detect: spelling

src/detect-byte-extract.c

@@ -50,7 +50,7 @@
 #include "util-unittest-helper.h"
 #include "util-spm.h"
 
-/* the default value of endianess to be used, if none's specified */
+/* the default value of endianness to be used, if none's specified */
 #define DETECT_BYTE_EXTRACT_ENDIAN_DEFAULT DETECT_BYTE_EXTRACT_ENDIAN_BIG
 
 /* the base to be used if string mode is specified.  These options would be
@@ -73,7 +73,7 @@
 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_OCT 23
 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_DEC 20
 #define STRING_MAX_BYTES_TO_EXTRACT_FOR_HEX 14
-/* the max no of bytes that can be extraced in non-string mode */
+/* the max no of bytes that can be extracted in non-string mode */
 #define NO_STRING_MAX_BYTES_TO_EXTRACT 8
 
 #define PARSE_REGEX "^"                                                  \

src/detect-bytetest.c

@@ -96,7 +96,7 @@ void DetectBytetestRegister (void)
  *
  *  \param det_ctx thread de ctx
  *  \param s signature
- *  \param m sigmatch for this bytettest
+ *  \param m sigmatch for this bytetest
  *  \param payload ptr to the start of the buffer to inspect
  *  \param payload_len length of the payload
  *  \retval 1 match

src/detect-cipservice.c

@@ -20,7 +20,7 @@
  *
  * \author Kevin Wong <kwong@solananetworks.com>
  *
- * Set up ENIP Commnad and CIP Service rule parsing and entry point for matching
+ * Set up ENIP Command and CIP Service rule parsing and entry point for matching
  */
 
 #include "suricata-common.h"
@@ -291,7 +291,7 @@ static void DetectCipServiceRegisterTests(void)
  */
 
 /**
- * \brief ENIP Commond Detect Prototypes
+ * \brief ENIP Command Detect Prototypes
  */
 static int DetectEnipCommandSetup(DetectEngineCtx *, Signature *, const char *);
 static void DetectEnipCommandFree(DetectEngineCtx *, void *);
@@ -328,7 +328,7 @@ void DetectEnipCommandRegister(void)
  * \brief This function is used to parse cip_service options passed via enip_command: keyword
  *
  * \param rulestr Pointer to the user provided rulestr options
- * Takes single single numeric value
+ * Takes single numeric value
  *
  * \retval enipcmdd pointer to DetectCipServiceData on success
  * \retval NULL on failure

src/detect-content.c

@@ -907,7 +907,7 @@ static int g_file_data_buffer_id = 0;
 static int g_dce_stub_data_buffer_id = 0;
 
 /**
- * \test DetectCotentParseTest01 this is a test to make sure we can deal with escaped colons
+ * \test DetectContentParseTest01 this is a test to make sure we can deal with escaped colons
  */
 static int DetectContentParseTest01 (void)
 {
@@ -938,7 +938,7 @@ static int DetectContentParseTest01 (void)
 }
 
 /**
- * \test DetectCotentParseTest02 this is a test to make sure we can deal with escaped semi-colons
+ * \test DetectContentParseTest02 this is a test to make sure we can deal with escaped semi-colons
  */
 static int DetectContentParseTest02 (void)
 {
@@ -969,7 +969,7 @@ static int DetectContentParseTest02 (void)
 }
 
 /**
- * \test DetectCotentParseTest03 this is a test to make sure we can deal with escaped double-quotes
+ * \test DetectContentParseTest03 this is a test to make sure we can deal with escaped double-quotes
  */
 static int DetectContentParseTest03 (void)
 {
@@ -1000,7 +1000,7 @@ static int DetectContentParseTest03 (void)
 }
 
 /**
- * \test DetectCotentParseTest04 this is a test to make sure we can deal with escaped backslashes
+ * \test DetectContentParseTest04 this is a test to make sure we can deal with escaped backslashes
  */
 static int DetectContentParseTest04 (void)
 {
@@ -1032,7 +1032,7 @@ static int DetectContentParseTest04 (void)
 }
 
 /**
- * \test DetectCotentParseTest05 test illegal escape
+ * \test DetectContentParseTest05 test illegal escape
  */
 static int DetectContentParseTest05 (void)
 {
@@ -1057,7 +1057,7 @@ static int DetectContentParseTest05 (void)
 }
 
 /**
- * \test DetectCotentParseTest06 test a binary content
+ * \test DetectContentParseTest06 test a binary content
  */
 static int DetectContentParseTest06 (void)
 {
@@ -1089,7 +1089,7 @@ static int DetectContentParseTest06 (void)
 }
 
 /**
- * \test DetectCotentParseTest07 test an empty content
+ * \test DetectContentParseTest07 test an empty content
  */
 static int DetectContentParseTest07 (void)
 {
@@ -1112,7 +1112,7 @@ static int DetectContentParseTest07 (void)
 }
 
