detect-parse: parse sid in pre-scan

During the pre-scan for "requires", also parse the SID if possible. If
the rule fails high level parsing (syntax), the SID will not be
parsed.

But every keyword other than "sid" and "requires" should expect to be
provided with a parsed sid.

(cherry picked from commit 71bbba9248e696f0fd2e912ad9631052b3788775)

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 3b3c17132373e6b2b3ec66c30ed8f60882eb2224..a25d63ed599a9a4bfa5037658cadedbbb7ad0749 100644 (file)
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -895,10 +895,11 @@ static int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, char *optstr,
     }
     optname = optstr;
 
-    if (requires) {
-        if (strcmp(optname, "requires")) {
-            goto finish;
-        }
+    /* Check for options that are only to be processed during the
+     * first "requires" pass. */
+    bool requires_only = strcmp(optname, "requires") == 0 || strcmp(optname, "sid") == 0;
+    if ((requires && !requires_only) || (!requires && requires_only)) {
+        goto finish;
     }
 
     /* Call option parsing */
@@ -2136,10 +2137,7 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
             AppLayerHtpNeedFileInspection();
         }
     }
-    if (s->id == 0) {
-        SCLogError("Signature missing required value \"sid\".");
-        SCReturnInt(0);
-    }
+
     SCReturnInt(1);
 }
 
@@ -2180,6 +2178,12 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr,
         goto error;
     }
 
+    /* Check for a SID before continuuing. */
+    if (sig->id == 0) {
+        SCLogError("Signature missing required value \"sid\".");
+        goto error;
+    }
+
     /* Now completely parse the rule. */
     ret = SigParse(de_ctx, sig, sigstr, dir, &parser, false);
     BUG_ON(ret == -4);