1 //--------------------------------------------------------------------------
2 // Copyright (C) 2016-2021 Cisco and/or its affiliates. All rights reserved.
3 //
4 // This program is free software; you can redistribute it and/or modify it
5 // under the terms of the GNU General Public License Version 2 as published
6 // by the Free Software Foundation. You may not use, modify or distribute
7 // this program under any other version of the GNU General Public License.
8 //
9 // This program is distributed in the hope that it will be useful, but
10 // WITHOUT ANY WARRANTY; without even the implied warranty of
11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 // General Public License for more details.
13 //
14 // You should have received a copy of the GNU General Public License along
15 // with this program; if not, write to the Free Software Foundation, Inc.,
16 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
17 //--------------------------------------------------------------------------
18
19 // obfuscator_test.cc author Victor Roemer <viroemer@cisco.com>
20
21 #ifdef HAVE_CONFIG_H
22 #include "config.h"
23 #endif
24
25 #include <cstring>
26
27 #include "../obfuscator.h"
28
29 #include <CppUTest/CommandLineTestRunner.h>
30 #include <CppUTest/TestHarness.h>
31
32 using namespace snort;
33
TEST_GROUP(ObfuscatorTests)34 TEST_GROUP(ObfuscatorTests)
35 { };
36
TEST(ObfuscatorTests,Test_1_Block)37 TEST(ObfuscatorTests, Test_1_Block)
38 {
39 char buf[70];
40 memset(buf, 'A', sizeof(buf)-1);
41 buf[ sizeof(buf)-1 ] = '\0';
42
43 Obfuscator ob;
44
45 ob.push(0, sizeof(buf)-1);
46
47 ObfuscatorBlock b;
48 for ( bool more = ob.first(b); more; more = ob.next(b) )
49 memset(&buf[ b.offset ], '.', b.length);
50
51 char buf2[sizeof(buf)];
52 memset(buf2, '.', sizeof(buf2)-1);
53 buf2[ sizeof(buf2)-1 ] = '\0';
54
55 CHECK_TRUE(memcmp(buf, buf2, sizeof(buf)) == 0);
56 }
57
TEST(ObfuscatorTests,Test_2_Block)58 TEST(ObfuscatorTests, Test_2_Block)
59 {
60 char buf[70];
61 memset(buf, 'A', sizeof(buf)-1);
62 buf[ sizeof(buf)-1 ] = '\0';
63
64 Obfuscator ob;
65
66 ob.push(0, 10);
67 ob.push(10, sizeof(buf)-10-1);
68
69 ObfuscatorBlock b;
70 for ( bool more = ob.first(b); more; more = ob.next(b) )
71 memset(&buf[ b.offset ], '.', b.length);
72
73 char buf2[sizeof(buf)];
74 memset(buf2, '.', sizeof(buf2)-1);
75 buf2[ sizeof(buf2)-1 ] = '\0';
76
77 CHECK_TRUE(memcmp(buf, buf2, sizeof(buf)) == 0);
78 }
79
TEST(ObfuscatorTests,Test_3_Block)80 TEST(ObfuscatorTests, Test_3_Block)
81 {
82 char buf[70];
83 memset(buf, 'A', sizeof(buf)-1);
84 buf[ sizeof(buf)-1 ] = '\0';
85
86 Obfuscator ob;
87
88 ob.push(0, 10);
89 ob.push(10, 10);
90 ob.push(20, sizeof(buf)-20-1);
91
92 ObfuscatorBlock b;
93 for ( bool more = ob.first(b); more; more = ob.next(b) )
94 memset(&buf[ b.offset ], '.', b.length);
95
96 char buf2[sizeof(buf)];
97 memset(buf2, '.', sizeof(buf2)-1);
98 buf2[ sizeof(buf2)-1 ] = '\0';
99
100 CHECK_TRUE(memcmp(buf, buf2, sizeof(buf)) == 0);
101 }
102
TEST(ObfuscatorTests,Test_3_Block_with_Gaps)103 TEST(ObfuscatorTests, Test_3_Block_with_Gaps)
104 {
105 char buf[70];
106 memset(buf, 'A', sizeof(buf)-1);
107 buf[ sizeof(buf)-1 ] = '\0';
108
109 Obfuscator ob;
110
111 ob.push(0, 10); // 0-9 '..........'
