From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 16 Nov 2023 08:49:58 +0000 (+0100)
Subject: output/ftp: have ftp properties in alerts
X-Git-Tag: suricata-8.0.0-beta1~2045
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3b1b163ee6b0a4c382af761be90c0d53f0654402;p=thirdparty%2Fsuricata.git

output/ftp: have ftp properties in alerts

Ticket: 6500
---

diff --git a/src/output-json-ftp.c b/src/output-json-ftp.c
index 9fb8b8c622..34422f72f4 100644
--- a/src/output-json-ftp.c
+++ b/src/output-json-ftp.c
@@ -46,15 +46,16 @@
 #include "app-layer-ftp.h"
 #include "output-json-ftp.h"
 
-static void EveFTPLogCommand(FTPTransaction *tx, JsonBuilder *jb)
+bool EveFTPLogCommand(void *vtx, JsonBuilder *jb)
 {
+    FTPTransaction *tx = vtx;
     /* Preallocate array objects to simplify failure case */
     JsonBuilder *js_resplist = NULL;
     if (!TAILQ_EMPTY(&tx->response_list)) {
         js_resplist = jb_new_array();
 
         if (unlikely(js_resplist == NULL)) {
-            return;
+            return false;
         }
     }
     jb_open_object(jb, "ftp");
@@ -151,6 +152,7 @@ static void EveFTPLogCommand(FTPTransaction *tx, JsonBuilder *jb)
         JB_SET_FALSE(jb, "reply_truncated");
     }
     jb_close(jb);
+    return true;
 }
 
 
@@ -166,7 +168,6 @@ static int JsonFTPLogger(ThreadVars *tv, void *thread_data,
     } else {
         event_type = "ftp";
     }
-    FTPTransaction *tx = vtx;
 
     JsonBuilder *jb =
             CreateEveHeaderWithTxId(p, LOG_DIR_FLOW, event_type, NULL, tx_id, thread->ctx);
@@ -176,7 +177,7 @@ static int JsonFTPLogger(ThreadVars *tv, void *thread_data,
                 goto fail;
             }
         } else {
-            EveFTPLogCommand(tx, jb);
+            EveFTPLogCommand(vtx, jb);
         }
 
         OutputJsonBuilderBuffer(jb, thread);
diff --git a/src/output-json-ftp.h b/src/output-json-ftp.h
index acba5539e1..704defd958 100644
--- a/src/output-json-ftp.h
+++ b/src/output-json-ftp.h
@@ -25,5 +25,6 @@
 #define __OUTPUT_JSON_FTP_H__
 
 void JsonFTPLogRegister(void);
+bool EveFTPLogCommand(void *vtx, JsonBuilder *js);
 
 #endif /* __OUTPUT_JSON_FTP_H__ */
diff --git a/src/output.c b/src/output.c
index 031831966e..d57622ff39 100644
--- a/src/output.c
+++ b/src/output.c
@@ -1132,8 +1132,8 @@ void OutputRegisterLoggers(void)
 static EveJsonSimpleAppLayerLogger simple_json_applayer_loggers[ALPROTO_MAX] = {
     { ALPROTO_UNKNOWN, NULL },
     { ALPROTO_HTTP1, NULL }, // special: uses some options flags
-    { ALPROTO_FTP, NULL },   // TODO missing
-    { ALPROTO_SMTP, NULL },  // special: uses state
+    { ALPROTO_FTP, EveFTPLogCommand },
+    { ALPROTO_SMTP, NULL }, // special: uses state
     { ALPROTO_TLS, JsonTlsLogJSONExtended },
     { ALPROTO_SSH, rs_ssh_log_json },
     { ALPROTO_IMAP, NULL },   // protocol detection only