test/suite_dfilter/group_string.py

   1 #
   2 # Copyright (c) 2013 by Gilbert Ramirez <gram@alumni.rice.edu>
   3 #
   4 # SPDX-License-Identifier: GPL-2.0-or-later
   5
   6 import pytest
   7 from suite_dfilter.dfiltertest import *
   8
   9
  10 class TestDfilterString:
  11     trace_file = "http.pcap"
  12
  13     def test_eq_1(self, checkDFilterCount):
  14         dfilter = 'http.request.method == "HEAD"'
  15         checkDFilterCount(dfilter, 1)
  16
  17     def test_eq_2(self, checkDFilterCount):
  18         dfilter = 'http.request.method == "POST"'
  19         checkDFilterCount(dfilter, 0)
  20
  21     def test_gt_1(self, checkDFilterCount):
  22         dfilter = 'http.request.method > "HEAC"'
  23         checkDFilterCount(dfilter, 1)
  24
  25     def test_gt_2(self, checkDFilterCount):
  26         dfilter = 'http.request.method > "HEAD"'
  27         checkDFilterCount(dfilter, 0)
  28
  29     def test_gt_3(self, checkDFilterCount):
  30         dfilter = 'http.request.method > "HEAE"'
  31         checkDFilterCount(dfilter, 0)
  32
  33     def test_ge_1(self, checkDFilterCount):
  34         dfilter = 'http.request.method >= "HEAC"'
  35         checkDFilterCount(dfilter, 1)
  36
  37     def test_ge_2(self, checkDFilterCount):
  38         dfilter = 'http.request.method >= "HEAD"'
  39         checkDFilterCount(dfilter, 1)
  40
  41     def test_ge_3(self, checkDFilterCount):
  42         dfilter = 'http.request.method >= "HEAE"'
  43         checkDFilterCount(dfilter, 0)
  44
  45     def test_lt_1(self, checkDFilterCount):
  46         dfilter = 'http.request.method < "HEAC"'
  47         checkDFilterCount(dfilter, 0)
  48
  49     def test_lt_2(self, checkDFilterCount):
  50         dfilter = 'http.request.method < "HEAD"'
  51         checkDFilterCount(dfilter, 0)
  52
  53     def test_lt_3(self, checkDFilterCount):
  54         dfilter = 'http.request.method < "HEAE"'
  55         checkDFilterCount(dfilter, 1)
  56
  57     def test_le_1(self, checkDFilterCount):
  58         dfilter = 'http.request.method <= "HEAC"'
  59         checkDFilterCount(dfilter, 0)
  60
  61     def test_le_2(self, checkDFilterCount):
  62         dfilter = 'http.request.method <= "HEAD"'
  63         checkDFilterCount(dfilter, 1)
  64
  65     def test_le_3(self, checkDFilterCount):
  66         dfilter = 'http.request.method <= "HEAE"'
  67         checkDFilterCount(dfilter, 1)
  68
  69     def test_slice_1(self, checkDFilterCount):
  70         dfilter = 'http.request.method[0] == "H"'
  71         checkDFilterCount(dfilter, 1)
  72
  73     def test_slice_2(self, checkDFilterCount):
  74         dfilter = 'http.request.method[0] == "P"'
  75         checkDFilterCount(dfilter, 0)
  76
  77     def test_slice_3(self, checkDFilterCount):
  78         dfilter = 'http.request.method[0:4] == "HEAD"'
  79         checkDFilterCount(dfilter, 1)
  80
  81     def test_slice_4(self, checkDFilterCount):
  82         dfilter = 'http.request.method[0:4] != "HEAD"'
  83         checkDFilterCount(dfilter, 0)
  84
  85     def test_slice_5(self, checkDFilterCount):
  86         dfilter = 'http.request.method[1:2] == "EA"'
  87         checkDFilterCount(dfilter, 1)
  88
  89     def test_slice_6(self, checkDFilterCount):
  90         dfilter = 'http.request.method[1:2] > "EA"'
  91         checkDFilterCount(dfilter, 0)
  92
  93     def test_slice_7(self, checkDFilterCount):
  94         dfilter = 'http.request.method[-1] == "D"'
  95         checkDFilterCount(dfilter, 1)
  96
  97     def test_slice_8(self, checkDFilterCount):
  98         dfilter = 'http.request.method[-2] == "D"'
  99         checkDFilterCount(dfilter, 0)
 100
 101     def xxxtest_stringz_1(self):
 102             return self.DFilterCount(pkt_tftp,
 103                     'tftp.type == "octet"', 1)
 104
 105     def xxxtest_stringz_2(self):
 106             return self.DFilterCount(pkt_tftp,
 107                     'tftp.type == "junk"', 0)
 108
 109     def test_contains_1(self, checkDFilterCount):
 110         dfilter = 'http.request.method contains "E"'
 111         checkDFilterCount(dfilter, 1)
 112
 113     def test_contains_2(self, checkDFilterCount):
 114         dfilter = 'http.request.method contains "EA"'
 115         checkDFilterCount(dfilter, 1)
 116
 117     def test_contains_3(self, checkDFilterCount):
 118         dfilter = 'http.request.method contains "HEAD"'
 119         checkDFilterCount(dfilter, 1)
 120
 121     def test_contains_4(self, checkDFilterCount):
 122         dfilter = 'http.request.method contains "POST"'
 123         checkDFilterCount(dfilter, 0)
 124
 125     def test_contains_5(self, checkDFilterCount):
 126         dfilter = 'http.request.method contains "\x50\x4f\x53\x54"' # "POST"
 127         checkDFilterCount(dfilter, 0)
 128
 129     def test_contains_6(self, checkDFilterCount):
