aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix some error messages and coding style at uri/content modifiers

Browse Source
remotes/origin/master-1.0.x
Pablo Rincon 15 years ago committed by Victor Julien
parent 0b6dc3e8d5
commit 9209eaeaf6
7 changed files with 63 additions and 42 deletions
Show Stats Download Patch File Download Diff File

1
src/detect-content.h
Unescape Escape View File

@ -62,7 +62,6 @@ SigMatch *DetectContentFindNextApplicableSM(SigMatch *);
SigMatch *DetectContentHasPrevSMPattern(SigMatch *);
SigMatch *SigMatchGetLastPattern(Signature *s);
void SigMatchAppendUricontent(Signature *, SigMatch *);
void DetectContentFree(void *);

15
src/detect-depth.c
Unescape Escape View File

@ -41,7 +41,8 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
* SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding content option");
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding "
"content or uricontent option");
if (dubbed) SCFree(str);
return -1;
}
@ -52,13 +53,14 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx;
if (ud == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argpment");
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument");
if (dubbed) SCFree(str);
return -1;
}
ud->depth = (uint32_t)atoi(str);
if (ud->uricontent_len + ud->offset > ud->depth) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", ud->uricontent_len + ud->offset);
SCLogDebug("depth increased to %"PRIu32" to match pattern len "
"and offset", ud->uricontent_len + ud->offset);
ud->depth = ud->uricontent_len + ud->offset;
}
break;
@ -72,13 +74,15 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
}
cd->depth = (uint32_t)atoi(str);
if (cd->content_len + cd->offset > cd->depth) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", cd->content_len + cd->offset);
SCLogDebug("depth increased to %"PRIu32" to match pattern len "
"and offset", cd->content_len + cd->offset);
cd->depth = cd->content_len + cd->offset;
}
break;
default:
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding content (or uricontent) option");
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding "
"content (or uricontent) option");
if (dubbed) SCFree(str);
return -1;
break;
@ -87,4 +91,3 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
if (dubbed) SCFree(str);
return 0;
}

27
src/detect-distance.c
Unescape Escape View File

@ -25,7 +25,8 @@ void DetectDistanceRegister (void) {
sigmatch_table[DETECT_DISTANCE].flags |= SIGMATCH_PAYLOAD;
}
static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *distancestr)
static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
char *distancestr)
{
char *str = distancestr;
char dubbed = 0;
@ -41,7 +42,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
* SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "depth needs two preceeding content (or uricontent) options");
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
if (dubbed) SCFree(str);
return -1;
}
@ -53,7 +55,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx;
if (ud == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "Unknown previous keyword!\n");
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
goto error;
}
@ -67,7 +70,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
pm = DetectUricontentGetLastPattern(s->umatch_tail->prev);
if (pm == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two preceeding content options");
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two"
" preceeding content or uricontent options");
goto error;
}
@ -75,7 +79,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
ud = (DetectUricontentData *)pm->ctx;
ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT;
} else {
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous-previous keyword!");
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous"
" keyword!");
goto error;
}
break;
@ -83,7 +88,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
case DETECT_CONTENT:
cd = (DetectContentData *)pm->ctx;
if (cd == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "Unknown previous keyword!\n");
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
goto error;
}
@ -97,7 +103,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
pm = DetectContentGetLastPattern(s->pmatch_tail->prev);
if (pm == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two preceeding content options");
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two"
" preceeding content or uricontent options");
goto error;
}
@ -105,13 +112,15 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
cd = (DetectContentData *)pm->ctx;
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
} else {
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous-previous keyword!");
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous "
"keyword!");
goto error;
}
break;
default:
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two preceeding content (or uricontent) options");
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
if (dubbed) SCFree(str);
return -1;
break;

10
src/detect-nocase.c
Unescape Escape View File

@ -127,15 +127,15 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
SCEnter();
if (nullstr != NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value");
SCLogError(SC_ERR_INVALID_VALUE, "nocase has value");
SCReturnInt(-1);
}
/* Search for the first previous SigMatch that supports nocase */
SigMatch *pm = SigMatchGetLastNocasePattern(s);
if (pm == NULL) {
SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "nocase needs a preceeding "
"content, uricontent, http_client_body or http_cookie option");
SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "\"nocase\" needs a preceeding"
" content, uricontent, http_client_body or http_cookie option");
SCReturnInt(-1);
}
@ -167,8 +167,8 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
break;
/* should never happen */
default:
SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "nocase needs a preceeding "
"content, uricontent, http_client_body or http_cookie option");
SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "\"nocase\" needs a"
" preceeding content, uricontent, http_client_body or http_cookie option");
SCReturnInt(-1);
break;
}

