aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix some error messages and coding style at uri/content modifiers

Browse Source
remotes/origin/master-1.0.x
Pablo Rincon 16 years ago committed by Victor Julien
parent 0b6dc3e8d5
commit 9209eaeaf6
7 changed files with 63 additions and 42 deletions
Show Stats Download Patch File Download Diff File

1
src/detect-content.h
Unescape Escape View File

@ -62,7 +62,6 @@ SigMatch *DetectContentFindNextApplicableSM(SigMatch *);
SigMatch *DetectContentHasPrevSMPattern(SigMatch *); SigMatch *DetectContentHasPrevSMPattern(SigMatch *);
SigMatch *SigMatchGetLastPattern(Signature *s); SigMatch *SigMatchGetLastPattern(Signature *s);
void SigMatchAppendUricontent(Signature *, SigMatch *);
void DetectContentFree(void *); void DetectContentFree(void *);

15
src/detect-depth.c
Unescape Escape View File

@ -41,7 +41,8 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
* SigMatch (it can be the same as this one) */ * SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s); SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding content option"); SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding "
"content or uricontent option");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
} }
@ -52,13 +53,14 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
case DETECT_URICONTENT: case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx; ud = (DetectUricontentData *)pm->ctx;
if (ud == NULL) { if (ud == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argpment"); SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
} }
ud->depth = (uint32_t)atoi(str); ud->depth = (uint32_t)atoi(str);
if (ud->uricontent_len + ud->offset > ud->depth) { if (ud->uricontent_len + ud->offset > ud->depth) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", ud->uricontent_len + ud->offset); SCLogDebug("depth increased to %"PRIu32" to match pattern len "
"and offset", ud->uricontent_len + ud->offset);
ud->depth = ud->uricontent_len + ud->offset; ud->depth = ud->uricontent_len + ud->offset;
} }
break; break;
@ -72,13 +74,15 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
} }
cd->depth = (uint32_t)atoi(str); cd->depth = (uint32_t)atoi(str);
if (cd->content_len + cd->offset > cd->depth) { if (cd->content_len + cd->offset > cd->depth) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", cd->content_len + cd->offset); SCLogDebug("depth increased to %"PRIu32" to match pattern len "
"and offset", cd->content_len + cd->offset);
cd->depth = cd->content_len + cd->offset; cd->depth = cd->content_len + cd->offset;
} }
break; break;
default: default:
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding content (or uricontent) option"); SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "depth needs a preceeding "
"content (or uricontent) option");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
break; break;
@ -87,4 +91,3 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, char *depths
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return 0; return 0;
} }

27
src/detect-distance.c
Unescape Escape View File

@ -25,7 +25,8 @@ void DetectDistanceRegister (void) {
sigmatch_table[DETECT_DISTANCE].flags |= SIGMATCH_PAYLOAD; sigmatch_table[DETECT_DISTANCE].flags |= SIGMATCH_PAYLOAD;
} }
static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *distancestr) static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s,
char *distancestr)
{ {
char *str = distancestr; char *str = distancestr;
char dubbed = 0; char dubbed = 0;
@ -41,7 +42,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
* SigMatch (it can be the same as this one) */ * SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s); SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "depth needs two preceeding content (or uricontent) options"); SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
} }
@ -53,7 +55,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
case DETECT_URICONTENT: case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx; ud = (DetectUricontentData *)pm->ctx;
if (ud == NULL) { if (ud == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "Unknown previous keyword!\n"); SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
goto error; goto error;
} }
@ -67,7 +70,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
pm = DetectUricontentGetLastPattern(s->umatch_tail->prev); pm = DetectUricontentGetLastPattern(s->umatch_tail->prev);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two preceeding content options"); SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two"
" preceeding content or uricontent options");
goto error; goto error;
} }
@ -75,7 +79,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
ud = (DetectUricontentData *)pm->ctx; ud = (DetectUricontentData *)pm->ctx;
ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT; ud->flags |= DETECT_URICONTENT_RELATIVE_NEXT;
} else { } else {
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous-previous keyword!"); SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous"
" keyword!");
goto error; goto error;
} }
break; break;
@ -83,7 +88,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
case DETECT_CONTENT: case DETECT_CONTENT:
cd = (DetectContentData *)pm->ctx; cd = (DetectContentData *)pm->ctx;
if (cd == NULL) { if (cd == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "Unknown previous keyword!\n"); SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
goto error; goto error;
} }
@ -97,7 +103,8 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
pm = DetectContentGetLastPattern(s->pmatch_tail->prev); pm = DetectContentGetLastPattern(s->pmatch_tail->prev);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two preceeding content options"); SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two"
" preceeding content or uricontent options");
goto error; goto error;
} }
@ -105,13 +112,15 @@ static int DetectDistanceSetup (DetectEngineCtx *de_ctx, Signature *s, char *dis
cd = (DetectContentData *)pm->ctx; cd = (DetectContentData *)pm->ctx;
cd->flags |= DETECT_CONTENT_RELATIVE_NEXT; cd->flags |= DETECT_CONTENT_RELATIVE_NEXT;
} else { } else {
SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous-previous keyword!"); SCLogError(SC_ERR_RULE_KEYWORD_UNKNOWN, "Unknown previous "
"keyword!");
goto error; goto error;
} }
break; break;
default: default:
SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two preceeding content (or uricontent) options"); SCLogError(SC_ERR_DISTANCE_MISSING_CONTENT, "distance needs two "
"preceeding content or uricontent options");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
break; break;

