Merge pull request #2782 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_lua to master

Squashed commit of the following:

commit 40ef99ede336f6b2970d1fc42846369a3b986232
Author: Vigneshwari Viswanathan <vignvisw@cisco.com>
Date:   Mon Mar 8 03:48:53 2021 -0500

    snort2lua: Fixing lua conversion of http preproc options

diff --git a/tools/snort2lua/conversion_state.h b/tools/snort2lua/conversion_state.h
index 60fb9973fef781a625198a828556bd2209a977f9..2e35c1cf74b0ec9b582e7dfc55926293d195b628 100644 (file)
--- a/tools/snort2lua/conversion_state.h
+++ b/tools/snort2lua/conversion_state.h
@@ -20,6 +20,7 @@
 #ifndef CONVERSION_STATE_H
 #define CONVERSION_STATE_H
 
+#include <map>
 #include <sstream>
 
 #include "helpers/converter.h"
@@ -182,6 +183,49 @@ protected:
         return false;
     }
 
+    // parse and add a curly bracketed list to the table
+    inline bool parse_curly_bracket_precedence_list(const std::string& list_name,
+            std::istringstream& stream, int max)
+    {
+        std::string elem, tmp;
+        bool retval = true;
+        std::map<int, std::string> order;
+        int dig;
+
+        if (!(stream >> elem) || (elem != "{"))
+            return false;
+
+        while (stream >> elem && elem != "}")
+        {
+            if ( elem == "[" || elem == "]")
+                continue;
+
+            if (stream >> dig)
+            {
+                if (dig <= max)
+                {
+                    order.insert(std::pair<int, std::string>(dig, elem));
+                }
+                else
+                { 
+                    table_api.add_comment("Unable to add " + elem +
+                        ". Max precedence value is " + std::to_string(max));
+                }
+            }
+        }
+        for (auto i = order.begin(); i != order.end(); i++)
+        {
+            tmp += " " + i->second;
+        }
+
+        // remove the extra space at the beginning of the string
+        if (!tmp.empty())
+            tmp.erase(tmp.begin());
+
+        table_api.add_option(list_name, tmp);
+        return retval;
+    }
+
     // parse and add a curly bracketed list to the table
     inline bool parse_curly_bracket_list(const std::string& list_name, std::istringstream& stream)
     {

diff --git a/tools/snort2lua/preprocessor_states/pps_http_inspect.cc b/tools/snort2lua/preprocessor_states/pps_http_inspect.cc
index 7d2b58b8bd27a27a595aeafdee218a23aaa6e99d..ac8e2cdaf4fa3eea6448014328941a7347ea5435 100644 (file)
--- a/tools/snort2lua/preprocessor_states/pps_http_inspect.cc
+++ b/tools/snort2lua/preprocessor_states/pps_http_inspect.cc
@@ -95,6 +95,12 @@ bool HttpInspect::convert(std::istringstream& data_stream)
         else if (keyword == "uu_decode_depth")
             parse_deleted_option("uu_decode_depth", data_stream);
 
+        else if (keyword == "normalize_random_nulls_in_text")
+            parse_deleted_option("normalize_random_nulls_in_text", data_stream);
+
+        else if (keyword == "fast_blocking")
+            parse_deleted_option("fast_blocking", data_stream);
+
         else if (keyword == "iis_unicode_map")
         {
             std::string codemap;

diff --git a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc
index 2952d674544cd48620e5f3b3e97e498154a0f3aa..00f02e33a4f806719a7881a7b64adb88c3cc1a70 100644 (file)
--- a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc
+++ b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc
@@ -24,6 +24,8 @@
 #include "helpers/s2l_util.h"
 #include "helpers/util_binder.h"
 
+#define MAX_XFF_HEADER 8
+
 namespace preprocessors
 {
 namespace
@@ -329,7 +331,7 @@ bool HttpInspectServer::convert(std::istringstream& data_stream)
         else if (keyword == "profile")
             parse_deleted_option("profile", data_stream);
         else if ( keyword == "xff_headers" )
-            tmpval = parse_bracketed_unsupported_list("xff_headers", data_stream);
+            tmpval = parse_curly_bracket_precedence_list("xff_headers", data_stream, MAX_XFF_HEADER);
         else
         {
             tmpval = false;