/**
* \brief this function is used to add the parsed "id" option
* into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
DetectFileextData *fileext= NULL;
SigMatch *sm = NULL;
fileext = DetectFileextParse(str, s->init_data->negated);
if (fileext == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FILEEXT;
sm->ctx = (void *)fileext;
SigMatchAppendSMToList(s, sm, g_file_match_list_id);
s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME);
return 0;
error:
if (fileext != NULL)
DetectFileextFree(fileext);
if (sm != NULL)
SCFree(sm);
return -1;
}
/**
* \test DetectFileextTestParse01
*/
int DetectFileextTestParse01 (void) {
DetectFileextData *dfd = DetectFileextParse("\"doc\"");
if (dfd != NULL) {
DetectFileextFree(dfd);
return 1;
}
return 0;
}
/**
* \test DetectFileextTestParse01
*/
static int DetectFileextTestParse01 (void)
{
DetectFileextData *dfd = DetectFileextParse("doc", false);
if (dfd != NULL) {
DetectFileextFree(dfd);
return 1;
}
return 0;
}
/**
* \test DetectFileextTestParse03
*/
int DetectFileextTestParse03 (void) {
int result = 0;
DetectFileextData *dfd = DetectFileextParse("\"pdf\"");
if (dfd != NULL) {
if (dfd->len == 3 && memcmp(dfd->ext, "pdf", 3) == 0) {
result = 1;
}
DetectFileextFree(dfd);
return result;
}
return 0;
}
/**
* \test DetectFileextTestParse02
*/
int DetectFileextTestParse02 (void) {
int result = 0;
DetectFileextData *dfd = DetectFileextParse("\"tar.gz\"");
if (dfd != NULL) {
if (dfd->len == 6 && memcmp(dfd->ext, "tar.gz", 6) == 0) {
result = 1;
}
DetectFileextFree(dfd);
return result;
}
return 0;
}
/**
* \brief This function is used to parse fileet
*
* \param str Pointer to the fileext value string
*
* \retval pointer to DetectFileextData on success
* \retval NULL on failure
*/
static DetectFileextData *DetectFileextParse (const char *str, bool negate)
{
DetectFileextData *fileext = NULL;
/* We have a correct filename option */
fileext = SCMalloc(sizeof(DetectFileextData));
if (unlikely(fileext == NULL))
goto error;
memset(fileext, 0x00, sizeof(DetectFileextData));
if (DetectContentDataParse("fileext", str, &fileext->ext, &fileext->len) == -1) {
goto error;
}
uint16_t u;
for (u = 0; u < fileext->len; u++)
fileext->ext[u] = tolower(fileext->ext[u]);
if (negate) {
fileext->flags |= DETECT_CONTENT_NEGATED;
}
SCLogDebug("flags %02X", fileext->flags);
if (fileext->flags & DETECT_CONTENT_NEGATED) {
SCLogDebug("negated fileext");
}
#ifdef DEBUG
if (SCLogDebugEnabled()) {
char *ext = SCMalloc(fileext->len + 1);
if (ext != NULL) {
memcpy(ext, fileext->ext, fileext->len);
ext[fileext->len] = '\0';
SCLogDebug("will look for fileext %s", ext);
}
}
#endif
return fileext;
error:
if (fileext != NULL)
DetectFileextFree(fileext);
return NULL;
}
/**
* \brief this function is used to add the parsed "id" option
* into the current signature
*
* \param de_ctx pointer to the Detection Engine Context
* \param s pointer to the Current Signature
* \param idstr pointer to the user provided "id" option
*
* \retval 0 on Success
* \retval -1 on Failure
*/
static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, char *str)
{
DetectFileextData *fileext= NULL;
SigMatch *sm = NULL;
fileext = DetectFileextParse(str);
if (fileext == NULL)
goto error;
/* Okay so far so good, lets get this into a SigMatch
* and put it in the Signature. */
sm = SigMatchAlloc();
if (sm == NULL)
goto error;
sm->type = DETECT_FILEEXT;
sm->ctx = (void *)fileext;
SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH);
if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) {
SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords.");
goto error;
}
AppLayerHtpNeedFileInspection();
s->alproto = ALPROTO_HTTP;
s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME);
return 0;
error:
if (fileext != NULL)
DetectFileextFree(fileext);
if (sm != NULL)
SCFree(sm);
return -1;
}
