Merge pull request #1478 in SNORT/snort3 from ~SMINUT/snort3:sd_obfuscate to master

author Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 15 Jan 2019 18:36:30 +0000 (13:36 -0500)

committer Mike Stepanek (mstepane) <mstepane@cisco.com>

Tue, 15 Jan 2019 18:36:30 +0000 (13:36 -0500)
author Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 15 Jan 2019 18:36:30 +0000 (13:36 -0500)
committer Mike Stepanek (mstepane) <mstepane@cisco.com>
Tue, 15 Jan 2019 18:36:30 +0000 (13:36 -0500)
diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc

index b574c0d448c1f1a55f4fa7bf3e3a957c1e2b5724..b34a0b0d6804bd812876a1d9a0d99fed8f1e0b08 100644 (file)
--- a/src/ips_options/ips_sd_pattern.cc
+++ b/src/ips_options/ips_sd_pattern.cc
@@ -352,23 +352,24 @@ bool SdPatternModule::set(const char*, Value& v, SnortConfig* sc)
          return false;
  
      // Check if built-in pattern should be used.
+    IpsPolicy* p = snort::get_ips_policy();
      if (config.pii == "credit_card")
      {
          config.pii = SD_CREDIT_PATTERN_ALL;
          config.validate = SdLuhnAlgorithm;
-        config.obfuscate_pii = sc->obfuscate_pii;
+        config.obfuscate_pii = p->obfuscate_pii;
          config.forced_boundary = true;
      }
      else if (config.pii == "us_social")
      {
          config.pii = SD_SOCIAL_PATTERN;
-        config.obfuscate_pii = sc->obfuscate_pii;
+        config.obfuscate_pii = p->obfuscate_pii;
          config.forced_boundary = true;
      }
      else if (config.pii == "us_social_nodashes")
      {
          config.pii = SD_SOCIAL_NODASHES_PATTERN;
-        config.obfuscate_pii = sc->obfuscate_pii;
+        config.obfuscate_pii = p->obfuscate_pii;
          config.forced_boundary = true;
      }
  
@@ -488,4 +489,3 @@ const BaseApi* ips_sd_pattern[] =
      &sd_pattern_api.base,
      nullptr
  };
-
diff --git a/src/main/modules.cc b/src/main/modules.cc

index 7099ed77a0f8502f908eb62204011bd9c55fcd67..ce5b2ca71a2c3070900c531c2ddebe4da65e7faa 100755 (executable)
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -761,12 +761,6 @@ static const Parameter output_params[] =
      { "logdir", Parameter::PT_STRING, nullptr, ".",
        "where to put log files (same as -l)" },
  
-    { "obfuscate", Parameter::PT_BOOL, nullptr, "false",
-      "obfuscate the logged IP addresses (same as -O)" },
-
-    { "obfuscate_pii", Parameter::PT_BOOL, nullptr, "false",
-      "mask all but the last 4 characters of credit card and social security numbers" },
-
      { "show_year", Parameter::PT_BOOL, nullptr, "false",
        "include year in timestamp in the alert and log files (same as -y)" },
  
@@ -776,6 +770,9 @@ static const Parameter output_params[] =
      { "verbose", Parameter::PT_BOOL, nullptr, "false",
        "be verbose (same as -v)" },
  
+    { "obfuscate", Parameter::PT_BOOL, nullptr, "false",
+      "obfuscate the logged IP addresses (same as -O)" },
+
  #ifdef REG_TEST
      { "wide_hex_dump", Parameter::PT_BOOL, nullptr, "true",
  #else
@@ -819,12 +816,6 @@ bool OutputModule::set(const char*, Value& v, SnortConfig* sc)
      else if ( v.is("max_data") )
          sc->event_trace_max = v.get_uint16();
  
-    else if ( v.is("obfuscate") )
-        v.update_mask(sc->output_flags, OUTPUT_FLAG__OBFUSCATE);
-
-    else if ( v.is("obfuscate_pii") )
-        sc->obfuscate_pii = v.get_bool();
-
      else if ( v.is("show_year") )
          v.update_mask(sc->output_flags, OUTPUT_FLAG__INCLUDE_YEAR);
  
@@ -837,6 +828,9 @@ bool OutputModule::set(const char*, Value& v, SnortConfig* sc)
      else if ( v.is("wide_hex_dump") )
          v.update_mask(sc->output_flags, OUTPUT_FLAG__WIDE_HEX);
  
+    else if ( v.is("obfuscate") )
+        v.update_mask(sc->output_flags, OUTPUT_FLAG__OBFUSCATE);
+
      else
          return false;
  
@@ -1215,6 +1209,9 @@ static const Parameter ips_params[] =
      { "rules", Parameter::PT_STRING, nullptr, nullptr,
        "snort rules and includes" },
  
+    { "obfuscate_pii", Parameter::PT_BOOL, nullptr, "false",
+      "mask all but the last 4 characters of credit card and social security numbers" },
+
  #ifdef HAVE_UUID
      { "uuid", Parameter::PT_STRING, nullptr, "00000000-0000-0000-0000-000000000000",
        "IPS policy uuid" },
@@ -1258,6 +1255,9 @@ bool IpsModule::set(const char*, Value& v, SnortConfig* sc)
      else if ( v.is("rules") )
          p->rules = v.get_string();
  
