fuzzing: improve coverage (#2495)

Fix detection of WebDAV and Gnutella (over HTTP) Fix detection of z3950 Add two fuzzers to test `ndpi_memmem()` and `ndpi_strnstr()` Remove some dead code: * RTP: the same exact check is performed at the very beginning of the function * MQTT: use a better helper to exclude the protocol * Colletd: `ndpi_hostname_sni_set()` never fails Update pl7m code (fix a Use-of-uninitialized-value error)
author: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com> 2024-07-12 14:22:25 +0200
committer: GitHub <noreply@github.com> 2024-07-12 14:22:25 +0200
commit: c3ba65311e2cf4aba8b51cdb6800a5654ef1d060 (patch)
tree: 7f0aa30fc4ab1d0aaec75f08b84cb7f3705d29fa /tests
parent: 456f0fd4279ae727831a80c506a343b8a9aedd90 (diff)
4 files changed, 23 insertions, 15 deletions
diff --git a/tests/cfgs/default/pcap/ssh.pcap b/tests/cfgs/default/pcap/ssh.pcap
index 7331a7e39..c20f5d9b0 100644
--- a/tests/cfgs/default/pcap/ssh.pcap
+++ b/tests/cfgs/default/pcap/ssh.pcap
diff --git a/tests/cfgs/default/pcap/webdav.pcap b/tests/cfgs/default/pcap/webdav.pcap
index 22808ee7f..f4e88cb0c 100644
--- a/tests/cfgs/default/pcap/webdav.pcap
+++ b/tests/cfgs/default/pcap/webdav.pcap
diff --git a/tests/cfgs/default/result/ssh.pcap.out b/tests/cfgs/default/result/ssh.pcap.out
index 1cf904f05..47970cdc0 100644
--- a/tests/cfgs/default/result/ssh.pcap.out
+++ b/tests/cfgs/default/result/ssh.pcap.out
@@ -1,6 +1,6 @@
-DPI Packets (TCP):	10	(10.00 pkts/flow)
-Confidence DPI              : 1 (flows)
-Num dissector calls: 1 (1.00 diss/flow)
+DPI Packets (TCP):	19	(9.50 pkts/flow)
+Confidence DPI              : 2 (flows)
+Num dissector calls: 22 (11.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
@@ -16,11 +16,12 @@ Patricia risk mask:   2/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   2/0 (search/found)
+Patricia protocols:   4/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
-SSH	258	35546	1
+SSH	295	44977	2
 
-Acceptable                     258 35546         1            
+Acceptable                     295 44977         2            
 
