Changes to make snort3_demo more portable

README.adoc

@@ -9,20 +9,25 @@ you can find here: https://github.com/bats-core/bats-core.
 
 To execute the tests:
 
-  ./run_test.sh <snort3_installed_path>
+  ./run_test.sh
 
-run_test.sh will find *.bats files recursively from the current
-directory down and execute each test. Output is in TAPS format with
-a summary at the end.
+run_test.sh will find and expecute "test.bats" files recursively from the
+specified [path/to/tests] if provided, or recursively from the current
+directory, if no path is provided. Output is in TAPS format with a summary at
+the end.
 
-You can also execute a single test by specifying the relative path to
-the specific test.bats file, e.g.:
+You can also execute a one or more tests from an alternate directory tree by
+specifying an alternate path as the first argument file, e.g.:
 
-  ./run_test.sh <snort3_installed_path> tests/ips_actions/replace_rewrite/test.bats
+  ./run_test.sh tests/ips_actions/replace_rewrite
 
-Do this first if you require --daq-dir to run Snort 3:
+  or (path to the test.bats file)
 
-  export SNORT3_DAQ_DIR="<daq3_installed_path>"
+  ./run_test.sh tests/ips_actions/replace_rewrite/test.bats
+
+  or (some out of tree path to an externally defined test suite)
+
+  ./run_test.sh /some/other/path/tests/
 
 Dockerfiles outlining how to build Snort3 for a specific platform are included
 in the Dockerfiles folder.

run_one

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+TEST_PATH="$1"
+echo "test_path: $1"
+DIRNAME=$(dirname "$TEST_PATH")
+BASENAME=$(basename "$TEST_PATH")
+
+pushd "$DIRNAME" &>/dev/null
+echo "$PWD"
+bats -t "$BASENAME"
+popd &> /dev/null

run_test.sh

@@ -1,45 +1,44 @@
 #!/usr/bin/env bash
-#$1 -- directory where snort is installed
-if [ $# -lt 1 ] ; then
-    printf "usage: run_test.sh <snort_install_dir>"
-    exit -1
+
+# Let the user specify an alternate directory to run test from
+# This could be within the same source tree, or external.
+TOPDIR="."
+if [ -n "$1" ]
+then TOPDIR="$1"
+fi
+
+if [[ -f "$TOPDIR" ]]
+then TOPDIR=$(dirname "$TOPDIR")
 fi
 
-[ -d "$SNORT3_DAQ_DIR" ] && daq_dir="--daq-dir $SNORT3_DAQ_DIR"
+# Assume user installed to the default location ("/usr/local")
+# TODO Deviation from this should pass as environment variable (`PREFIX="x/y/z" ./run_tests`).
+export PREFIX="/usr/local"
+export DAQ_DIR="$PREFIX/lib/daq:$PREFIX/lib/snort/daq:$PREFIX/lib/snort/daq/extra"
 
 # global args (add any needed here for your environment)
 args="-H -U"
 
 # setup environnement
-export snorty_path=$1
-export snort="$snorty_path/bin/snort $daq_dir $args"
-export snort2lua="$snorty_path/bin/snort2lua"
+export snort="$PREFIX/bin/snort --daq-dir $DAQ_DIR $args"
+export snort2lua="$PREFIX/bin/snort2lua"
 
-export LUA_PATH=$snorty_path/include/snort/lua/\?.lua\;\;
-export SNORT_LUA_PATH=$snorty_path/etc/snort/
+export LUA_PATH=$PREFIX/include/snort/lua/\?.lua\;\;
+export SNORT_LUA_PATH=$PREFIX/etc/snort/
 export PATH=$PATH:$(pwd)/bin
 
-if [ -d "${snorty_path}/lib64" ]; then
-    libs=${snorty_path}/lib64
-else
-    libs=${snorty_path}/lib
+# FIXIT: Figure out if libdaq install honors lib64 vs lib the same way as snort3 
+if [ -d "${PREFIX}/lib64" ]
+then LIBDIR="${PREFIX}/lib64"
+else LIBDIR="${PREFIX}/lib"
 fi
 
-export PKG_CONFIG_PATH=$libs/pkgconfig:$PKG_CONFIG_PATH
-export SNORT_DAQ_LIBS=$libs/snort/daq:$libs/snort/daq/extra
-export SNORT_PLUGINS=$libs/snort/plugins
+export PKG_CONFIG_PATH="$LIBDIR/pkgconfig:$PKG_CONFIG_PATH"
+export SNORT_PLUGINS="$LIBDIR/snort/plugins"
 
-tests=$2
-[ "$tests" ] || tests=`find . -name \*.bats`
-
-# run tests for all .bats
-for t in $tests ; do
-    printf "\n# $t:\n"
-    pushd . &>/dev/null
-    cd `dirname $t`
-    bats -t .
-    popd &> /dev/null
-    done | tee demo_result.log
+# Find will locate all the "test.bats" files under the specified TOPDIR.
+find "$TOPDIR" -name "test.bats" -type f -exec ./run_one \{} \; \
+	| tee demo_result.log
 
 # calculate stats
 pass=$(grep "^ok" -c demo_result.log)
@@ -51,9 +50,6 @@ total=$(($pass + $fail + $skip))
 printf "\n"
 printf "Total = $total, Pass = $pass, Fail = $fail, Skip = $skip\n" | tee demo_summary.log
 
