Pull request #3801: appid: make ssl app group id lookup set payload and client

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:cert_viz_take_2 to master

Squashed commit of the following:

commit a36b1fbaeb2485a2d9e20354af8062fca368e988
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Wed Apr 5 17:01:39 2023 -0400

    appid: make ssl app group id lookup set payload and client

diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc
index c98ed9951f537d6b4dc9bcc761b2873dd5135c90..67bb7b226d6b2ec41649fb6548f8c65182f11cb1 100644 (file)
--- a/src/network_inspectors/appid/appid_api.cc
+++ b/src/network_inspectors/appid/appid_api.cc
@@ -207,6 +207,7 @@ bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name,
         else
             asd->set_payload_id(payload_id);
 
+        asd->set_ss_application_ids(client_id, payload_id, change_bits);
         asd->set_tls_host(change_bits);
 
         Packet* p = DetectionEngine::get_current_packet();

diff --git a/src/network_inspectors/appid/test/appid_api_test.cc b/src/network_inspectors/appid/test/appid_api_test.cc
index d2948a35ec30ca1f5dc4c214fa0dd64162eece3f..76ea3178c00c32ccbd21d2cb3cdc3bb4caaea32b 100644 (file)
--- a/src/network_inspectors/appid/test/appid_api_test.cc
+++ b/src/network_inspectors/appid/test/appid_api_test.cc
@@ -275,7 +275,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
-    STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000000100011000", test_log);
 
     // Common name based detection
     mock_session->tsession->set_tls_host("www.cisco.com", 13, change_bits);
@@ -292,7 +292,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), "Cisco");
-    STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000000100011000", test_log);
 
     // First alt name based detection
     change_bits.reset();
@@ -304,7 +304,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     CHECK_EQUAL(payload, APPID_UT_ID + 1);
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
-    STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000000100011000", test_log);
 
     // Org unit based detection
     string host = "";
@@ -316,7 +316,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     CHECK_EQUAL(client, APPID_UT_ID + 3);
     CHECK_EQUAL(payload, APPID_UT_ID + 3);
     STRCMP_EQUAL(mock_session->tsession->get_tls_org_unit(), APPID_UT_ORG_UNIT);
-    STRCMP_EQUAL("Published change_bits == 00000000000000000000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000000000011000", test_log);
 
     // Override client id found by SSL pattern matcher with the client id provided by
     // Encrypted Visibility Engine if available
@@ -335,7 +335,7 @@ TEST(appid_api, ssl_app_group_id_lookup)
     STRCMP_EQUAL(mock_session->tsession->get_tls_host(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_first_alt_name(), APPID_UT_TLS_HOST);
     STRCMP_EQUAL(mock_session->tsession->get_tls_cname(), APPID_UT_TLS_HOST);
-    STRCMP_EQUAL("Published change_bits == 00000000000100000000", test_log);
+    STRCMP_EQUAL("Published change_bits == 00000000000100011000", test_log);
 
     mock().checkExpectations();