 	1	TCP 172.16.238.1:58395 <-> 172.16.238.168:22 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 10][cat: RemoteAccess/12][159 pkts/15615 bytes <-> 99 pkts/19931 bytes][Goodput ratio: 33/67][248.48 sec][Hostname/SNI: SSH-2.0-OpenSSH_5.3][bytes ratio: -0.121 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/0 1846/2934 166223/166224 14794/19692][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 98/201 970/1346 83/283][Risk: ** SSH Obsolete Cli Vers/Cipher **** SSH Obsolete Ser Vers/Cipher **][Risk Score: 150][Risk Info: Found cipher arcfour128 / Found cipher arcfour128][HASSH-C: 21B457A327CE7A2D4FCE5EF2C42400BD][Server: SSH-2.0-OpenSSH_5.6][HASSH-S: B1C6C0D56317555B85C7005A3DE29325][Plen Bins: 2,76,12,2,3,0,0,0,0,1,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,0,1,0,0,0,0,0,0,0]
+	2	TCP 127.0.0.1:58496 <-> 127.0.0.1:8000 [proto: 92/SSH][IP: 0/Unknown][Encrypted][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 9][cat: RemoteAccess/12][20 pkts/5598 bytes <-> 17 pkts/3833 bytes][Goodput ratio: 76/71][2.18 sec][Hostname/SNI: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11][bytes ratio: 0.187 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/1 119/162 1760/1760 424/463][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 280/225 1602/1098 437/270][Risk: ** Known Proto on Non Std Port **** SSH Obsolete Ser Vers/Cipher **][Risk Score: 100][Risk Info: Found cipher arcfour128][HASSH-C: C11B200866CF918393E62EA25D851D90][Server: SSH-2.0-APACHE-SSHD-2.5.0][HASSH-S: CA6DD86B2D9A44E4A3F1A55C53E6B0FA][Plen Bins: 13,4,42,4,4,0,0,0,0,0,0,4,4,0,0,0,0,0,0,0,9,0,0,0,0,0,0,0,0,0,0,0,4,0,0,0,0,0,0,0,0,4,0,0,0,0,0,4]
diff --git a/tests/cfgs/default/result/webdav.pcap.out b/tests/cfgs/default/result/webdav.pcap.out
index 69e6c02e1..fb80f684f 100644
--- a/tests/cfgs/default/result/webdav.pcap.out
+++ b/tests/cfgs/default/result/webdav.pcap.out
@@ -1,6 +1,6 @@
-DPI Packets (TCP):	6	(6.00 pkts/flow)
-Confidence DPI              : 1 (flows)
-Num dissector calls: 15 (15.00 diss/flow)
+DPI Packets (TCP):	41	(5.12 pkts/flow)
+Confidence DPI              : 8 (flows)
+Num dissector calls: 120 (15.00 diss/flow)
 LRU cache ookla:      0/0/0 (insert/search/found)
 LRU cache bittorrent: 0/0/0 (insert/search/found)
 LRU cache stun:       0/0/0 (insert/search/found)
@@ -10,17 +10,24 @@ LRU cache msteams:    0/0/0 (insert/search/found)
 Automa host:          0/0 (search/found)
 Automa domain:        0/0 (search/found)
 Automa tls cert:      0/0 (search/found)
-Automa risk mask:     1/0 (search/found)
+Automa risk mask:     8/0 (search/found)
 Automa common alpns:  0/0 (search/found)
-Patricia risk mask:   2/0 (search/found)
+Patricia risk mask:   16/0 (search/found)
 Patricia risk mask IPv6: 0/0 (search/found)
 Patricia risk:        0/0 (search/found)
 Patricia risk IPv6:   0/0 (search/found)
-Patricia protocols:   2/0 (search/found)
+Patricia protocols:   16/0 (search/found)
 Patricia protocols IPv6: 0/0 (search/found)
 
-WebDAV	14	2742	1
+WebDAV	92	22025	8
 
-Acceptable                      14 2742          1            
+Acceptable                      92 22025         8            
 