10
src/detect-nocase.c
Unescape Escape View File

@ -127,15 +127,15 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
SCEnter(); SCEnter();
if (nullstr != NULL) { if (nullstr != NULL) {
SCLogError(SC_ERR_INVALID_VALUE, "nocase has no value"); SCLogError(SC_ERR_INVALID_VALUE, "nocase has value");
SCReturnInt(-1); SCReturnInt(-1);
} }
/* Search for the first previous SigMatch that supports nocase */ /* Search for the first previous SigMatch that supports nocase */
SigMatch *pm = SigMatchGetLastNocasePattern(s); SigMatch *pm = SigMatchGetLastNocasePattern(s);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "nocase needs a preceeding " SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "\"nocase\" needs a preceeding"
"content, uricontent, http_client_body or http_cookie option"); " content, uricontent, http_client_body or http_cookie option");
SCReturnInt(-1); SCReturnInt(-1);
} }
@ -167,8 +167,8 @@ static int DetectNocaseSetup (DetectEngineCtx *de_ctx, Signature *s, char *nulls
break; break;
/* should never happen */ /* should never happen */
default: default:
SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "nocase needs a preceeding " SCLogError(SC_ERR_NOCASE_MISSING_PATTERN, "\"nocase\" needs a"
"content, uricontent, http_client_body or http_cookie option"); " preceeding content, uricontent, http_client_body or http_cookie option");
SCReturnInt(-1); SCReturnInt(-1);
break; break;
} }

14
src/detect-offset.c
Unescape Escape View File

@ -41,7 +41,8 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
* SigMatch (it can be the same as this one) */ * SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s); SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding content option"); SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding "
"content or uricontent option");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
} }
@ -52,13 +53,14 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
case DETECT_URICONTENT: case DETECT_URICONTENT:
ud = (DetectUricontentData *)pm->ctx; ud = (DetectUricontentData *)pm->ctx;
if (ud == NULL) { if (ud == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argpment"); SCLogError(SC_ERR_INVALID_ARGUMENT, "invalid argument");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
} }
ud->offset = (uint32_t)atoi(str); ud->offset = (uint32_t)atoi(str);
if (ud->depth != 0) { if (ud->depth != 0) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", ud->uricontent_len + ud->offset); SCLogDebug("depth increased to %"PRIu32" to match pattern len"
" and offset", ud->uricontent_len + ud->offset);
ud->depth = ud->uricontent_len + ud->offset; ud->depth = ud->uricontent_len + ud->offset;
} }
break; break;
@ -72,13 +74,15 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, char *offsetstr)
} }
cd->offset = (uint32_t)atoi(str); cd->offset = (uint32_t)atoi(str);
if (cd->depth != 0) { if (cd->depth != 0) {
SCLogDebug("depth increased to %"PRIu32" to match pattern len and offset", cd->content_len + cd->offset); SCLogDebug("depth increased to %"PRIu32" to match pattern len"
" and offset", cd->content_len + cd->offset);
cd->depth = cd->content_len + cd->offset; cd->depth = cd->content_len + cd->offset;
} }
break; break;
default: default:
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding content (or uricontent) option"); SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs a preceeding"
" content or uricontent option");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
break; break;

