Merge pull request #1601 in SNORT/snort3 from ~MIREDDEN/snort3:remove_sticky_buffer_d...

author Tom Peters (thopeter) <thopeter@cisco.com>

Tue, 14 May 2019 16:34:32 +0000 (12:34 -0400)

committer Tom Peters (thopeter) <thopeter@cisco.com>

Tue, 14 May 2019 16:34:32 +0000 (12:34 -0400)
author Tom Peters (thopeter) <thopeter@cisco.com>
Tue, 14 May 2019 16:34:32 +0000 (12:34 -0400)
committer Tom Peters (thopeter) <thopeter@cisco.com>
Tue, 14 May 2019 16:34:32 +0000 (12:34 -0400)
diff --git a/tools/snort2lua/data/data_types/dt_rule.cc b/tools/snort2lua/data/data_types/dt_rule.cc

index 4ca57d101eb5b2fdb0e98f941b459994e9f38e4f..0e6af65a66a90959f98ba544d96392fd31e40742 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule.cc
+++ b/tools/snort2lua/data/data_types/dt_rule.cc
@@ -116,27 +116,20 @@ void Rule::add_suboption(const std::string& keyword, const std::string& val)
  
  void Rule::set_curr_options_buffer(const std::string& new_buffer, bool add_option)
  {
-    if (new_buffer == "pkt_data")
+    /* set the buffer if
+     * 1) No buffer has been set and this is not the default "pkt_data" buffer
+     * 2) The sticky buffer is set and is not equal to the new buffer
+     */
+    if ( (sticky_buffer.empty() && new_buffer != "pkt_data") ||
+        (!sticky_buffer.empty() && sticky_buffer != new_buffer) )
      {
-        if (sticky_buffer.empty())
-        {
-            sticky_buffer = "pkt_data";
-            return;
-        }
-
-        if (sticky_buffer == "pkt_data")
-        {
-            return;
-        }
+        RuleOption* new_opt = new RuleOption(new_buffer);
+        if ( add_option )
+            options.push_back(new_opt);
+        else
+            options.insert(options.end() - 1, new_opt);
+        sticky_buffer = new_buffer;
      }
-
-    RuleOption* new_opt = new RuleOption(new_buffer);
-    if ( add_option )
-        options.push_back(new_opt);
-    else
-        options.insert(options.end() - 1, new_opt);
-
-    sticky_buffer = new_buffer;
  }
  
  std::ostream& operator<<(std::ostream& out, const Rule& rule)
@@ -192,24 +185,20 @@ void Rule::resolve_pcre_buffer_options()
      const bool no_service_http = (service.find("http") == std::string::npos);
      std::string new_buffer;
      std::vector<RuleOption*>::iterator iter = options.begin();
-    std::vector<RuleOption*>::iterator next_opt_iter;
  
      while (iter != options.end())
      {
          std::string name = (*iter)->get_name();
  
          if (name == "pcre_P_option_body" ||
-            name == "pcre_P_option_body_rel" ||
-            name == "pcre_H_option_header" ||
-            name == "pcre_H_option_header_rel")
+            name == "pcre_H_option_header")
          {
              delete(*iter);
              iter = options.erase(iter);
  
              if (service_sip)
              {
-                if (name == "pcre_P_option_body" ||
-                    name == "pcre_P_option_body_rel")
+                if (name == "pcre_P_option_body")
                  {
                      new_buffer = "sip_body";
                  }
@@ -220,8 +209,7 @@ void Rule::resolve_pcre_buffer_options()
              }
              else
              {
-                if (name == "pcre_P_option_body" ||
-                    name == "pcre_P_option_body_rel")
+                if (name == "pcre_P_option_body")
                  {
                      if (no_service_http)
                      {
@@ -239,11 +227,8 @@ void Rule::resolve_pcre_buffer_options()
                  }
              }
  
-            /* Add sticky buffer option if not equal to current,
-             * or if the pcre option is not relative */
-            if (curr_sticky_buffer != new_buffer ||
-                (name != "pcre_P_option_body_rel" &&
-                name != "pcre_H_option_header_rel"))
+            /* Add sticky buffer option if not equal to current */
+            if (curr_sticky_buffer != new_buffer)
              {
                  curr_sticky_buffer = new_buffer;
                  RuleOption* new_opt = new RuleOption(new_buffer);
@@ -256,14 +241,6 @@ void Rule::resolve_pcre_buffer_options()
              name == "dce_stub_data" ||
              name == "dnp3_data" ||
              name == "modbus_data" ||
-            name == "sip_header" ||
-            name == "sip_body")
-        {
-            curr_sticky_buffer = name;
-            ++iter;
-        }
-        else if (name == "http_header" ||
-            name == "http_client_body" ||
              name == "http_cookie" ||
              name == "http_method" ||
              name == "http_raw_cookie" ||
@@ -273,26 +250,19 @@ void Rule::resolve_pcre_buffer_options()
              name == "http_stat_msg" ||
              name == "http_uri" ||
              name == "raw_data")
+        {
+            curr_sticky_buffer = name;
+            ++iter;
+        }
+        else if (name == "http_header" ||
+            name == "http_client_body" ||
+            name == "sip_header" ||
+            name == "sip_body")
          {
              if (curr_sticky_buffer == name)
              {
-                next_opt_iter = std::next(iter, 1);
-                if (next_opt_iter != options.end())
-                {
-                    if ((*next_opt_iter)->is_relative_content())
-                    {
-                        delete(*iter);
-                        iter = options.erase(iter);
-                    }
-                    else
-                    {
-                        ++iter;
-                    }
-                }
-                else
-                {
-                    ++iter;
-                }
+                delete(*iter);
+                iter = options.erase(iter);
              }
              else
              {
diff --git a/tools/snort2lua/data/data_types/dt_rule_option.cc b/tools/snort2lua/data/data_types/dt_rule_option.cc

