s_current_node = nullptr;
}
-bool Shell::is_whitelisted(const std::string& key)
+bool Shell::is_trusted(const std::string& key)
{
Shell* sh = Shell::get_current_shell();
if ( !sh )
return false;
- const Whitelist& whitelist = sh->get_whitelist();
- const Whitelist& internal_whitelist = sh->get_internal_whitelist();
- const Whitelist& whitelist_prefixes = sh->get_whitelist_prefixes();
+ const Allowlist& allowlist = sh->get_allowlist();
+ const Allowlist& internal_allowlist = sh->get_internal_allowlist();
+ const Allowlist& allowlist_prefixes = sh->get_allowlist_prefixes();
- for ( const auto& prefix : whitelist_prefixes )
+ for ( const auto& prefix : allowlist_prefixes )
{
if (key.compare(0, prefix.length(), prefix) == 0)
return true;
}
- if ( whitelist.find(key) != whitelist.end() )
+ if ( allowlist.find(key) != allowlist.end() )
return true;
- if ( internal_whitelist.find(key) != internal_whitelist.end() )
+ if ( internal_allowlist.find(key) != internal_allowlist.end() )
return true;
return false;
}
-void Shell::whitelist_append(const char* keyword, bool is_prefix)
+void Shell::allowlist_append(const char* keyword, bool is_prefix)
{
Shell* sh = Shell::get_current_shell();
if ( !sh )
return;
- sh->whitelist_update(keyword, is_prefix);
+ sh->allowlist_update(keyword, is_prefix);
}
void Shell::config_open_table(bool is_root_node, bool is_list, int idx,
load_string(lua, overrides.c_str());
if ( SnortConfig::log_verbose() )
- print_whitelist();
+ print_allowlist();
load_string(lua, ModuleManager::get_lua_finalize());
- clear_whitelist();
+ clear_allowlist();
auto config_output = Shell::get_current_shell()->s_config_output;
if ( config_output )
// Helper methods
//-------------------------------------------------------------------------
-static void print_list(const Shell::Whitelist& wlist, const std::string& msg)
+static void print_list(const Shell::Allowlist& wlist, const std::string& msg)
{
LogMessage("\t%s\n", msg.c_str());
std::string list;
// private methods
//-------------------------------------------------------------------------
-void Shell::print_whitelist() const
+void Shell::print_allowlist() const
{
std::string output;
- if ( !whitelist.empty() )
+ if ( !allowlist.empty() )
{
- output = "Lua Whitelist Keywords for " + file + ":";
- print_list(whitelist, output);
+ output = "Lua Allowlist Keywords for " + file + ":";
+ print_list(allowlist, output);
}
- if ( !whitelist_prefixes.empty() )
+ if ( !allowlist_prefixes.empty() )
{
- output = "Lua Whitelist Prefixes for " + file + ":";
- print_list(whitelist_prefixes, output);
+ output = "Lua Allowlist Prefixes for " + file + ":";
+ print_list(allowlist_prefixes, output);
}
}
-void Shell::whitelist_update(const char* s, bool is_prefix)
+void Shell::allowlist_update(const char* s, bool is_prefix)
{
- Whitelist* wlist = nullptr;
+ Allowlist* wlist = nullptr;
if ( is_prefix )
- wlist = &whitelist_prefixes;
+ wlist = &allowlist_prefixes;
else if ( !bootstrapped )
- wlist = &internal_whitelist;
+ wlist = &internal_allowlist;
else
- wlist = &whitelist;
+ wlist = &allowlist;
if ( s )
wlist->emplace(s);
class Shell
{
public:
- typedef std::set<std::string> Whitelist;
+ typedef std::set<std::string> Allowlist;
Shell(const char* file = nullptr, bool load_defaults = false);
~Shell();
{ return loaded; }
public:
- static bool is_whitelisted(const std::string& key);
- static void whitelist_append(const char* keyword, bool is_prefix);
+ static bool is_trusted(const std::string& key);
+ static void allowlist_append(const char* keyword, bool is_prefix);
static void config_open_table(bool is_root_node, bool is_list, int idx,
const std::string& table_name, const snort::Parameter* p);
static bool s_close_table;
private:
- void clear_whitelist()
+ void clear_allowlist()
{
- whitelist.clear();
- internal_whitelist.clear();
- whitelist_prefixes.clear();
+ allowlist.clear();
+ internal_allowlist.clear();
+ allowlist_prefixes.clear();
}
- const Whitelist& get_whitelist() const
- { return whitelist; }
+ const Allowlist& get_allowlist() const
+ { return allowlist; }
- const Whitelist& get_internal_whitelist() const
- { return internal_whitelist; }
+ const Allowlist& get_internal_allowlist() const
+ { return internal_allowlist; }
- const Whitelist& get_whitelist_prefixes() const
- { return whitelist_prefixes; }
+ const Allowlist& get_allowlist_prefixes() const
+ { return allowlist_prefixes; }
- void print_whitelist() const;
- void whitelist_update(const char* keyword, bool is_prefix);
+ void print_allowlist() const;
+ void allowlist_update(const char* keyword, bool is_prefix);
private:
bool loaded;
std::string file;
std::string parse_from;
std::string overrides;
- Whitelist whitelist;
- Whitelist internal_whitelist;
- Whitelist whitelist_prefixes;
+ Allowlist allowlist;
+ Allowlist internal_allowlist;
+ Allowlist allowlist_prefixes;
ConfigData config_data;
};
SO_PUBLIC void snort_whitelist_append(const char* s)
{
- Shell::whitelist_append(s, false);
+ Shell::allowlist_append(s, false);
}
SO_PUBLIC void snort_whitelist_add_prefix(const char* s)
{
- Shell::whitelist_append(s, true);
+ Shell::allowlist_append(s, true);
}
SO_PUBLIC bool open_table(const char* s, int idx)
if ( !h || (h->api && h->api->type == PT_IPS_OPTION) )
{
- if ( !Shell::is_whitelisted(key) )
+ if ( !Shell::is_trusted(key) )
ParseWarning(WARN_CONF_STRICT, "unknown table %s", key.c_str());
return false;
}