 /**
- * \test DetectCotentParseTest08 test an empty content
+ * \test DetectContentParseTest08 test an empty content
  */
 static int DetectContentParseTest08 (void)
 {

src/detect-depth.c

@@ -67,7 +67,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
     SigMatch *pm = NULL;
     int ret = -1;
 
-    /* retrive the sm to apply the depth against */
+    /* retrieve the sm to apply the depth against */
     pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
     if (pm == NULL) {
         SCLogError("depth needs "

src/detect-dnp3.c

@@ -180,7 +180,7 @@ static InspectionBuffer *GetDNP3Data(DetectEngineThreadCtx *det_ctx,
  * within the range of valid function codes.  If function name is
  * passed it will be resolved to its function code.
  *
- * \retval The function code as an integer if successul, -1 on
+ * \retval The function code as an integer if successful, -1 on
  *     failure.
  */
 static int DetectDNP3FuncParseFunctionCode(const char *str, uint8_t *fc)

src/detect-engine-address.c

@@ -601,7 +601,7 @@ static DetectAddress *DetectAddressParseSingle(const char *str)
 
 /**
  * \brief Setup a single address string, parse it and add the resulting
- *        Address-Range(s) to the AddessHead(DetectAddressHead instance).
+ *        Address-Range(s) to the AddressHead(DetectAddressHead instance).
  *
  * \param gh Pointer to the Address-Head(DetectAddressHead) to which the
  *           resulting Address-Range(s) from the parsed ip string has to
@@ -1763,7 +1763,7 @@ static int DetectAddressMatch(DetectAddress *dd, Address *a)
 #ifdef DEBUG
 /**
  * \brief Prints the address data held by the DetectAddress. If the address
- *        data family is IPv4, we print the the ipv4 address and mask, and
+ *        data family is IPv4, we print the ipv4 address and mask, and
  *        if the address data family is IPv6, we print the ipv6 address and
  *        mask.
  *

src/detect-engine-build.c

@@ -1526,8 +1526,8 @@ int CreateGroupedPortList(DetectEngineCtx *de_ctx, DetectPort *port_list, Detect
     uint32_t groups = 0;
     DetectPort *list;
 
-   /* insert the addresses into the tmplist, where it will
-     * be sorted descending on 'cnt' and on wehther a group
+    /* insert the addresses into the tmplist, where it will
+     * be sorted descending on 'cnt' and on whether a group
      * is whitelisted. */
 
     DetectPort *oldhead = port_list;

src/detect-engine-content-inspection.c

@@ -70,7 +70,7 @@
  *
  * The following keywords are inspected:
  * - content, including all the http and dce modified contents
- * - isdaatat
+ * - isdataat
  * - pcre
  * - bytejump
  * - bytetest

src/detect-engine-enip.c

@@ -158,7 +158,7 @@ static int CIPPathMatch(CIPServiceEntry *svc, DetectCipServiceData *cipserviced)
 
 /**
  * \brief Matches the rule to the ENIP Transaction
- * @param enip_data - the ENIP transation
+ * @param enip_data - the ENIP transaction
  * * @param cipserviced - the CIP service rule
  */
 

src/detect-engine-loader.c

@@ -334,7 +334,7 @@ int SigLoadSignatures(DetectEngineCtx *de_ctx, char *sig_file, int sig_file_excl
         }
     }
 
-    /* If a Signature file is specified from commandline, parse it too */
+    /* If a Signature file is specified from command-line, parse it too */
     if (sig_file != NULL) {
         ret = ProcessSigFiles(de_ctx, sig_file, sig_stat, &good_sigs, &bad_sigs);
 

src/detect-engine-payload.c

@@ -375,8 +375,8 @@ uint8_t DetectEngineInspectStream(DetectEngineCtx *de_ctx, DetectEngineThreadCtx
 #ifdef UNITTESTS
 #include "detect-engine-alert.h"
 
-/** \test Not the first but the second occurence of "abc" should be used
-  *       for the 2nd match */
+/** \test Not the first but the second occurrence of "abc" should be used
+ *       for the 2nd match */
 static int PayloadTestSig01 (void)
 {
     uint8_t *buf = (uint8_t *)

src/detect-engine-port.c

@@ -22,7 +22,7 @@
  *
  * Ports part of the detection engine.
  *
- * \todo more unittesting
+ * \todo more unit testing
  *
  */
 

src/detect-engine-proto.c

@@ -335,7 +335,7 @@ static int DetectProtoTestSetup01(void)
 }
 
 /**
- * \test DetectrotoTestSetup02 is a test for a icmpv4 and icmpv6
+ * \test DetectProtoTestSetup02 is a test for a icmpv4 and icmpv6
  *       protocol setting up in signature.
  */
 static int DetectProtoTestSetup02(void)

src/detect-engine-siggroup.c

@@ -756,7 +756,7 @@ int SigGroupHeadContainsSigId(DetectEngineCtx *de_ctx, SigGroupHead *sgh,
         if ( !(sgh->init->sig_array[sig / 8] & (1 << (sig % 8))) )
             continue;
 
