aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

code cleanup in detect-reference.c

Browse Source
remotes/origin/master-1.1.x
Anoop Saldanha 15 years ago committed by Victor Julien
parent 5f4d681a42
commit f5a02833dd
1 changed files with 55 additions and 50 deletions
Show Stats Download Patch File Download Diff File

71
src/detect-reference.c
Unescape Escape View File

@ -31,7 +31,6 @@
#include "detect-engine-mpm.h" #include "detect-engine-mpm.h"
#include "decode.h" #include "decode.h"
#include "detect.h"
#include "flow-var.h" #include "flow-var.h"
#include "decode-events.h" #include "decode-events.h"
#include "stream-tcp.h" #include "stream-tcp.h"
@ -63,8 +62,8 @@ static int DetectReferenceSetup (DetectEngineCtx *, Signature *s, char *str);
/** /**
* \brief Registration function for reference: keyword * \brief Registration function for reference: keyword
*/ */
void DetectReferenceRegister(void)
void DetectReferenceRegister (void) { {
sigmatch_table[DETECT_REFERENCE].name = "reference"; sigmatch_table[DETECT_REFERENCE].name = "reference";
sigmatch_table[DETECT_REFERENCE].Match = NULL; sigmatch_table[DETECT_REFERENCE].Match = NULL;
sigmatch_table[DETECT_REFERENCE].Setup = DetectReferenceSetup; sigmatch_table[DETECT_REFERENCE].Setup = DetectReferenceSetup;
@ -78,28 +77,27 @@ void DetectReferenceRegister (void) {
opts |= PCRE_CASELESS; opts |= PCRE_CASELESS;
parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL); parse_regex = pcre_compile(PARSE_REGEX, opts, &eb, &eo, NULL);
if (parse_regex == NULL) if (parse_regex == NULL) {
{ SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at "
SCLogError(SC_ERR_PCRE_COMPILE, "pcre compile of \"%s\" failed at offset %" PRId32 ": %s", PARSE_REGEX, eo, eb); "offset %" PRId32 ": %s", PARSE_REGEX, eo, eb);
goto error; goto error;
} }
parse_regex_study = pcre_study(parse_regex, 0, &eb); parse_regex_study = pcre_study(parse_regex, 0, &eb);
if (eb != NULL) if (eb != NULL) {
{
SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb); SCLogError(SC_ERR_PCRE_STUDY, "pcre study failed: %s", eb);
goto error; goto error;
} }
error: error:
return; return;
} }
/** /**
* \brief Free a Reference object * \brief Free a Reference object
*/ */
void DetectReferenceFree(Reference *ref) { void DetectReferenceFree(Reference *ref)
{
SCEnter(); SCEnter();
if (ref->reference != NULL) { if (ref->reference != NULL) {
@ -116,8 +114,8 @@ void DetectReferenceFree(Reference *ref) {
* *
* \param rawstr Pointer to the user provided reference options * \param rawstr Pointer to the user provided reference options
* *
* \retval ref pointer to signature reference on success * \retval ref Pointer to signature reference on success.
* \retval NULL on failure * \retval NULL On failure.
*/ */
static Reference *DetectReferenceParse(char *rawstr) static Reference *DetectReferenceParse(char *rawstr)
{ {
@ -131,9 +129,11 @@ static Reference *DetectReferenceParse (char *rawstr)
const char *ref_key = NULL; const char *ref_key = NULL;
const char *ref_content = NULL; const char *ref_content = NULL;
ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr), 0, 0, ov, MAX_SUBSTRINGS); ret = pcre_exec(parse_regex, parse_regex_study, rawstr, strlen(rawstr),
0, 0, ov, MAX_SUBSTRINGS);
if (ret < 2) { if (ret < 2) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, rawstr); SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, "
"ret %" PRId32 ", string %s", ret, rawstr);
goto error; goto error;
} }
@ -216,17 +216,18 @@ error:
/** /**
* \internal * \internal
* \brief this function is used to add the parsed reference into the current signature * \brief Used to add the parsed reference into the current signature.
* *
* \param de_ctx pointer to the Detection Engine Context * \param de_ctx Pointer to the Detection Engine Context.
* \param s pointer to the Current Signature * \param s Pointer to the Current Signature.
