#define STASH_APPID_DATA "appid_data"
#define STASH_GENERIC_OBJECT_APPID 1
+#define STASH_GENERIC_OBJECT_MIME 2
namespace snort
{
return log_flags & MIME_FLAG_RCPT_TO_PRESENT;
}
-MailLogState::MailLogState(MailLogConfig* conf)
+MailLogState::MailLogState(MailLogConfig* conf) : StashGenericObject(STASH_GENERIC_OBJECT_MIME)
{
if (conf && (conf->log_email_hdrs || conf->log_filename
|| conf->log_mailfrom || conf->log_rcptto))
#include <cstdint>
#include "main/snort_types.h"
+#include "flow/flow_stash.h"
+#define STASH_EXTRADATA_MIME "mime_data"
namespace snort
{
class Flow;
-class SO_PUBLIC MailLogState
+class SO_PUBLIC MailLogState : public snort::StashGenericObject
{
public:
MailLogState(MailLogConfig* conf);
- ~MailLogState();
+ ~MailLogState() override;
/* accumulate MIME attachment filenames. The filenames are appended by commas */
int log_file_name(const uint8_t* start, int length);
bool is_email_hdrs_present() const;
bool is_email_from_present() const;
bool is_email_to_present() const;
+ size_t size_of() const override
+ { return sizeof(*this); }
private:
int log_flags = 0;
delete mime_hdr_search_mpse;
}
-MimeSession::MimeSession(DecodeConfig* dconf, MailLogConfig* lconf, uint64_t base_file_id,
+MimeSession::MimeSession(Packet* p, DecodeConfig* dconf, MailLogConfig* lconf, uint64_t base_file_id,
bool session_is_http)
{
decode_conf = dconf;
log_config = lconf;
log_state = new MailLogState(log_config);
+ p->flow->stash->store(STASH_EXTRADATA_MIME, log_state);
session_base_file_id = base_file_id;
is_http = session_is_http;
reset_mime_paf_state(&mime_boundary);
{
if ( decode_state )
delete(decode_state);
-
- if ( log_state )
- delete(log_state);
}
// File verdicts get cached with key (file_id, sip, dip). File_id is hash of filename if available.
class SO_PUBLIC MimeSession
{
public:
- MimeSession(DecodeConfig*, MailLogConfig*, uint64_t base_file_id=0, bool session_is_http=false);
+ MimeSession(Packet*, DecodeConfig*, MailLogConfig*, uint64_t base_file_id=0, bool session_is_http=false);
virtual ~MimeSession();
MimeSession(const MimeSession&) = delete;
{
if (boundary_present(content_type))
{
- session_data->mime_state[source_id] = new MimeSession(&FileService::decode_conf,
+ Packet* p = DetectionEngine::get_current_packet();
+ session_data->mime_state[source_id] = new MimeSession(p, &FileService::decode_conf,
&mime_conf, get_multi_file_processing_id(), true);
// Show file processing the Content-Type header as if it were regular data.
// This will enable it to find the boundary string.
// FIXIT-L develop a proper interface for passing the boundary string.
// This interface is a leftover from when OHI pushed whole messages through
// this interface.
- Packet* p = DetectionEngine::get_current_packet();
session_data->mime_state[source_id]->process_mime_data(p,
content_type.start(), content_type.length(), true,
SNORT_FILE_POSITION_UNKNOWN);
imap_ssn = &fd->session;
imapstats.sessions++;
- imap_ssn->mime_ssn= new ImapMime(&(config->decode_conf),&(config->log_config));
+ imap_ssn->mime_ssn= new ImapMime(p, &(config->decode_conf),&(config->log_config));
imap_ssn->mime_ssn->set_mime_stats(&(imapstats.mime_stats));
if (p->packet_flags & SSNFLAG_MIDSTREAM)
pop_ssn = &fd->session;
popstats.sessions++;
- pop_ssn->mime_ssn = new PopMime( &(config->decode_conf), &(config->log_config));
+ pop_ssn->mime_ssn = new PopMime(p, &(config->decode_conf), &(config->log_config));
pop_ssn->mime_ssn->set_mime_stats(&(popstats.mime_stats));
if (p->packet_flags & SSNFLAG_MIDSTREAM)
p->flow->set_flow_data(fd);
smtp_ssn = &fd->session;
- smtp_ssn->mime_ssn = new SmtpMime(&(config->decode_conf), &(config->log_config));
+ smtp_ssn->mime_ssn = new SmtpMime(p, &(config->decode_conf), &(config->log_config));
smtp_ssn->mime_ssn->config = config;
smtp_ssn->mime_ssn->set_mime_stats(&(smtpstats.mime_stats));
// Setup
MailLogConfig log_config;
DecodeConfig decode_conf;
+ const SnortConfig* sc = SnortConfig::get_conf();
+ SnortConfig::set_conf(sc);
log_config.log_email_hdrs = false;
- SmtpMime mime_ssn(&decode_conf, &log_config);
+ Packet p;
+ Flow flow;
+ p.flow = &flow;
+ FlowStash stash;
+ p.flow->stash = &stash;
+ p.context = new IpsContext(1);
+ SmtpMime mime_ssn(&p, &decode_conf, &log_config);
smtp_normalizing = true;
SmtpProtoConf config;
mime_ssn.config = &config;
uint8_t ptr[68] = "Date: Tue, 1 Mar 2016 22:37:56 -0500\r\nFrom: acc2 <acc2@localhost>\r\n";
uint8_t* eol = ptr + 38;
- Packet p;
- p.context = new IpsContext(1);
SMTP_ResetAltBuffer(&p);
int res = mime_ssn.handle_header_line(ptr, eol, 0, &p);
REQUIRE((res == 0));
// Setup
MailLogConfig log_config;
DecodeConfig decode_conf;
- SmtpMime mime_ssn(&decode_conf, &log_config);
+ const SnortConfig* sc = SnortConfig::get_conf();
+ SnortConfig::set_conf(sc);
+ Packet p;
+ Flow flow;
+ p.flow =& flow;
+ FlowStash stash;
+ p.flow->stash = &stash;
+ p.context = new IpsContext(1);
+ SmtpMime mime_ssn(&p, &decode_conf, &log_config);
smtp_normalizing = true;
SmtpProtoConf config;
mime_ssn.config = &config;
uint8_t ptr[23] = "\r\n--wac7ysb48OaltWcw\r\n";
uint8_t* data_end = ptr + 22;
- Packet p;
- p.context = new IpsContext(1);
SMTP_ResetAltBuffer(&p);
int res = mime_ssn.normalize_data(ptr, data_end, &p);
REQUIRE((res == 0));
projects / thirdparty / snort3.git / commitdiff
