1 /*
2 * Copyright (c) 2018 Balabit
3 * Copyright (c) 2013 Gergely Nagy <algernon@balabit.hu>
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18 *
19 * As an additional exemption you are allowed to compile & link against the
20 * OpenSSL libraries as published by the OpenSSL project. See the file
21 * COPYING for details.
22 *
23 */
24 #include "filter/filter-expr.h"
25 #include "filter/filter-re.h"
26 #include "filter/filter-pri.h"
27 #include "filter/filter-op.h"
28 #include "cfg.h"
29 #include "test_filters_common.h"
30 #include "libtest/cr_template.h"
31
32 #include <criterion/criterion.h>
33 #include <criterion/parameterized.h>
34 #include <string.h>
35 #include <stdlib.h>
36 #include <stdio.h>
37 #include <pcre.h>
38
39 TestSuite(filter, .init = setup, .fini = teardown);
40
41 typedef struct _FilterParamRegexp
42 {
43 const gchar *msg;
44 gint field;
45 const gchar *regexp;
46 gint flags;
47 const gchar *regexp2;
48 gint flags2;
49 gboolean expected_result;
50 const gchar *name;
51 const gchar *value;
52 } FilterParamRegexp;
53
54 static gboolean
check_pcre_version_is_atleast(const gchar * version)55 check_pcre_version_is_atleast(const gchar *version)
56 {
57 return strncmp(pcre_version(), version, strlen(version)) >= 0;
58 }
59
Test(filter,create_pcre_regexp_filter)60 Test(filter, create_pcre_regexp_filter)
61 {
62 cr_assert_eq(create_pcre_regexp_filter(LM_V_PROGRAM, "((", 0), NULL);
63 cr_assert_eq(create_pcre_regexp_filter(LM_V_HOST, "((", 0), NULL);
64 cr_assert_eq(create_pcre_regexp_match("((", 0), NULL);
65 cr_assert_eq(create_pcre_regexp_filter(LM_V_PROGRAM, "((", 0), NULL);
66 cr_assert_eq(create_pcre_regexp_filter(LM_V_HOST, "((", 0), NULL);
67 cr_assert_eq(create_pcre_regexp_filter(LM_V_HOST, "(?iana", 0), NULL);
68 cr_assert_eq(create_pcre_regexp_filter(LM_V_HOST, "(?iana", 0), NULL);
69 cr_assert_eq(create_pcre_regexp_match("((", 0), NULL);
70 cr_assert_eq(create_pcre_regexp_match("(?P<foo_123", 0), NULL); // Unterminated group identifier
71 if (check_pcre_version_is_atleast("8.34"))
72 cr_assert_eq(create_pcre_regexp_match("(?P<1>a)", 0), NULL); // Begins with a digit
73 cr_assert_eq(create_pcre_regexp_match("(?P<!>a)", 0), NULL); // Begins with an illegal char
74 cr_assert_eq(create_pcre_regexp_match("(?P<foo!>a)", 0), NULL); // Ends with an illegal char
75 cr_assert_eq(create_pcre_regexp_match("\\1", 0), NULL); // Backreference
76 cr_assert_eq(create_pcre_regexp_match("a[b-a]", 0), NULL);
77 cr_assert_eq(create_pcre_regexp_match("a[]b", 0), NULL);
78 cr_assert_eq(create_pcre_regexp_match("a[", 0), NULL);
79 cr_assert_eq(create_pcre_regexp_match("*a", 0), NULL);
80 cr_assert_eq(create_pcre_regexp_match("(*)b", 0), NULL);
81 cr_assert_eq(create_pcre_regexp_match("a\\", 0), NULL);
82 cr_assert_eq(create_pcre_regexp_match("abc)", 0), NULL);
83 cr_assert_eq(create_pcre_regexp_match("(abc", 0), NULL);
84 cr_assert_eq(create_pcre_regexp_match("a**", 0), NULL);
85 cr_assert_eq(create_pcre_regexp_match(")(", 0), NULL);
86 cr_assert_eq(create_pcre_regexp_match("(?<DN>foo)|(?<DN>bar)", 0), NULL);
87 }
88
ParameterizedTestParameters(filter,test_filter_regexp_backref_chk)89 ParameterizedTestParameters(filter, test_filter_regexp_backref_chk)
90 {
91 static FilterParamRegexp test_data_list[] =
92 {
93 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: al fa", .field = LM_V_MESSAGE, .regexp = "(a)(l) (fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "a"},
94 {.msg = "<15>Oct 15 16:17:02 host openvpn[2499]: al fa", .field = LM_V_MESSAGE, .regexp = "(a)(l) (fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "0", .value = "al fa"},
95 {.msg = "<15>Oct 15 16:17:03 host openvpn[2499]: al fa", .field = LM_V_MESSAGE, .regexp = "(a)(l) (fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "232", .value = NULL},
96 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: alma fa", .field = LM_V_MESSAGE, .regexp = "(?P<a>a)(?P<l>l)(?P<MM>m)(?P<aa>a) (?P<fa>fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "MM", .value = "m"},
97 {.msg = "<15>Oct 15 16:17:02 host openvpn[2499]: alma fa", .field = LM_V_MESSAGE, .regexp = "(?P<a>a)(?P<l>l)(?P<MM>m)(?P<aa>a) (?P<fa>fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "aaaa", .value = NULL},
98 {.msg = "<15>Oct 15 16:17:03 host openvpn[2499]: alma fa", .field = LM_V_MESSAGE, .regexp = "(?P<a>a)(?P<l>l)(?P<MM>m)(?P<aa>a) (?P<fa_name>fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "fa_name", .value = "fa"},
