Enable a conf option to enable/disable legacy keywords.

Currently, uricontent is declared a legacy keyword, and is enabled by default.
13 years ago · 45ff67a2e0
parent 601836d831
commit 45ff67a2e0
2 changed files with 23 additions and 0 deletions
--- a/src/detect-uricontent.c
+++ b/src/detect-uricontent.c
@ -55,6 +55,7 @@
 #include "util-binsearch.h"
 #include "util-spm.h"
 #include "util-spm-bm.h"
+#include "conf.h"

 /* prototypes */
 static int DetectUricontentSetup (DetectEngineCtx *, Signature *, char *);
@ -211,6 +212,25 @@ int DetectUricontentSetup(DetectEngineCtx *de_ctx, Signature *s, char *contentst
 {
    SCEnter();

+    char *legacy = NULL;
+    if (ConfGet("legacy.uricontent", &legacy) == 1) {
+        if (strcasecmp("disabled", legacy) == 0) {
+            SCLogError(SC_ERR_INVALID_SIGNATURE, "uriconent deprecated.  To "
+                       "use a rule with \"uricontent\", either set the "
+                       "option - \"legacy.uricontent\" in the conf to "
+                       "\"enabled\" OR replace uricontent with "
+                       "\'content:%s; http_uri;\'.", contentstr);
+            goto error;
+        } else if (strcasecmp("enabled", legacy) == 0) {
+            ;
+        } else {
+            SCLogError(SC_ERR_INVALID_YAML_CONF_ENTRY, "Invalid value found "
+                       "for legacy.uriconent - \"%s\".  Valid values are "
+                       "\"enabled\" OR \"disabled\".", legacy);
+            goto error;
+        }
+    }
+
    if (DetectContentSetup(de_ctx, s, contentstr) < 0)
        goto error;

--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@ -297,6 +297,9 @@ af-packet:
    #threads: 2
    #use-mmap: yes

+legacy:
+  uricontent: enabled
+
 # You can specify a threshold config file by setting "threshold-file"
 # to the path of the threshold config file:
 # threshold-file: /etc/suricata/threshold.config