detect-hostbits: error on some invalid config

author Eric Leblond <eric@regit.org>

Mon, 18 Feb 2019 22:06:10 +0000 (23:06 +0100)

committer Victor Julien <victor@inliniac.net>

Sun, 24 Feb 2019 19:00:55 +0000 (20:00 +0100)
author Eric Leblond <eric@regit.org>
Mon, 18 Feb 2019 22:06:10 +0000 (23:06 +0100)
committer Victor Julien <victor@inliniac.net>
Sun, 24 Feb 2019 19:00:55 +0000 (20:00 +0100)
diff --git a/src/detect-hostbits.c b/src/detect-hostbits.c

index f1978588b02b49070bf900288fbc9c32cbba6f3c..76aa7fa2e0b99c44393cbf6f1f589a3b79f1ce6f 100644 (file)
--- a/src/detect-hostbits.c
+++ b/src/detect-hostbits.c
@@ -61,7 +61,7 @@ TODO:
      hostbits:set,bitname,both,120;
   */
  
-#define PARSE_REGEX "([a-z]+)"          /* Action */                    \
+#define PARSE_REGEX "^([a-z]+)"          /* Action */                    \
      "(?:\\s*,\\s*([^\\s,]+))?(?:\\s*)?" /* Name. */                     \
      "(?:\\s*,\\s*([^,\\s]+))?(?:\\s*)?" /* Direction. */                \
      "(.+)?"                             /* Any remainding data. */
@@ -619,6 +619,10 @@ static int HostBitsTestSig02(void)
              "alert ip any any -> any any (hostbits:isnotset,abc,dst; content:\"GET \"; sid:2;)");
      FAIL_IF_NULL(s);
  
+    s = DetectEngineAppendSig(de_ctx,
+            "alert ip any any -> any any (hostbits:!isset,abc,dst; content:\"GET \"; sid:3;)");
+    FAIL_IF_NOT_NULL(s);
+
  /* TODO reenable after both is supported
      s = DetectEngineAppendSig(de_ctx,
              "alert ip any any -> any any (hostbits:set,abc,both; content:\"GET \"; sid:3;)");
author	Eric Leblond <eric@regit.org>
	Mon, 18 Feb 2019 22:06:10 +0000 (23:06 +0100)
committer	Victor Julien <victor@inliniac.net>
	Sun, 24 Feb 2019 19:00:55 +0000 (20:00 +0100)