Merge pull request #1209 in SNORT/snort3 from gid120 to master

Squashed commit of the following:

commit a3cda55bc04bd2bdb0a0724d1bbf77003cc96a9b
Author: mdagon <mdagon@cisco.com>
Date:   Fri Apr 27 15:14:43 2018 -0400

    snort2lua: conversion of gid 120 to 119

diff --git a/tools/snort2lua/data/data_types/dt_rule.cc b/tools/snort2lua/data/data_types/dt_rule.cc
index cc095f58a8f89f95be441a4da1cd6b65ecfe6027..44674ba11fead82539b4ddedf878700f863c54f6 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule.cc
+++ b/tools/snort2lua/data/data_types/dt_rule.cc
@@ -24,7 +24,7 @@
 
 Rule::Rule() :  num_hdr_data(0),
     is_bad_rule(false),
-    is_comment(false)
+    is_comment(false), old_http_rule(false)
 {
 }
 
@@ -61,6 +61,9 @@ void Rule::add_comment(const std::string& new_comment)
 void Rule::make_comment()
 { is_comment = true; }
 
+void Rule::set_old_http_rule()
+{ old_http_rule = true; }
+
 void Rule::add_option(const std::string& keyword)
 {
     RuleOption* r = new RuleOption(keyword);
@@ -73,6 +76,28 @@ void Rule::add_option(const std::string& keyword, const std::string& data)
     options.push_back(r);
 }
 
+std::string Rule::get_option(const std::string& keyword)
+{
+    for (auto option : options)
+    {
+        if (option->get_name() == keyword)
+            return option->get_value();
+    }
+    return std::string();
+}
+
+void Rule::update_option(const std::string& keyword, std::string& val)
+{
+    for (auto option : options)
+    {
+        if (option->get_name() == keyword)
+        {
+            option->update_value(val);
+            break;
+        }
+    }
+}
+
 void Rule::add_suboption(const std::string& keyword)
 { options.back()->add_suboption(keyword); }
 

diff --git a/tools/snort2lua/data/data_types/dt_rule.h b/tools/snort2lua/data/data_types/dt_rule.h
index 96228218cb99f7e11cc918938435ee6b2f686ce8..3e4e6707947b0d9042904a00160bc46144d10f5a 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule.h
+++ b/tools/snort2lua/data/data_types/dt_rule.h
@@ -36,6 +36,8 @@ public:
     bool add_hdr_data(const std::string& data);
     void add_option(const std::string& keyword);
     void add_option(const std::string& keyword, const std::string& data);
+    std::string get_option(const std::string& keyword);
+    void update_option(const std::string& keyword, std::string& val);
     void add_suboption(const std::string& keyword);
     void add_suboption(const std::string& keyword, const std::string& val);
     void set_curr_options_buffer(const std::string& buffer, bool add_option);
@@ -44,6 +46,8 @@ public:
     void add_comment(const std::string& comment);
     void bad_rule();
     void make_comment();
+    void set_old_http_rule();
+    bool is_old_http_rule() { return old_http_rule; }
 
     friend std::ostream& operator<<(std::ostream&, const Rule&);
 
@@ -55,6 +59,7 @@ private:
     std::size_t num_hdr_data;
     bool is_bad_rule;
     bool is_comment;
+    bool old_http_rule;
 };
 
 #endif

diff --git a/tools/snort2lua/data/data_types/dt_rule_option.h b/tools/snort2lua/data/data_types/dt_rule_option.h
index d908e4e16a93cbae4a8891ec60ee79cccf14a0f6..8d9dc83d853e652f9c94fbb5d48126b0f99ea028 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule_option.h
+++ b/tools/snort2lua/data/data_types/dt_rule_option.h
@@ -34,6 +34,8 @@ public:
     virtual ~RuleOption();
 
     inline const std::string& get_name() { return name; }
+    inline const std::string& get_value() { return value; }
+    inline void update_value(std::string& new_value) { value = new_value;}
 
     bool add_suboption(const std::string& name);
     bool add_suboption(const std::string& name, const std::string& val);

diff --git a/tools/snort2lua/data/dt_rule_api.cc b/tools/snort2lua/data/dt_rule_api.cc
index 10f59666f0bbcb4a6060996d41e91880527cf762..4d3cd84b5ff6c1135422c94491eedbb8a9f4fd38 100644 (file)
--- a/tools/snort2lua/data/dt_rule_api.cc
+++ b/tools/snort2lua/data/dt_rule_api.cc
@@ -164,6 +164,22 @@ void RuleApi::add_option(const std::string& opt_name, const std::string& val)
     curr_rule->add_option(opt_name, val);
 }
 
