aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/content: clean up logging output

Browse Source 
Signed-off-by: jason taylor <jtfas90@gmail.com>
pull/3896/head
jason taylor 6 years ago committed by Victor Julien
parent e9be6126e2
commit fa0008dbbe
3 changed files with 26 additions and 26 deletions
Show Stats Download Patch File Download Diff File

12
src/detect-content.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2014 Open Information Security Foundation
/* Copyright (C) 2007-2019 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -140,7 +140,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
}
else if (str[i] != ',') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code in "
"content - %s, hex %c. Invalidating signature", str, str[i]);
"content - %s, hex %c. Invalidating signature.", str, str[i]);
goto error;
}
} else if (escape) {
@ -158,7 +158,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
escape = 0;
converted = 1;
} else if (str[i] == '"') {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid unescaped double quote within content section");
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid unescaped double quote within content section.");
goto error;
} else {
str[x] = str[i];
@ -169,7 +169,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr,
if (bin_count % 2 != 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in "
"%s - %s. Invalidating signature", keyword, contentstr);
"%s - %s. Invalidating signature.", keyword, contentstr);
goto error;
}
@ -395,13 +395,13 @@ _Bool DetectContentPMATCHValidateCallback(const Signature *s)
uint32_t right_edge = cd->content_len + cd->offset;
if (cd->content_len > max_right_edge) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"signature can't match as content length %u is bigger than dsize %u",
"signature can't match as content length %u is bigger than dsize %u.",
cd->content_len, max_right_edge);
return FALSE;
}
if (right_edge > max_right_edge) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"signature can't match as content length %u with offset %u (=%u) is bigger than dsize %u",
"signature can't match as content length %u with offset %u (=%u) is bigger than dsize %u.",
cd->content_len, cd->offset, right_edge, max_right_edge);
return FALSE;
}

24
src/detect-depth.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
/* Copyright (C) 2007-2019 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -76,7 +76,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
"http_method option, http_cookie, http_raw_uri, "
"http_stat_msg, http_stat_code, http_user_agent, "
"http_host, http_raw_host or "
"file_data/dce_stub_data sticky buffer options");
"file_data/dce_stub_data sticky buffer options.");
goto end;
}
@ -96,19 +96,19 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
}
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a fast_pattern");
"negated keyword set along with 'fast_pattern'.");
goto end;
}
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"keyword set along with a fast_pattern:only;");
"keyword set along with 'fast_pattern:only;'.");
goto end;
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in depth - %s\n", str);
"seen in depth - %s.", str);
goto end;
}
cd->depth = ((DetectByteExtractData *)bed_sm->ctx)->local_id;
@ -117,13 +117,13 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char *
if (ByteExtractStringUint16(&cd->depth, 0, 0, str) != (int)strlen(str))
{
SCLogError(SC_ERR_INVALID_SIGNATURE,
"invalid value for depth: %s", str);
"invalid value for depth: %s.", str);
goto end;
}
if (cd->depth < cd->content_len) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "depth:%u smaller than "
"content of len %u", cd->depth, cd->content_len);
"content of len %u.", cd->depth, cd->content_len);
return -1;
}
/* Now update the real limit, as depth is relative to the offset */
@ -145,7 +145,7 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "startswith needs a "
"preceding content option");
"preceding content option.");
goto end;
}
@ -154,7 +154,7 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c
if (cd->flags & DETECT_CONTENT_DEPTH) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple "
"depth/startswith settings for the same content");
"depth/startswith settings for the same content.");
goto end;
}
if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
@ -166,17 +166,17 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c
}
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a fast_pattern");
"negated keyword set along with a 'fast_pattern'.");
goto end;
}
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"keyword set along with a fast_pattern:only;");
"keyword set along with 'fast_pattern:only;'.");
goto end;
}
if (cd->flags & DETECT_CONTENT_OFFSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't mix offset "
"with startswith");
"with startswith.");
goto end;
}

16
src/detect-offset.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2010 Open Information Security Foundation
/* Copyright (C) 2007-2019 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -63,7 +63,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset
pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1);
if (pm == NULL) {
SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs "
"preceding content option");
"preceding content option.");
goto end;
}
@ -71,11 +71,11 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset
DetectContentData *cd = (DetectContentData *)pm->ctx;
if (cd->flags & DETECT_CONTENT_STARTS_WITH) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use offset with startswith");
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use offset with startswith.");
goto end;
}
if (cd->flags & DETECT_CONTENT_OFFSET) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple offsets for the same content. ");
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple offsets for the same content.");
goto end;
}
if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) {
@ -87,12 +87,12 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset
}
if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"negated keyword set along with a fast_pattern");
"negated keyword set along with 'fast_pattern'.");
goto end;
}
if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative "
"keyword set along with a fast_pattern:only;");
"keyword set along with 'fast_pattern:only;'.");
goto end;
}
if (str[0] != '-' && isalpha((unsigned char)str[0])) {
@ -100,7 +100,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset
DetectByteExtractRetrieveSMVar(str, s);
if (bed_sm == NULL) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var "
"seen in offset - %s\n", str);
"seen in offset - %s.", str);
goto end;
}
cd->offset = ((DetectByteExtractData *)bed_sm->ctx)->local_id;
@ -108,7 +108,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset
} else {
if (ByteExtractStringUint16(&cd->offset, 0, 0, str) != (int)strlen(str))
{
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid value for offset: %s", str);
SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid value for offset: %s.", str);
goto end;
}
if (cd->depth != 0) {

Write Preview
Loading…
Cancel
Save