aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix signatures with trailing spaces being rejected by the regex. Add test.

Browse Source
remotes/origin/master-1.0.x
Victor Julien 15 years ago
parent 60c770c434
commit c62a3d995e
1 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File

35
src/detect-parse.c
Unescape Escape View File

@ -90,7 +90,7 @@ typedef struct SigDuplWrapper_ {
#define CONFIG_OPTS 7
// action protocol src sp dir dst dp options
#define CONFIG_PCRE "^([A-z]+)\\s+([A-z0-9]+)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,\\/]+)\\s+([\\:A-z0-9_\\$\\!,]+)\\s+(-\\>|\\<\\>)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,/]+)\\s+([\\:A-z0-9_\\$\\!,]+)(?:\\s+\\((.*)?(?:\\s*)\\))?(?:(?:\\s*)\\n)?$"
#define CONFIG_PCRE "^([A-z]+)\\s+([A-z0-9]+)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,\\/]+)\\s+([\\:A-z0-9_\\$\\!,]+)\\s+(-\\>|\\<\\>)\\s+([\\[\\]A-z0-9\\.\\:_\\$\\!\\-,/]+)\\s+([\\:A-z0-9_\\$\\!,]+)(?:\\s+\\((.*)?(?:\\s*)\\))?(?:(?:\\s*)\\n)?\\s*$"
#define OPTION_PARTS 3
#define OPTION_PCRE "^\\s*([A-z_0-9-\\.]+)(?:\\s*\\:\\s*(.*)(?<!\\\\))?\\s*;\\s*(?:\\s*(.*))?\\s*$"
@ -2111,6 +2111,38 @@ end:
return result;
}
/**
* \test Parsing sig with trailing space(s) as reported by
* Morgan Cox on oisf-users.
*/
int SigParseTest11(void) {
int result = 0;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
Signature *s = NULL;
s = DetectEngineAppendSig(de_ctx, "drop tcp any any -> any 80 (msg:\"Snort_Inline is blocking the http link\";) ");
if (s == NULL) {
printf("sig 1 didn't parse: ");
goto end;
}
s = DetectEngineAppendSig(de_ctx, "drop tcp any any -> any 80 (msg:\"Snort_Inline is blocking the http link\"; sid:1;) ");
if (s == NULL) {
printf("sig 2 didn't parse: ");
goto end;
}
result = 1;
end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
return result;
}
/** \test Direction operator validation (invalid) */
int SigParseBidirecTest06 (void) {
int result = 1;
@ -2977,6 +3009,7 @@ void SigParseRegisterTests(void) {
UtRegisterTest("SigParseTest08", SigParseTest08, 1);
UtRegisterTest("SigParseTest09", SigParseTest09, 1);
UtRegisterTest("SigParseTest10", SigParseTest10, 1);
UtRegisterTest("SigParseTest11", SigParseTest11, 1);
UtRegisterTest("SigParseBidirecTest06", SigParseBidirecTest06, 1);
UtRegisterTest("SigParseBidirecTest07", SigParseBidirecTest07, 1);

Write Preview
Loading…
Cancel
Save