C++ (Cpp) DetectFilesizeParse Examples

Programming Language: C++ (Cpp)

Method/Function: DetectFilesizeParse

Examples at hotexamples.com: 4

C++ (Cpp) DetectFilesizeParse - 4 examples found. These are the top rated real world C++ (Cpp) examples of DetectFilesizeParse extracted from open source projects. You can rate examples to help us improve the quality of examples.

Example #1

Show file

File: detect-filesize.c Project: BreakingTheory/suricata

static int DetectFilesizeInitTest(DetectEngineCtx **de_ctx, Signature **sig,
                                DetectFilesizeData **fsd, char *str)
{
    char fullstr[1024];
    int result = 0;

    *de_ctx = NULL;
    *sig = NULL;

    if (snprintf(fullstr, 1024, "alert http any any -> any any (msg:\"Filesize "
                                "test\"; filesize:%s; sid:1;)", str) >= 1024) {
        goto end;
    }

    *de_ctx = DetectEngineCtxInit();
    if (*de_ctx == NULL) {
        goto end;
    }

    (*de_ctx)->flags |= DE_QUIET;

    (*de_ctx)->sig_list = SigInit(*de_ctx, fullstr);
    if ((*de_ctx)->sig_list == NULL) {
        goto end;
    }

    *sig = (*de_ctx)->sig_list;

    *fsd = DetectFilesizeParse(str);

    result = 1;

end:
    return result;
}

Example #2

Show file

/**
 * \brief this function is used to parse filesize data into the current signature
 *
 * \param de_ctx pointer to the Detection Engine Context
 * \param s pointer to the Current Signature
 * \param str pointer to the user provided options
 *
 * \retval 0 on Success
 * \retval -1 on Failure
 */
static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
    SCEnter();
    DetectFilesizeData *fsd = NULL;
    SigMatch *sm = NULL;

    fsd = DetectFilesizeParse(str);
    if (fsd == NULL)
        goto error;

    sm = SigMatchAlloc();
    if (sm == NULL)
        goto error;

    sm->type = DETECT_FILESIZE;
    sm->ctx = (SigMatchCtx *)fsd;

    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);

    s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE);
    SCReturnInt(0);

error:
    if (fsd != NULL)
        DetectFilesizeFree(fsd);
    if (sm != NULL)
        SCFree(sm);
    SCReturnInt(-1);
}

Example #3

Show file

File: detect-filesize.c Project: BreakingTheory/suricata

/** \test   Test the Filesize keyword setup */
static int DetectFilesizeParseTest03(void)
{
    int ret = 0;
    DetectFilesizeData *fsd = NULL;

    fsd = DetectFilesizeParse(" > 10 ");
    if (fsd != NULL) {
        if (fsd->size1 == 10 && fsd->mode == DETECT_FILESIZE_GT)
            ret = 1;

        DetectFilesizeFree(fsd);
    }
    return ret;
}

Example #4

Show file

File: detect-filesize.c Project: BreakingTheory/suricata

/**
 * \brief this function is used to parse filesize data into the current signature
 *
 * \param de_ctx pointer to the Detection Engine Context
 * \param s pointer to the Current Signature
 * \param str pointer to the user provided options
 *
 * \retval 0 on Success
 * \retval -1 on Failure
 */
static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
    SCEnter();
    DetectFilesizeData *fsd = NULL;
    SigMatch *sm = NULL;

    fsd = DetectFilesizeParse(str);
    if (fsd == NULL)
        goto error;

    sm = SigMatchAlloc();
    if (sm == NULL)
        goto error;

    sm->type = DETECT_FILESIZE;
    sm->ctx = (void *)fsd;

    SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);

    if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
        SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
        goto error;
    }

    AppLayerHtpNeedFileInspection();

    /** \todo remove this once we support more than http */
    s->alproto = ALPROTO_HTTP;

    s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_SIZE);
    SCReturnInt(0);

error:
    if (fsd != NULL)
        DetectFilesizeFree(fsd);
    if (sm != NULL)
        SCFree(sm);
    SCReturnInt(-1);
}