detect/base64: move content inspection logic

author Victor Julien <vjulien@oisf.net>

Sat, 23 Sep 2023 11:01:05 +0000 (13:01 +0200)

committer Victor Julien <victor@inliniac.net>

Thu, 7 Dec 2023 08:56:59 +0000 (09:56 +0100)
author Victor Julien <vjulien@oisf.net>
Sat, 23 Sep 2023 11:01:05 +0000 (13:01 +0200)
committer Victor Julien <victor@inliniac.net>
Thu, 7 Dec 2023 08:56:59 +0000 (09:56 +0100)
diff --git a/src/detect-base64-data.c b/src/detect-base64-data.c

index 09d89113d6751d2d49e5a88815e489567517ffab..770061350a865b7026608bddfcfc863650c3b4f8 100644 (file)
--- a/src/detect-base64-data.c
+++ b/src/detect-base64-data.c
@@ -61,19 +61,6 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
      return 0;
  }
  
-int DetectBase64DataDoMatch(DetectEngineCtx *de_ctx,
-    DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f)
-{
-    if (det_ctx->base64_decoded_len) {
-        return DetectEngineContentInspectionInternal(de_ctx, det_ctx, s,
-                s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], NULL, f, det_ctx->base64_decoded,
-                det_ctx->base64_decoded_len, 0, DETECT_CI_FLAGS_SINGLE,
-                DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
-    }
-
-    return 0;
-}
-
  #ifdef UNITTESTS
  
  static int g_file_data_buffer_id = 0;
diff --git a/src/detect-base64-data.h b/src/detect-base64-data.h

index 38bb93fc06915156b05fd46ae7ab69c30a4b30df..4b7d54d04ebeb703bc2e530c3de9d1ba843e2ef3 100644 (file)
--- a/src/detect-base64-data.h
+++ b/src/detect-base64-data.h
@@ -19,7 +19,5 @@
  #define __DETECT_BASE64_DATA_H__
  
  void DetectBase64DataRegister(void);
-int DetectBase64DataDoMatch(DetectEngineCtx *, DetectEngineThreadCtx *,
-        const Signature *, Flow *);
  
  #endif /* __DETECT_BASE64_DATA_H__ */
diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c

index 09d838378feaeca291e168e952b5eff9c2215a78..19e7fe1096f95c8d7f783c36527745537dabcc42 100644 (file)
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@@ -651,10 +651,16 @@ int DetectEngineContentInspectionInternal(DetectEngineCtx *de_ctx, DetectEngineT
      } else if (smd->type == DETECT_BASE64_DECODE) {
          if (DetectBase64DecodeDoMatch(det_ctx, s, smd, buffer, buffer_len)) {
              if (s->sm_arrays[DETECT_SM_LIST_BASE64_DATA] != NULL) {
-                KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
-                if (DetectBase64DataDoMatch(de_ctx, det_ctx, s, f) == 1) {
-                    /* Base64 is a terminal list. */
-                    goto final_match;
+                if (det_ctx->base64_decoded_len) {
+                    KEYWORD_PROFILING_END(det_ctx, smd->type, 1);
+                    int r = DetectEngineContentInspectionInternal(de_ctx, det_ctx, s,
+                            s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], NULL, f,
+                            det_ctx->base64_decoded, det_ctx->base64_decoded_len, 0,
+                            DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
+                    if (r == 1) {
+                        /* Base64 is a terminal list. */
+                        goto final_match;
+                    }
                  }
              }
          }
author	Victor Julien <vjulien@oisf.net>
	Sat, 23 Sep 2023 11:01:05 +0000 (13:01 +0200)
committer	Victor Julien <victor@inliniac.net>
	Thu, 7 Dec 2023 08:56:59 +0000 (09:56 +0100)
src/detect-base64-data.c		patch \| blob \| blame \| history
src/detect-base64-data.h		patch \| blob \| blame \| history
src/detect-engine-content-inspection.c		patch \| blob \| blame \| history