-        /* If we have reached here, we have an entry for sid in the SigGrouHead.
+        /* If we have reached here, we have an entry for sid in the SigGroupHead.
          * Retrieve the Signature from the detection engine context */
         s = de_ctx->sig_array[sig];
         if (s == NULL)

src/detect-engine-state.c

@@ -19,7 +19,7 @@
  * \defgroup sigstate State support
  *
  * State is stored in the ::DetectEngineState structure. This is
- * basically a containter for storage item of type ::DeStateStore.
+ * basically a container for storage item of type ::DeStateStore.
  * They contains an array of ::DeStateStoreItem which store the
  * state of match for an individual signature identified by
  * DeStateStoreItem::sid.

src/detect-engine-tag.c

@@ -534,7 +534,7 @@ void TagHandlePacket(DetectEngineCtx *de_ctx,
 }
 
 /**
- * \brief Removes the entries exceding the max timeout value
+ * \brief Removes the entries exceeding the max timeout value
  *
  * \param tag_ctx Tag context
  * \param ts the current time

src/detect-engine-threshold.c

@@ -590,7 +590,7 @@ static int ThresholdHandlePacketRule(DetectEngineCtx *de_ctx, Packet *p,
 /**
  * \brief Make the threshold logic for signatures
  *
- * \param de_ctx Dectection Context
+ * \param de_ctx Detection Context
  * \param tsh_ptr Threshold element
  * \param p Packet structure
  * \param s Signature structure
@@ -641,7 +641,7 @@ int PacketAlertThreshold(DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx
 /**
  * \brief Init threshold context hash tables
  *
- * \param de_ctx Dectection Context
+ * \param de_ctx Detection Context
  *
  */
 void ThresholdHashInit(DetectEngineCtx *de_ctx)
@@ -722,7 +722,7 @@ void ThresholdHashAllocate(DetectEngineCtx *de_ctx)
 /**
  * \brief Destroy threshold context hash tables
  *
- * \param de_ctx Dectection Context
+ * \param de_ctx Detection Context
  *
  */
 void ThresholdContextDestroy(DetectEngineCtx *de_ctx)

src/detect-engine.h

@@ -43,7 +43,7 @@ void InspectionBufferSetupMulti(InspectionBuffer *buffer, const DetectEngineTran
 InspectionBuffer *InspectionBufferMultipleForListGet(
         DetectEngineThreadCtx *det_ctx, const int list_id, uint32_t local_id);
 
-/* start up registery funcs */
+/* start up registry funcs */
 
 int DetectBufferTypeRegister(const char *name);
 int DetectBufferTypeGetByName(const char *name);

src/detect-fileext.c

@@ -136,7 +136,7 @@ static int DetectFileextMatch (DetectEngineThreadCtx *det_ctx,
 }
 
 /**
- * \brief This function is used to parse fileet
+ * \brief This function is used to parse fileext
  *
  * \param de_ctx Pointer to the detection engine context
  * \param str Pointer to the fileext value string

src/detect-flow.c

@@ -790,7 +790,7 @@ static int DetectFlowTestParseNocase11 (void)
 }
 
 /**
- * \test DetectFlowTestParse12 is a test for setting an invalid seperator :
+ * \test DetectFlowTestParse12 is a test for setting an invalid separator :
  */
 static int DetectFlowTestParse12 (void)
 {

src/detect-flowbits.c

@@ -784,7 +784,7 @@ static int FlowBitsTestParse01(void)
 /**
  * \test FlowBitsTestSig01 is a test for a valid noalert flowbits option
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -809,7 +809,7 @@ static int FlowBitsTestSig01(void)
 /**
  * \test FlowBitsTestSig02 is a test for a valid isset,set,isnotset,unset,toggle flowbits options
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -853,7 +853,7 @@ static int FlowBitsTestSig02(void)
 /**
  * \test FlowBitsTestSig03 is a test for a invalid flowbits option
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -878,7 +878,7 @@ static int FlowBitsTestSig03(void)
 /**
  * \test FlowBitsTestSig04 is a test check idx value
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -906,7 +906,7 @@ static int FlowBitsTestSig04(void)
 /**
  * \test FlowBitsTestSig05 is a test check noalert flag
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -932,7 +932,7 @@ static int FlowBitsTestSig05(void)
 /**
  * \test FlowBitsTestSig06 is a test set flowbits option
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -1005,7 +1005,7 @@ static int FlowBitsTestSig06(void)
 /**
  * \test FlowBitsTestSig07 is a test unset flowbits option
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -1078,9 +1078,9 @@ static int FlowBitsTestSig07(void)
 }
 
