detect/analyzer: add transform names

3 years ago · 0c8646959e
parent c089bbb7d7
commit 0c8646959e
1 changed files with 31 additions and 0 deletions
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@ -821,6 +821,16 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
        jb_start_object(ctx.js);
        jb_set_string(ctx.js, "name", name);
        jb_set_bool(ctx.js, "is_mpm", pkt->mpm);
+        if (pkt->v1.transforms != NULL) {
+            jb_open_array(ctx.js, "transforms");
+            for (int t = 0; t < pkt->v1.transforms->cnt; t++) {
+                jb_start_object(ctx.js);
+                jb_set_string(ctx.js, "name",
+                        sigmatch_table[pkt->v1.transforms->transforms[t].transform].name);
+                jb_close(ctx.js);
+            }
+            jb_close(ctx.js);
+        }
        DumpMatches(&ctx, ctx.js, pkt->smd);
        jb_close(ctx.js);
        if (pkt->mpm) {
@ -835,6 +845,16 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
        jb_start_object(ctx.js);
        jb_set_string(ctx.js, "name", name);
        jb_set_bool(ctx.js, "is_mpm", frame->mpm);
+        if (frame->v1.transforms != NULL) {
+            jb_open_array(ctx.js, "transforms");
+            for (int t = 0; t < frame->v1.transforms->cnt; t++) {
+                jb_start_object(ctx.js);
+                jb_set_string(ctx.js, "name",
+                        sigmatch_table[frame->v1.transforms->transforms[t].transform].name);
+                jb_close(ctx.js);
+            }
+            jb_close(ctx.js);
+        }
        DumpMatches(&ctx, ctx.js, frame->smd);
        jb_close(ctx.js);
    }
@ -875,6 +895,17 @@ void EngineAnalysisRules2(const DetectEngineCtx *de_ctx, const Signature *s)
            jb_set_bool(ctx.js, "is_mpm", app->mpm);
            jb_set_string(ctx.js, "app_proto", AppProtoToString(app->alproto));
            jb_set_uint(ctx.js, "progress", app->progress);
+
+            if (app->v2.transforms != NULL) {
+                jb_open_array(ctx.js, "transforms");
+                for (int t = 0; t < app->v2.transforms->cnt; t++) {
+                    jb_start_object(ctx.js);
+                    jb_set_string(ctx.js, "name",
+                            sigmatch_table[app->v2.transforms->transforms[t].transform].name);
+                    jb_close(ctx.js);
+                }
+                jb_close(ctx.js);
+            }
            DumpMatches(&ctx, ctx.js, app->smd);
            jb_close(ctx.js);
            if (app->mpm) {