* \param m pointer to the Current SigMatch * \param m Pointer to the Current SigMatch.
* \param rawstr pointer to the user provided reference options * \param rawstr Pointer to the user provided reference options.
* *
* \retval 0 on Success * \retval 0 On Success.
* \retval -1 on Failure * \retval -1 On Failure.
*/ */
static int DetectReferenceSetup (DetectEngineCtx *de_ctx, Signature *s, char *rawstr) static int DetectReferenceSetup (DetectEngineCtx *de_ctx, Signature *s,
char *rawstr)
{ {
SCEnter(); SCEnter();
@ -264,9 +265,6 @@ error:
SCReturnInt(-1); SCReturnInt(-1);
} }
/*
* ONLY TESTS BELOW THIS COMMENT
*/
#ifdef UNITTESTS #ifdef UNITTESTS
/** /**
@ -288,7 +286,8 @@ static int DetectReferenceParseTest01(void)
de_ctx->flags |= DE_QUIET; de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any (msg:\"One reference\"; reference:cve,001-2010; sid:2;)"); s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any "
"(msg:\"One reference\"; reference:cve,001-2010; sid:2;)");
if (s == NULL) { if (s == NULL) {
goto cleanup; goto cleanup;
@ -332,7 +331,10 @@ static int DetectReferenceParseTest02(void)
de_ctx->flags |= DE_QUIET; de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any (msg:\"Two references\"; reference:url,www.openinfosecfoundation.org; reference:cve,001-2010; sid:2;)"); s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any "
"(msg:\"Two references\"; "
"reference:url,www.openinfosecfoundation.org; "
"reference:cve,001-2010; sid:2;)");
if (s == NULL) { if (s == NULL) {
printf("sig parse failed: "); printf("sig parse failed: ");
goto cleanup; goto cleanup;
@ -347,7 +349,6 @@ static int DetectReferenceParseTest02(void)
strcmp(s->references->reference, "www.openinfosecfoundation.org") != 0) { strcmp(s->references->reference, "www.openinfosecfoundation.org") != 0) {
printf("first ref failed: "); printf("first ref failed: ");
goto cleanup; goto cleanup;
} }
if (strcmp(s->references->next->key, if (strcmp(s->references->next->key,
@ -355,7 +356,6 @@ static int DetectReferenceParseTest02(void)
strcmp(s->references->next->reference, "001-2010") != 0) { strcmp(s->references->next->reference, "001-2010") != 0) {
printf("second ref failed: "); printf("second ref failed: ");
goto cleanup; goto cleanup;
} }
result = 1; result = 1;
@ -365,7 +365,6 @@ cleanup:
DetectEngineCtxFree(de_ctx); DetectEngineCtxFree(de_ctx);
} }
return result; return result;
} }
/** /**
@ -385,26 +384,32 @@ static int DetectReferenceParseTest03(void)
de_ctx->flags |= DE_QUIET; de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any (msg:\"invalid ref\"; reference:unknownkey,001-2010; sid:2;)"); s = de_ctx->sig_list = SigInit(de_ctx, "alert icmp any any -> any any "
"(msg:\"invalid ref\"; "
"reference:unknownkey,001-2010; sid:2;)");
if (s != NULL) { if (s != NULL) {
printf("sig parsed even though it's invalid: "); printf("sig parsed even though it's invalid: ");
goto cleanup; goto cleanup;
} }
result = 1; result = 1;
cleanup: cleanup:
if (de_ctx != NULL) { if (de_ctx != NULL) {
DetectEngineCtxFree(de_ctx); DetectEngineCtxFree(de_ctx);
} }
return result; return result;
} }
#endif /* UNITTESTS */ #endif /* UNITTESTS */
void ReferenceRegisterTests(void) { void ReferenceRegisterTests(void)
{
#ifdef UNITTESTS #ifdef UNITTESTS
UtRegisterTest("DetectReferenceParseTest01", DetectReferenceParseTest01, 1); UtRegisterTest("DetectReferenceParseTest01", DetectReferenceParseTest01, 1);
UtRegisterTest("DetectReferenceParseTest02", DetectReferenceParseTest02, 1); UtRegisterTest("DetectReferenceParseTest02", DetectReferenceParseTest02, 1);
UtRegisterTest("DetectReferenceParseTest03", DetectReferenceParseTest03, 1); UtRegisterTest("DetectReferenceParseTest03", DetectReferenceParseTest03, 1);
#endif /* UNITTESTS */ #endif /* UNITTESTS */
return;
} }

Write Preview
Loading…
Cancel
Save