 /**
- * \test FlowBitsTestSig08 is a test toogle flowbits option
+ * \test FlowBitsTestSig08 is a test toggle flowbits option
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 

src/detect-flowint.c

@@ -86,7 +86,7 @@ void DetectFlowintRegister(void)
  * \param m pointer to the sigmatch that we will cast into DetectFlowintData
  *
  * \retval 0 no match, when a var doesn't exist
- * \retval 1 match, when a var is initialized well, add/substracted, or a true
+ * \retval 1 match, when a var is initialized well, add/subtracted, or a true
  * condition
  */
 int DetectFlowintMatch(DetectEngineThreadCtx *det_ctx,
@@ -157,7 +157,7 @@ int DetectFlowintMatch(DetectEngineThreadCtx *det_ctx,
         }
 
         if (sfd->modifier == FLOWINT_MODIFIER_SUB) {
-            SCLogDebug("Substracting %u to %s", targetval, sfd->name);
+            SCLogDebug("Subtracting %u to %s", targetval, sfd->name);
             FlowVarAddIntNoLock(p->flow, sfd->idx, fv->data.fv_int.value -
                            targetval);
             ret = 1;
@@ -430,7 +430,7 @@ void DetectFlowintFree(DetectEngineCtx *de_ctx, void *tmp)
 #ifdef UNITTESTS
 #include "detect-engine-alert.h"
 /**
- * \brief This is a helper funtion used for debugging purposes
+ * \brief This is a helper function used for debugging purposes
  */
 static void DetectFlowintPrintData(DetectFlowintData *sfd)
 {
@@ -685,7 +685,7 @@ static int DetectFlowintTestParseVar04(void)
 
 /**
  * \test DetectFlowintTestParseVal05 is a test to make sure that we set the
- *  DetectFlowint correctly for cheking if not equal to a valid target value
+ *  DetectFlowint correctly for checking if not equal to a valid target value
  */
 static int DetectFlowintTestParseVal05(void)
 {
@@ -742,7 +742,7 @@ static int DetectFlowintTestParseVar05(void)
 
 /**
  * \test DetectFlowintTestParseVal06 is a test to make sure that we set the
- *  DetectFlowint correctly for cheking if greater than a valid target value
+ *  DetectFlowint correctly for checking if greater than a valid target value
  */
 static int DetectFlowintTestParseVal06(void)
 {
@@ -799,7 +799,7 @@ static int DetectFlowintTestParseVar06(void)
 
 /**
  * \test DetectFlowintTestParseVal07 is a test to make sure that we set the
- *  DetectFlowint correctly for cheking if greater or equal than a valid target value
+ *  DetectFlowint correctly for checking if greater or equal than a valid target value
  */
 static int DetectFlowintTestParseVal07(void)
 {
@@ -856,7 +856,7 @@ static int DetectFlowintTestParseVar07(void)
 
 /**
  * \test DetectFlowintTestParseVal08 is a test to make sure that we set the
- *  DetectFlowint correctly for cheking if lower or equal than a valid target value
+ *  DetectFlowint correctly for checking if lower or equal than a valid target value
  */
 static int DetectFlowintTestParseVal08(void)
 {
@@ -913,7 +913,7 @@ static int DetectFlowintTestParseVar08(void)
 
 /**
  * \test DetectFlowintTestParseVal09 is a test to make sure that we set the
- *  DetectFlowint correctly for cheking if lower than a valid target value
+ *  DetectFlowint correctly for checking if lower than a valid target value
  */
 static int DetectFlowintTestParseVal09(void)
 {
@@ -1097,7 +1097,7 @@ error:
  *        and when that counter reach 6 packets.
  *
  *        All the Signatures generate an alert(its for testing)
- *        but the ignature that increment the second counter +1, that has
+ *        but the signature that increment the second counter +1, that has
  *        a "noalert", so we can do all increments
  *        silently until we reach 6 next packets counted
  */

src/detect-flowint.h

@@ -45,7 +45,7 @@ enum {
     FLOWINT_MODIFIER_UNKNOWN
 };
 
-/** The target can be a value, or another variable arleady declared */
+/** The target can be a value, or another variable already declared */
 enum {
     FLOWINT_TARGET_VAL,
     FLOWINT_TARGET_VAR,

src/detect-flowvar.c

@@ -70,7 +70,7 @@ void DetectFlowvarRegister (void)
 /**
  * \brief this function will SCFree memory associated with DetectFlowvarData
  *
- * \param cd pointer to DetectCotentData
+ * \param cd pointer to DetectContentData
  */
 static void DetectFlowvarDataFree(DetectEngineCtx *de_ctx, void *ptr)
 {

src/detect-fragbits.c

@@ -391,7 +391,7 @@ static bool PrefilterFragBitsIsPrefilterable(const Signature *s)
 /**
  * \test FragBitsTestParse01 is a test for a  valid fragbits value
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 static int FragBitsTestParse01 (void)
@@ -409,7 +409,7 @@ static int FragBitsTestParse01 (void)
 /**
  * \test FragBitsTestParse02 is a test for an invalid fragbits value
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 static int FragBitsTestParse02 (void)

src/detect-ftpbounce.c

@@ -97,7 +97,7 @@ static int DetectFtpbounceMatchArgs(
     /* PrintRawDataFp(stdout, payload, payload_len); */
 
     if (payload_len < 7) {
-        /* we need at least a differet ip address
+        /* we need at least a different ip address
          * in the format 1,2,3,4,x,y where x,y is the port
          * in two byte representation so let's look at
          * least for the IP octets in comma separated */
@@ -220,14 +220,14 @@ int DetectFtpbounceSetup(DetectEngineCtx *de_ctx, Signature *s, const char *ftpb
     sm->type = DETECT_FTPBOUNCE;
 
