Squashed commit of the following:
commit
e3885a1d1e15a5b8d5749067f0f2201223c50ed1
Author: Pratik Shinde <pshinde2@cisco.com>
Date: Fri Oct 5 15:44:51 2018 -0400
snort2lua: Enable address_anomaly_detection during snort2lua and fixed missing string sanity checks
}
}
- if (s.front() == '$')
+ if (!s.empty() and s.front() == '$')
{
// add a space between strings
if (!vars.empty())
std::size_t RuleApi::error_count = 0;
std::string RuleApi::remark;
+std::set<GidSid> RuleApi::address_anomaly_rules = {
+ {"116", "403"},
+ {"116", "411"},
+ {"116", "412"},
+ {"129", "9"},
+ {"129", "10"},
+ };
+
RuleApi::RuleApi()
: curr_rule(nullptr),
curr_data_bad(false)
curr_rule->make_comment();
}
+bool RuleApi::enable_addr_anomaly_detection()
+{
+ if (curr_rule != nullptr)
+ return address_anomaly_rules.count({curr_rule->get_option("gid"),
+ curr_rule->get_option("sid")}) != 0;
+
+ return false;
+}
+
void RuleApi::bad_rule(std::istringstream& stream, const std::string& bad_option)
{
if (!curr_rule)
#ifndef DATA_DT_RULE_API_H
#define DATA_DT_RULE_API_H
-#include <string>
#include <iostream>
-#include <vector>
+#include <set>
#include <stack>
+#include <string>
+#include <vector>
class Rule;
class RuleOption;
class Comments;
class RuleApi;
+using GidSid = std::pair<std::string, std::string>;
+
// FIXIT-L simplify this API. Several options functions are no longer necessary
class RuleApi
void add_comment(const std::string& comment);
void make_rule_a_comment();
+ bool enable_addr_anomaly_detection();
void bad_rule(std::istringstream& stream, const std::string& bad_option);
void old_http_rule();
bool is_old_http_rule();
Comments* bad_rules;
Rule* curr_rule;
bool curr_data_bad;
+ static std::set<GidSid> address_anomaly_rules;
// Create a new rule object.
void begin_rule();
TableDelegation table_delegation =
{
{ "binder", true },
+ { "detection", true },
{ "ips", true },
{ "network", true },
- { "normalizer", true},
+ { "normalizer", true },
{ "stream_tcp", true},
{ "suppress", true},
};
table_api.close_table();
}
+ if (rule_api.enable_addr_anomaly_detection())
+ {
+ table_api.open_table("detection");
+ table_api.add_option("enable_address_anomaly_checks", true);
+ table_api.close_table();
+ }
+
if (commented_rule)
rule_api.make_rule_a_comment();
do
{
std::getline(stream, tmp, ';');
+
+ if (tmp.empty())
+ break;
+
args += tmp + ";";
}
while (tmp.back() == '\\');
// semicolon will be added when printing
- args.pop_back();
+ if (!args.empty())
+ args.pop_back();
+
trim(args);
return args;
}
projects / thirdparty / snort3.git / commitdiff