112 ob.push(20, 10); // 10-19 'AAAAAAAAAA' 20-29 '..........'
113 ob.push(40, sizeof(buf)-40-1); // 30-39 'AAAAAAAAAA' 40-68 '.............................' 69 '\0'
114
115 ObfuscatorBlock b;
116 for ( bool more = ob.first(b); more; more = ob.next(b) )
117 memset(&buf[ b.offset ], '.', b.length);
118
119 const char buf2[70] = "..........AAAAAAAAAA..........AAAAAAAAAA.............................";
120 CHECK_TRUE(memcmp(buf, buf2, sizeof(buf)) == 0);
121 }
122
TEST(ObfuscatorTests,EmptyListTest)123 TEST(ObfuscatorTests, EmptyListTest)
124 {
125 Obfuscator ob;
126 ObfuscatorBlock b;
127 CHECK_FALSE(ob.first(b));
128 }
129
TEST(ObfuscatorTests,EmptyList2Test)130 TEST(ObfuscatorTests, EmptyList2Test)
131 {
132 Obfuscator ob;
133 ObfuscatorBlock b;
134 CHECK_FALSE(ob.next(b));
135 }
136
TEST(ObfuscatorTests,EmptyList3Test)137 TEST(ObfuscatorTests, EmptyList3Test)
138 {
139 Obfuscator ob;
140 ob.push(0, 69);
141
142 ObfuscatorBlock b;
143 CHECK_TRUE(ob.first(b) );
144 CHECK_FALSE(ob.next(b) );
145 CHECK_FALSE(ob.next(b) );
146 }
147
TEST(ObfuscatorTests,NoExactMatch)148 TEST(ObfuscatorTests, NoExactMatch)
149 {
150 Obfuscator ob;
151 ob.push(0, 1);
152 ob.push(0, 1);
153 ob.push(0, 1);
154 ob.push(0, 1);
155 ob.push(0, 1);
156 ob.push(0, 1);
157 ob.push(0, 1);
158 ob.push(0, 1);
159
160 auto b = ob.begin();
161 CHECK_TRUE(++b == ob.end());
162 }
163
TEST(ObfuscatorTests,UpdateExactMatch)164 TEST(ObfuscatorTests, UpdateExactMatch)
165 {
166 Obfuscator ob;
167 ob.push(0, 1);
168 ob.push(0, 2);
169 ob.push(0, 3);
170 ob.push(0, 4);
171 ob.push(0, 5);
172 ob.push(0, 6);
173 ob.push(0, 7);
174 ob.push(0, 8);
175
176 auto b = ob.begin();
177 CHECK_TRUE(++b == ob.end());
178 }
179
180 //
181 // Verify ObfuscatorBlock's are sorted on access
182 //
TEST(ObfuscatorTests,SortedElements)183 TEST(ObfuscatorTests, SortedElements)
184 {
185 Obfuscator ob;
186 ob.push(50,0);
187 ob.push(100,0);
188 ob.push(0,0);
189
190 uint32_t last = 0;
191 for ( auto &b: ob )
192 {
193 CHECK_TRUE(last <= b.offset);
194 last = b.offset;
195 }
196 }
197
TEST(ObfuscatorTests,Overlaps)198 TEST(ObfuscatorTests, Overlaps)
199 {
200 Obfuscator ob;
201 ob.push(50,49);
202 ob.push(100,1);
203 ob.push(0,100);
204
205 uint32_t last = 0;
206 for ( auto &b: ob )
207 {
208 CHECK_TRUE(last <= b.offset);
209 last = b.offset;
210 }
211 }
212
main(int argc,char * argv[])213 int main(int argc, char* argv[])
214 {
215 return CommandLineTestRunner::RunAllTests(argc, argv);
216 }
217
218