 130         dfilter = 'http.request.method contains "\x48\x45\x41\x44"' # "HEAD"
 131         checkDFilterCount(dfilter, 1)
 132
 133     def test_contains_7(self, checkDFilterCount):
 134         dfilter = 'http.request.method contains 48:45:41:44' # "48:45:41:44"
 135         checkDFilterCount(dfilter, 0)
 136
 137     def test_contains_fail_0(self, checkDFilterCount):
 138         dfilter = 'http.user_agent contains "update"'
 139         checkDFilterCount(dfilter, 0)
 140
 141     def test_contains_fail_1(self, checkDFilterCount):
 142         dfilter = 'http.user_agent contains "UPDATE"'
 143         checkDFilterCount(dfilter, 0)
 144
 145     def test_contains_upper_0(self, checkDFilterCount):
 146         dfilter = 'upper(http.user_agent) contains "UPDATE"'
 147         checkDFilterCount(dfilter, 1)
 148
 149     def test_contains_upper_1(self, checkDFilterCount):
 150         dfilter = 'upper(http.user_agent) contains "update"'
 151         checkDFilterCount(dfilter, 0)
 152
 153     def test_contains_upper_2(self, checkDFilterFail):
 154         dfilter = 'upper(tcp.seq) == 4'
 155         checkDFilterFail(dfilter, 'Only string type fields can be used')
 156
 157     def test_contains_lower_0(self, checkDFilterCount):
 158         dfilter = 'lower(http.user_agent) contains "UPDATE"'
 159         checkDFilterCount(dfilter, 0)
 160
 161     def test_contains_lower_1(self, checkDFilterCount):
 162         dfilter = 'lower(http.user_agent) contains "update"'
 163         checkDFilterCount(dfilter, 1)
 164
 165     def test_eq_lower_1(self, checkDFilterFail):
 166         dfilter = 'lower(tcp.seq) == 4'
 167         checkDFilterFail(dfilter, 'Only string type fields can be used')
 168
 169     def test_string_len(self, checkDFilterCount):
 170         dfilter = 'len(http.request.method) == 4'
 171         checkDFilterCount(dfilter, 1)
 172
 173     def test_eq_unicode(self, checkDFilterCount):
 174         dfilter = 'tcp.flags.str == "·······AP···"'
 175         checkDFilterCount(dfilter, 1)
 176
 177     def test_contains_unicode(self, checkDFilterCount):
 178         dfilter = 'tcp.flags.str contains "·······AP···"'
 179         checkDFilterCount(dfilter, 1)
 180
 181     def test_value_string_1(self, checkDFilterCount):
 182         dfilter = 'tcp.checksum.status == "Unverified" || tcp.checksum.status == "Good"'
 183         checkDFilterCount(dfilter, 1)
 184
 185     def test_value_string_2(self, checkDFilterCount):
 186         dfilter = 'tcp.checksum.status matches "unverified|good"'
 187         checkDFilterCount(dfilter, 1)
 188
 189     def test_value_string_3(self, checkDFilterSucceed):
 190         dfilter = 'tcp.checksum.status == Unverified'
 191         checkDFilterSucceed(dfilter, 'Writing value strings without double quotes is deprecated')
 192
 193 class TestDfilterStringz:
 194     trace_file = "tftp.pcap"
 195
 196     def test_stringz_1(self, checkDFilterCount):
 197         dfilter = 'tftp.type == octet'
 198         checkDFilterCount(dfilter, 1)
 199
 200     def test_stringz_2(self, checkDFilterCount):
 201         dfilter = 'tftp.type == "octet"'
 202         checkDFilterCount(dfilter, 1)
 203
 204     def test_stringz_3(self, checkDFilterCount):
 205         dfilter = 'tftp.type == junk'
 206         checkDFilterCount(dfilter, 0)
 207
 208 class TestDfilterStringIndex:
 209     trace_file = "data-utf8.pcap"
 210
 211     def test_index_1(self, checkDFilterCount):
 212         dfilter = 'data.text[3] == "á"'
 213         prefs = "data.show_as_text:true"
 214         checkDFilterCount(dfilter, 1, prefs)
 215
 216     def test_index_2(self, checkDFilterCount):
 217         dfilter = 'data.text[3] == "a"'
 218         prefs = "data.show_as_text:true"
 219         checkDFilterCount(dfilter, 0, prefs)
 220
 221     def test_index_3(self, checkDFilterCount):
 222         dfilter = 'data.text[40:] == "cão preguiçoso"'
 223         prefs = "data.show_as_text:true"
 224         checkDFilterCount(dfilter, 1, prefs)
 225
 226     def test_index_4(self, checkDFilterCount):
 227         # Byte offset
 228         dfilter = '@data.text[41:] == "cão preguiçoso"'
 229         prefs = "data.show_as_text:true"
 230         checkDFilterCount(dfilter, 1, prefs)
 231
 232     def test_index_5(self, checkDFilterCount):
 233         # Byte offset
 234         dfilter = '@data.text[41:] == 63:c3:a3:6f:20:70:72:65:67:75:69:c3:a7:6f:73:6f'
 235         prefs = "data.show_as_text:true"
 236         checkDFilterCount(dfilter, 1, prefs)
 237
 238     def test_strlen_1(self, checkDFilterCount):
 239         dfilter = 'len(data.text) == 54'
 240         prefs = "data.show_as_text:true"
 241         checkDFilterCount(dfilter, 1, prefs)
 242
 243     def test_strlen_2(self, checkDFilterCount):
 244         # Byte length
 245         dfilter = 'len(@data.text) == 57'
 246         prefs = "data.show_as_text:true"
 247         checkDFilterCount(dfilter, 1, prefs)
 248