index 6be6ad5925d7b7f871734febd523b75b77ba4f62..7b81941a13778eec34bb4a05d6c79a8276527c6a 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule_option.cc
+++ b/tools/snort2lua/data/data_types/dt_rule_option.cc
@@ -51,21 +51,6 @@ bool RuleOption::add_suboption(const std::string& subopt_name,
      return true;
  }
  
-bool RuleOption::is_relative_content()
-{
-    if (get_name() == "content")
-    {
-        for (auto rso : sub_options)
-        {
-            const std::string subopt_name = rso->get_name();
-            if (subopt_name == "within" || subopt_name == "distance")
-                return true;
-        }
-    }
-
-    return false;
-}
-
  std::ostream& operator<<(std::ostream& out, const RuleOption& opt)
  {
      bool first_print = true;
diff --git a/tools/snort2lua/data/data_types/dt_rule_option.h b/tools/snort2lua/data/data_types/dt_rule_option.h

index 6df27f7804b8a49be033f68ee3eb1df97dc50dd3..1ca5324f5040415e163b5e1c56d2d6a2379c8cb5 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule_option.h
+++ b/tools/snort2lua/data/data_types/dt_rule_option.h
@@ -40,8 +40,6 @@ public:
      bool add_suboption(const std::string& name);
      bool add_suboption(const std::string& name, const std::string& val);
  
-    bool is_relative_content();
-
      // overloading operators
      friend std::ostream& operator<<(std::ostream&, const RuleOption&);
  
diff --git a/tools/snort2lua/data/data_types/dt_rule_suboption.h b/tools/snort2lua/data/data_types/dt_rule_suboption.h

index 1b3bb7fd074e6c7a5beb54e6cc640604725f41d1..d586e144688b544873b6ff33845774f1ff043a0a 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule_suboption.h
+++ b/tools/snort2lua/data/data_types/dt_rule_suboption.h
@@ -31,8 +31,6 @@ public:
      RuleSubOption(const std::string& name, const std::string& val);
      virtual ~RuleSubOption() = default;
  
-    inline const std::string& get_name() { return name; }
-
      // overloading operators
      friend std::ostream& operator<<(std::ostream&, const RuleSubOption&);
  
diff --git a/tools/snort2lua/rule_states/rule_pcre.cc b/tools/snort2lua/rule_states/rule_pcre.cc

index 4833ee47a9bbaa427e7958eba5f58e72e5da4da3..e7a8137a85b5f9a732647fbfae4634d3a6649754 100644 (file)
--- a/tools/snort2lua/rule_states/rule_pcre.cc
+++ b/tools/snort2lua/rule_states/rule_pcre.cc
@@ -82,7 +82,6 @@ bool Pcre::convert(std::istringstream& data_stream)
      pattern += pcre_str.substr(0, pattern_end + 1);
      options = pcre_str.substr(pattern_end + 1, std::string::npos);
      new_opts = "";
-    bool relative = false;
  
      for (char c : options )
      {
@@ -109,11 +108,8 @@ bool Pcre::convert(std::istringstream& data_stream)
          case 'E':
          case 'G':
          case 'O':
-        case '"':     // end of reg_ex
-            new_opts += c;
-            break;
          case 'R':
-            relative = true;
+        case '"':     // end of reg_ex
              new_opts += c;
              break;
          default:
@@ -140,14 +136,6 @@ bool Pcre::convert(std::istringstream& data_stream)
  
      rule_api.add_option("pcre", pattern + new_opts);
  
-    if ( relative )
-    {
-        if (buffer == "pcre_P_option_body")
-            buffer = "pcre_P_option_body_rel";
-        else if (buffer == "pcre_H_option_header")
-            buffer = "pcre_H_option_header_rel";
-    }
-
      rule_api.set_curr_options_buffer(buffer);
  
      return set_next_rule_state(data_stream);
author	Tom Peters (thopeter) <thopeter@cisco.com>
	Tue, 14 May 2019 16:34:32 +0000 (12:34 -0400)
committer	Tom Peters (thopeter) <thopeter@cisco.com>
	Tue, 14 May 2019 16:34:32 +0000 (12:34 -0400)
tools/snort2lua/data/data_types/dt_rule.cc		patch \| blob \| blame \| history
tools/snort2lua/data/data_types/dt_rule_option.cc		patch \| blob \| blame \| history
tools/snort2lua/data/data_types/dt_rule_option.h		patch \| blob \| blame \| history
tools/snort2lua/data/data_types/dt_rule_suboption.h		patch \| blob \| blame \| history
tools/snort2lua/rule_states/rule_pcre.cc		patch \| blob \| blame \| history