detect: Add transform validation api

This commit extends the API with a function that validates arguments
against the transforms for the SM list (if any).

(cherry picked from commit 8f1a7111ed10f2b017d5190682a6961a1729942d)

diff --git a/src/detect-engine.c b/src/detect-engine.c
index 34c8710891b09ea6412d42208b8e4df285d58f41..a9018f3f38a8f03412afd6678e882111bd1db75b 100644 (file)
--- a/src/detect-engine.c
+++ b/src/detect-engine.c
@@ -1145,6 +1145,49 @@ void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_l
     }
 }
 
+/** \brief Check content byte array compatibility with transforms
+ *
+ *  The "content" array is presented to the transforms so that each
+ *  transform may validate that it's compatible with the transform.
+ *
+ *  When a transform indicates the byte array is incompatible, none of the
+ *  subsequent transforms, if any, are invoked. This means the first positive
+ *  validation result terminates the loop.
+ *
+ *  \param de_ctx Detection engine context.
+ *  \param sm_list The SM list id.
+ *  \param content The byte array being validated
+ *  \param namestr returns the name of the transform that is incompatible with
+ *  content.
+ *
+ *  \retval true (false) If any of the transforms indicate the byte array is
+ *  (is not) compatible.
+ **/
+bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
+        const uint8_t *content, uint16_t content_len, const char **namestr)
+{
+    const DetectBufferType *dbt = DetectBufferTypeGetById(de_ctx, sm_list);
+    BUG_ON(dbt == NULL);
+
+    for (int i = 0; i < dbt->transforms.cnt; i++) {
+        const int t = dbt->transforms.transforms[i];
+        if (!sigmatch_table[t].TransformValidate)
+            continue;
+
+        if (sigmatch_table[t].TransformValidate(content, content_len)) {
+            continue;
+        }
+
+        if (namestr) {
+            *namestr = sigmatch_table[t].name;
+        }
+
+        return false;
+    }
+
+    return true;
+}
+
 void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
         const DetectEngineTransforms *transforms)
 {

diff --git a/src/detect-engine.h b/src/detect-engine.h
index 1e877a06c31cfc3e761cf08a86ab8a28a0a88b39..515394ae761c909a154a487ca39fc36890f34de6 100644 (file)
--- a/src/detect-engine.h
+++ b/src/detect-engine.h
@@ -35,6 +35,8 @@ void InspectionBufferCheckAndExpand(InspectionBuffer *buffer, uint32_t min_size)
 void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len);
 void InspectionBufferApplyTransforms(InspectionBuffer *buffer,
         const DetectEngineTransforms *transforms);
+bool DetectBufferTypeValidateTransform(DetectEngineCtx *de_ctx, int sm_list,
+        const uint8_t *content, uint16_t content_len, const char **namestr);
 void InspectionBufferClean(DetectEngineThreadCtx *det_ctx);
 InspectionBuffer *InspectionBufferGet(DetectEngineThreadCtx *det_ctx, const int list_id);
 InspectionBuffer *InspectionBufferMultipleForListGet(InspectionBufferMultipleForList *fb, uint32_t local_id);