From: Jeff Lucovsky <jeff@lucovsky.org>
Date: Fri, 20 Dec 2019 00:49:21 +0000 (-0500)
Subject: detect/analysis: Warn if required feature missing
X-Git-Tag: suricata-6.0.0-beta1~732
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31e2cff9cb1bfd5e8b5293f7b849d64335bef680;p=thirdparty%2Fsuricata.git

detect/analysis: Warn if required feature missing
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index 1e1b510a7c..a95b6381c9 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -35,6 +35,7 @@
 #include "detect-content.h"
 #include "detect-flow.h"
 #include "detect-tcp-flags.h"
+#include "feature.h"
 #include "util-print.h"
 
 static int rule_warnings_only = 0;
@@ -1017,6 +1018,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
     uint32_t rule_warning = 0;
     uint32_t stream_buf = 0;
     uint32_t packet_buf = 0;
+    uint32_t file_store = 0;
     uint32_t warn_pcre_no_content = 0;
     uint32_t warn_pcre_http_content = 0;
     uint32_t warn_pcre_http = 0;
@@ -1029,6 +1031,7 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
     uint32_t warn_method_serverbody = 0;
     uint32_t warn_pcre_method = 0;
     uint32_t warn_encoding_norm_http_buf = 0;
+    uint32_t warn_file_store_not_present = 0;
     uint32_t warn_offset_depth_pkt_stream = 0;
     uint32_t warn_offset_depth_alproto = 0;
     uint32_t warn_non_alproto_fp_for_alproto_sig = 0;
@@ -1047,6 +1050,9 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
     if (s->flags & SIG_FLAG_REQUIRE_PACKET) {
         packet_buf += 1;
     }
+    if (s->flags & SIG_FLAG_FILESTORE) {
+        file_store += 1;
+    }
     if (s->flags & SIG_FLAG_REQUIRE_STREAM) {
         stream_buf += 1;
     }
@@ -1127,6 +1133,11 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
     } /* for ( ; list_id < DETECT_SM_LIST_MAX; list_id++) */
 
 
+    if (file_store && !RequiresFeature("output::file-store")) {
+        rule_warning += 1;
+        warn_file_store_not_present = 1;
+    }
+
     if (rule_pcre > 0 && rule_content == 0 && rule_content_http == 0) {
         rule_warning += 1;
         warn_pcre_no_content = 1;
@@ -1325,6 +1336,9 @@ void EngineAnalysisRules(const DetectEngineCtx *de_ctx,
         if (warn_both_direction) {
             fprintf(rule_engine_analysis_FD, "    Warning: Rule is inspecting both the request and the response.\n");
         }
+        if (warn_file_store_not_present) {
+            fprintf(rule_engine_analysis_FD, "    Warning: Rule requires file-store but the output file-store is not enabled.\n");
+        }
         if (rule_warning == 0) {
             fprintf(rule_engine_analysis_FD, "    No warnings for this rule.\n");
         }