aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

eve: use JsonBuilder for encoding base64

Browse Source 
Replaces all usages of Base64Encode just before writing to a
JsonBuilder with jb_set_base64 and jb_append_base64.
pull/6764/head
Jason Ish 4 years ago committed by Victor Julien
parent 8181030f72
commit 6d3dcf27a6
6 changed files with 26 additions and 111 deletions
Show Stats Download Patch File Download Diff File

8
scripts/dnp3-gen/dnp3-gen.py
Unescape Escape View File

@ -157,6 +157,7 @@ output_json_dnp3_objects_template = """/* Copyright (C) 2015 Open Information Se
#include "output-json-dnp3-objects.h"
#include "output-json.h"
// clang-format off
void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
DNP3Point *point)
{
@ -171,11 +172,7 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
{% elif field.type in ["flt32", "flt64"] %}
jb_set_float(js, "{{field.name}}", data->{{field.name}});
{% elif field.type == "bytearray" %}
unsigned long {{field.name}}_b64_len = BASE64_BUFFER_SIZE(data->{{field.len_field}});
uint8_t {{field.name}}_b64[{{field.name}}_b64_len];
Base64Encode(data->{{field.name}}, data->{{field.len_field}},
{{field.name}}_b64, &{{field.name}}_b64_len);
jb_set_string(js, "data->{{field.name}}", (char *){{field.name}}_b64);
jb_set_base64(js, "data->{{field.name}}", data->{{field.name}}, data->{{field.len_field}});
{% elif field.type == "vstr4" %}
jb_set_string(js, "data->{{field.name}}", data->{{field.name}});
{% elif field.type == "chararray" %}
@ -207,6 +204,7 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
}
}
// clang-format on
"""

11
src/output-json-alert.c
Unescape Escape View File

@ -423,11 +423,7 @@ static void AlertJsonTunnel(const Packet *p, JsonBuilder *js)
static void AlertAddPayload(AlertJsonOutputCtx *json_output_ctx, JsonBuilder *js, const Packet *p)
{
if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
unsigned long len = BASE64_BUFFER_SIZE(p->payload_len);
uint8_t encoded[len];
if (Base64Encode(p->payload, p->payload_len, encoded, &len) == SC_BASE64_OK) {
jb_set_string(js, "payload", (char *)encoded);
}
jb_set_base64(js, "payload", p->payload, p->payload_len);
}
if (json_output_ctx->flags & LOG_JSON_PAYLOAD) {
@ -687,10 +683,7 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p)
(void *)payload);
if (payload->offset) {
if (json_output_ctx->flags & LOG_JSON_PAYLOAD_BASE64) {
unsigned long len = BASE64_BUFFER_SIZE(json_output_ctx->payload_buffer_size);
uint8_t encoded[len];
Base64Encode(payload->buffer, payload->offset, encoded, &len);
jb_set_string(jb, "payload", (char *)encoded);
jb_set_base64(jb, "payload", payload->buffer, payload->offset);
}
if (json_output_ctx->flags & LOG_JSON_PAYLOAD) {