27
src/detect-uricontent.c
Unescape Escape View File

@ -105,8 +105,10 @@ void DetectUricontentPrint(DetectUricontentData *cd)
SCLogDebug("Within: %"PRIi32, cd->within); SCLogDebug("Within: %"PRIi32, cd->within);
SCLogDebug("Distance: %"PRIi32, cd->distance); SCLogDebug("Distance: %"PRIi32, cd->distance);
SCLogDebug("flags: %u ", cd->flags); SCLogDebug("flags: %u ", cd->flags);
SCLogDebug("negated: %s ", cd->flags & DETECT_URICONTENT_NEGATED ? "true" : "false"); SCLogDebug("negated: %s ",
SCLogDebug("relative match next: %s ", cd->flags & DETECT_URICONTENT_RELATIVE_NEXT ? "true" : "false"); cd->flags & DETECT_URICONTENT_NEGATED ? "true" : "false");
SCLogDebug("relative match next: %s ",
cd->flags & DETECT_URICONTENT_RELATIVE_NEXT ? "true" : "false");
SCLogDebug("-----------"); SCLogDebug("-----------");
} }
@ -316,7 +318,8 @@ int DetectUricontentSetup (DetectEngineCtx *de_ctx, Signature *s, char *contents
s->flags |= SIG_FLAG_APPLAYER; s->flags |= SIG_FLAG_APPLAYER;
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting"
" keywords.");
goto error; goto error;
} }
@ -1224,13 +1227,13 @@ static int DetectUriSigTest05(void) {
} }
if ((PacketAlertCheck(&p, 1))) { if ((PacketAlertCheck(&p, 1))) {
printf("sig: 1 alerted, but it should not\n"); printf("sig: 1 alerted, but it should not:");
goto end; goto end;
} else if (! PacketAlertCheck(&p, 2)) { } else if (! PacketAlertCheck(&p, 2)) {
printf("sig: 2 did not alerted, but it should\n"); printf("sig: 2 did not alerted, but it should:");
goto end; goto end;
} else if (! (PacketAlertCheck(&p, 3))) { } else if (! (PacketAlertCheck(&p, 3))) {
printf("sig: 3 did not alerted, but it should\n"); printf("sig: 3 did not alerted, but it should:");
goto end; goto end;
} }
@ -1341,13 +1344,13 @@ static int DetectUriSigTest06(void) {
} }
if ((PacketAlertCheck(&p, 1))) { if ((PacketAlertCheck(&p, 1))) {
printf("sig: 1 alerted, but it should not\n"); printf("sig: 1 alerted, but it should not:");
goto end; goto end;
} else if (! PacketAlertCheck(&p, 2)) { } else if (! PacketAlertCheck(&p, 2)) {
printf("sig: 2 did not alerted, but it should\n"); printf("sig: 2 did not alerted, but it should:");
goto end; goto end;
} else if (! (PacketAlertCheck(&p, 3))) { } else if (! (PacketAlertCheck(&p, 3))) {
printf("sig: 3 did not alerted, but it should\n"); printf("sig: 3 did not alerted, but it should:");
goto end; goto end;
} }
@ -1458,13 +1461,13 @@ static int DetectUriSigTest07(void) {
} }
if (PacketAlertCheck(&p, 1)) { if (PacketAlertCheck(&p, 1)) {
printf("sig: 1 alerted, but it should not\n"); printf("sig: 1 alerted, but it should not:");
goto end; goto end;
} else if (PacketAlertCheck(&p, 2)) { } else if (PacketAlertCheck(&p, 2)) {
printf("sig: 2 did not alerted, but it should\n"); printf("sig: 2 alerted, but it should not:");
goto end; goto end;
} else if (PacketAlertCheck(&p, 3)) { } else if (PacketAlertCheck(&p, 3)) {
printf("sig: 3 did not alerted, but it should\n"); printf("sig: 3 alerted, but it should not:");
goto end; goto end;
} }

11
src/detect-within.c
Unescape Escape View File

@ -52,7 +52,8 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
* SigMatch (it can be the same as this one) */ * SigMatch (it can be the same as this one) */
SigMatch *pm = SigMatchGetLastPattern(s); SigMatch *pm = SigMatchGetLastPattern(s);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "depth needs two preceeding content (or uricontent) options"); SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "depth needs"
"two preceeding content or uricontent options");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
} }
@ -87,7 +88,8 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
pm = DetectUricontentGetLastPattern(s->umatch_tail->prev); pm = DetectUricontentGetLastPattern(s->umatch_tail->prev);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content options"); SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two"
" preceeding content or uricontent options");
goto error; goto error;
} }
@ -129,7 +131,8 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
pm = DetectContentGetLastPattern(s->pmatch_tail->prev); pm = DetectContentGetLastPattern(s->pmatch_tail->prev);
if (pm == NULL) { if (pm == NULL) {
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content options"); SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two"
" preceeding content or uricontent options");
goto error; goto error;
} }
@ -144,7 +147,7 @@ static int DetectWithinSetup (DetectEngineCtx *de_ctx, Signature *s, char *withi
break; break;
default: default:
SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content (or uricontent) options"); SCLogError(SC_ERR_WITHIN_MISSING_CONTENT, "within needs two preceeding content or uricontent options");
if (dubbed) SCFree(str); if (dubbed) SCFree(str);
return -1; return -1;
break; break;

Write Preview
Loading…
Cancel
Save