99 {.msg = "<15>Oct 15 16:17:04 host openvpn[2499]: al fa", .field = LM_V_MESSAGE, .regexp = "(a)(l) (fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "l"},
100 {.msg = "<15>Oct 15 16:17:04 host openvpn[2499]: al fa", .field = LM_V_MESSAGE, .regexp = "(a)(l) (fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "3", .value = "fa"},
101 {.msg = "<15>Oct 15 16:17:05 host openvpn[2499]: al fa", .field = LM_V_MESSAGE, .regexp = "(a)(l) (fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "0", .value = "al fa"},
102 {.msg = "<15>Oct 15 16:17:06 host openvpn[2499]: al fa", .field = LM_V_MESSAGE, .regexp = "(a)(l) (fa)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "233", .value = NULL},
103 {.msg = "<15>Oct 15 16:17:06 host openvpn[2499]: foobar bar", .field = LM_V_MESSAGE, .regexp = "(?<foobar>foobar) (?<foo>foo)?(?<bar>bar)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "bar", .value = "bar"},
104 {.msg = "<15>Oct 15 16:17:06 host openvpn[2499]: foobar bar", .field = LM_V_MESSAGE, .regexp = "(?<foobar>foobar) (?<foo>foo)?(?<bar>bar)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "foobar", .value = "foobar"},
105 {.msg = "<15>Oct 15 16:17:06 host openvpn[2499]: foobar bar", .field = LM_V_MESSAGE, .regexp = "(?<foobar>foobar) (?<foo>foo)?(?<bar>bar)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "foo", .value = NULL},
106 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abc", .field = LM_V_MESSAGE, .regexp = "((a))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "a"},
107 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abc", .field = LM_V_MESSAGE, .regexp = "((a))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "a"},
108 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ab", .field = LM_V_MESSAGE, .regexp = "(a+|b)*", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "b"},
109 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ab", .field = LM_V_MESSAGE, .regexp = "(a+|b){0,}", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "b"},
110 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ab", .field = LM_V_MESSAGE, .regexp = "(a+|b)+", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "b"},
111 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ab", .field = LM_V_MESSAGE, .regexp = "(a+|b){1,}", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "b"},
112 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ab", .field = LM_V_MESSAGE, .regexp = "(a+|b)?", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "a"},
113 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ab", .field = LM_V_MESSAGE, .regexp = "(a+|b){0,1}", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "a"},
114 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abbbcd", .field = LM_V_MESSAGE, .regexp = "([abc])*d", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "c"},
115 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcd", .field = LM_V_MESSAGE, .regexp = "([abc])*bcd", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "a"},
116 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: xabyabbbz", .field = LM_V_MESSAGE, .regexp = "ab*", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "0", .value = "ab"},
117 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: xayabbbz", .field = LM_V_MESSAGE, .regexp = "ab*", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "0", .value = "a"},
118 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcdef", .field = LM_V_MESSAGE, .regexp = "(abc|)ef", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "0", .value = "ef"},
119 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcd", .field = LM_V_MESSAGE, .regexp = "(a|b)c*d", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "b"},
120 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abc", .field = LM_V_MESSAGE, .regexp = "(ab|ab*)bc", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "a"},
121 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abc", .field = LM_V_MESSAGE, .regexp = "a([bc]*)c*", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "bc"},
122 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcd", .field = LM_V_MESSAGE, .regexp = "a([bc]*)(c*d)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "d"},