+    else if ( v.is("obfuscate_pii") )
+        p->obfuscate_pii = v.get_bool();
+
  #ifdef HAVE_UUID
      else if ( v.is("uuid") )
      {
@@ -1922,4 +1922,3 @@ void module_init()
      ModuleManager::add_module(new HostTrackerModule);
      ModuleManager::add_module(new HostCacheModule);
  }
-
diff --git a/src/main/policy.cc b/src/main/policy.cc

index cb6399fdea9f7199e6e2406a118d4f3dd6d9a124..8f3260a3ee34ed36c75b10267f17d2041948c8e9 100644 (file)
--- a/src/main/policy.cc
+++ b/src/main/policy.cc
@@ -119,6 +119,7 @@ IpsPolicy::IpsPolicy(PolicyId id)
      nonamePortVarTable = PortTableNew();
  
      enable_builtin_rules = false;
+    obfuscate_pii = false;
  }
  
  IpsPolicy::~IpsPolicy()
@@ -265,7 +266,7 @@ std::shared_ptr<PolicyTuple> PolicyMap::add_shell(Shell* sh)
  std::shared_ptr<PolicyTuple> PolicyMap::get_policies(Shell* sh)
  {
      const auto& pt = shell_map.find(sh);
-    
+
      return pt == shell_map.end() ? nullptr:pt->second;
  }
  
@@ -363,7 +364,7 @@ bool default_inspection_policy()
  {
      if ( !get_inspection_policy() )
          return false;
-    
+
      if ( get_inspection_policy()->policy_id != 0 )
          return false;
  
@@ -378,4 +379,3 @@ bool only_ips_policy()
  
  bool only_network_policy()
  { return get_network_policy() && !get_ips_policy() && !get_inspection_policy(); }
-
diff --git a/src/main/policy.h b/src/main/policy.h

index 97c9c0aff47b09dc7bc6d2e8a66c03b3a67f1650..4a04b3cc4898a34d38b323a0f62cbfa8adb22374 100644 (file)
--- a/src/main/policy.h
+++ b/src/main/policy.h
@@ -158,6 +158,8 @@ public:
      /* The portobjects in these are attached to rtns and used during runtime */
      PortVarTable* portVarTable;     /* named entries, uses a hash table */
      PortTable* nonamePortVarTable;  /* un-named entries */
+
+    bool obfuscate_pii;
  };
  
  //-------------------------------------------------------------------------
@@ -278,4 +280,3 @@ bool only_ips_policy();
  bool only_network_policy();
  
  #endif
-
diff --git a/src/main/snort_config.h b/src/main/snort_config.h

index b0413f78e6a8616742495288e5be5400947cc9b4..e027d2490aa4b556cc42ce7dbeb765d6ac679697 100644 (file)
--- a/src/main/snort_config.h
+++ b/src/main/snort_config.h
@@ -282,7 +282,7 @@ public:
      ThresholdConfig* threshold_config = nullptr;
      RateFilterConfig* rate_filter_config = nullptr;
      DetectionFilterConfig* detection_filter_config = nullptr;
-    FlowBitState* flowbit_state = nullptr; 
+    FlowBitState* flowbit_state = nullptr;
  
      //------------------------------------------------------
      // FIXIT-L command line only stuff, add to conf / module
@@ -299,7 +299,6 @@ public:
      bool id_zero = false;
  
      bool stdin_rules = false;
-    bool obfuscate_pii = false;
  
      std::string pid_filename;
      std::string orig_log_dir;      /* set in case of chroot */
@@ -663,4 +662,3 @@ public:
  }
  
  #endif
-
diff --git a/tools/snort2lua/preprocessor_states/pps_sdf.cc b/tools/snort2lua/preprocessor_states/pps_sdf.cc

index 5511974cec5f9ca97f14dc5abc68cbe90407d028..31c3f6a810fdd2dc104975ccfce6c8a7428f232a 100644 (file)
--- a/tools/snort2lua/preprocessor_states/pps_sdf.cc
+++ b/tools/snort2lua/preprocessor_states/pps_sdf.cc
@@ -37,7 +37,7 @@ public:
          {
              if ( keyword == "mask_output")
              {
-                table_api.open_table("output");
+                table_api.open_table("ips");
                  table_api.add_option("obfuscate_pii", true);
                  table_api.close_table();
              }
@@ -61,4 +61,3 @@ static const ConvertMap preprocessor_sdf =
  
  const ConvertMap* sdf_map = &preprocessor_sdf;
  } // namespace preprocessors
-
author	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 15 Jan 2019 18:36:30 +0000 (13:36 -0500)
committer	Mike Stepanek (mstepane) <mstepane@cisco.com>
	Tue, 15 Jan 2019 18:36:30 +0000 (13:36 -0500)
src/ips_options/ips_sd_pattern.cc		patch \| blob \| blame \| history
src/main/modules.cc		patch \| blob \| blame \| history
src/main/policy.cc		patch \| blob \| blame \| history
src/main/policy.h		patch \| blob \| blame \| history
src/main/snort_config.h		patch \| blob \| blame \| history
tools/snort2lua/preprocessor_states/pps_sdf.cc		patch \| blob \| blame \| history