92
src/output-json-dnp3-objects.c
Unescape Escape View File

@ -31,6 +31,7 @@
#include "output-json-dnp3-objects.h"
#include "output-json.h"
// clang-format off
void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
DNP3Point *point)
{
@ -1502,11 +1503,7 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
jb_set_string(js, "data->vendor_code", data->vendor_code);
jb_set_uint(js, "object_id", data->object_id);
jb_set_uint(js, "length", data->length);
unsigned long data_objects_b64_len = BASE64_BUFFER_SIZE(data->length);
uint8_t data_objects_b64[data_objects_b64_len];
Base64Encode(data->data_objects, data->length,
data_objects_b64, &data_objects_b64_len);
jb_set_string(js, "data->data_objects", (char *)data_objects_b64);
jb_set_base64(js, "data->data_objects", data->data_objects, data->length);
break;
}
case DNP3_OBJECT_CODE(86, 2): {
@ -1532,22 +1529,14 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
jb_set_uint(js, "usr", data->usr);
jb_set_uint(js, "mal", data->mal);
jb_set_uint(js, "reason", data->reason);
unsigned long challenge_data_b64_len = BASE64_BUFFER_SIZE(data->challenge_data_len);
uint8_t challenge_data_b64[challenge_data_b64_len];
Base64Encode(data->challenge_data, data->challenge_data_len,
challenge_data_b64, &challenge_data_b64_len);
jb_set_string(js, "data->challenge_data", (char *)challenge_data_b64);
jb_set_base64(js, "data->challenge_data", data->challenge_data, data->challenge_data_len);
break;
}
case DNP3_OBJECT_CODE(120, 2): {
DNP3ObjectG120V2 *data = point->data;
jb_set_uint(js, "csq", data->csq);
jb_set_uint(js, "usr", data->usr);
unsigned long mac_value_b64_len = BASE64_BUFFER_SIZE(data->mac_value_len);
uint8_t mac_value_b64[mac_value_b64_len];
Base64Encode(data->mac_value, data->mac_value_len,
mac_value_b64, &mac_value_b64_len);
jb_set_string(js, "data->mac_value", (char *)mac_value_b64);
jb_set_base64(js, "data->mac_value", data->mac_value, data->mac_value_len);
break;
}
case DNP3_OBJECT_CODE(120, 3): {
@ -1569,27 +1558,15 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
jb_set_uint(js, "key_status", data->key_status);
jb_set_uint(js, "mal", data->mal);
jb_set_uint(js, "challenge_data_len", data->challenge_data_len);
unsigned long challenge_data_b64_len = BASE64_BUFFER_SIZE(data->challenge_data_len);
uint8_t challenge_data_b64[challenge_data_b64_len];
Base64Encode(data->challenge_data, data->challenge_data_len,
challenge_data_b64, &challenge_data_b64_len);
jb_set_string(js, "data->challenge_data", (char *)challenge_data_b64);
unsigned long mac_value_b64_len = BASE64_BUFFER_SIZE(data->mac_value_len);
uint8_t mac_value_b64[mac_value_b64_len];
Base64Encode(data->mac_value, data->mac_value_len,
mac_value_b64, &mac_value_b64_len);
jb_set_string(js, "data->mac_value", (char *)mac_value_b64);
jb_set_base64(js, "data->challenge_data", data->challenge_data, data->challenge_data_len);
jb_set_base64(js, "data->mac_value", data->mac_value, data->mac_value_len);
break;
}
case DNP3_OBJECT_CODE(120, 6): {
DNP3ObjectG120V6 *data = point->data;
jb_set_uint(js, "ksq", data->ksq);
jb_set_uint(js, "usr", data->usr);
unsigned long wrapped_key_data_b64_len = BASE64_BUFFER_SIZE(data->wrapped_key_data_len);
uint8_t wrapped_key_data_b64[wrapped_key_data_b64_len];
Base64Encode(data->wrapped_key_data, data->wrapped_key_data_len,
wrapped_key_data_b64, &wrapped_key_data_b64_len);
jb_set_string(js, "data->wrapped_key_data", (char *)wrapped_key_data_b64);
jb_set_base64(js, "data->wrapped_key_data", data->wrapped_key_data, data->wrapped_key_data_len);
break;
}
case DNP3_OBJECT_CODE(120, 7): {
@ -1615,20 +1592,12 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
DNP3ObjectG120V8 *data = point->data;
jb_set_uint(js, "key_change_method", data->key_change_method);
jb_set_uint(js, "certificate_type", data->certificate_type);
unsigned long certificate_b64_len = BASE64_BUFFER_SIZE(data->certificate_len);
uint8_t certificate_b64[certificate_b64_len];
Base64Encode(data->certificate, data->certificate_len,
certificate_b64, &certificate_b64_len);
jb_set_string(js, "data->certificate", (char *)certificate_b64);
jb_set_base64(js, "data->certificate", data->certificate, data->certificate_len);
break;
}
case DNP3_OBJECT_CODE(120, 9): {
DNP3ObjectG120V9 *data = point->data;
unsigned long mac_value_b64_len = BASE64_BUFFER_SIZE(data->mac_value_len);
uint8_t mac_value_b64[mac_value_b64_len];
Base64Encode(data->mac_value, data->mac_value_len,
