From 86709f5e9daea39325eb766051d8463268ee1127 Mon Sep 17 00:00:00 2001
From: Eric Leblond <eric@regit.org>
Date: Sat, 3 Nov 2012 10:18:42 +0100
Subject: [PATCH] rule analyser: display message for invalid signatures

---
 src/detect-engine-analyzer.c | 11 +++++++++++
 src/detect-engine-analyzer.h |  1 +
 src/detect.c                 |  4 ++++
 3 files changed, 16 insertions(+)

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 916970da5e..078c98c886 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -409,6 +409,17 @@ static void EngineAnalysisRulesPrintFP(Signature *s)
     return;
 }
 
+
+void EngineAnalysisRulesFailure(char *line, char *file, int lineno)
+{
+        fprintf(rule_engine_analysis_FD, "== Sid: UNKNOWN ==\n");
+        fprintf(rule_engine_analysis_FD, "%s\n", line);
+        fprintf(rule_engine_analysis_FD, "    FAILURE: invalid rule.\n");
+        fprintf(rule_engine_analysis_FD, "    File: %s.\n", file);
+        fprintf(rule_engine_analysis_FD, "    Line: %d.\n", lineno);
+        fprintf(rule_engine_analysis_FD, "\n");
+}
+
 /**
  * \brief Prints analysis of loaded rules.
  *
diff --git a/src/detect-engine-analyzer.h b/src/detect-engine-analyzer.h
index 2b1fc54a64..d92b20604c 100644
--- a/src/detect-engine-analyzer.h
+++ b/src/detect-engine-analyzer.h
@@ -37,5 +37,6 @@ int PerCentEncodingMatch (uint8_t *content, uint8_t content_len);
 
 void EngineAnalysisFP(Signature *s, char *line);
 void EngineAnalysisRules(Signature *s, char *line);
+void EngineAnalysisRulesFailure(char *line, char *file, int lineno);
 
 #endif /* __DETECT_ENGINE_ANALYZER_H__ */
diff --git a/src/detect.c b/src/detect.c
index 928bc31f6d..338090ead1 100644
--- a/src/detect.c
+++ b/src/detect.c
@@ -345,6 +345,10 @@ int DetectLoadSigFile(DetectEngineCtx *de_ctx, char *sig_file, int *sigs_tot) {
         } else {
             SCLogError(SC_ERR_INVALID_SIGNATURE, "error parsing signature \"%s\" from "
                  "file %s at line %"PRId32"", line, sig_file, lineno - multiline);
+
+            if (rule_engine_analysis_set) {
+                EngineAnalysisRulesFailure(line, sig_file, lineno - multiline);
+            }
             if (de_ctx->failure_fatal == 1) {
                 exit(EXIT_FAILURE);
             }