest64TestNegatedContent(void)
|
||
|
static int DetectContentSigTest67TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; depth:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!four; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest65TestNegatedContent(void)
|
||
|
static int DetectContentSigTest68TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; offset:30; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:nine; offset:8; content:!fourty; within:28; content:fiftysix; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest66TestNegatedContent(void)
|
||
|
static int DetectContentSigTest69TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!fourty; within:30; offset:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:nine; offset:8; content:!fourty; within:48; content:fiftysix; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest67TestNegatedContent(void)
|
||
|
static int DetectContentSigTest70TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:!four; within:56; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:52; distance:45 sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest68TestNegatedContent(void)
|
||
|
static int DetectContentSigTest71TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:nine; offset:8; content:!fourty; within:28; content:fiftysix; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:40; distance:43; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest69TestNegatedContent(void)
|
||
|
static int DetectContentSigTest72TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:10; content:nine; offset:8; content:!fourty; within:48; content:fiftysix; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:52; distance:47; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest70TestNegatedContent(void)
|
||
|
static int DetectContentSigTest73TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:52; distance:45 sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:5; content:!twentythree; depth:35; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
}
|
||
|
static int SigTest71TestNegatedContent(void)
|
||
|
static int DetectContentSigTest74TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:40; distance:43; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:!\"PASS\"; sid:1;)", (uint8_t *)"USER apple");
|
||
|
}
|
||
|
static int SigTest72TestNegatedContent(void)
|
||
|
static int DetectContentSigTest75TestNegatedContent(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; content:!fourty; within:52; distance:47; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
return DetectContentSigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:\"!PASS\"; sid:1;)", (uint8_t *)"USER !PASS");
|
||
|
}
|
||
|
static int SigTest73TestNegatedContent(void)
|
||
|
static int DetectContentSigTest76TestDistanceWithin(void)
|
||
|
{
|
||
|
return SigTestNegativeTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:one; depth:5; content:!twentythree; depth:35; sid:1;)", (uint8_t *)"one four nine fourteen twentythree thirtyfive fourtysix fiftysix");
|
||
|
uint8_t *buf = (uint8_t *)"FirstStringPadSecondString";
|
||
|
uint16_t buflen = strlen((char *)buf);
|
||
|
Packet p;
|
||
|
ThreadVars th_v;
|
||
|
DetectEngineThreadCtx *det_ctx;
|
||
|
int result = 0;
|
||
|
memset(&th_v, 0, sizeof(th_v));
|
||
|
memset(&p, 0, sizeof(p));
|
||
|
p.src.family = AF_INET;
|
||
|
p.dst.family = AF_INET;
|
||
|
p.payload = buf;
|
||
|
p.payload_len = buflen;
|
||
|
p.proto = IPPROTO_TCP;
|
||
|
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
|
||
|
if (de_ctx == NULL)
|
||
|
goto end;
|
||
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
|
||
|
"(msg:\"Test distance within\"; "
|
||
|
"content:FirstString; "
|
||
|
"content:SecondString; within:12; distance:3; sid:1;)");
|
||
|
if (de_ctx->sig_list == NULL)
|
||
|
goto end;
|
||
|
SigGroupBuild(de_ctx);
|
||
|
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
|
||
|
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
|
||
|
if (PacketAlertCheck(&p, 1) == 1)
|
||
|
result = 1;
|
||
|
end:
|
||
|
SigGroupCleanup(de_ctx);
|
||
|
SigCleanSignatures(de_ctx);
|
||
|
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
|
||
|
DetectEngineCtxFree(de_ctx);
|
||
|
return result;
|
||
|
}
|
||
|
static int DetectContentSigNegativeTest77TestDistanceWithin(void)
|
||
|
{
|
||
|
uint8_t *buf = (uint8_t *)"FirstStringPadSecondString";
|
||
|
uint16_t buflen = strlen((char *)buf);
|
||
|
Packet p;
|
||
|
ThreadVars th_v;
|
||
|
DetectEngineThreadCtx *det_ctx;
|
||
|
int result = 0;
|
||
|
memset(&th_v, 0, sizeof(th_v));
|
||
|
memset(&p, 0, sizeof(p));
|
||
|
p.src.family = AF_INET;
|
||
|
p.dst.family = AF_INET;
|
||
|
p.payload = buf;
|
||
|
p.payload_len = buflen;
|
||
|
p.proto = IPPROTO_TCP;
|
||
|
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
|
||
|
if (de_ctx == NULL)
|
||
|
goto end;
|
||
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
|
||
|
"(msg:\"Test distance within\"; "
|
||
|
"content:FirstString; "
|
||
|
"content:SecondString; within:12; distance:2; sid:1;)");
|
||
|
if (de_ctx->sig_list == NULL)
|
||
|
goto end;
|
||
|
SigGroupBuild(de_ctx);
|
||
|
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
|
||
|
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
|
||
|
if (PacketAlertCheck(&p, 1) == 0)
|
||
|
result = 1;
|
||
|
end:
|
||
|
SigGroupCleanup(de_ctx);
|
||
|
