/**
* \brief this function is used to add the parsed "id" option
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectSshSoftwareVersionSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectSshSoftwareVersionData *ssh = NULL;
SigMatch *sm = NULL;
if (DetectSignatureSetAppProto(s, ALPROTO_SSH) != 0)
return -1;
ssh = DetectSshSoftwareVersionParse(str);
if (ssh == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_AL_SSH_SOFTWAREVERSION;
sm->ctx = (void *)ssh;
SigMatchAppendSMToList(s, sm, g_ssh_banner_list_id);
return 0;
error:
if (ssh != NULL)
DetectSshSoftwareVersionFree(ssh);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \test DetectSshSoftwareVersionTestParse03 is a test to make sure that we
* don't return a ssh_data with an empty value specified
*/
int DetectSshSoftwareVersionTestParse03 (void) {
DetectSshSoftwareVersionData *ssh = NULL;
ssh = DetectSshSoftwareVersionParse("");
if (ssh != NULL) {
DetectSshSoftwareVersionFree(ssh);
return 0;
}
return 1;
}
/**
* \test DetectSshSoftwareVersionTestParse02 is a test to make sure that we parse
* the software version correctly
*/
int DetectSshSoftwareVersionTestParse02 (void) {
DetectSshSoftwareVersionData *ssh = NULL;
ssh = DetectSshSoftwareVersionParse("\"SecureCRT-4.0\"");
if (ssh != NULL && strncmp((char *) ssh->software_ver, "SecureCRT-4.0", 13) == 0) {
DetectSshSoftwareVersionFree(ssh);
return 1;
}
return 0;
}
/**
* \test DetectSshSoftwareVersionTestParse01 is a test to make sure that we parse
* a software version correctly
*/
int DetectSshSoftwareVersionTestParse01 (void) {
DetectSshSoftwareVersionData *ssh = NULL;
ssh = DetectSshSoftwareVersionParse("PuTTY_1.0");
if (ssh != NULL && strncmp((char *) ssh->software_ver, "PuTTY_1.0", 9) == 0) {
DetectSshSoftwareVersionFree(ssh);
return 1;
}
return 0;
}
/**
* \brief this function is used to add the parsed "id" option
* \brief into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectSshSoftwareVersionSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
DetectSshSoftwareVersionData *ssh = NULL;
SigMatch *sm = NULL;
ssh = DetectSshSoftwareVersionParse(str);
if (ssh == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_SSH) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
goto error;
}
sm->type = DETECT_AL_SSH_SOFTWAREVERSION;
sm->ctx = (void *)ssh;
s->flags |= SIG_FLAG_APPLAYER;
s->alproto = ALPROTO_SSH;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_AMATCH);
return 0;
error:
if (ssh != NULL)
DetectSshSoftwareVersionFree(ssh);
if (sm != NULL)
SCFree(sm);
return -1;
}