mac_value_b64, &mac_value_b64_len);
jb_set_string(js, "data->mac_value", (char *)mac_value_b64);
jb_set_base64(js, "data->mac_value", data->mac_value, data->mac_value_len);
break;
}
case DNP3_OBJECT_CODE(120, 10): {
@ -1651,16 +1620,8 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
} else {
jb_set_string(js, "username", "");
}
unsigned long user_public_key_b64_len = BASE64_BUFFER_SIZE(data->user_public_key_len);
uint8_t user_public_key_b64[user_public_key_b64_len];
Base64Encode(data->user_public_key, data->user_public_key_len,
user_public_key_b64, &user_public_key_b64_len);
jb_set_string(js, "data->user_public_key", (char *)user_public_key_b64);
unsigned long certification_data_b64_len = BASE64_BUFFER_SIZE(data->certification_data_len);
uint8_t certification_data_b64[certification_data_b64_len];
Base64Encode(data->certification_data, data->certification_data_len,
certification_data_b64, &certification_data_b64_len);
jb_set_string(js, "data->certification_data", (char *)certification_data_b64);
jb_set_base64(js, "data->user_public_key", data->user_public_key, data->user_public_key_len);
jb_set_base64(js, "data->certification_data", data->certification_data, data->certification_data_len);
break;
}
case DNP3_OBJECT_CODE(120, 11): {
@ -1678,11 +1639,7 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
} else {
jb_set_string(js, "username", "");
}
unsigned long master_challenge_data_b64_len = BASE64_BUFFER_SIZE(data->master_challenge_data_len);
uint8_t master_challenge_data_b64[master_challenge_data_b64_len];
Base64Encode(data->master_challenge_data, data->master_challenge_data_len,
master_challenge_data_b64, &master_challenge_data_b64_len);
jb_set_string(js, "data->master_challenge_data", (char *)master_challenge_data_b64);
jb_set_base64(js, "data->master_challenge_data", data->master_challenge_data, data->master_challenge_data_len);
break;
}
case DNP3_OBJECT_CODE(120, 12): {
@ -1690,11 +1647,7 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
jb_set_uint(js, "ksq", data->ksq);
jb_set_uint(js, "user_number", data->user_number);
jb_set_uint(js, "challenge_data_len", data->challenge_data_len);
unsigned long challenge_data_b64_len = BASE64_BUFFER_SIZE(data->challenge_data_len);
uint8_t challenge_data_b64[challenge_data_b64_len];
Base64Encode(data->challenge_data, data->challenge_data_len,
challenge_data_b64, &challenge_data_b64_len);
jb_set_string(js, "data->challenge_data", (char *)challenge_data_b64);
jb_set_base64(js, "data->challenge_data", data->challenge_data, data->challenge_data_len);
break;
}
case DNP3_OBJECT_CODE(120, 13): {
@ -1702,29 +1655,17 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
jb_set_uint(js, "ksq", data->ksq);
jb_set_uint(js, "user_number", data->user_number);
jb_set_uint(js, "encrypted_update_key_len", data->encrypted_update_key_len);
unsigned long encrypted_update_key_data_b64_len = BASE64_BUFFER_SIZE(data->encrypted_update_key_len);
uint8_t encrypted_update_key_data_b64[encrypted_update_key_data_b64_len];
Base64Encode(data->encrypted_update_key_data, data->encrypted_update_key_len,
encrypted_update_key_data_b64, &encrypted_update_key_data_b64_len);
jb_set_string(js, "data->encrypted_update_key_data", (char *)encrypted_update_key_data_b64);
jb_set_base64(js, "data->encrypted_update_key_data", data->encrypted_update_key_data, data->encrypted_update_key_len);
break;
}
case DNP3_OBJECT_CODE(120, 14): {
DNP3ObjectG120V14 *data = point->data;
unsigned long digital_signature_b64_len = BASE64_BUFFER_SIZE(data->digital_signature_len);
uint8_t digital_signature_b64[digital_signature_b64_len];
Base64Encode(data->digital_signature, data->digital_signature_len,
digital_signature_b64, &digital_signature_b64_len);
jb_set_string(js, "data->digital_signature", (char *)digital_signature_b64);
jb_set_base64(js, "data->digital_signature", data->digital_signature, data->digital_signature_len);
break;
}
case DNP3_OBJECT_CODE(120, 15): {
DNP3ObjectG120V15 *data = point->data;
unsigned long mac_b64_len = BASE64_BUFFER_SIZE(data->mac_len);
uint8_t mac_b64[mac_b64_len];
Base64Encode(data->mac, data->mac_len,
mac_b64, &mac_b64_len);
jb_set_string(js, "data->mac", (char *)mac_b64);
jb_set_base64(js, "data->mac", data->mac, data->mac_len);
break;
}
case DNP3_OBJECT_CODE(121, 1): {
@ -1777,3 +1718,4 @@ void OutputJsonDNP3SetItem(JsonBuilder *js, DNP3Object *object,
}
}
// clang-format on