+std::string RuleApi::get_option(const std::string& keyword)
+{
+    if (!curr_rule)
+        return std::string();
+
+    return curr_rule->get_option(keyword);
+}
+
+void RuleApi::update_option(const std::string& keyword, std::string& val)
+{
+    if (!curr_rule)
+        return;
+
+    curr_rule->update_option(keyword, val);
+}
+
 void RuleApi::add_suboption(const std::string& keyword)
 {
     if (curr_rule)
@@ -197,6 +213,22 @@ void RuleApi::add_comment(const std::string& comment)
     curr_rule->add_comment(comment);
 }
 
+void RuleApi::old_http_rule()
+{
+    if (!curr_rule)
+        begin_rule();
+
+    curr_rule->set_old_http_rule();
+}
+
+bool RuleApi::is_old_http_rule()
+{
+    if (!curr_rule)
+        return false;
+
+    return curr_rule->is_old_http_rule();
+}
+
 std::ostream& operator<<(std::ostream& out, const RuleApi& data)
 {
     if (DataApi::is_default_mode())

diff --git a/tools/snort2lua/data/dt_rule_api.h b/tools/snort2lua/data/dt_rule_api.h
index fa7504e3a5673be2b693c124339e31ce25487f47..c5f75d32ae5996eb4243982af99b597d9cf2b889 100644 (file)
--- a/tools/snort2lua/data/dt_rule_api.h
+++ b/tools/snort2lua/data/dt_rule_api.h
@@ -64,6 +64,8 @@ public:
     void update_rule_action(const std::string& new_type);
     void add_option(const std::string& keyword);
     void add_option(const std::string& keyword, const std::string& val);
+    std::string get_option(const std::string& keyword);
+    void update_option(const std::string& keyword, std::string& val);
     void add_suboption(const std::string& keyword);
     void add_suboption(const std::string& keyword, const std::string& val);
     void set_curr_options_buffer(const std::string& buffer, bool add_option=false);
@@ -71,6 +73,8 @@ public:
     void add_comment(const std::string& comment);
     void make_rule_a_comment();
     void bad_rule(std::istringstream& stream, const std::string& bad_option);
+    void old_http_rule();
+    bool is_old_http_rule();
 
 private:
     static std::size_t error_count;

diff --git a/tools/snort2lua/rule_states/CMakeLists.txt b/tools/snort2lua/rule_states/CMakeLists.txt
index 970833abaa668c0d50633e88e13cfd8c6c98b9b8..87b4c2911964351c602d7e534fe8b29f80548719 100644 (file)
--- a/tools/snort2lua/rule_states/CMakeLists.txt
+++ b/tools/snort2lua/rule_states/CMakeLists.txt
@@ -7,6 +7,7 @@ add_library( rule_states OBJECT
     rule_dnp3_obj.cc
     rule_dsize.cc
     rule_file_data.cc
+    rule_gid_sid.cc
     rule_http_encode.cc
     rule_isdataat.cc
     rule_metadata.cc