123 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcd", .field = LM_V_MESSAGE, .regexp = "a([bc]+)(c*d)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "d"},
124 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcd", .field = LM_V_MESSAGE, .regexp = "a([bc]*)(c+d)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "cd"},
125 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: alpha", .field = LM_V_MESSAGE, .regexp = "[a-zA-Z_][a-zA-Z0-9_]*", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "0", .value = "alpha"},
126 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abh", .field = LM_V_MESSAGE, .regexp = "^a(bc+|b[eh])g|.h$", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = NULL},
127 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: effgz", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "effgz"},
128 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: effgz", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = NULL},
129 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ij", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "ij"},
130 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ij", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "j"},
131 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: reffgz", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "effgz"},
132 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: reffgz", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = NULL},
133 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: a", .field = LM_V_MESSAGE, .regexp = "((((((((((a))))))))))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "10", .value = "a"},
134 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: aa", .field = LM_V_MESSAGE, .regexp = "((((((((((a))))))))))\\10", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "0", .value = "aa"},
135 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcde", .field = LM_V_MESSAGE, .regexp = "(.*)c(.*)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "ab"},
136 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcde", .field = LM_V_MESSAGE, .regexp = "(.*)c(.*)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "de"},
137 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: (a, b)", .field = LM_V_MESSAGE, .regexp = "\\((.*), (.*)\\)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "a"},
138 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: (a, b)", .field = LM_V_MESSAGE, .regexp = "\\((.*), (.*)\\)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "b"},
139 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcabc", .field = LM_V_MESSAGE, .regexp = "(abc)\\1", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "abc"},
140 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: abcabc", .field = LM_V_MESSAGE, .regexp = "([a-c]*)\\1", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "abc"},
141 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: a:bc-:de:f", .field = LM_V_MESSAGE, .regexp = "(?<!-):(.*?)(?<!-):", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "bc-:de"},
142 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: A", .field = LM_V_MESSAGE, .regexp = "(?i)(?:(?:(?:(?:(?:(?:(?:(?:(?:(a))))))))))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "A"},
143 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: C", .field = LM_V_MESSAGE, .regexp = "(?i)(?:(?:(?:(?:(?:(?:(?:(?:(?:(a|b|c))))))))))", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "C"},
144 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ace", .field = LM_V_MESSAGE, .regexp = "a(?:b|c|d)(.)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "e"},
145 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ace", .field = LM_V_MESSAGE, .regexp = "a(?:b|c|d)*(.)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "e"},
146 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ace", .field = LM_V_MESSAGE, .regexp = "a(?:b|c|d)+?(.)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "e"},
147 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ace", .field = LM_V_MESSAGE, .regexp = "a(?:b|(c|e){1,2}?|d)+?(.)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "1", .value = "c"},
148 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: ace", .field = LM_V_MESSAGE, .regexp = "a(?:b|(c|e){1,2}?|d)+?(.)", .flags = LMF_STORE_MATCHES, .expected_result = TRUE, .name = "2", .value = "e"},
149 // using duplicate names for named subpatterns.
