From e9b33c48f02e539874e01bd9adbbd3fcc3f031c7 Mon Sep 17 00:00:00 2001
From: Victor Julien <vjulien@oisf.net>
Date: Sat, 23 Sep 2023 13:01:05 +0200
Subject: [PATCH] detect/base64: move content inspection logic

Integrate with rest of content inspect code.
---
 src/detect-base64-data.c               | 13 -------------
 src/detect-base64-data.h               |  2 --
 src/detect-engine-content-inspection.c | 14 ++++++++++----
 3 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/src/detect-base64-data.c b/src/detect-base64-data.c
index 09d89113d6..770061350a 100644
--- a/src/detect-base64-data.c
+++ b/src/detect-base64-data.c
@@ -61,19 +61,6 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
     return 0;
 }
 
-int DetectBase64DataDoMatch(DetectEngineCtx *de_ctx,
-    DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f)
-{
-    if (det_ctx->base64_decoded_len) {
-        return DetectEngineContentInspectionInternal(de_ctx, det_ctx, s,
-                s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], NULL, f, det_ctx->base64_decoded,
-                det_ctx->base64_decoded_len, 0, DETECT_CI_FLAGS_SINGLE,
-                DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
-    }
-
-    return 0;
-}
-
 #ifdef UNITTESTS
 
 static int g_file_data_buffer_id = 0;
diff --git a/src/detect-base64-data.h b/src/detect-base64-data.h
index 38bb93fc06..4b7d54d04e 100644
--- a/src/detect-base64-data.h
+++ b/src/detect-base64-data.h
@@ -19,7 +19,5 @@
 #define __DETECT_BASE64_DATA_H__
 
 void DetectBase64DataRegister(void);
-int DetectBase64DataDoMatch(DetectEngineCtx *, DetectEngineThreadCtx *,
-        const Signature *, Flow *);
 
 #endif /* __DETECT_BASE64_DATA_H__ */
diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c
index 09d838378f..19e7fe1096 100644
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@@ -651,10 +651,16 @@ int DetectEngineContentInspectionInternal(DetectEngineCtx *de_ctx, DetectEngineT
     } else if (smd->type == DETECT_BASE64_DECODE) {
         if (DetectBase64DecodeDoMatch(det_ctx, s, smd, buffer, buffer_len)) {
             if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) {
-                KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
-                if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f) == 1) {
-                    /* Base64 is a terminal list. */
-                    goto final_match;
+                if (det_ctx->base64_decoded_len) {
+                    KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+                    int r = DetectEngineContentInspectionInternal(de_ctx, det_ctx, s,
+                            s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], NULL, f,
+                            det_ctx->base64_decoded, det_ctx->base64_decoded_len, 0,
+                            DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+                    if (r == 1) {
+                        /* Base64 is a terminal list. */
+                        goto final_match;
+                    }
                 }
             }
         }