6
src/output-json-http.c
Unescape Escape View File

@ -430,11 +430,7 @@ static void BodyBase64Buffer(JsonBuilder *js, HtpBody *body, const char *key)
return;
}
unsigned long len = BASE64_BUFFER_SIZE(body_data_len);
uint8_t encoded[len];
if (Base64Encode(body_data, body_data_len, encoded, &len) == SC_BASE64_OK) {
jb_set_string(js, key, (char *)encoded);
}
jb_set_base64(js, key, body_data, body_data_len);
}
}

14
src/output-json-tls.c
Unescape Escape View File

@ -267,12 +267,7 @@ static void JsonTlsLogCertificate(JsonBuilder *js, SSLState *ssl_state)
return;
}
unsigned long len = BASE64_BUFFER_SIZE(cert->cert_len);
uint8_t encoded[len];
if (Base64Encode(cert->cert_data, cert->cert_len, encoded, &len) ==
SC_BASE64_OK) {
jb_set_string(js, "certificate", (char *)encoded);
}
jb_set_base64(js, "certificate", cert->cert_data, cert->cert_len);
}
static void JsonTlsLogChain(JsonBuilder *js, SSLState *ssl_state)
@ -285,12 +280,7 @@ static void JsonTlsLogChain(JsonBuilder *js, SSLState *ssl_state)
SSLCertsChain *cert;
TAILQ_FOREACH(cert, &ssl_state->server_connp.certs, next) {
unsigned long len = BASE64_BUFFER_SIZE(cert->cert_len);
uint8_t encoded[len];
if (Base64Encode(cert->cert_data, cert->cert_len, encoded, &len) ==
SC_BASE64_OK) {
jb_append_string(js, (char *)encoded);
}
jb_append_base64(js, cert->cert_data, cert->cert_len);
}
jb_close(js);

6
src/output-json.c
Unescape Escape View File

@ -451,11 +451,7 @@ void EveAddCommonOptions(const OutputJsonCommonSettings *cfg,
void EvePacket(const Packet *p, JsonBuilder *js, unsigned long max_length)
{
unsigned long max_len = max_length == 0 ? GET_PKT_LEN(p) : max_length;
unsigned long len = BASE64_BUFFER_SIZE(max_len);
uint8_t encoded_packet[len];
if (Base64Encode((unsigned char*) GET_PKT_DATA(p), max_len, encoded_packet, &len) == SC_BASE64_OK) {
jb_set_string(js, "packet", (char *)encoded_packet);
}
jb_set_base64(js, "packet", GET_PKT_DATA(p), max_len);
if (!jb_open_object(js, "packet_info")) {
return;

Write Preview
Loading…
Cancel
Save