Merge pull request #1403 in SNORT/snort3 from nuke_146 to master

author Russ Combs (rucombs) <rucombs@cisco.com>

Fri, 26 Oct 2018 14:25:09 +0000 (10:25 -0400)

committer Russ Combs (rucombs) <rucombs@cisco.com>

Fri, 26 Oct 2018 14:25:09 +0000 (10:25 -0400)
author Russ Combs (rucombs) <rucombs@cisco.com>
Fri, 26 Oct 2018 14:25:09 +0000 (10:25 -0400)
committer Russ Combs (rucombs) <rucombs@cisco.com>
Fri, 26 Oct 2018 14:25:09 +0000 (10:25 -0400)
diff --git a/tools/snort2lua/data/dt_rule_api.cc b/tools/snort2lua/data/dt_rule_api.cc

index e8bf89967bcc5478f8791f5892078d2953a6e5b9..b0443e6f086e8beca193c2b292be4ecdc6b4d21e 100644 (file)
--- a/tools/snort2lua/data/dt_rule_api.cc
+++ b/tools/snort2lua/data/dt_rule_api.cc
@@ -32,16 +32,17 @@
  std::size_t RuleApi::error_count = 0;
  std::string RuleApi::remark;
  
-std::set<GidSid> RuleApi::address_anomaly_rules = {
-                                            {"116", "403"},
-                                            {"116", "411"},
-                                            {"116", "412"},
-                                            {"129", "9"},
-                                            {"129", "10"},
-                                        };
-
-RuleApi::RuleApi()
-    :   curr_rule(nullptr),
+std::set<GidSid> RuleApi::address_anomaly_rules =
+{
+    {"116", "403"},
+    {"116", "411"},
+    {"116", "412"},
+    {"129", "9"},
+    {"129", "10"},
+};
+
+RuleApi::RuleApi() :
+    curr_rule(nullptr),
      curr_data_bad(false)
  {
      bad_rules = new Comments(start_bad_rules, 0,
@@ -106,9 +107,10 @@ void RuleApi::make_rule_a_comment()
  bool RuleApi::enable_addr_anomaly_detection()
  {
      if (curr_rule != nullptr)
-        return address_anomaly_rules.count({curr_rule->get_option("gid"),
-                                          curr_rule->get_option("sid")}) != 0;
-
+    {
+        return address_anomaly_rules.count(
+            { curr_rule->get_option("gid"), curr_rule->get_option("sid") }) != 0;
+    }
      return false;
  }
  
diff --git a/tools/snort2lua/rule_states/rule_gid_sid.cc b/tools/snort2lua/rule_states/rule_gid_sid.cc

index 66114b4db89711de2ed175daeb9c4640d12a886d..f10abe78b5ccab6b2011c60a632e9349e29ffab9 100644 (file)
--- a/tools/snort2lua/rule_states/rule_gid_sid.cc
+++ b/tools/snort2lua/rule_states/rule_gid_sid.cc
@@ -41,6 +41,9 @@ class Gid : public ConversionState
  public:
      Gid(Converter& c) : ConversionState(c) { }
      bool convert(std::istringstream& data_stream) override;
+
+private:
+    static bool rem_146;
  };
  
  class Sid : public ConversionState
@@ -56,12 +59,24 @@ public:
  // Gid
  //
  
+bool Gid::rem_146 = false;
+
  bool Gid::convert(std::istringstream& data_stream)
  {
      std::string gid = util::get_rule_option_args(data_stream);
-
      const std::string old_http_gid("120");
-    if (gid.compare(old_http_gid) == 0)
+    const std::string file_id = "146";
+
+    if ( gid == file_id )
+    {
+        if ( !rem_146 )
+        {
+            rule_api.add_comment("deleted all gid:" + file_id + " rules");
+            rem_146 = true;
+        }
+        rule_api.make_rule_a_comment();
+    }
+    else if (gid.compare(old_http_gid) == 0)
      {
          const std::string nhi_gid("119");
          gid.assign(nhi_gid);
@@ -75,7 +90,6 @@ bool Gid::convert(std::istringstream& data_stream)
              rule_api.update_option("sid", sid);
          }
      }
-
      rule_api.add_option("gid", gid);
      return set_next_rule_state(data_stream);
  }
author	Russ Combs (rucombs) <rucombs@cisco.com>
	Fri, 26 Oct 2018 14:25:09 +0000 (10:25 -0400)
committer	Russ Combs (rucombs) <rucombs@cisco.com>
	Fri, 26 Oct 2018 14:25:09 +0000 (10:25 -0400)
tools/snort2lua/data/dt_rule_api.cc		patch \| blob \| blame \| history
tools/snort2lua/rule_states/rule_gid_sid.cc		patch \| blob \| blame \| history