SigCleanSignatures(de_ctx);
|
||
|
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
|
||
|
DetectEngineCtxFree(de_ctx);
|
||
|
return result;
|
||
|
}
|
||
|
static int SigTest74TestNegatedContent(void)
|
||
|
static int DetectContentSigTest78TestDistanceWithin(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:!\"PASS\"; sid:1;)", (uint8_t *)"USER apple");
|
||
|
uint8_t *buf = (uint8_t *)"AllWorkAndNoPlayMakesWillADullBoy";
|
||
|
uint16_t buflen = strlen((char *)buf);
|
||
|
Packet p;
|
||
|
ThreadVars th_v;
|
||
|
DetectEngineThreadCtx *det_ctx;
|
||
|
int result = 0;
|
||
|
memset(&th_v, 0, sizeof(th_v));
|
||
|
memset(&p, 0, sizeof(p));
|
||
|
p.src.family = AF_INET;
|
||
|
p.dst.family = AF_INET;
|
||
|
p.payload = buf;
|
||
|
p.payload_len = buflen;
|
||
|
p.proto = IPPROTO_TCP;
|
||
|
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
|
||
|
if (de_ctx == NULL)
|
||
|
goto end;
|
||
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
|
||
|
"(msg:\"Test distance within\"; "
|
||
|
"content:AllWorkAndNoPlayMakesWill; "
|
||
|
"content:DullBoy; within:7; distance:1; sid:1;)");
|
||
|
if (de_ctx->sig_list == NULL)
|
||
|
goto end;
|
||
|
SigGroupBuild(de_ctx);
|
||
|
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
|
||
|
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
|
||
|
if (PacketAlertCheck(&p, 1) == 1)
|
||
|
result = 1;
|
||
|
end:
|
||
|
SigGroupCleanup(de_ctx);
|
||
|
SigCleanSignatures(de_ctx);
|
||
|
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
|
||
|
DetectEngineCtxFree(de_ctx);
|
||
|
return result;
|
||
|
}
|
||
|
static int SigTest75TestNegatedContent(void)
|
||
|
static int DetectContentSigTest79TestDistanceWithin(void)
|
||
|
{
|
||
|
return SigTestPositiveTestContent("alert tcp any any -> any any (msg:\"HTTP URI cap\"; content:\"USER\"; content:\"!PASS\"; sid:1;)", (uint8_t *)"USER !PASS");
|
||
|
uint8_t *buf = (uint8_t *)"AllWorkAndNoPlayMakesWillADullBoy";
|
||
|
uint16_t buflen = strlen((char *)buf);
|
||
|
Packet p;
|
||
|
ThreadVars th_v;
|
||
|
DetectEngineThreadCtx *det_ctx;
|
||
|
int result = 0;
|
||
|
memset(&th_v, 0, sizeof(th_v));
|
||
|
memset(&p, 0, sizeof(p));
|
||
|
p.src.family = AF_INET;
|
||
|
p.dst.family = AF_INET;
|
||
|
p.payload = buf;
|
||
|
p.payload_len = buflen;
|
||
|
p.proto = IPPROTO_TCP;
|
||
|
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
|
||
|
if (de_ctx == NULL)
|
||
|
goto end;
|
||
|
de_ctx->flags |= DE_QUIET;
|
||
|
de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
|
||
|
"(msg:\"Test distance within\"; "
|
||
|
"content:AllWorkAndNoPlayMakesWill; "
|
||
|
"content:DullBoy; distance:1; sid:1;)");
|
||
|
if (de_ctx->sig_list == NULL)
|
||
|
goto end;
|
||
|
SigGroupBuild(de_ctx);
|
||
|
DetectEngineThreadCtxInit(&th_v, (void *)de_ctx, (void *)&det_ctx);
|
||
|
SigMatchSignatures(&th_v, de_ctx, det_ctx, &p);
|
||
|
if (PacketAlertCheck(&p, 1) == 1)
|
||
|
result = 1;
|
||
|
end:
|
||
|
SigGroupCleanup(de_ctx);
|
||
|
SigCleanSignatures(de_ctx);
|
||
|
DetectEngineThreadCtxDeinit(&th_v, (void *)det_ctx);
|
||
|
DetectEngineCtxFree(de_ctx);
|
||
|
return result;
|
||
|
}
|
||
|
#endif /* UNITTESTS */
|
||
| ... | ... | |
|
UtRegisterTest("DetectContentChunkMatchTest11", DetectContentChunkMatchTest11, 1);
|
||
|
/* Negated content tests */
|
||
|
UtRegisterTest("SigTest41TestNegatedContent", SigTest41TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest42TestNegatedContent", SigTest42TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest43TestNegatedContent", SigTest43TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest44TestNegatedContent", SigTest44TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest45TestNegatedContent", SigTest45TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest46TestNegatedContent", SigTest46TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest47TestNegatedContent", SigTest47TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest48TestNegatedContent", SigTest48TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest49TestNegatedContent", SigTest49TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest50TestNegatedContent", SigTest50TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest51TestNegatedContent", SigTest51TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest52TestNegatedContent", SigTest52TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest53TestNegatedContent", SigTest53TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest54TestNegatedContent", SigTest54TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest55TestNegatedContent", SigTest55TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest56TestNegatedContent", SigTest56TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest57TestNegatedContent", SigTest57TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest58TestNegatedContent", SigTest58TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest59TestNegatedContent", SigTest59TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest60TestNegatedContent", SigTest60TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest61TestNegatedContent", SigTest61TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest62TestNegatedContent", SigTest62TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest63TestNegatedContent", SigTest63TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest64TestNegatedContent