mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
181 lines
4.4 KiB
C
181 lines
4.4 KiB
C
/* Copyright (C) 2025 Open Information Security Foundation
|
|
*
|
|
* You can copy, redistribute or modify this Program under the terms of
|
|
* the GNU General Public License version 2 as published by the Free
|
|
* Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* version 2 along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
* 02110-1301, USA.
|
|
*/
|
|
|
|
#include "suricata-common.h"
|
|
#include "action-globals.h"
|
|
#include "app-layer.h"
|
|
#include "util-lua-rule.h"
|
|
#include "util-lua-common.h"
|
|
#include "util-lua.h"
|
|
|
|
#include "lauxlib.h"
|
|
|
|
static const char suricata_rule_mt[] = "suricata:rule:mt";
|
|
|
|
static int LuaRuleGetRule(lua_State *L)
|
|
{
|
|
const PacketAlert *pa = LuaStateGetPacketAlert(L);
|
|
const Signature *s = NULL;
|
|
if (pa != NULL) {
|
|
s = pa->s;
|
|
} else {
|
|
s = LuaStateGetSignature(L);
|
|
}
|
|
if (s == NULL) {
|
|
return LuaCallbackError(L, "internal error: no packet alert or signature");
|
|
}
|
|
|
|
void **p = lua_newuserdata(L, sizeof(*p));
|
|
if (p == NULL) {
|
|
return LuaCallbackError(L, "error: failed to allocate user data");
|
|
}
|
|
*p = (void *)s;
|
|
|
|
luaL_getmetatable(L, suricata_rule_mt);
|
|
lua_setmetatable(L, -2);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int LuaRuleGetSid(lua_State *L)
|
|
{
|
|
void **data = luaL_testudata(L, 1, suricata_rule_mt);
|
|
if (data == NULL) {
|
|
lua_pushnil(L);
|
|
return 1;
|
|
}
|
|
const Signature *s = *data;
|
|
lua_pushinteger(L, s->id);
|
|
return 1;
|
|
}
|
|
|
|
static int LuaRuleGetGid(lua_State *L)
|
|
{
|
|
void **data = luaL_testudata(L, 1, suricata_rule_mt);
|
|
if (data == NULL) {
|
|
lua_pushnil(L);
|
|
return 1;
|
|
}
|
|
const Signature *s = *data;
|
|
lua_pushinteger(L, s->gid);
|
|
return 1;
|
|
}
|
|
|
|
static int LuaRuleGetRev(lua_State *L)
|
|
{
|
|
void **data = luaL_testudata(L, 1, suricata_rule_mt);
|
|
if (data == NULL) {
|
|
lua_pushnil(L);
|
|
return 1;
|
|
}
|
|
const Signature *s = *data;
|
|
lua_pushinteger(L, s->rev);
|
|
return 1;
|
|
}
|
|
|
|
static int LuaRuleGetAction(lua_State *L)
|
|
{
|
|
void **data = luaL_testudata(L, 1, suricata_rule_mt);
|
|
if (data == NULL) {
|
|
lua_pushnil(L);
|
|
return 1;
|
|
}
|
|
const Signature *s = *data;
|
|
|
|
const char *action = "";
|
|
if (s->action & ACTION_PASS) {
|
|
action = "pass";
|
|
} else if ((s->action & ACTION_REJECT) || (s->action & ACTION_REJECT_BOTH) ||
|
|
(s->action & ACTION_REJECT_DST)) {
|
|
action = "reject";
|
|
} else if (s->action & ACTION_DROP) {
|
|
action = "drop";
|
|
} else if (s->action & ACTION_ALERT) {
|
|
action = "alert";
|
|
}
|
|
lua_pushstring(L, action);
|
|
return 1;
|
|
}
|
|
|
|
static int LuaRuleGetMsg(lua_State *L)
|
|
{
|
|
void **data = luaL_testudata(L, 1, suricata_rule_mt);
|
|
if (data == NULL) {
|
|
lua_pushnil(L);
|
|
return 1;
|
|
}
|
|
const Signature *s = *data;
|
|
lua_pushstring(L, s->msg);
|
|
return 1;
|
|
}
|
|
|
|
static int LuaRuleGetClassDescription(lua_State *L)
|
|
{
|
|
void **data = luaL_testudata(L, 1, suricata_rule_mt);
|
|
if (data == NULL) {
|
|
lua_pushnil(L);
|
|
return 1;
|
|
}
|
|
const Signature *s = *data;
|
|
lua_pushstring(L, s->class_msg);
|
|
return 1;
|
|
}
|
|
|
|
static int LuaRuleGetPriority(lua_State *L)
|
|
{
|
|
void **data = luaL_testudata(L, 1, suricata_rule_mt);
|
|
if (data == NULL) {
|
|
lua_pushnil(L);
|
|
return 1;
|
|
}
|
|
const Signature *s = *data;
|
|
lua_pushinteger(L, s->prio);
|
|
return 1;
|
|
}
|
|
|
|
static const struct luaL_Reg rulemt[] = {
|
|
// clang-format off
|
|
{ "action", LuaRuleGetAction },
|
|
{ "class_description", LuaRuleGetClassDescription, },
|
|
{ "gid", LuaRuleGetGid, },
|
|
{ "msg", LuaRuleGetMsg },
|
|
{ "priority", LuaRuleGetPriority },
|
|
{ "rev", LuaRuleGetRev, },
|
|
{ "sid", LuaRuleGetSid, },
|
|
{ NULL, NULL },
|
|
// clang-format on
|
|
};
|
|
|
|
static const struct luaL_Reg rulelib[] = {
|
|
// clang-format off
|
|
{ "get_rule", LuaRuleGetRule, },
|
|
{ NULL, NULL, }
|
|
// clang-format on
|
|
};
|
|
|
|
int SCLuaLoadRuleLib(lua_State *L)
|
|
{
|
|
luaL_newmetatable(L, suricata_rule_mt);
|
|
lua_pushvalue(L, -1);
|
|
lua_setfield(L, -2, "__index");
|
|
luaL_setfuncs(L, rulemt, 0);
|
|
|
|
luaL_newlib(L, rulelib);
|
|
|
|
return 1;
|
|
}
|