/**
* \test DetectIsdataatTestParse03 is a test to make sure that we return a correct IsdataatData structure
* when given valid isdataat opt
*/
int DetectIsdataatTestParse03 (void) {
int result = 0;
DetectIsdataatData *idad = NULL;
idad = DetectIsdataatParse("30,relative, rawbytes ", NULL);
if (idad != NULL && idad->flags & ISDATAAT_RELATIVE && idad->flags & ISDATAAT_RAWBYTES) {
DetectIsdataatFree(idad);
result = 1;
}
return result;
}
/**
* \test DetectIsdataatTestParse01 is a test to make sure that we return a correct IsdataatData structure
* when given valid isdataat opt
*/
int DetectIsdataatTestParse01 (void) {
int result = 0;
DetectIsdataatData *idad = NULL;
idad = DetectIsdataatParse("30 ", NULL);
if (idad != NULL) {
DetectIsdataatFree(idad);
result = 1;
}
return result;
}
/**
* \brief This function is used to parse isdataat options passed via isdataat: keyword
*
* \param isdataatstr Pointer to the user provided isdataat options
*
* \retval idad pointer to DetectIsdataatData on success
* \retval NULL on failure
*/
DetectIsdataatData *DetectIsdataatParse (char *isdataatstr, char **offset)
{
DetectIsdataatData *idad = NULL;
char *args[3] = {NULL,NULL,NULL};
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i=0;
ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr);
goto error;
}
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[0] = (char *)str_ptr;
if (ret > 2) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[1] = (char *)str_ptr;
}
if (ret > 3) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[2] = (char *)str_ptr;
}
idad = SCMalloc(sizeof(DetectIsdataatData));
if (unlikely(idad == NULL))
goto error;
idad->flags = 0;
idad->dataat = 0;
if (args[0][0] != '-' && isalpha((unsigned char)args[0][0])) {
if (offset == NULL) {
SCLogError(SC_ERR_INVALID_ARGUMENT, "isdataat supplied with "
"var name for offset. \"offset\" argument supplied to "
"this function has to be non-NULL");
goto error;
}
*offset = SCStrdup(args[0]);
if (*offset == NULL)
goto error;
} else {
if (ByteExtractStringUint16(&idad->dataat, 10,
strlen(args[0]), args[0]) < 0 ) {
SCLogError(SC_ERR_INVALID_VALUE, "isdataat out of range");
SCFree(idad);
idad = NULL;
goto error;
}
}
if (args[1] !=NULL) {
idad->flags |= ISDATAAT_RELATIVE;
if(args[2] !=NULL)
idad->flags |= ISDATAAT_RAWBYTES;
}
if (isdataatstr[0] == '!') {
idad->flags |= ISDATAAT_NEGATED;
}
for (i = 0; i < (ret -1); i++) {
if (args[i] != NULL)
SCFree(args[i]);
}
return idad;
}
error:
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
SCFree(args[i]);
}
if (idad != NULL)
DetectIsdataatFree(idad);
return NULL;
}
/**
* \brief This function is used to parse isdataat options passed via isdataat: keyword
*
* \param isdataatstr Pointer to the user provided isdataat options
*
* \retval idad pointer to DetectIsdataatData on success
* \retval NULL on failure
*/
DetectIsdataatData *DetectIsdataatParse (char *isdataatstr)
{
DetectIsdataatData *idad = NULL;
char *args[3] = {NULL,NULL,NULL};
#define MAX_SUBSTRINGS 30
int ret = 0, res = 0;
int ov[MAX_SUBSTRINGS];
int i=0;
ret = pcre_exec(parse_regex, parse_regex_study, isdataatstr, strlen(isdataatstr), 0, 0, ov, MAX_SUBSTRINGS);
if (ret < 1 || ret > 4) {
SCLogError(SC_ERR_PCRE_MATCH, "pcre_exec parse error, ret %" PRId32 ", string %s", ret, isdataatstr);
goto error;
}
if (ret > 1) {
const char *str_ptr;
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 1, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[0] = (char *)str_ptr;
if (ret > 2) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 2, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[1] = (char *)str_ptr;
}
if (ret > 3) {
res = pcre_get_substring((char *)isdataatstr, ov, MAX_SUBSTRINGS, 3, &str_ptr);
if (res < 0) {
SCLogError(SC_ERR_PCRE_GET_SUBSTRING, "pcre_get_substring failed");
goto error;
}
args[2] = (char *)str_ptr;
}
idad = SCMalloc(sizeof(DetectIsdataatData));
if (idad == NULL)
goto error;
idad->flags = 0;
idad->dataat = 0;
if (args[0] != NULL) {
if (ByteExtractStringUint16(&idad->dataat, 10,
strlen(args[0]), args[0]) < 0 ) {
SCLogError(SC_ERR_INVALID_VALUE, "isdataat out of range");
SCFree(idad);
idad = NULL;
goto error;
}
} else {
goto error;
}
if (args[1] !=NULL) {
idad->flags |= ISDATAAT_RELATIVE;
if(args[2] !=NULL)
idad->flags |= ISDATAAT_RAWBYTES;
}
if (isdataatstr[0] == '!') {
idad->flags |= ISDATAAT_NEGATED;
}
for (i = 0; i < (ret -1); i++) {
if (args[i] != NULL)
SCFree(args[i]);
}
return idad;
}
error:
for (i = 0; i < (ret -1) && i < 3; i++){
if (args[i] != NULL)
SCFree(args[i]);
}
if (idad != NULL)
DetectIsdataatFree(idad);
return NULL;
}
