/** * \brief this function is used to add the parsed "id" option * into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param idstr pointer to the user provided "id" option * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, const char *str) { DetectFileextData *fileext= NULL; SigMatch *sm = NULL; fileext = DetectFileextParse(str, s->init_data->negated); if (fileext == NULL) goto error; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILEEXT; sm->ctx = (void *)fileext; SigMatchAppendSMToList(s, sm, g_file_match_list_id); s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME); return 0; error: if (fileext != NULL) DetectFileextFree(fileext); if (sm != NULL) SCFree(sm); return -1; }
/** * \test DetectFileextTestParse01 */ int DetectFileextTestParse01 (void) { DetectFileextData *dfd = DetectFileextParse("\"doc\""); if (dfd != NULL) { DetectFileextFree(dfd); return 1; } return 0; }
/** * \test DetectFileextTestParse01 */ static int DetectFileextTestParse01 (void) { DetectFileextData *dfd = DetectFileextParse("doc", false); if (dfd != NULL) { DetectFileextFree(dfd); return 1; } return 0; }
/** * \test DetectFileextTestParse03 */ int DetectFileextTestParse03 (void) { int result = 0; DetectFileextData *dfd = DetectFileextParse("\"pdf\""); if (dfd != NULL) { if (dfd->len == 3 && memcmp(dfd->ext, "pdf", 3) == 0) { result = 1; } DetectFileextFree(dfd); return result; } return 0; }
/** * \test DetectFileextTestParse02 */ int DetectFileextTestParse02 (void) { int result = 0; DetectFileextData *dfd = DetectFileextParse("\"tar.gz\""); if (dfd != NULL) { if (dfd->len == 6 && memcmp(dfd->ext, "tar.gz", 6) == 0) { result = 1; } DetectFileextFree(dfd); return result; } return 0; }
/** * \brief This function is used to parse fileet * * \param str Pointer to the fileext value string * * \retval pointer to DetectFileextData on success * \retval NULL on failure */ static DetectFileextData *DetectFileextParse (const char *str, bool negate) { DetectFileextData *fileext = NULL; /* We have a correct filename option */ fileext = SCMalloc(sizeof(DetectFileextData)); if (unlikely(fileext == NULL)) goto error; memset(fileext, 0x00, sizeof(DetectFileextData)); if (DetectContentDataParse("fileext", str, &fileext->ext, &fileext->len) == -1) { goto error; } uint16_t u; for (u = 0; u < fileext->len; u++) fileext->ext[u] = tolower(fileext->ext[u]); if (negate) { fileext->flags |= DETECT_CONTENT_NEGATED; } SCLogDebug("flags %02X", fileext->flags); if (fileext->flags & DETECT_CONTENT_NEGATED) { SCLogDebug("negated fileext"); } #ifdef DEBUG if (SCLogDebugEnabled()) { char *ext = SCMalloc(fileext->len + 1); if (ext != NULL) { memcpy(ext, fileext->ext, fileext->len); ext[fileext->len] = '\0'; SCLogDebug("will look for fileext %s", ext); } } #endif return fileext; error: if (fileext != NULL) DetectFileextFree(fileext); return NULL; }
/** * \brief this function is used to add the parsed "id" option * into the current signature * * \param de_ctx pointer to the Detection Engine Context * \param s pointer to the Current Signature * \param idstr pointer to the user provided "id" option * * \retval 0 on Success * \retval -1 on Failure */ static int DetectFileextSetup (DetectEngineCtx *de_ctx, Signature *s, char *str) { DetectFileextData *fileext= NULL; SigMatch *sm = NULL; fileext = DetectFileextParse(str); if (fileext == NULL) goto error; /* Okay so far so good, lets get this into a SigMatch * and put it in the Signature. */ sm = SigMatchAlloc(); if (sm == NULL) goto error; sm->type = DETECT_FILEEXT; sm->ctx = (void *)fileext; SigMatchAppendSMToList(s, sm, DETECT_SM_LIST_FILEMATCH); if (s->alproto != ALPROTO_UNKNOWN && s->alproto != ALPROTO_HTTP) { SCLogError(SC_ERR_CONFLICTING_RULE_KEYWORDS, "rule contains conflicting keywords."); goto error; } AppLayerHtpNeedFileInspection(); s->alproto = ALPROTO_HTTP; s->file_flags |= (FILE_SIG_NEED_FILE|FILE_SIG_NEED_FILENAME); return 0; error: if (fileext != NULL) DetectFileextFree(fileext); if (sm != NULL) SCFree(sm); return -1; }