150 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: hello foo", .field = LM_V_MESSAGE, .regexp = "(?<DN>foo)|(?<DN>bar)", .flags = LMF_STORE_MATCHES | LMF_DUPNAMES, .expected_result = TRUE, .name = "DN", .value = "foo"},
151 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: hello bar", .field = LM_V_MESSAGE, .regexp = "(?<DN>foo)|(?<DN>bar)", .flags = LMF_STORE_MATCHES | LMF_DUPNAMES, .expected_result = TRUE, .name = "DN", .value = "bar"},
152 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: foobar", .field = LM_V_MESSAGE, .regexp = "(?<DN>foo)(?<DN>bar)", .flags = LMF_STORE_MATCHES | LMF_DUPNAMES, .expected_result = TRUE, .name = "DN", .value = "bar"},
153 };
154
155 return cr_make_param_array(FilterParamRegexp, test_data_list, G_N_ELEMENTS(test_data_list));
156 }
157
ParameterizedTest(FilterParamRegexp * param,filter,test_filter_regexp_backref_chk)158 ParameterizedTest(FilterParamRegexp *param, filter, test_filter_regexp_backref_chk)
159 {
160 FilterExprNode *filter = create_pcre_regexp_filter(param->field, param->regexp, param->flags);
161 testcase_with_backref_chk(param->msg, filter, param->expected_result, param->name, param->value);
162 }
163
ParameterizedTestParameters(filter,test_filter_regexp_filter)164 ParameterizedTestParameters(filter, test_filter_regexp_filter)
165 {
166 static FilterParamRegexp test_data_list[] =
167 {
168 {.msg = "<15> openvpn[2501]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = "^openvpn$", .flags = 0, .expected_result = TRUE},
169 {.msg = "<15> openvpn[2500]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = "^open$", .flags = 0, .expected_result = FALSE},
170 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_HOST, .regexp = "^host$", .flags = 0, .expected_result = TRUE},
171 {.msg = "<15>Oct 15 16:17:02 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_HOST, .regexp = "^hos$", .flags = 0, .expected_result = FALSE},
172 {.msg = "<15>Oct 15 16:17:03 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_HOST, .regexp = "pthread", .flags = 0, .expected_result = FALSE},
173 {.msg = "<15>Oct 15 16:17:04 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "^PTHREAD ", .flags = 0, .expected_result = TRUE},
174 {.msg = "<15>Oct 15 16:17:05 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "PTHREAD s", .flags = 0, .expected_result = TRUE},
175 {.msg = "<15>Oct 15 16:17:06 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "^PTHREAD$", .flags = 0, .expected_result = FALSE},
176 {.msg = "<15>Oct 15 16:17:07 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "(?i)pthread", .flags = 0, .expected_result = TRUE},
177 {.msg = "<15> openvpn[2499]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = "^openvpn$", .flags = 0, .expected_result = TRUE},
178 {.msg = "<15> openvpn[2498]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = "^open$", .flags = 0, .expected_result = FALSE},
179 {.msg = "<15> openvpn[2497]: PTHREAD support initialized", .field = LM_V_HOST, .regexp = "^host$", .flags = 0, .expected_result = FALSE},
180 {.msg = "<15> openvpn[2496]: PTHREAD support initialized", .field = LM_V_HOST, .regexp = "^hos$", .flags = 0, .expected_result = FALSE},
