Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
zeek/testing/btest/scripts/base/protocols/ldap/functions.spicy

134 lines
5.1 KiB
Text
Raw Blame History

# This test can only run if we have the LDAP grammar available.
# @TEST-REQUIRES: have-spicy && [ -n ${DIST} ]
#
# @TEST-EXEC: spicyc -j -d -L ${DIST}/src/analyzer/protocol/ldap %INPUT
#
# @TEST-DOC: Validates helper functions in LDAP module.
module test;
import LDAP;
# ----------------------------------------------------------------------------------
# function utf16_guid_to_hex_repr()
# - requires exactly 16 bytes
# Not enough bytes (15)
assert LDAP::utf16_guid_to_hex_repr(b"1234567890ABCDE") == "GUID_FORMAT_FAILED";
# Too much bytes (17)
assert LDAP::utf16_guid_to_hex_repr(b"1234567890ABCDEFG") == "GUID_FORMAT_FAILED";
# Empty
assert LDAP::utf16_guid_to_hex_repr(b"") == "GUID_FORMAT_FAILED";
# 16 times \x00
assert LDAP::utf16_guid_to_hex_repr(b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") == "00000000-0000-0000-0000-000000000000";
# 16 times \xff
assert LDAP::utf16_guid_to_hex_repr(b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff") == "ffffffff-ffff-ffff-ffff-ffffffffffff";
# Valid DomainGuidFilter
assert LDAP::utf16_guid_to_hex_repr(b"\x3b\x52\xb3\xb0\x6f\x54\xaf\x4f\x93\xb2\x29\x4a\x38\x50\x98\xf2") == "b0b3523b-546f-4faf-93b2-294a385098f2";
# ----------------------------------------------------------------------------------
# function bytes_sid_to_hex_repr()
# - transforms bytes of arbitrary length to a ':' separated string
# Empty
assert LDAP::bytes_sid_to_hex_repr(b"") == "";
# 10 times \x00
assert LDAP::bytes_sid_to_hex_repr(b"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00") == "00:00:00:00:00:00:00:00:00:00";
# 10 times \xff
assert LDAP::bytes_sid_to_hex_repr(b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff") == "ff:ff:ff:ff:ff:ff:ff:ff:ff:ff";
# Valid `AAC` value
assert LDAP::bytes_sid_to_hex_repr(b"\x80\x00\x00\x00") == "80:00:00:00";
# Valid objectSid
assert LDAP::bytes_sid_to_hex_repr(b"\x01\x05\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\xd5\x64\xbe\x81\x5d\x68\x9c\x0d\x44\x4a\xae\x74\x01\x02\x00\x00") == "01:05:00:00:00:00:00:05:15:00:00:00:d5:64:be:81:5d:68:9c:0d:44:4a:ae:74:01:02:00:00";
# ----------------------------------------------------------------------------------
# function bytes_sid_to_SID_repr()
# - requires exactly 24 bytes
# Not enough bytes (0 and 10)
assert LDAP::bytes_sid_to_SID_repr(b"") == "SID_FORMAT_FAILED";
assert LDAP::bytes_sid_to_SID_repr(b"1234567890") == "SID_FORMAT_FAILED";
# Too much bytes (25)
assert LDAP::bytes_sid_to_SID_repr(b"1234567890123456789012345") == "SID_FORMAT_FAILED";
# Empty
assert LDAP::bytes_sid_to_SID_repr(b"") == "SID_FORMAT_FAILED";
# Valid SID
assert LDAP::bytes_sid_to_SID_repr(b"\x01\x04\x00\x00\x00\x00\x00\x05\x15\x00\x00\x00\x39\xc5\xc7\x44\xfa\xbd\x24\x1d\x4a\x65\xfd\x71") == "S-1-5-21-1153942841-488947194-1912431946";
# Some random bytes - probably an invalid SID but no error
assert LDAP::bytes_sid_to_SID_repr(b"\x02\x08\x00\x02\x00\x00\x00\x05\x15\x20\x00\x12\xd5\x64\xaf\x84\x5d\x68\x9c\x0d\x44\x4c\xad\x73") == "S-2-8589934597-301998101-2226087125-228354141-1940737092";
# All 1's
assert LDAP::bytes_sid_to_SID_repr(b"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff") == "S-255-281474976710655-4294967295-4294967295-4294967295-4294967295";
# ----------------------------------------------------------------------------------
# function uint32_to_hex_repr()
# Not enough bytes (0 and 2)
assert LDAP::uint32_to_hex_repr(b"") == "HEX_FORMAT_FAILED";
assert LDAP::uint32_to_hex_repr(b"12") == "HEX_FORMAT_FAILED";
# Too much bytes (6)
assert LDAP::uint32_to_hex_repr(b"123456") == "HEX_FORMAT_FAILED";
# Empty
assert LDAP::uint32_to_hex_repr(b"") == "HEX_FORMAT_FAILED";
# Valid `NtVer` value
assert LDAP::uint32_to_hex_repr(b"\x16\x00\x00\x00") == "0x00000016";
# 4 times \x00
assert LDAP::uint32_to_hex_repr(b"\x00\x00\x00\x00") == "0x00000000";
# 4 times \xff
assert LDAP::uint32_to_hex_repr(b"\xff\xff\xff\xff") == "0xffffffff";
# ----------------------------------------------------------------------------------
# function string_representation()
function make_nested_repr(filters: vector<string>): string {
local nestedOr: LDAP::ParseNestedAndOr;
nestedOr.searchfilters = vector<LDAP::SearchFilter>();
for (f in filters) {
local or_: LDAP::SearchFilter;
or_.filterType = LDAP::FilterType::FILTER_PRESENT;
or_.FILTER_PRESENT = f;
or_.stringRepresentation = LDAP::string_representation(or_);
nestedOr.searchfilters.push_back(or_);
}
local searchFilter: LDAP::SearchFilter;
searchFilter.filterType = LDAP::FilterType::FILTER_OR;
searchFilter.FILTER_OR = nestedOr;
return LDAP::string_representation(searchFilter);
}
function test_string_representation() {
local repr0 = make_nested_repr(vector());
assert repr0 == "": repr0;
local repr1 = make_nested_repr(vector("foo"));
assert repr1 == "(|(foo=*))": repr1;
local repr2 = make_nested_repr(vector("foo", "bar"));
assert repr2 == "(|(foo=*)(bar=*))": repr2;
local repr3 = make_nested_repr(vector("foo", "bar", "baz"));
assert repr3 == "(|(|(foo=*)(bar=*))(baz=*))": repr3;
}
test_string_representation();
Reference in a new issue View git blame Copy permalink