     /* We don't need to allocate any data for ftpbounce here.
-    *
-    * TODO: As a suggestion, maybe we can add a flag in the flow
-    * to set the stream as "bounce detected" for fast Match.
-    * When you do a ftp bounce attack you usually use the same
-    * communication control stream to "setup" various destinations
-    * whithout breaking the connection, so I guess we can make it a bit faster
-    * with a flow flag set lookup in the Match function.
-    */
+     *
+     * TODO: As a suggestion, maybe we can add a flag in the flow
+     * to set the stream as "bounce detected" for fast Match.
+     * When you do a ftp bounce attack you usually use the same
+     * communication control stream to "setup" various destinations
+     * without breaking the connection, so I guess we can make it a bit faster
+     * with a flow flag set lookup in the Match function.
+     */
     sm->ctx = NULL;
 
     SigMatchAppendSMToList(s, sm, g_ftp_request_list_id);

src/detect-ftpdata.h

@@ -27,7 +27,7 @@
 #include "app-layer-ftp.h"
 
 /** Per keyword data. This is set up by the DetectFtpcommandSetup() function.
- *  Each signature will have an instance of DetectFtpcommandData per occurence
+ *  Each signature will have an instance of DetectFtpcommandData per occurrence
  *  of the keyword.
  *  The structure should be considered static/readonly after initialization.
  */

src/detect-geoip.c

@@ -351,7 +351,7 @@ static DetectGeoipData *DetectGeoipDataParse (DetectEngineCtx *de_ctx, const cha
                 }
 
                 if (geoipdata->nlocations >= GEOOPTION_MAXLOCATIONS) {
-                    SCLogError("too many arguements for geoip keyword");
+                    SCLogError("too many arguments for geoip keyword");
                     goto error;
                 }
 

src/detect-hostbits.c

@@ -62,10 +62,11 @@ TODO:
     hostbits:set,bitname,both,120;
  */
 
-#define PARSE_REGEX "^([a-z]+)"          /* Action */                    \
-    "(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */                     \
-    "(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */                \
-    "(.+)?"                             /* Any remainding data. */
+#define PARSE_REGEX                                                                                \
+    "^([a-z]+)"                         /* Action */                                               \
+    "(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */                                                \
+    "(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */                                           \
+    "(.+)?"                             /* Any remaining data. */
 static DetectParseRegex parse_regex;
 
 static int DetectHostbitMatch (DetectEngineThreadCtx *, Packet *,
@@ -544,7 +545,7 @@ static int HostBitsTestParse01(void)
 /**
  * \test HostBitsTestSig01 is a test for a valid noalert flowbits option
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -594,7 +595,7 @@ static int HostBitsTestSig01(void)
 /**
  * \test various options
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 
@@ -643,7 +644,7 @@ static int HostBitsTestSig02(void)
 /**
  * \test HostBitsTestSig03 is a test check idx value
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 

src/detect-http-request-line.c

@@ -149,7 +149,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
 #include "stream-tcp-reassemble.h"
 
 /**
- * \test Test that a signature containting a http_request_line is correctly parsed
+ * \test Test that a signature containing a http_request_line is correctly parsed
  *       and the keyword is registered.
  */
 static int DetectHttpRequestLineTest01(void)

src/detect-http-response-line.c

@@ -148,7 +148,7 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
 #include "stream-tcp-reassemble.h"
 
 /**
- * \test Test that a signature containting a http_response_line is correctly parsed
+ * \test Test that a signature containing a http_response_line is correctly parsed
  *       and the keyword is registered.
  */
 static int DetectHttpResponseLineTest01(void)

src/detect-l3proto.c

@@ -234,7 +234,7 @@ static int DetectL3protoTestSig2(void)
 
 /**
  * \test DetectL3protoTestSig03 is a test for checking the working of l3proto keyword
- *       in conjonction with ip_proto keyword.
+ *       in conjunction with ip_proto keyword.
  */
 
 static int DetectL3protoTestSig3(void)

src/detect-metadata.c

@@ -23,7 +23,7 @@
  * Implements metadata keyword support
  *
  * \todo Do we need to do anything more this is used in snort host attribute table
- *       It is also used for rule managment.
+ *       It is also used for rule management.
  */
 
 #include "suricata-common.h"
@@ -83,7 +83,7 @@ void DetectMetadataHashFree(DetectEngineCtx *de_ctx)
         HashTableFree(de_ctx->metadata_table);
 }
 