-if [ $fail -ne 0 ]; then
-    exit 1;
-else
-    exit 0;
+if [ $fail -ne 0 ]
+then exit 1
 fi
-

tests/inspectors/stream_file/test.bats

@@ -4,7 +4,7 @@ CFG="snort.lua"
 OPTION="-q -A csv"
 
 @test "Basic stream_file functional test" {
-    $snort -c $CFG --daq-dir $SNORT_DAQ_LIBS --daq file -r malware.pdf -s 8192 $OPTION > snort.out
+    $snort -c $CFG --daq file -r malware.pdf -s 8192 $OPTION > snort.out
     diff -Bb expected snort.out
 }
 

tests/inspectors/stream_user/test.bats

@@ -4,7 +4,7 @@ CFG="snort.lua"
 OPTION="-A csv -q"
 
 @test "Basic stream_user functional test" {
-    $snort -c $CFG --daq-dir $SNORT_DAQ_LIBS --daq hext -i get.hext $OPTION > snort.out
+    $snort -c $CFG --daq hext -i get.hext $OPTION > snort.out
     diff expected snort.out
 }
 

tests/ips_options/so_and_soid/so_rule/.gitignore

@@ -0,0 +1,3 @@
+build/
+install/
+sid_3_13.h

tests/ips_options/so_and_soid/so_rule/CMakeLists.txt

@@ -0,0 +1,39 @@
+cmake_minimum_required ( VERSION 3.4.3 )
+project (sorule_id_3_13 C CXX)
+
+set (CMAKE_CXX_STANDARD 14)
+set (CMAKE_CXX_STANDARD_REQUIRED ON)
+set (CMAKE_CXX_EXTENSIONS OFF)
+
+include ( FindPkgConfig )
+pkg_search_module ( SNORT3 REQUIRED snort>=3 )
+
+add_library (
+    so_rule
+    MODULE
+    sid_3_13.cc
+    sid_3_13.h
+)
+
+target_compile_options (
+    so_rule
+    PRIVATE
+        -fno-rtti
+)
+
+set_target_properties (
+    so_rule
+    PROPERTIES
+        PREFIX ""
+)
+
+target_include_directories (
+    so_rule PUBLIC
+    ${SNORT3_INCLUDE_DIRS}
+)
+
+install (
+    TARGETS so_rule
+    LIBRARY
+    DESTINATION "${CMAKE_SOURCE_DIR}/install"
+)

tests/ips_options/so_and_soid/so_rule/Makefile

@@ -0,0 +1,16 @@
+.PHONY: build sid_3-13.h install clean
+
+build: sid_3_13.h
+	cmake -B build/ -G Ninja .
+	cmake --build build/
+
+sid_3_13.h: sid_3_13.txt
+	snort --rule-to-text < sid_3_13.txt > sid_3_13.h
+
+install:
+	cmake --install build/
+
+clean:
+	rm sid_3_13.h
+	rm -rf build/
+	rm -rf install/

tests/ips_options/so_and_soid/so_rule/sid_3_13.txt

@@ -0,0 +1,17 @@
+alert http
+(
+    msg:"Too much Cheez Whiz is bad mkay.";
+    flow:to_server,established;
+    http_uri; content:"crazy";
+    http_uri:query; content:"withThe=CheezWhiz";
+    http_uri:query; content:"cans=";
+    service:http;
+    reference:url,http://www.kraftbrands.com/cheezwhiz/;
+    classtype:misc-activity;
+    gid:3;
+    sid:13;
+    rev:1;
+    soid:3_13_1;
+    so:cans 7;
+)
+

tests/ips_options/so_and_soid/test.bats

@@ -5,35 +5,32 @@ base=sid_3_13
 pcap="cheez.pcap"
 cfg="snort.lua"
 
-gcc_opts="-std=c++14 -Wall -g -ggdb -O0"
-stub_opts="--warn-all --plugin-path ."
+stub_opts="--warn-all --plugin-path so_rule/install"
 run_opts="-q -A csv"
 
 setup()
 {
-    CXX=g++
-
-    if [[ "$OSTYPE" == "freebsd"* ]]; then
-        CXX='clang++'
-    elif [[ "$OSTYPE" == "linux-musl"* ]]; then
-        gcc_opts="-std=c++14 -Wall -g -ggdb -O0"
-    fi
-
-    local cppflags="$(pkg-config --cflags snort) $(pkg-config --variable=DAQ_CPPFLAGS snort)"
-
-    $snort --rule-to-text < $base.txt > $base.h
-    ${CXX} -c $gcc_opts $cppflags -fPIC -o $base.o $base.cc
-    ${CXX} -shared -o $base.so $base.o
+    pushd so_rule/
+    make sid_3_13.h build install
+    popd
+    ls -alh so_rule/install
 }
 
 @test "SO and SOID - 3:13" {
+    echo $snort $stub_opts --dump-dynamic-rules > stub.rule
     $snort $stub_opts --dump-dynamic-rules > stub.rule
+
+    echo $snort $stub_opts -c $cfg -R stub.rule -r $pcap $run_opts &> snort.out
     $snort $stub_opts -c $cfg -R stub.rule -r $pcap $run_opts &> snort.out
+
+    cat snort.out
     cat stub.rule snort.out | diff expected -
 }
 
 teardown()
 {
-    rm -f snort.out *.z *.o *.so stub.rule *.h
+    pushd so_rule/
+    make clean
+    popd
+    rm -f snort.out stub.rule
 }
-