aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

rule vars: support prefix

Browse Source 
Support the detection engine's prefix when retrieving rule vars.
pull/1389/head
Victor Julien 10 years ago
parent 0bc27c7dc7
commit 85e12f2bc6
1 changed files with 88 additions and 5 deletions
Show Stats Download Patch File Download Diff File

93
src/util-rule-vars.c
Unescape Escape View File

@ -69,7 +69,7 @@ char *SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx,
SCEnter();
const char *conf_var_type_name = NULL;
char conf_var_full_name[1024] = "";
char conf_var_full_name[2048] = "";
char *conf_var_full_name_value = NULL;
if (conf_var_name == NULL)
@ -80,9 +80,16 @@ char *SCRuleVarsGetConfVar(const DetectEngineCtx *de_ctx,
if (conf_var_type_name == NULL)
goto end;
if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s",
conf_var_type_name, conf_var_name) < 0) {
goto end;
if (de_ctx != NULL && strlen(de_ctx->config_prefix) > 0) {
if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s.%s",
de_ctx->config_prefix, conf_var_type_name, conf_var_name) < 0) {
goto end;
}
} else {
if (snprintf(conf_var_full_name, sizeof(conf_var_full_name), "%s.%s",
conf_var_type_name, conf_var_name) < 0) {
goto end;
}
}
if (ConfGet(conf_var_full_name, &conf_var_full_name_value) != 1) {
@ -423,16 +430,92 @@ end:
return result;
}
static const char *dummy_mt_conf_string =
"%YAML 1.1\n"
"---\n"
"vars:\n"
"\n"
" address-groups:\n"
"\n"
" HOME_NET: \"[1.2.3.4]\"\n"
" port-groups:\n"
" HTTP_PORTS: \"12345\"\n"
"multi-detect:\n"
" 0:\n"
" vars:\n"
"\n"
" address-groups:\n"
"\n"
" HOME_NET: \"[8.8.8.8]\"\n"
" port-groups:\n"
" HTTP_PORTS: \"54321\"\n"
"\n";
/**
* \test Check that valid address and port group vars are correctly retrieved
* from the configuration.
*/
int SCRuleVarsMTest01(void)
{
int result = 0;
DetectEngineCtx *de_ctx = NULL;
ConfCreateContextBackup();
ConfInit();
ConfYamlLoadString(dummy_mt_conf_string, strlen(dummy_mt_conf_string));
if ( (de_ctx = DetectEngineCtxInit()) == NULL)
return 0;
de_ctx->flags |= DE_QUIET;
snprintf(de_ctx->config_prefix, sizeof(de_ctx->config_prefix),
"multi-detect.0");
/* check for address-groups */
result = (SCRuleVarsGetConfVar(de_ctx,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(de_ctx,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS),
"[8.8.8.8]") == 0);
if (result == 0)
goto end;
result = (SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$HOME_NET", SC_RULE_VARS_ADDRESS_GROUPS),
"[1.2.3.4]") == 0);
if (result == 0)
goto end;
/* check for port-groups */
result = (SCRuleVarsGetConfVar(de_ctx,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(de_ctx,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS),
"54321") == 0);
if (result == 0)
goto end;
result = (SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS) != NULL &&
strcmp(SCRuleVarsGetConfVar(NULL,"$HTTP_PORTS", SC_RULE_VARS_PORT_GROUPS),
"12345") == 0);
if (result == 0)
goto end;
end:
ConfDeInit();
ConfRestoreContextBackup();
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
return result;
}
#endif /* UNITTESTS */
void SCRuleVarsRegisterTests(void)
{
#ifdef UNITTESTS
UtRegisterTest("SCRuleVarsPositiveTest01", SCRuleVarsPositiveTest01, 1);
UtRegisterTest("SCRuleVarsNegativeTest02", SCRuleVarsNegativeTest02, 1);
UtRegisterTest("SCRuleVarsPositiveTest03", SCRuleVarsPositiveTest03, 1);
UtRegisterTest("SCRuleVarsNegativeTest04", SCRuleVarsNegativeTest04, 1);
UtRegisterTest("SCRuleVarsMTest01", SCRuleVarsMTest01, 1);
#endif
return;

Write Preview
Loading…
Cancel
Save