181 {.msg = "<15> openvpn[2495]: PTHREAD support initialized", .field = LM_V_HOST, .regexp = "pthread", .flags = 0, .expected_result = FALSE},
182 {.msg = "<15> openvpn[2494]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "^PTHREAD ", .flags = 0, .expected_result = TRUE},
183 {.msg = "<15> openvpn[2493]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "PTHREAD s", .flags = 0, .expected_result = TRUE},
184 {.msg = "<15> openvpn[2492]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "^PTHREAD$", .flags = 0, .expected_result = FALSE},
185 {.msg = "<15> openvpn[2491]: PTHREAD support initialized", .field = LM_V_MESSAGE, .regexp = "(?i)pthread", .flags = 0, .expected_result = TRUE},
186 {.msg = "<15> openvpn[2491]: a", .field = LM_V_MESSAGE, .regexp = "\\141", .flags = 0, .expected_result = TRUE},
187 {.msg = "<15> openvpn[2491]: \1", .field = LM_V_MESSAGE, .regexp = "[\\1]", .flags = 0, .expected_result = TRUE},
188 {.msg = "<15> openvpn[2491]: abc", .field = LM_V_MESSAGE, .regexp = "ab*c", .flags = 0, .expected_result = TRUE},
189 {.msg = "<15> openvpn[2491]: abc", .field = LM_V_MESSAGE, .regexp = "ab*bc", .flags = 0, .expected_result = TRUE},
190 {.msg = "<15> openvpn[2491]: abbbbc", .field = LM_V_MESSAGE, .regexp = "ab{0,}bc", .flags = 0, .expected_result = TRUE},
191 {.msg = "<15> openvpn[2491]: abbc", .field = LM_V_MESSAGE, .regexp = "ab+bc", .flags = 0, .expected_result = TRUE},
192 {.msg = "<15> openvpn[2491]: abq", .field = LM_V_MESSAGE, .regexp = "ab+bc", .flags = 0, .expected_result = FALSE},
193 {.msg = "<15> openvpn[2491]: abq", .field = LM_V_MESSAGE, .regexp = "ab+bc", .flags = 0, .expected_result = FALSE},
194 {.msg = "<15> openvpn[2491]: abbbbc", .field = LM_V_MESSAGE, .regexp = "ab{1,3}bc", .flags = 0, .expected_result = TRUE},
195 {.msg = "<15> openvpn[2491]: abbbbc", .field = LM_V_MESSAGE, .regexp = "ab{4,5}bc", .flags = 0, .expected_result = FALSE},
196 {.msg = "<15> openvpn[2491]: abbc", .field = LM_V_MESSAGE, .regexp = "ab?bc", .flags = 0, .expected_result = TRUE},
197 {.msg = "<15> openvpn[2491]: abbbbc", .field = LM_V_MESSAGE, .regexp = "ab?bc", .flags = 0, .expected_result = FALSE},
198 {.msg = "<15> openvpn[2491]: axyzc", .field = LM_V_MESSAGE, .regexp = "a.*c", .flags = 0, .expected_result = TRUE},
199 {.msg = "<15> openvpn[2491]: axyzd", .field = LM_V_MESSAGE, .regexp = "a.*c", .flags = 0, .expected_result = FALSE},
200 {.msg = "<15> openvpn[2491]: abc", .field = LM_V_MESSAGE, .regexp = "a[bc]d", .flags = 0, .expected_result = FALSE},
201 {.msg = "<15> openvpn[2491]: abd", .field = LM_V_MESSAGE, .regexp = "a[bc]d", .flags = 0, .expected_result = TRUE},
202 {.msg = "<15> openvpn[2491]: abd", .field = LM_V_MESSAGE, .regexp = "a[b-d]e", .flags = 0, .expected_result = FALSE},
203 {.msg = "<15> openvpn[2491]: ace", .field = LM_V_MESSAGE, .regexp = "a[b-d]e", .flags = 0, .expected_result = TRUE},
204 {.msg = "<15> openvpn[2491]: a-", .field = LM_V_MESSAGE, .regexp = "a[-b]", .flags = 0, .expected_result = TRUE},
205 {.msg = "<15> openvpn[2491]: a-", .field = LM_V_MESSAGE, .regexp = "a[b-]", .flags = 0, .expected_result = TRUE},
206 {.msg = "<15> openvpn[2491]: a]", .field = LM_V_MESSAGE, .regexp = "a]", .flags = 0, .expected_result = TRUE},
