rule analyser: display message for invalid signatures

13 years ago · 86709f5e9d
parent c7cfbb71c9
commit 86709f5e9d
3 changed files with 16 additions and 0 deletions
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@ -409,6 +409,17 @@ static void EngineAnalysisRulesPrintFP(Signature *s)
    return;
 }

+
+void EngineAnalysisRulesFailure(char *line, char *file, int lineno)
+{
+        fprintf(rule_engine_analysis_FD, "== Sid: UNKNOWN ==\n");
+        fprintf(rule_engine_analysis_FD, "%s\n", line);
+        fprintf(rule_engine_analysis_FD, "    FAILURE: invalid rule.\n");
+        fprintf(rule_engine_analysis_FD, "    File: %s.\n", file);
+        fprintf(rule_engine_analysis_FD, "    Line: %d.\n", lineno);
+        fprintf(rule_engine_analysis_FD, "\n");
+}
+
 /**
 * \brief Prints analysis of loaded rules.
 *
--- a/src/detect-engine-analyzer.h
+++ b/src/detect-engine-analyzer.h
@ -37,5 +37,6 @@ int PerCentEncodingMatch (uint8_t *content, uint8_t content_len);

 void EngineAnalysisFP(Signature *s, char *line);
 void EngineAnalysisRules(Signature *s, char *line);
+void EngineAnalysisRulesFailure(char *line, char *file, int lineno);

 #endif /* __DETECT_ENGINE_ANALYZER_H__ */
--- a/src/detect.c
+++ b/src/detect.c
@ -345,6 +345,10 @@ int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file, int *sigs_tot) {
        } else {
            SCLogError(SC_ERR_INVALID_SIGNATURE, "error parsing signature \"%s\" from "
                 "file %s at line %"PRId32"", line, sig_file, lineno - multiline);
+
+            if (rule_engine_analysis_set) {
+                EngineAnalysisRulesFailure(line, sig_file, lineno - multiline);
+            }
            if (de_ctx->failure_fatal == 1) {
                exit(EXIT_FAILURE);
            }