detect/reference: allow undefined references

References are currently not used in Suricata, so erroring out on rules using a undefined reference is too harsh. Just issue a warning once per unique missing reference.
5 years ago · 0b40d4ae93
parent 61185cc9ba
commit 0b40d4ae93
2 changed files with 18 additions and 23 deletions
--- a/src/detect-reference.c
+++ b/src/detect-reference.c
@ -134,10 +134,17 @@ static DetectReference *DetectReferenceParse(const char *rawstr, DetectEngineCtx
    if (lookup_ref_conf != NULL) {
        ref->key = lookup_ref_conf->url;
    } else {
-        SCLogError(SC_ERR_REFERENCE_UNKNOWN, "unknown reference key \"%s\". "
-                   "Supported keys are defined in reference.config file.  Please "
-                   "have a look at the conf param \"reference-config-file\"", key);
-        goto error;
+        SCLogWarning(SC_ERR_REFERENCE_UNKNOWN,
+                "unknown reference key \"%s\"", key);
+
+        char str[2048];
+        snprintf(str, sizeof(str), "config reference: %s undefined\n", key);
+
+        if (SCRConfAddReference(de_ctx, str) < 0)
+            goto error;
+        lookup_ref_conf = SCRConfGetReference(key, de_ctx);
+        if (lookup_ref_conf == NULL)
+            goto error;
    }

    /* make a copy so we can free pcre's substring */
@ -282,7 +289,7 @@ static int DetectReferenceParseTest03(void)
    Signature *s = DetectEngineAppendSig(de_ctx, "alert icmp any any -> any any "
                                   "(msg:\"invalid ref\"; "
                                   "reference:unknownkey,001-2010; sid:2;)");
-    FAIL_IF_NOT_NULL(s);
+    FAIL_IF_NULL(s);
    DetectEngineCtxFree(de_ctx);
    PASS;
 }
--- a/src/util-reference-config.c
+++ b/src/util-reference-config.c
@ -100,13 +100,13 @@ void SCReferenceConfDeinit(void)
 *
 * \param de_ctx Pointer to the Detection Engine Context.
 *
+ * \note if file open fails, we leave de_ctx->reference_conf_ht initialized
+ *
 * \retval  0 On success.
 * \retval -1 On failure.
 */
 static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE *fd)
 {
-    const char *filename = NULL;
-
    /* init the hash table to be used by the reference config references */
    de_ctx->reference_conf_ht = HashTableInit(128, SCRConfReferenceHashFunc,
                                              SCRConfReferenceHashCompareFunc,
@ -114,7 +114,7 @@ static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE *
    if (de_ctx->reference_conf_ht == NULL) {
        SCLogError(SC_ERR_HASH_TABLE_INIT, "Error initializing the hash "
                   "table");
-        goto error;
+        return NULL;
    }

    /* if it is not NULL, use the file descriptor.  The hack so that we can
@ -122,31 +122,19 @@ static FILE *SCRConfInitContextAndLocalResources(DetectEngineCtx *de_ctx, FILE *
     * instead use an input stream against a buffer containing the
     * reference strings */
    if (fd == NULL) {
-        filename = SCRConfGetConfFilename(de_ctx);
+        const char *filename = SCRConfGetConfFilename(de_ctx);
        if ((fd = fopen(filename, "r")) == NULL) {
 #ifdef UNITTESTS
            if (RunmodeIsUnittests())
-                goto error; // silently fail
+                return NULL; // silently fail
 #endif
            SCLogError(SC_ERR_FOPEN, "Error opening file: \"%s\": %s", filename,
                       strerror(errno));
-            goto error;
+            return NULL;
        }
    }

    return fd;
-
- error:
-    if (de_ctx->reference_conf_ht != NULL) {
-        HashTableFree(de_ctx->reference_conf_ht);
-        de_ctx->reference_conf_ht = NULL;
-    }
-    if (fd != NULL) {
-        fclose(fd);
-        fd = NULL;
-    }
-
-    return NULL;
 }