207 {.msg = "<15> openvpn[2491]: a]b", .field = LM_V_MESSAGE, .regexp = "a[]]b", .flags = 0, .expected_result = TRUE},
208 {.msg = "<15> openvpn[2491]: aed", .field = LM_V_MESSAGE, .regexp = "a[^bc]d", .flags = 0, .expected_result = TRUE},
209 {.msg = "<15> openvpn[2491]: abd", .field = LM_V_MESSAGE, .regexp = "a[^bc]d", .flags = 0, .expected_result = FALSE},
210 {.msg = "<15> openvpn[2491]: adc", .field = LM_V_MESSAGE, .regexp = "a[^-b]c", .flags = 0, .expected_result = TRUE},
211 {.msg = "<15> openvpn[2491]: a-c", .field = LM_V_MESSAGE, .regexp = "a[^-b]c", .flags = 0, .expected_result = FALSE},
212 {.msg = "<15> openvpn[2491]: a]c", .field = LM_V_MESSAGE, .regexp = "a[^]b]", .flags = 0, .expected_result = FALSE},
213 {.msg = "<15> openvpn[2491]: adc", .field = LM_V_MESSAGE, .regexp = "a[^]b]c", .flags = 0, .expected_result = TRUE},
214 {.msg = "<15> openvpn[2491]: abc", .field = LM_V_MESSAGE, .regexp = "ab|cd", .flags = 0, .expected_result = TRUE},
215 {.msg = "<15> openvpn[2491]: abcd", .field = LM_V_MESSAGE, .regexp = "ab|cd", .flags = 0, .expected_result = TRUE},
216 {.msg = "<15> openvpn[2491]: a(b", .field = LM_V_MESSAGE, .regexp = "a\\(b", .flags = 0, .expected_result = TRUE},
217 {.msg = "<15> openvpn[2491]: ab", .field = LM_V_MESSAGE, .regexp = "a\\(*b", .flags = 0, .expected_result = TRUE},
218 {.msg = "<15> openvpn[2491]: a((b", .field = LM_V_MESSAGE, .regexp = "a\\(*b", .flags = 0, .expected_result = TRUE},
219 {.msg = "<15> openvpn[2491]: a\\b", .field = LM_V_MESSAGE, .regexp = "a\\\\b", .flags = 0, .expected_result = TRUE},
220 {.msg = "<15> openvpn[2491]: abcabc", .field = LM_V_MESSAGE, .regexp = "a.+?c", .flags = 0, .expected_result = TRUE},
221 {.msg = "<15> openvpn[2491]: effg", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = 0, .expected_result = FALSE},
222 {.msg = "<15> openvpn[2491]: bcdd", .field = LM_V_MESSAGE, .regexp = "(bc+d$|ef*g.|h?i(j|k))", .flags = 0, .expected_result = FALSE},
223 {.msg = "<15> openvpn[2491]: abad", .field = LM_V_MESSAGE, .regexp = "a(?!b).", .flags = 0, .expected_result = TRUE},
224 {.msg = "<15> openvpn[2491]: abad", .field = LM_V_MESSAGE, .regexp = "a(?=d).", .flags = 0, .expected_result = TRUE},
225 {.msg = "<15> openvpn[2491]: abad", .field = LM_V_MESSAGE, .regexp = "a(?=c|d).", .flags = 0, .expected_result = TRUE},
226 {.msg = "<15> openvpn[2491]: a\nb", .field = LM_V_MESSAGE, .regexp = "a.b", .flags = 0, .expected_result = FALSE},
227 {.msg = "<15> openvpn[2491]: a\nb", .field = LM_V_MESSAGE, .regexp = "(?s)a.b", .flags = 0, .expected_result = TRUE},
228 {.msg = "<15> openvpn[2491]: --ab_cd0123--", .field = LM_V_MESSAGE, .regexp = "\\w+", .flags = 0, .expected_result = TRUE},
229 {.msg = "<15> openvpn[2491]: --ab_cd0123--", .field = LM_V_MESSAGE, .regexp = "[\\w]+", .flags = 0, .expected_result = TRUE},
230 {.msg = "<15> openvpn[2491]: 1234abc5678", .field = LM_V_MESSAGE, .regexp = "\\D+", .flags = 0, .expected_result = TRUE},
231 {.msg = "<15> openvpn[2491]: 1234abc5678", .field = LM_V_MESSAGE, .regexp = "[\\D]+", .flags = 0, .expected_result = TRUE},
232 {.msg = "<15> openvpn[2491]: 123abc", .field = LM_V_MESSAGE, .regexp = "[\\da-fA-F]+", .flags = 0, .expected_result = TRUE},