diff --git a/tools/snort2lua/rule_states/rule_gid_sid.cc b/tools/snort2lua/rule_states/rule_gid_sid.cc
new file mode 100644 (file)
index 0000000..64c6faf
--- /dev/null
+++ b/tools/snort2lua/rule_states/rule_gid_sid.cc
@@ -0,0 +1,139 @@
+//--------------------------------------------------------------------------
+// Copyright (C) 2018-2018 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation.  You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+//--------------------------------------------------------------------------
+// rule_gid_sid.cc author Maya Dagon <mdagon@cisco.com>
+
+//
+// Handle special case of deprecated gid 120:
+// Rules were moved to gid 119, with sids starting from 35.
+//
+// In case the rule is using gid 120 - convert it to gid 119 and update
+// sid.
+// Handle 2 cases: sid was read before/after gid.
+
+#include <sstream>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "rule_states/rule_api.h"
+#include "helpers/s2l_util.h"
+
+namespace rules
+{
+namespace
+{
+class Gid : public ConversionState
+{
+public:
+    Gid(Converter& c) : ConversionState(c) { }
+    bool convert(std::istringstream& data_stream) override;
+};
+
+class Sid : public ConversionState
+{
+public:
+    Sid(Converter& c) : ConversionState(c) { }
+    bool convert(std::istringstream& data_stream) override;
+    static void convert_sid(std::string& sid, std::istringstream& data, RuleApi& rule_api);
+};
+} // namespace
+
+//
+// Gid
+//
+
+bool Gid::convert(std::istringstream& data_stream)
+{
+    std::string gid = util::get_rule_option_args(data_stream);
+
+    const std::string old_http_gid("120");  
+    if (gid.compare(old_http_gid) == 0)
+    {
+        const std::string nhi_gid("119");
+        gid.assign(nhi_gid);
+        rule_api.old_http_rule();
+
+        // Update sid
+        std::string sid = rule_api.get_option("sid");
+        if (!sid.empty())
+        {
+            Sid::convert_sid(sid, data_stream, rule_api);
+            rule_api.update_option("sid", sid);
+        }
+    }
+    rule_api.add_option("gid", gid);
+    return set_next_rule_state(data_stream);
+}
+
+//
+// Sid
+//
+
+void Sid::convert_sid(std::string& sid, std::istringstream& data_stream, RuleApi& rule_api)
+{
+    int sid_num;
+    try
+    {
+        sid_num = std::stoi(sid);
+    }
+    catch (...)
+    {
+        rule_api.bad_rule(data_stream, "sid - invalid input, expecting int type");
+        return;
+    }
+    const int sid_offset = 34;
+    sid.assign(std::to_string(sid_num + sid_offset));
+}
+
+bool Sid::convert(std::istringstream& data_stream)
+{
+    std::string sid = util::get_rule_option_args(data_stream);
+
+    if (rule_api.is_old_http_rule())
+        convert_sid(sid, data_stream, rule_api);
+
+    rule_api.add_option("sid", sid);
+    return set_next_rule_state(data_stream);
+}
+
+/**************************
+ *******  A P I ***********
+ **************************/
+
+static ConversionState* ctor(Converter& c)
+{ return new Gid(c); }
+
+static const ConvertMap rule_gid =
+{
+    "gid",
+    ctor,
+};
+
+const ConvertMap* gid_map = &rule_gid;
+
+static ConversionState* sid_ctor(Converter& c)
+{ return new Sid(c); }
+
+static const ConvertMap rule_sid =
+{
+    "sid",
+    sid_ctor,
+};
+
+const ConvertMap* sid_map = &rule_sid;
+} // namespace rules
+

diff --git a/tools/snort2lua/rule_states/rule_unchanged.cc b/tools/snort2lua/rule_states/rule_unchanged.cc
index 55a07d7bb5091502f70b04d212d709222f0b9ddf..29c2eb71e65c83fab0e3ec36de9654795d1327e8 100644 (file)
--- a/tools/snort2lua/rule_states/rule_unchanged.cc
+++ b/tools/snort2lua/rule_states/rule_unchanged.cc
@@ -79,32 +79,6 @@ static const ConvertMap rule_msg =
 
 const ConvertMap* msg_map = &rule_msg;
 
-/************************************
- **********  G I D ******************
- ************************************/
-
-static const std::string gid = "gid";
-static const ConvertMap rule_gid =
-{
-    gid,
-    unchanged_rule_ctor<& gid>,
-};
-
-const ConvertMap* gid_map = &rule_gid;
-
-/************************************
- **********  S I D  *****************
- ************************************/
-
-static const std::string sid = "sid";
-static const ConvertMap rule_sid =
-{
-    sid,
-    unchanged_rule_ctor<& sid>,
-};
-
-const ConvertMap* sid_map = &rule_sid;
-
 /************************************
  **********  R E V  *****************
  ************************************/