-	1	TCP 10.24.8.189:50652 <-> 104.156.149.6:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Collaborative/15][7 pkts/727 bytes <-> 7 pkts/2015 bytes][Goodput ratio: 46/81][5.07 sec][Hostname/SNI: 104.156.149.6][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/8 67/20 24/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 104/288 223/1107 75/390][URL: 104.156.149.6/webdav][StatusCode: 301][Content-Type: text/html][Server: Apache/2.4.52 (Ubuntu)][User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 104.156.149.6][PLAIN TEXT (PROPFIND /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	1	TCP 192.168.16.173:35612 <-> 198.244.151.63:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][8 pkts/1196 bytes <-> 4 pkts/2599 bytes][Goodput ratio: 55/89][0.11 sec][Hostname/SNI: www.dlp-test.com][bytes ratio: -0.370 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/26 13/27 28/28 13/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 150/650 572/1614 167/640][URL: www.dlp-test.com/webdav][StatusCode: 401][Content-Type: text/html][Server: Microsoft-HTTPAPI/2.0][User-Agent: curl/7.68.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][PLAIN TEXT (MKCOL /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25]
+	2	TCP 192.168.16.173:47726 <-> 198.244.151.63:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][7 pkts/1136 bytes <-> 4 pkts/2468 bytes][Goodput ratio: 59/89][0.11 sec][Hostname/SNI: www.dlp-test.com][bytes ratio: -0.370 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/26 16/26 28/27 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 162/617 575/1483 177/592][URL: www.dlp-test.com/webdav][StatusCode: 401][Content-Type: text/html][Server: Microsoft-HTTPAPI/2.0][User-Agent: curl/7.68.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][PLAIN TEXT (PROPFIND /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0]
+	3	TCP 10.24.8.189:50652 <-> 104.156.149.6:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Collaborative/15][7 pkts/727 bytes <-> 7 pkts/2015 bytes][Goodput ratio: 46/81][5.07 sec][Hostname/SNI: 104.156.149.6][bytes ratio: -0.470 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 22/8 67/20 24/9][Pkt Len c2s/s2c min/avg/max/stddev: 54/54 104/288 223/1107 75/390][URL: 104.156.149.6/webdav][StatusCode: 301][Content-Type: text/html][Server: Apache/2.4.52 (Ubuntu)][User-Agent: Microsoft-WebDAV-MiniRedir/10.0.19045][Risk: ** HTTP/TLS/QUIC Numeric Hostname/SNI **][Risk Score: 10][Risk Info: Found host 104.156.149.6][PLAIN TEXT (PROPFIND /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	4	TCP 192.168.16.173:57432 <-> 198.244.151.63:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][7 pkts/1138 bytes <-> 4 pkts/1246 bytes][Goodput ratio: 59/78][0.11 sec][Hostname/SNI: www.dlp-test.com][bytes ratio: -0.045 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/27 16/28 28/28 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 163/312 576/845 177/318][URL: www.dlp-test.com/webdav][StatusCode: 401][Content-Type: text/html][Server: Microsoft-HTTPAPI/2.0][User-Agent: curl/7.68.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][PLAIN TEXT (PROPPATCH /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,25,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	5	TCP 192.168.16.173:47436 <-> 198.244.151.63:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][7 pkts/1132 bytes <-> 4 pkts/1246 bytes][Goodput ratio: 58/78][0.11 sec][Hostname/SNI: www.dlp-test.com][bytes ratio: -0.048 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/26 16/26 27/27 13/0][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 162/312 573/845 176/318][URL: www.dlp-test.com/webdav][StatusCode: 401][Content-Type: text/html][Server: Microsoft-HTTPAPI/2.0][User-Agent: curl/7.68.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][PLAIN TEXT (UNLOCK /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,25,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	6	TCP 192.168.16.173:41714 <-> 198.244.151.63:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][7 pkts/1128 bytes <-> 4 pkts/1246 bytes][Goodput ratio: 58/78][0.11 sec][Hostname/SNI: www.dlp-test.com][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/25 16/26 27/27 13/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 161/312 571/845 175/318][URL: www.dlp-test.com/webdav][StatusCode: 401][Content-Type: text/html][Server: Microsoft-HTTPAPI/2.0][User-Agent: curl/7.68.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][PLAIN TEXT (MOVE /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,25,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	7	TCP 192.168.16.173:47432 <-> 198.244.151.63:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][7 pkts/1128 bytes <-> 4 pkts/1246 bytes][Goodput ratio: 58/78][0.11 sec][Hostname/SNI: www.dlp-test.com][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/25 16/26 27/27 13/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 161/312 571/845 175/318][URL: www.dlp-test.com/webdav][StatusCode: 401][Content-Type: text/html][Server: Microsoft-HTTPAPI/2.0][User-Agent: curl/7.68.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][PLAIN TEXT (LOCK /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,25,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
+	8	TCP 192.168.16.173:55974 <-> 198.244.151.63:80 [proto: 7.376/HTTP.WebDAV][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 5][cat: Collaborative/15][7 pkts/1128 bytes <-> 4 pkts/1246 bytes][Goodput ratio: 58/78][0.11 sec][Hostname/SNI: www.dlp-test.com][bytes ratio: -0.050 (Mixed)][IAT c2s/s2c min/avg/max/stddev: 0/26 16/27 28/28 13/1][Pkt Len c2s/s2c min/avg/max/stddev: 66/66 161/312 571/845 175/318][URL: www.dlp-test.com/webdav][StatusCode: 401][Content-Type: text/html][Server: Microsoft-HTTPAPI/2.0][User-Agent: curl/7.68.0][Risk: ** Error Code **][Risk Score: 10][Risk Info: HTTP Error Code 401][PLAIN TEXT (COPY /webdav HTTP/1.1)][Plen Bins: 0,0,0,0,25,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,25,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
author	Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>	2024-07-12 14:22:25 +0200
committer	GitHub <noreply@github.com>	2024-07-12 14:22:25 +0200
commit	c3ba65311e2cf4aba8b51cdb6800a5654ef1d060 (patch)
tree	7f0aa30fc4ab1d0aaec75f08b84cb7f3705d29fa /tests
parent	456f0fd4279ae727831a80c506a343b8a9aedd90 (diff)