aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

classification/config: Raise error on validation errors

Browse Source 
This commit adds logic which raises an error if parse errors occur while
loading classification.config

Issue: 4554
pull/7662/head
Jeff Lucovsky 4 years ago committed by Victor Julien
parent 61f9f0df55
commit 2621c90ea1
4 changed files with 28 additions and 55 deletions
Show Stats Download Patch File Download Diff File

79
src/util-classification-config.c
Unescape Escape View File

@ -252,8 +252,10 @@ int SCClassConfAddClasstype(DetectEngineCtx *de_ctx, char *rawstr, uint16_t inde
ret = pcre2_match(regex, (PCRE2_SPTR8)rawstr, strlen(rawstr), 0, 0, regex_match, NULL);
if (ret < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid Classtype in "
"classification.config file");
SCLogError(SC_ERR_INVALID_SIGNATURE,
"Invalid Classtype in "
"classification.config file %s: \"%s\"",
SCClassConfGetConfFilename(de_ctx), rawstr);
goto error;
}
@ -344,7 +346,7 @@ static int SCClassConfIsLineBlankOrComment(char *line)
*
* \param de_ctx Pointer to the Detection Engine Context.
*/
static void SCClassConfParseFile(DetectEngineCtx *de_ctx, FILE *fd)
static bool SCClassConfParseFile(DetectEngineCtx *de_ctx, FILE *fd)
{
char line[1024];
uint16_t i = 1;
@ -353,7 +355,9 @@ static void SCClassConfParseFile(DetectEngineCtx *de_ctx, FILE *fd)
if (SCClassConfIsLineBlankOrComment(line))
continue;
SCClassConfAddClasstype(de_ctx, line, i);
if (SCClassConfAddClasstype(de_ctx, line, i) == -1) {
return false;
}
i++;
}
@ -362,7 +366,7 @@ static void SCClassConfParseFile(DetectEngineCtx *de_ctx, FILE *fd)
de_ctx->class_conf_ht->count);
#endif
return;
return true;
}
/**
@ -522,24 +526,31 @@ void SCClassConfClasstypeHashFree(void *ch)
* \param de_ctx Pointer to the Detection Engine Context that should be updated
* with Classtype information.
*/
void SCClassConfLoadClassficationConfigFile(DetectEngineCtx *de_ctx, FILE *fd)
bool SCClassConfLoadClassficationConfigFile(DetectEngineCtx *de_ctx, FILE *fd)
{
fd = SCClassConfInitContextAndLocalResources(de_ctx, fd);
if (fd == NULL) {
#ifdef UNITTESTS
if (RunmodeIsUnittests() && fd == NULL) {
return;
if (RunmodeIsUnittests()) {
return false;
}
#endif
SCLogError(SC_ERR_OPENING_FILE, "please check the \"classification-file\" "
"option in your suricata.yaml file");
return;
return false;
}
bool ret = true;
if (!SCClassConfParseFile(de_ctx, fd)) {
SCLogWarning(SC_WARN_CLASSIFICATION_CONFIG,
"Error loading classification configuration from %s",
SCClassConfGetConfFilename(de_ctx));
ret = false;
}
SCClassConfParseFile(de_ctx, fd);
SCClassConfDeInitLocalResources(de_ctx, fd);
return;
return ret;
}
/**
@ -696,22 +707,15 @@ static int SCClassConfTest02(void)
static int SCClassConfTest03(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
int result = 0;
if (de_ctx == NULL)
return result;
FAIL_IF_NULL(de_ctx);
FILE *fd = SCClassConfGenerateInValidDummyClassConfigFD02();
SCClassConfLoadClassficationConfigFile(de_ctx, fd);
if (de_ctx->class_conf_ht == NULL)
return result;
result = (de_ctx->class_conf_ht->count == 3);
FAIL_IF(SCClassConfLoadClassficationConfigFile(de_ctx, fd));
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
/**
@ -779,38 +783,6 @@ static int SCClassConfTest05(void)
return result;
}
/**
* \test Check if the classtype info from the classification.config file have
* been loaded into the hash table.
*/
static int SCClassConfTest06(void)
{
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
int result = 1;
if (de_ctx == NULL)
return 0;
FILE *fd = SCClassConfGenerateInValidDummyClassConfigFD02();
SCClassConfLoadClassficationConfigFile(de_ctx, fd);
if (de_ctx->class_conf_ht == NULL)
return 0;
result = (de_ctx->class_conf_ht->count == 3);
result &= (SCClassConfGetClasstype("unknown", de_ctx) == NULL);
result &= (SCClassConfGetClasstype("not-suspicious", de_ctx) != NULL);
result &= (SCClassConfGetClasstype("bamboola1", de_ctx) != NULL);
result &= (SCClassConfGetClasstype("bamboola1", de_ctx) != NULL);
result &= (SCClassConfGetClasstype("BAMBOolA1", de_ctx) != NULL);
result &= (SCClassConfGetClasstype("unkNOwn", de_ctx) == NULL);
DetectEngineCtxFree(de_ctx);
return result;
}
/**
* \brief This function registers unit tests for Classification Config API.
*/
@ -821,6 +793,5 @@ void SCClassConfRegisterTests(void)
UtRegisterTest("SCClassConfTest03", SCClassConfTest03);
UtRegisterTest("SCClassConfTest04", SCClassConfTest04);
UtRegisterTest("SCClassConfTest05", SCClassConfTest05);
UtRegisterTest("SCClassConfTest06", SCClassConfTest06);
}
#endif /* UNITTESTS */

2
src/util-classification-config.h
Unescape Escape View File

@ -45,7 +45,7 @@ typedef struct SCClassConfClasstype_ {
char *classtype_desc;
} SCClassConfClasstype;
void SCClassConfLoadClassficationConfigFile(DetectEngineCtx *, FILE *fd);
bool SCClassConfLoadClassficationConfigFile(DetectEngineCtx *, FILE *fd);
int SCClassConfAddClasstype(DetectEngineCtx *de_ctx, char *rawstr, uint16_t index);
SCClassConfClasstype *SCClassConfGetClasstype(const char *,
DetectEngineCtx *);

1
src/util-error.c
Unescape Escape View File

@ -388,6 +388,7 @@ const char * SCErrorToString(SCError err)
CASE_CODE(SC_ERR_SIGNAL);
CASE_CODE(SC_WARN_CHOWN);
CASE_CODE(SC_ERR_HASH_ADD);
CASE_CODE(SC_WARN_CLASSIFICATION_CONFIG);
CASE_CODE (SC_ERR_MAX);
}

1
src/util-error.h
Unescape Escape View File

@ -378,6 +378,7 @@ typedef enum {
SC_ERR_SIGNAL,
SC_WARN_CHOWN,
SC_ERR_HASH_ADD,
SC_WARN_CLASSIFICATION_CONFIG,
SC_ERR_MAX
} SCError;

Write Preview
Loading…
Cancel
Save