", SigTest64TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest65TestNegatedContent", SigTest65TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest66TestNegatedContent", SigTest66TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest67TestNegatedContent", SigTest67TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest68TestNegatedContent", SigTest68TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest69TestNegatedContent", SigTest69TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest70TestNegatedContent", SigTest70TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest71TestNegatedContent", SigTest71TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest72TestNegatedContent", SigTest72TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest73TestNegatedContent", SigTest73TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest74TestNegatedContent", SigTest74TestNegatedContent, 1);
|
||
|
UtRegisterTest("SigTest75TestNegatedContent", SigTest75TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest41TestNegatedContent",
|
||
|
DetectContentSigTest41TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest42TestNegatedContent",
|
||
|
DetectContentSigTest42TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest43TestNegatedContent",
|
||
|
DetectContentSigTest43TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest44TestNegatedContent",
|
||
|
DetectContentSigTest44TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest45TestNegatedContent",
|
||
|
DetectContentSigTest45TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest46TestNegatedContent",
|
||
|
DetectContentSigTest46TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest47TestNegatedContent",
|
||
|
DetectContentSigTest47TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest48TestNegatedContent",
|
||
|
DetectContentSigTest48TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest49TestNegatedContent",
|
||
|
DetectContentSigTest49TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest50TestNegatedContent",
|
||
|
DetectContentSigTest50TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest51TestNegatedContent",
|
||
|
DetectContentSigTest51TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest52TestNegatedContent",
|
||
|
DetectContentSigTest52TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest53TestNegatedContent",
|
||
|
DetectContentSigTest53TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest54TestNegatedContent",
|
||
|
DetectContentSigTest54TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest55TestNegatedContent",
|
||
|
DetectContentSigTest55TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest56TestNegatedContent",
|
||
|
DetectContentSigTest56TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest57TestNegatedContent",
|
||
|
DetectContentSigTest57TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest58TestNegatedContent",
|
||
|
DetectContentSigTest58TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest59TestNegatedContent",
|
||
|
DetectContentSigTest59TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest60TestNegatedContent",
|
||
|
DetectContentSigTest60TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest61TestNegatedContent",
|
||
|
DetectContentSigTest61TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest62TestNegatedContent",
|
||
|
DetectContentSigTest62TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest63TestNegatedContent",
|
||
|
DetectContentSigTest63TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest64TestNegatedContent",
|
||
|
DetectContentSigTest64TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest65TestNegatedContent",
|
||
|
DetectContentSigTest65TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest66TestNegatedContent",
|
||
|
DetectContentSigTest66TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest67TestNegatedContent",
|
||
|
DetectContentSigTest67TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest68TestNegatedContent",
|
||
|
DetectContentSigTest68TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest69TestNegatedContent",
|
||
|
DetectContentSigTest69TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest70TestNegatedContent",
|
||
|
DetectContentSigTest70TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest71TestNegatedContent",
|
||
|
DetectContentSigTest71TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest72TestNegatedContent",
|
||
|
DetectContentSigTest72TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest73TestNegatedContent",
|
||
|
DetectContentSigTest73TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest74TestNegatedContent",
|
||
|
DetectContentSigTest74TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest75TestNegatedContent",
|
||
|
DetectContentSigTest75TestNegatedContent, 1);
|
||
|
UtRegisterTest("DetectContentSigTest76TestDistanceWithin",
|
||
|
DetectContentSigTest76TestDistanceWithin, 1);
|
||
|
UtRegisterTest("DetectContentSigNegativeTest77TestDistanceWithin",
|
||
|
DetectContentSigNegativeTest77TestDistanceWithin, 1);
|
||
|
UtRegisterTest("DetectContentSigTest78TestDistanceWithin",
|
||
|
DetectContentSigTest78TestDistanceWithin, 1);
|
||
|
UtRegisterTest("DetectContentSigTest79TestDistanceWithin",
|
||
|
DetectContentSigTest79TestDistanceWithin, 1);
|
||
|
#endif /* UNITTESTS */
|
||
|
}
|
||
- « Previous
- 1
- 2
- 3
- Next »