233 {.msg = "<15> openvpn[2491]: testing!1972", .field = LM_V_MESSAGE, .regexp = "([\\s]*)([\\S]*)([\\s]*)", .flags = 0, .expected_result = TRUE},
234 {.msg = "<15> openvpn[2491]: testing!1972", .field = LM_V_MESSAGE, .regexp = "(\\s*)(\\S*)(\\s*)", .flags = 0, .expected_result = TRUE},
235 {.msg = "<15> openvpn[2491]: \377", .field = LM_V_MESSAGE, .regexp = "\\xff", .flags = 0, .expected_result = TRUE},
236 {.msg = "<15> openvpn[2491]: \377", .field = LM_V_MESSAGE, .regexp = "\\x00ff", .flags = 0, .expected_result = FALSE},
237 };
238
239 return cr_make_param_array(FilterParamRegexp, test_data_list, G_N_ELEMENTS(test_data_list));
240 }
241
ParameterizedTest(FilterParamRegexp * param,filter,test_filter_regexp_filter)242 ParameterizedTest(FilterParamRegexp *param, filter, test_filter_regexp_filter)
243 {
244 FilterExprNode *filter = create_pcre_regexp_filter(param->field, param->regexp, param->flags);
245 testcase(param->msg, filter, param->expected_result);
246 }
247
ParameterizedTestParameters(filter,test_filter_regexp_filter_fop)248 ParameterizedTestParameters(filter, test_filter_regexp_filter_fop)
249 {
250 static FilterParamRegexp test_data_list[] =
251 {
252 {.msg = "<15>Oct 16 16:17:01 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = " PTHREAD ", .flags = 0, .regexp2 = "PTHREAD", .flags2 = 0, .expected_result = TRUE},
253 {.msg = "<15>Oct 16 16:17:02 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = " PTHREAD ", .flags = 0, .regexp2 = "^PTHREAD$", .flags2 = 0, .expected_result = FALSE},
254 {.msg = "<15>Oct 16 16:17:03 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = "^PTHREAD$", .flags = 0, .regexp2 = " PTHREAD ", .flags2 = 0, .expected_result = FALSE},
255 {.msg = "<15>Oct 16 16:17:04 host openvpn[2499]: PTHREAD support initialized", .field = LM_V_PROGRAM, .regexp = " PAD ", .flags = 0, .regexp2 = "^PTHREAD$", .flags2 = 0, .expected_result = FALSE},
256 };
257
258 return cr_make_param_array(FilterParamRegexp, test_data_list, G_N_ELEMENTS(test_data_list));
259 }
260
ParameterizedTest(FilterParamRegexp * param,filter,test_filter_regexp_filter_fop)261 ParameterizedTest(FilterParamRegexp *param, filter, test_filter_regexp_filter_fop)
262 {
263 FilterExprNode *filter = fop_and_new(create_pcre_regexp_match(param->regexp, param->flags),
264 create_pcre_regexp_match(param->regexp2, param->flags2));
265 testcase(param->msg, filter, param->expected_result);
266 }
267
ParameterizedTestParameters(filter,test_filter_regexp_match_fop)268 ParameterizedTestParameters(filter, test_filter_regexp_match_fop)
269 {
270 static FilterParamRegexp test_data_list[] =
271 {
272 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", .regexp = " PTHREAD ", .flags = 0, .regexp2 = "PTHREAD", .flags2 = 0, .expected_result = TRUE},
273 {.msg = "<15>Oct 15 16:17:02 host openvpn[2499]: PTHREAD support initialized", .regexp = " PTHREAD ", .flags = 0, .regexp2 = "^PTHREAD$", .flags2 = 0, .expected_result = TRUE},
274 {.msg = "<15>Oct 15 16:17:03 host openvpn[2499]: PTHREAD support initialized", .regexp = "^PTHREAD$", .flags = 0, .regexp2 = " PTHREAD ", .flags2 = 0, .expected_result = TRUE},
