Pull request #4397: Snort ML: fix verbose mode output for unlimited options

author Yurii Chalov -X (ychalov - SOFTSERVE INC at Cisco) <ychalov@cisco.com>

Fri, 26 Jul 2024 12:26:18 +0000 (12:26 +0000)

committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>

Fri, 26 Jul 2024 12:26:18 +0000 (12:26 +0000)
author Yurii Chalov -X (ychalov - SOFTSERVE INC at Cisco) <ychalov@cisco.com>
Fri, 26 Jul 2024 12:26:18 +0000 (12:26 +0000)
committer Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Fri, 26 Jul 2024 12:26:18 +0000 (12:26 +0000)
diff --git a/src/network_inspectors/kaizen/kaizen_inspector.cc b/src/network_inspectors/kaizen/kaizen_inspector.cc

index 10744ba6087793cdd0baa22418e6cc7dc46c36da..a128374b9ee16dec91b1e28ba88a0546f44f7dad 100644 (file)
--- a/src/network_inspectors/kaizen/kaizen_inspector.cc
+++ b/src/network_inspectors/kaizen/kaizen_inspector.cc
@@ -73,26 +73,25 @@ void HttpBodyHandler::handle(DataEvent& de, Flow*)
          return;
  
      int32_t body_len = 0;
-
      const char* body = (const char*)he->get_client_body(body_len);
  
-    body_len = std::min(config.client_body_depth, body_len);
-
      if (!body || body_len <= 0)
          return;
  
+    const size_t len = std::min((size_t)config.client_body_depth, (size_t)body_len);
+
      assert(classifier);
  
      float output = 0.0;
  
      kaizen_stats.libml_calls++;
  
-    if (!classifier->run(body, (size_t)body_len, output))
+    if (!classifier->run(body, len, output))
          return;
  
-    kaizen_stats.client_body_bytes += body_len;
+    kaizen_stats.client_body_bytes += len;
  
-    debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (body): %.*s\n", body_len, body);
+    debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (body): %.*s\n", (int)len, body);
      debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "output: %f\n", static_cast<double>(output));
  
      if ((double)output > config.http_param_threshold)
@@ -131,23 +130,23 @@ void HttpUriHandler::handle(DataEvent& de, Flow*)
      int32_t query_len = 0;
      const char* query = (const char*)he->get_uri_query(query_len);
  
-    query_len = std::min(config.uri_depth, query_len);
-
      if (!query || query_len <= 0)
          return;
  
+    const size_t len = std::min((size_t)config.uri_depth, (size_t)query_len);
+
      assert(classifier);
  
      float output = 0.0;
  
      kaizen_stats.libml_calls++;
  
-    if (!classifier->run(query, (size_t)query_len, output))
+    if (!classifier->run(query, (size_t)len, output))
          return;
  
-    kaizen_stats.uri_bytes += query_len;
+    kaizen_stats.uri_bytes += len;
  
-    debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (query): %.*s\n", query_len, query);
+    debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (query): %.*s\n", (int)len, query);
      debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "output: %f\n", static_cast<double>(output));
  
      if ((double)output > config.http_param_threshold)
@@ -164,17 +163,17 @@ void HttpUriHandler::handle(DataEvent& de, Flow*)
  
  void Kaizen::show(const SnortConfig*) const
  {
-    ConfigLogger::log_value("uri_depth", config.uri_depth);
-    ConfigLogger::log_value("client_body_depth", config.client_body_depth);
+    ConfigLogger::log_limit("uri_depth", config.uri_depth, -1);
+    ConfigLogger::log_limit("client_body_depth", config.client_body_depth, -1);
      ConfigLogger::log_value("http_param_threshold", config.http_param_threshold);
  }
  
  bool Kaizen::configure(SnortConfig* sc)
  {
-    if (config.uri_depth > 0)
+    if (config.uri_depth != 0)
          DataBus::subscribe(http_pub_key, HttpEventIds::REQUEST_HEADER, new HttpUriHandler(*this));
  
-    if (config.client_body_depth > 0)
+    if (config.client_body_depth != 0)
          DataBus::subscribe(http_pub_key, HttpEventIds::REQUEST_BODY, new HttpBodyHandler(*this));
  
      if(!InspectorManager::get_inspector(KZ_ENGINE_NAME, true, sc))
diff --git a/src/network_inspectors/kaizen/kaizen_module.cc b/src/network_inspectors/kaizen/kaizen_module.cc

index 3baec15ef5b6457f68c01a96804c8c48a185c9ce..554b8ed41fd49f5a8061eae27b00e0eed4ff6a6e 100644 (file)
--- a/src/network_inspectors/kaizen/kaizen_module.cc
+++ b/src/network_inspectors/kaizen/kaizen_module.cc
@@ -82,17 +82,9 @@ bool KaizenModule::set(const char*, Value& v, SnortConfig*)
          "Field::length maximum value should not exceed client_body_depth type range");
  
      if (v.is("uri_depth"))
-    {
          conf.uri_depth = v.get_int32();
-        if (conf.uri_depth == -1)
-            conf.uri_depth = INT32_MAX;
-    }
      else if (v.is("client_body_depth"))
-    {
          conf.client_body_depth = v.get_int32();
-        if (conf.client_body_depth == -1)
-            conf.client_body_depth = INT32_MAX;
-    }
      else if (v.is("http_param_threshold"))
          conf.http_param_threshold = v.get_real();
author	Yurii Chalov -X (ychalov - SOFTSERVE INC at Cisco) <ychalov@cisco.com>
	Fri, 26 Jul 2024 12:26:18 +0000 (12:26 +0000)
committer	Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
	Fri, 26 Jul 2024 12:26:18 +0000 (12:26 +0000)
src/network_inspectors/kaizen/kaizen_inspector.cc		patch \| blob \| blame \| history
src/network_inspectors/kaizen/kaizen_module.cc		patch \| blob \| blame \| history