aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect/threshold: Don't allow duplicates

Browse Source 
This commit detects duplicate threshold rule options. When duplicates
are found in a rule, an error message is displayed and the rule is
rejected.
pull/4637/head
Jeff Lucovsky 6 years ago committed by Victor Julien
parent f6c77dcdd9
commit ff9a01ee1b
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
src/detect-threshold.c
Unescape Escape View File

@ -1,4 +1,4 @@
/* Copyright (C) 2007-2013 Open Information Security Foundation
/* Copyright (C) 2007-2020 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
@ -229,10 +229,15 @@ static int DetectThresholdSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
SigMatch *tmpm = NULL;
/* checks if there is a previous instance of detection_filter */
tmpm = DetectGetLastSMFromLists(s, DETECT_DETECTION_FILTER, -1);
tmpm = DetectGetLastSMFromLists(s, DETECT_THRESHOLD, DETECT_DETECTION_FILTER, -1);
if (tmpm != NULL) {
if (tmpm->type == DETECT_DETECTION_FILTER) {
SCLogError(SC_ERR_INVALID_SIGNATURE, "\"detection_filter\" and "
"\"threshold\" are not allowed in the same rule");
} else {
SCLogError(SC_ERR_INVALID_SIGNATURE, "multiple \"threshold\" "
"options are not allowed in the same rule");
}
SCReturnInt(-1);
}

Write Preview
Loading…
Cancel
Save