detect/parser: Refactor utility routines

Refactor utility functions/definitions from the byte_math module into the parser module. This includes parse_var and ResultValue Issue: 6487
1 year ago · ab0cb960a1
parent 903283d76e
commit ab0cb960a1
2 changed files with 16 additions and 18 deletions
--- a/rust/src/detect/byte_math.rs
+++ b/rust/src/detect/byte_math.rs
@ -18,7 +18,7 @@
 // Author: Jeff Lucovsky <jlucovsky@oisf.net>

 use crate::detect::error::RuleParseError;
-use crate::detect::parser::{parse_token, take_until_whitespace};
+use crate::detect::parser::{parse_var, take_until_whitespace, ResultValue};
 use std::ffi::{CStr, CString};
 use std::os::raw::c_char;

@ -88,12 +88,6 @@ pub const DETECT_BYTEMATH_FIXED_PARAM_COUNT: usize = 5;
 // Optional parameters: endian, relative, string, dce, bitmask
 pub const DETECT_BYTEMATH_MAX_PARAM_COUNT: usize = 10;

-#[derive(Debug)]
-enum ResultValue {
-    Numeric(u64),
-    String(String),
-}
-
 #[repr(C)]
 #[derive(Debug)]
 pub struct DetectByteMathData {
@ -194,17 +188,6 @@ fn get_endian_value(value: &str) -> Result<ByteMathEndian, ()> {
    Ok(res)
 }

-// Parsed as a u64 for validation with u32 {min,max} so values greater than uint32
-// are not treated as a string value.
-fn parse_var(input: &str) -> IResult<&str, ResultValue, RuleParseError<&str>> {
-    let (input, value) = parse_token(input)?;
-    if let Ok(val) = value.parse::<u64>() {
-        Ok((input, ResultValue::Numeric(val)))
-    } else {
-        Ok((input, ResultValue::String(value.to_string())))
-    }
-}
-
 fn parse_bytemath(input: &str) -> IResult<&str, DetectByteMathData, RuleParseError<&str>> {
    // Inner utility function for easy error creation.
    fn make_error(reason: String) -> nom7::Err<RuleParseError<&'static str>> {
--- a/rust/src/detect/parser.rs
+++ b/rust/src/detect/parser.rs
@ -22,12 +22,27 @@ use nom7::character::complete::multispace0;
 use nom7::sequence::preceded;
 use nom7::IResult;

+#[derive(Debug)]
+pub enum ResultValue {
+    Numeric(u64),
+    String(String),
+}
+
 static WHITESPACE: &str = " \t\r\n";
 /// Parse all characters up until the next whitespace character.
 pub fn take_until_whitespace(input: &str) -> IResult<&str, &str, RuleParseError<&str>> {
    nom7::bytes::complete::is_not(WHITESPACE)(input)
 }

+// Parsed as a u64 so the value can be validated against a u32 min/max if needed.
+pub fn parse_var(input: &str) -> IResult<&str, ResultValue, RuleParseError<&str>> {
+    let (input, value) = parse_token(input)?;
+    if let Ok(val) = value.parse::<u64>() {
+        Ok((input, ResultValue::Numeric(val)))
+    } else {
+        Ok((input, ResultValue::String(value.to_string())))
+    }
+}
 /// Parse the next token ignoring leading whitespace.
 ///
 /// A token is the next sequence of chars until a terminating character. Leading whitespace