-static const char *DetectMedatataHashAdd(DetectEngineCtx *de_ctx, const char *string)
+static const char *DetectMetadataHashAdd(DetectEngineCtx *de_ctx, const char *string)
 {
     const char *hstring = (char *)HashTableLookup(
             de_ctx->metadata_table, (void *)string, (uint16_t)strlen(string));
@@ -205,13 +205,13 @@ static int DetectMetadataParse(DetectEngineCtx *de_ctx, Signature *s, const char
             goto next;
         }
 
-        const char *hkey = DetectMedatataHashAdd(de_ctx, key);
+        const char *hkey = DetectMetadataHashAdd(de_ctx, key);
         if (hkey == NULL) {
             SCLogError("can't create metadata key");
             continue;
         }
 
-        const char *hval = DetectMedatataHashAdd(de_ctx, val);
+        const char *hval = DetectMetadataHashAdd(de_ctx, val);
         if (hval == NULL) {
             SCLogError("can't create metadata value");
             goto next;

src/detect-nocase.c

@@ -66,7 +66,7 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, const char
         goto end;
     }
 
-    /* retrive the sm to apply the nocase against */
+    /* retrieve the sm to apply the nocase against */
     pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
     if (pm == NULL) {
         SCLogError("nocase needs "

src/detect-offset.c

@@ -55,7 +55,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset
 {
     const char *str = offsetstr;
 
-    /* retrive the sm to apply the offset against */
+    /* retrieve the sm to apply the offset against */
     SigMatch *pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
     if (pm == NULL) {
         SCLogError("offset needs preceding content option.");

src/detect-parse.c

@@ -1004,7 +1004,7 @@ error:
  *                 protocol has to be added.
  * \param protostr Pointer to the character string containing the protocol name.
  *
- * \retval  0 On successfully parsing the protocl sent as the argument.
+ * \retval  0 On successfully parsing the protocol sent as the argument.
  * \retval -1 On failure
  */
 static int SigParseProto(Signature *s, const char *protostr)
@@ -4175,7 +4175,7 @@ end:
     return result;
 }
 
-static int SigParseTestUnblanacedQuotes01(void)
+static int SigParseTestUnbalancedQuotes01(void)
 {
     DetectEngineCtx *de_ctx;
     Signature *s;
@@ -4184,7 +4184,10 @@ static int SigParseTestUnblanacedQuotes01(void)
     FAIL_IF_NULL(de_ctx);
     de_ctx->flags |= DE_QUIET;
 
-    s = SigInit(de_ctx, "alert http any any -> any any (msg:\"SigParseTestUnblanacedQuotes01\"; pcre:\"/\\/[a-z]+\\.php\\?[a-z]+?=\\d{7}&[a-z]+?=\\d{7,8}$/U\" flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017078; rev:5;)");
+    s = SigInit(de_ctx,
+            "alert http any any -> any any (msg:\"SigParseTestUnbalancedQuotes01\"; "
+            "pcre:\"/\\/[a-z]+\\.php\\?[a-z]+?=\\d{7}&[a-z]+?=\\d{7,8}$/U\" "
+            "flowbits:set,et.exploitkitlanding; classtype:trojan-activity; sid:2017078; rev:5;)");
     FAIL_IF_NOT_NULL(s);
 
     PASS;
@@ -4395,8 +4398,7 @@ void SigParseRegisterTests(void)
     UtRegisterTest("SigParseTestAppLayerTLS01", SigParseTestAppLayerTLS01);
     UtRegisterTest("SigParseTestAppLayerTLS02", SigParseTestAppLayerTLS02);
     UtRegisterTest("SigParseTestAppLayerTLS03", SigParseTestAppLayerTLS03);
-    UtRegisterTest("SigParseTestUnblanacedQuotes01",
-        SigParseTestUnblanacedQuotes01);
+    UtRegisterTest("SigParseTestUnbalancedQuotes01", SigParseTestUnbalancedQuotes01);
 
     UtRegisterTest("SigParseTestContentGtDsize01",
             SigParseTestContentGtDsize01);

src/detect-pcre.c

@@ -636,7 +636,7 @@ static DetectPcreData *DetectPcreParse (DetectEngineCtx *de_ctx,
 
     pd->parse_regex.regex =
             pcre2_compile((PCRE2_SPTR8)re, PCRE2_ZERO_TERMINATED, opts, &en, &eo2, NULL);
-    if (pd->parse_regex.regex == NULL && en == 115) { // reference to non-existent subpattern
+    if (pd->parse_regex.regex == NULL && en == 115) { // reference to nonexistent subpattern
         opts &= ~PCRE2_NO_AUTO_CAPTURE;
         pd->parse_regex.regex =
                 pcre2_compile((PCRE2_SPTR8)re, PCRE2_ZERO_TERMINATED, opts, &en, &eo2, NULL);

