diff --git a/policy/utils/directions-and-hosts.bro b/policy/utils/directions-and-hosts.bro index ae5feb7761..cf69ee682d 100644 --- a/policy/utils/directions-and-hosts.bro +++ b/policy/utils/directions-and-hosts.bro @@ -5,9 +5,15 @@ function id_matches_direction(id: conn_id, d: Direction): bool { if ( d == NO_DIRECTION ) return F; - return ( d == BIDIRECTIONAL || - (d == OUTBOUND && Site::is_local_addr(id$orig_h)) || - (d == INBOUND && Site::is_local_addr(id$resp_h)) ); + local o_local = Site::is_local_addr(id$orig_h); + local r_local = Site::is_local_addr(id$resp_h); + + if ( d == BIDIRECTIONAL ) + return (o_local && !r_local) || (!o_local && r_local); + else if ( d == OUTBOUND ) + return o_local && !r_local; + else if ( d == INBOUND ) + return !o_local && r_local; } type Host: enum { LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS }; diff --git a/testing/btest/Baseline/policy.utils.conn_ids/output b/testing/btest/Baseline/policy.utils.conn_ids/output new file mode 100644 index 0000000000..bf6f803264 --- /dev/null +++ b/testing/btest/Baseline/policy.utils.conn_ids/output @@ -0,0 +1,6 @@ +10.0.0.100:10000 > 10.0.0.200:20000 +10.0.0.100:10000 < 10.0.0.200:20000 +10.0.0.100:10000 > 10.0.0.200:20000 +10.0.0.100:10000 < 10.0.0.200:20000 +T +T diff --git a/testing/btest/Baseline/policy.utils.directions-and-hosts/output b/testing/btest/Baseline/policy.utils.directions-and-hosts/output new file mode 100644 index 0000000000..051ac02a67 --- /dev/null +++ b/testing/btest/Baseline/policy.utils.directions-and-hosts/output @@ -0,0 +1,24 @@ +LOCAL_HOSTS(10.0.0.100) == T: SUCCESS +REMOTE_HOSTS(10.0.0.100) == F: SUCCESS +ALL_HOSTS(10.0.0.100) == T: SUCCESS +NO_HOSTS(10.0.0.100) == F: SUCCESS +LOCAL_HOSTS(192.168.1.100) == F: SUCCESS +REMOTE_HOSTS(192.168.1.100) == T: SUCCESS +ALL_HOSTS(192.168.1.100) == T: SUCCESS +NO_HOSTS(192.168.1.100) == F: SUCCESS +INBOUND(o: 10.0.0.100, r: 10.0.0.200) == F: SUCCESS +INBOUND(o: 10.0.0.100, r: 192.168.1.100) == F: SUCCESS +INBOUND(o: 192.168.1.100, r: 10.0.0.100) == T: SUCCESS +INBOUND(o: 192.168.1.100, r: 192.168.1.200) == F: SUCCESS +OUTBOUND(o: 10.0.0.100, r: 10.0.0.200) == F: SUCCESS +OUTBOUND(o: 10.0.0.100, r: 192.168.1.100) == T: SUCCESS +OUTBOUND(o: 192.168.1.100, r: 10.0.0.100) == F: SUCCESS +OUTBOUND(o: 192.168.1.100, r: 192.168.1.200) == F: SUCCESS +BIDIRECTIONAL(o: 10.0.0.100, r: 10.0.0.200) == F: SUCCESS +BIDIRECTIONAL(o: 10.0.0.100, r: 192.168.1.100) == T: SUCCESS +BIDIRECTIONAL(o: 192.168.1.100, r: 10.0.0.100) == T: SUCCESS +BIDIRECTIONAL(o: 192.168.1.100, r: 192.168.1.200) == F: SUCCESS +NO_DIRECTION(o: 10.0.0.100, r: 10.0.0.200) == F: SUCCESS +NO_DIRECTION(o: 10.0.0.100, r: 192.168.1.100) == F: SUCCESS +NO_DIRECTION(o: 192.168.1.100, r: 10.0.0.100) == F: SUCCESS +NO_DIRECTION(o: 192.168.1.100, r: 192.168.1.200) == F: SUCCESS diff --git a/testing/btest/Baseline/policy.utils.files/output b/testing/btest/Baseline/policy.utils.files/output new file mode 100644 index 0000000000..99691c7efb --- /dev/null +++ b/testing/btest/Baseline/policy.utils.files/output @@ -0,0 +1,32 @@ +test-prefix_141.142.220.118:48649-208.80.152.118:80_test-suffix +test-prefix_141.142.220.118:48649-208.80.152.118:80 +141.142.220.118:48649-208.80.152.118:80_test-suffix +141.142.220.118:48649-208.80.152.118:80 +test-prefix_141.142.220.118:49997-208.80.152.3:80_test-suffix +test-prefix_141.142.220.118:49997-208.80.152.3:80 +141.142.220.118:49997-208.80.152.3:80_test-suffix +141.142.220.118:49997-208.80.152.3:80 +test-prefix_141.142.220.118:49996-208.80.152.3:80_test-suffix +test-prefix_141.142.220.118:49996-208.80.152.3:80 +141.142.220.118:49996-208.80.152.3:80_test-suffix +141.142.220.118:49996-208.80.152.3:80 +test-prefix_141.142.220.118:49998-208.80.152.3:80_test-suffix +test-prefix_141.142.220.118:49998-208.80.152.3:80 +141.142.220.118:49998-208.80.152.3:80_test-suffix +141.142.220.118:49998-208.80.152.3:80 +test-prefix_141.142.220.118:50000-208.80.152.3:80_test-suffix +test-prefix_141.142.220.118:50000-208.80.152.3:80 +141.142.220.118:50000-208.80.152.3:80_test-suffix +141.142.220.118:50000-208.80.152.3:80 +test-prefix_141.142.220.118:49999-208.80.152.3:80_test-suffix +test-prefix_141.142.220.118:49999-208.80.152.3:80 +141.142.220.118:49999-208.80.152.3:80_test-suffix +141.142.220.118:49999-208.80.152.3:80 +test-prefix_141.142.220.118:50001-208.80.152.3:80_test-suffix +test-prefix_141.142.220.118:50001-208.80.152.3:80 +141.142.220.118:50001-208.80.152.3:80_test-suffix +141.142.220.118:50001-208.80.152.3:80 +test-prefix_141.142.220.118:35642-208.80.152.2:80_test-suffix +test-prefix_141.142.220.118:35642-208.80.152.2:80 +141.142.220.118:35642-208.80.152.2:80_test-suffix +141.142.220.118:35642-208.80.152.2:80 diff --git a/testing/btest/Baseline/policy.utils.numbers/output b/testing/btest/Baseline/policy.utils.numbers/output new file mode 100644 index 0000000000..42cf027bb9 --- /dev/null +++ b/testing/btest/Baseline/policy.utils.numbers/output @@ -0,0 +1,7 @@ +0 +13 +13 +13 +13 +13 +1 diff --git a/testing/btest/policy/utils/conn_ids.test b/testing/btest/policy/utils/conn_ids.test new file mode 100644 index 0000000000..f1c0c392be --- /dev/null +++ b/testing/btest/policy/utils/conn_ids.test @@ -0,0 +1,14 @@ +# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: btest-diff output + +@load utils/conn_ids + +global c: conn_id = [ $orig_h = 10.0.0.100, $orig_p = 10000, + $resp_h = 10.0.0.200, $resp_p = 20000 ]; + +print id_string(c); +print reverse_id_string(c); +print directed_id_string(c, T); +print directed_id_string(c, F); +print id_string(c) == directed_id_string(c, T); +print reverse_id_string(c) == directed_id_string(c, F); diff --git a/testing/btest/policy/utils/directions-and-hosts.test b/testing/btest/policy/utils/directions-and-hosts.test new file mode 100644 index 0000000000..b657e0a3b0 --- /dev/null +++ b/testing/btest/policy/utils/directions-and-hosts.test @@ -0,0 +1,72 @@ +# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: btest-diff output + +@load site +@load utils/directions-and-hosts + +redef Site::local_nets += { 10.0.0.0/8 }; + +global local_ip = 10.0.0.100; +global remote_ip = 192.168.1.100; + +global local2local: conn_id = [ + $orig_h = 10.0.0.100, $orig_p = 10000, + $resp_h = 10.0.0.200, $resp_p = 20000 ]; + +global local2remote: conn_id = [ + $orig_h = 10.0.0.100, $orig_p = 10000, + $resp_h = 192.168.1.100, $resp_p = 20000 ]; + +global remote2local: conn_id = [ + $orig_h = 192.168.1.100, $orig_p = 10000, + $resp_h = 10.0.0.100, $resp_p = 20000 ]; + +global remote2remote: conn_id = [ + $orig_h = 192.168.1.100, $orig_p = 10000, + $resp_h = 192.168.1.200, $resp_p = 20000 ]; + +function test_host(ip: addr, h: Host, expect: bool) + { + local result = addr_matches_host(ip, h); + print fmt("%s(%s) == %s: %s", h, ip, expect, + result == expect ? "SUCCESS" : "FAIL"); + } + +function test_dir(id: conn_id, d: Direction, expect: bool) + { + local result = id_matches_direction(id, d); + print fmt("%s(o: %s, r: %s) == %s: %s", d, id$orig_h, id$resp_h, expect, + result == expect ? "SUCCESS" : "FAIL"); + } + +event bro_init() + { + test_host(local_ip, LOCAL_HOSTS, T); + test_host(local_ip, REMOTE_HOSTS, F); + test_host(local_ip, ALL_HOSTS, T); + test_host(local_ip, NO_HOSTS, F); + test_host(remote_ip, LOCAL_HOSTS, F); + test_host(remote_ip, REMOTE_HOSTS, T); + test_host(remote_ip, ALL_HOSTS, T); + test_host(remote_ip, NO_HOSTS, F); + + test_dir(local2local, INBOUND, F); + test_dir(local2remote, INBOUND, F); + test_dir(remote2local, INBOUND, T); + test_dir(remote2remote, INBOUND, F); + + test_dir(local2local, OUTBOUND, F); + test_dir(local2remote, OUTBOUND, T); + test_dir(remote2local, OUTBOUND, F); + test_dir(remote2remote, OUTBOUND, F); + + test_dir(local2local, BIDIRECTIONAL, F); + test_dir(local2remote, BIDIRECTIONAL, T); + test_dir(remote2local, BIDIRECTIONAL, T); + test_dir(remote2remote, BIDIRECTIONAL, F); + + test_dir(local2local, NO_DIRECTION, F); + test_dir(local2remote, NO_DIRECTION, F); + test_dir(remote2local, NO_DIRECTION, F); + test_dir(remote2remote, NO_DIRECTION, F); + } diff --git a/testing/btest/policy/utils/files.test b/testing/btest/policy/utils/files.test new file mode 100644 index 0000000000..5433f5b6df --- /dev/null +++ b/testing/btest/policy/utils/files.test @@ -0,0 +1,12 @@ +# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: btest-diff output + +@load utils/files + +event connection_established(c: connection) + { + print generate_extraction_filename("test-prefix", c, "test-suffix"); + print generate_extraction_filename("test-prefix", c, ""); + print generate_extraction_filename("", c, "test-suffix"); + print generate_extraction_filename("", c, ""); + } diff --git a/testing/btest/policy/utils/numbers.test b/testing/btest/policy/utils/numbers.test new file mode 100644 index 0000000000..8b9707bdd0 --- /dev/null +++ b/testing/btest/policy/utils/numbers.test @@ -0,0 +1,12 @@ +# @TEST-EXEC: bro %INPUT >output +# @TEST-EXEC: btest-diff output + +@load utils/numbers + +print extract_count("These aren't the numbers you're looking for."); +print extract_count("13These aren't the numbers you're looking for."); +print extract_count("13 These aren't the numbers you're looking for."); +print extract_count("These aren't the 13 numbers you're looking for."); +print extract_count("These aren't the numbers you're looking for.13"); +print extract_count("These aren't the numbers you're looking for. 13"); +print extract_count("These aren't the 1abc3 numbers you're looking for.");