275 {.msg = "<15>Oct 15 16:17:04 host openvpn[2499]: PTHREAD support initialized", .regexp = " PAD ", .flags = 0, .regexp2 = "^PTHREAD$", .flags2 = 0, .expected_result = FALSE},
276 };
277 return cr_make_param_array(FilterParamRegexp, test_data_list, G_N_ELEMENTS(test_data_list));
278 }
279
ParameterizedTest(FilterParamRegexp * param,filter,test_filter_regexp_match_fop)280 ParameterizedTest(FilterParamRegexp *param, filter, test_filter_regexp_match_fop)
281 {
282 FilterExprNode *filter = fop_or_new(create_pcre_regexp_match(param->regexp, param->flags),
283 create_pcre_regexp_match(param->regexp2, param->flags2));
284 testcase(param->msg, filter, param->expected_result);
285 }
286
ParameterizedTestParameters(filter,test_filter_regexp_match)287 ParameterizedTestParameters(filter, test_filter_regexp_match)
288 {
289 static FilterParamRegexp test_data_list[] =
290 {
291 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", .regexp = " PTHREAD ", .flags = 0, .expected_result = TRUE},
292 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", .regexp = "^openvpn\\[2499\\]: PTHREAD", .flags = 0, .expected_result = TRUE},
293 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", .regexp = "^PTHREAD$", .flags = 0, .expected_result = FALSE},
294 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", .regexp = "(?i)pthread", .flags = 0, .expected_result = TRUE},
295 {.msg = "<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", .regexp = "pthread", .flags = LMF_ICASE, .expected_result = TRUE},
296 };
297 return cr_make_param_array(FilterParamRegexp, test_data_list, G_N_ELEMENTS(test_data_list));
298 }
299
ParameterizedTest(FilterParamRegexp * param,filter,test_filter_regexp_match)300 ParameterizedTest(FilterParamRegexp *param, filter, test_filter_regexp_match)
301 {
302 FilterExprNode *filter = create_pcre_regexp_match(param->regexp, param->flags);
303 testcase(param->msg, filter, param->expected_result);
304 }
305
Test(filter,test_match_with_value)306 Test(filter, test_match_with_value)
307 {
308 FilterExprNode *filter;
309
310 filter = create_pcre_regexp_match("^PTHREAD", 0);
311 filter_match_set_value_handle(filter, LM_V_MESSAGE);
312 testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", filter, TRUE);
313
314 filter = create_pcre_regexp_match("^2499", 0);
315 filter_match_set_value_handle(filter, LM_V_PID);
316 testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", filter, TRUE);
317 }
318
Test(filter,test_match_with_template)319 Test(filter, test_match_with_template)
320 {
321 FilterExprNode *filter;
322
323 filter = create_pcre_regexp_match("^PTHREAD", 0);
324 filter_match_set_template_ref(filter, compile_template("$MSG", FALSE));
325 testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", filter, TRUE);
326
327 filter = create_pcre_regexp_match("^2499", 0);
328 filter_match_set_template_ref(filter, compile_template("$PID", FALSE));
329 testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", filter, TRUE);
330
331 filter = create_pcre_regexp_match("^2499 openvpn", 0);
332 filter_match_set_template_ref(filter, compile_template("$PID $PROGRAM", FALSE));
333 testcase("<15>Oct 15 16:17:01 host openvpn[2499]: PTHREAD support initialized", filter, TRUE);
334 }
335