src/detect-reference.c

@@ -212,7 +212,7 @@ static int DetectReferenceSetup(DetectEngineCtx *de_ctx, Signature *s,
 /**
  * \test one valid reference.
  *
- *  \retval 1 on succces.
+ *  \retval 1 on success.
  *  \retval 0 on failure.
  */
 static int DetectReferenceParseTest01(void)
@@ -241,7 +241,7 @@ static int DetectReferenceParseTest01(void)
 /**
  * \test for two valid references.
  *
- *  \retval 1 on succces.
+ *  \retval 1 on success.
  *  \retval 0 on failure.
  */
 static int DetectReferenceParseTest02(void)
@@ -277,7 +277,7 @@ static int DetectReferenceParseTest02(void)
 /**
  * \test parsing: invalid reference.
  *
- *  \retval 1 on succces.
+ *  \retval 1 on success.
  *  \retval 0 on failure.
  */
 static int DetectReferenceParseTest03(void)

src/detect-replace.c

@@ -177,7 +177,7 @@ error:
 /* Add to the head of the replace-list.
  *
  * The first to add to the replace-list has the highest priority. So,
- * adding the the head of the list results in the newest modifications
+ * adding the head of the list results in the newest modifications
  * of content being applied first, so later changes can over ride
  * earlier changes. Thus the highest priority modifications should be
  * applied last.

src/detect-ssh-hassh-server.c

@@ -146,7 +146,7 @@ static bool DetectSshHasshServerHashValidateCallback(const Signature *s, const c
             }
             for (size_t i = 0; i < cd->content_len; ++i) {
                 if (!isxdigit(cd->content[i])) {
-                    *sigerror = "Invalid ssh.hassh.server string (should be string of hexademical "
+                    *sigerror = "Invalid ssh.hassh.server string (should be string of hexadecimal "
                                 "characters)."
                                 "This rule will therefore never match.";
                     SCLogWarning("rule %u: %s", s->id, *sigerror);

src/detect-ssh-hassh.c

@@ -149,7 +149,7 @@ static bool DetectSshHasshHashValidateCallback(const Signature *s,
             for (size_t i = 0; i < cd->content_len; ++i) {
                 if (!isxdigit(cd->content[i])) {
                     *sigerror =
-                            "Invalid ssh.hassh string (should be string of hexademical characters)."
+                            "Invalid ssh.hassh string (should be string of hexadecimal characters)."
                             "This rule will therefore never match.";
                     SCLogWarning("rule %u: %s", s->id, *sigerror);
                     return false;

src/detect-ssh-software-version.c

@@ -27,7 +27,7 @@
  * also specify the version, something like
  * ssh.softwareversion:"PuTTY-Release-0.55"
  * I find this useful to match over a known vulnerable server/client
- * software version incombination to other checks, so you can know
+ * software version in combination to other checks, so you can know
  * that the risk is higher
  */
 

src/detect-ssl-state.h

@@ -24,8 +24,7 @@
 #ifndef DETECT_SSL_STATE_H
 #define	DETECT_SSL_STATE_H
 
-
-/* we pick these flags flags from the parser */
+/* we pick these flags from the parser */
 #define DETECT_SSL_STATE_CLIENT_HELLO SSL_AL_FLAG_STATE_CLIENT_HELLO
 #define DETECT_SSL_STATE_SERVER_HELLO SSL_AL_FLAG_STATE_SERVER_HELLO
 #define DETECT_SSL_STATE_CLIENT_KEYX  SSL_AL_FLAG_STATE_CLIENT_KEYX

src/detect-tcp-flags.c

@@ -618,7 +618,7 @@ static bool PrefilterTcpFlagsIsPrefilterable(const Signature *s)
 /**
  * \test FlagsTestParse01 is a test for a  valid flags value
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 static int FlagsTestParse01 (void)
@@ -633,7 +633,7 @@ static int FlagsTestParse01 (void)
 /**
  * \test FlagsTestParse02 is a test for an invalid flags value
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 static int FlagsTestParse02 (void)
@@ -705,7 +705,7 @@ error:
 /**
  * \test FlagsTestParse04 check if ACK bit is set. Must fails.
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 static int FlagsTestParse04 (void)
@@ -1141,7 +1141,7 @@ error:
 /**
  * \test FlagsTestParse12 check if no flags are set. Must fails.
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 static int FlagsTestParse12 (void)
@@ -1198,7 +1198,7 @@ error:
 /**
  * \test test for a  valid flags value
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 static int FlagsTestParse13 (void)

src/detect-tcp-flags.h

@@ -38,7 +38,7 @@
 typedef struct DetectFlagsData_ {
     uint8_t flags;  /**< TCP flags */
     uint8_t modifier; /**< !(1) +(2) *(3) modifiers */
-    uint8_t ignored_flags;  /**< Ignored TCP flags defined by modifer , */
+    uint8_t ignored_flags; /**< Ignored TCP flags defined by modifier , */
 } DetectFlagsData;
 
 /**

src/detect-tcp-window.c

@@ -148,7 +148,7 @@ static DetectWindowData *DetectWindowParse(DetectEngineCtx *de_ctx, const char *
             }
 