14
src/detect-offset.c
Unescape Escape View File

@ -41,7 +41,8 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
* SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding content option");
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding "
"content or uricontent option");
if (dubbed) SCFree(str);
return -1;
}
@ -52,13 +53,14 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx;
if (ud == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argpment");
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument");
if (dubbed) SCFree(str);
return -1;
}
ud->offset = (uint32_t)atoi(str);
if (ud->depth != 0) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", ud->uricontent_len + ud->offset);
SCLogDebug("depth increased to %"PRIu32" to match pattern len"
" and offset", ud->uricontent_len + ud->offset);
ud->depth = ud->uricontent_len + ud->offset;
}
break;
@ -72,13 +74,15 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
}
cd->offset = (uint32_t)atoi(str);
if (cd->depth != 0) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", cd->content_len + cd->offset);
SCLogDebug("depth increased to %"PRIu32" to match pattern len"
" and offset", cd->content_len + cd->offset);
cd->depth = cd->content_len + cd->offset;
}
break;
default:
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding content (or uricontent) option");
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding"
" content or uricontent option");
if (dubbed) SCFree(str);
return -1;
break;

27
src/detect-uricontent.c
Unescape Escape View File

@ -105,8 +105,10 @@ void DetectUricontentPrint(DetectUricontentData *cd)
SCLogDebug("Within: %"PRIi32, cd->within);
SCLogDebug("Distance: %"PRIi32, cd->distance);
SCLogDebug("flags: %u ", cd->flags);
SCLogDebug("negated: %s ", cd->flags & DETECT_URICONTENT_NEGATED ? "true" : "false");
SCLogDebug("relative match next: %s ", cd->flags & DETECT_URICONTENT_RELATIVE_NEXT ? "true" : "false");
SCLogDebug("negated: %s ",
cd->flags & DETECT_URICONTENT_NEGATED ? "true" : "false");
SCLogDebug("relative match next: %s ",
cd->flags & DETECT_URICONTENT_RELATIVE_NEXT ? "true" : "false");
SCLogDebug("-----------");
}
@ -316,7 +318,8 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
s->flags |= SIG_FLAG_APPLAYER;
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
" keywords.");
goto error;
}
@ -1224,13 +1227,13 @@ static int DetectUriSigTest05(void) {
}
if ((PacketAlertCheck(&p, 1))) {
printf("sig: 1 alerted, but it should not\n");
printf("sig: 1 alerted, but it should not:");
goto end;
} else if (! PacketAlertCheck(&p, 2)) {
printf("sig: 2 did not alerted, but it should\n");
printf("sig: 2 did not alerted, but it should:");
goto end;
} else if (! (PacketAlertCheck(&p, 3))) {
printf("sig: 3 did not alerted, but it should\n");
printf("sig: 3 did not alerted, but it should:");
goto end;
}
@ -1341,13 +1344,13 @@ static int DetectUriSigTest06(void) {
}
if ((PacketAlertCheck(&p, 1))) {
printf("sig: 1 alerted, but it should not\n");
printf("sig: 1 alerted, but it should not:");
goto end;
} else if (! PacketAlertCheck(&p, 2)) {
printf("sig: 2 did not alerted, but it should\n");
printf("sig: 2 did not alerted, but it should:");
goto end;
} else if (! (PacketAlertCheck(&p, 3))) {
printf("sig: 3 did not alerted, but it should\n");
printf("sig: 3 did not alerted, but it should:");
goto end;
}
@ -1458,13 +1461,13 @@ static int DetectUriSigTest07(void) {
}
if (PacketAlertCheck(&p, 1)) {
printf("sig: 1 alerted, but it should not\n");
printf("sig: 1 alerted, but it should not:");
goto end;
} else if (PacketAlertCheck(&p, 2)) {
printf("sig: 2 did not alerted, but it should\n");
printf("sig: 2 alerted, but it should not:");
goto end;
} else if (PacketAlertCheck(&p, 3)) {
printf("sig: 3 did not alerted, but it should\n");
printf("sig: 3 alerted, but it should not:");
goto end;
}

11
src/detect-within.c
Unescape Escape View File

@ -52,7 +52,8 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
* SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "depth needs two preceeding content (or uricontent) options");
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "depth needs"
"two preceeding content or uricontent options");
if (dubbed) SCFree(str);
return -1;
}
@ -87,7 +88,8 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
pm = DetectUricontentGetLastPattern(s->umatch_tail->prev);
if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content options");
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two"
" preceeding content or uricontent options");
goto error;
}
@ -129,7 +131,8 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
pm = DetectContentGetLastPattern(s->pmatch_tail->prev);
if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content options");
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two"
" preceeding content or uricontent options");
goto error;
}
@ -144,7 +147,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
break;
default:
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content (or uricontent) options");
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content or uricontent options");
if (dubbed) SCFree(str);
return -1;
break;

Write Preview
Loading…
Cancel
Save