             /* Get the window size if it's a valid value (in packets, we
-             * should alert if this doesn't happend from decode) */
+             * should alert if this doesn't happen from decode) */
             if (StringParseUint16(&wd->size, 10, 0, copy_str) < 0) {
                 goto error;
             }

src/detect-tls-cert-fingerprint.c

@@ -74,7 +74,7 @@ void DetectTlsFingerprintRegister(void)
     sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].name = "tls.cert_fingerprint";
     sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].alias = "tls_cert_fingerprint";
     sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].desc =
-            "sticky byffer to match the TLS cert fingerprint buffer";
+            "sticky buffer to match the TLS cert fingerprint buffer";
     sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].url = "/rules/tls-keywords.html#tls-cert-fingerprint";
     sigmatch_table[DETECT_AL_TLS_CERT_FINGERPRINT].Setup = DetectTlsFingerprintSetup;
 #ifdef UNITTESTS

src/detect-uricontent.c

@@ -81,7 +81,7 @@ void DetectUricontentRegister (void)
 /**
  * \brief this function will Free memory associated with DetectContentData
  *
- * \param cd pointer to DetectUricotentData
+ * \param cd pointer to DetectUricontentData
  */
 void DetectUricontentFree(DetectEngineCtx *de_ctx, void *ptr)
 {
@@ -115,7 +115,7 @@ int DetectUricontentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *con
     const char *legacy = NULL;
     if (ConfGet("legacy.uricontent", &legacy) == 1) {
         if (strcasecmp("disabled", legacy) == 0) {
-            SCLogError("uriconent deprecated.  To "
+            SCLogError("uricontent deprecated.  To "
                        "use a rule with \"uricontent\", either set the "
                        "option - \"legacy.uricontent\" in the conf to "
                        "\"enabled\" OR replace uricontent with "
@@ -126,7 +126,7 @@ int DetectUricontentSetup(DetectEngineCtx *de_ctx, Signature *s, const char *con
             ;
         } else {
             SCLogError("Invalid value found "
-                       "for legacy.uriconent - \"%s\".  Valid values are "
+                       "for legacy.uricontent - \"%s\".  Valid values are "
                        "\"enabled\" OR \"disabled\".",
                     legacy);
             goto error;

src/detect-urilen.c

@@ -497,7 +497,7 @@ end:
     return res;
 }
 
-/** \test Check a signature with gievn urilen */
+/** \test Check a signature with given urilen */
 static int DetectUrilenSigTest01(void)
 {
     int result = 0;

src/detect-xbits.c

@@ -503,7 +503,7 @@ static int XBitsTestSig01(void)
 /**
  * \test various options
  *
- *  \retval 1 on succces
+ *  \retval 1 on success
  *  \retval 0 on failure
  */
 

src/detect.c

@@ -341,7 +341,7 @@ static inline void DetectPrefilterMergeSort(DetectEngineCtx *de_ctx,
                 goto final;
             }
             /* otherwise, if nonmpm is done jump to final for mpm
-             * mpm ptrs alrady updated */
+             * mpm ptrs already updated */
             if (unlikely(--n_cnt == 0)) {
                 final_ptr = mpm_ptr;
                 final_cnt = m_cnt;
@@ -1049,7 +1049,7 @@ DetectRunTxSortHelper(const void *a, const void *b)
  *  detection.
  *
  *  \param stored_flags pointer to stored flags or NULL.
- *         If stored_flags is set it means we're continueing
+ *         If stored_flags is set it means we're continuing
  *         inspection from an earlier run.
  *
  *  \retval bool true sig matched, false didn't match
@@ -1486,7 +1486,7 @@ static void DetectRunTx(ThreadVars *tv,
 
             if (inspect_flags) {
                 /* continue previous inspection */
-                SCLogDebug("%p/%"PRIu64" Continueing sid %u", tx.tx_ptr, tx.tx_id, s->id);
+                SCLogDebug("%p/%" PRIu64 " Continuing sid %u", tx.tx_ptr, tx.tx_id, s->id);
             } else {
                 /* start new inspection */
                 SCLogDebug("%p/%"PRIu64" Start sid %u", tx.tx_ptr, tx.tx_id, s->id);
@@ -1681,7 +1681,7 @@ static void DetectRunFrames(ThreadVars *tv, DetectEngineCtx *de_ctx, DetectEngin
 static DetectEngineThreadCtx *GetTenantById(HashTable *h, uint32_t id)
 {
     /* technically we need to pass a DetectEngineThreadCtx struct with the
-     * tentant_id member. But as that member is the first in the struct, we
+     * tenant_id member. But as that member is the first in the struct, we
      * can use the id directly. */
     return HashTableLookup(h, &id, 0);
 }
@@ -1724,7 +1724,7 @@ static void DetectNoFlow(ThreadVars *tv,
                          DetectEngineCtx *de_ctx, DetectEngineThreadCtx *det_ctx,
                          Packet *p)
 {
-    /* No need to perform any detection on this packet, if the the given flag is set.*/
+    /* No need to perform any detection on this packet, if the given flag is set.*/
     if ((p->flags & PKT_NOPACKET_INSPECTION) || (PacketCheckAction(p, ACTION_DROP))) {
         return;
     }