From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Tue, 18 Dec 2018 20:59:38 +0000 (-0500)
Subject: Merge pull request #1471 in SNORT/snort3 from ~MIREDDEN/snort3:fix_pcre_option_issues... 
X-Git-Tag: 3.0.0-251~82
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=43a3c0874fe2915dceb1a24e3a84cd34d41df50b;p=thirdparty%2Fsnort3.git

Merge pull request #1471 in SNORT/snort3 from ~MIREDDEN/snort3:fix_pcre_option_issues to master

Squashed commit of the following:

commit d38bac13658a876f43dda17e1164eae506ec3cd0
Author: Mike Redden <miredden@cisco.com>
Date:   Tue Dec 18 08:56:50 2018 -0500

    snort2lua: fix pcre option issues
---

diff --git a/tools/snort2lua/data/data_types/dt_rule.cc b/tools/snort2lua/data/data_types/dt_rule.cc
index 86d72c49b..9c6c28ae6 100644
--- a/tools/snort2lua/data/data_types/dt_rule.cc
+++ b/tools/snort2lua/data/data_types/dt_rule.cc
@@ -179,28 +179,23 @@ std::ostream& operator<<(std::ostream& out, const Rule& rule)
 
 void Rule::resolve_pcre_buffer_options()
 {
-    std::vector<RuleOption*>::iterator iter;
     std::string curr_sticky_buffer = "";
-    bool is_sip = false;
-    std::string name;
     const std::string service = get_option("service");
+    bool service_sip = (service.find("sip") != std::string::npos);
+    bool no_service_http = (service.find("http") == std::string::npos);
     std::string new_buffer;
-
-    if (service == "sip")
-        is_sip = true;
-
-    iter = options.begin();
+    std::vector<RuleOption*>::iterator iter = options.begin();
 
     while (iter != options.end())
     {
-        name = (*iter)->get_name();
+        std::string name = (*iter)->get_name();
 
         if (name == "pcre_P_option_body" || name == "pcre_H_option_header")
         {
             delete(*iter);
             iter = options.erase(iter);
 
-            if (is_sip)
+            if (service_sip)
             {
                 if (name == "pcre_P_option_body")
                 {
@@ -215,10 +210,18 @@ void Rule::resolve_pcre_buffer_options()
             {
                 if (name == "pcre_P_option_body")
                 {
+                    if (no_service_http)
+                    {
+                        add_comment("pcre P option converted to http_client_body by default");
+                    }
                     new_buffer = "http_client_body";
                 }
                 else
                 {
+                    if (no_service_http)
+                    {
+                        add_comment("pcre H option converted to http_header by default");
+                    }
                     new_buffer = "http_header";
                 }
             }
@@ -231,19 +234,24 @@ void Rule::resolve_pcre_buffer_options()
                 ++iter;
             }
         }
-        else if (name == "pkt_data")
-        {
-            curr_sticky_buffer = name;
-            ++iter;
-        }
-        else if (name == "http_uri" ||
-            name == "http_raw_uri" ||
+        else if (name == "pkt_data" ||
+            name == "file_data" ||
+            name == "dce_stub_data" ||
+            name == "dnp3_data" ||
+            name == "modbus_data" ||
             name == "http_cookie" ||
-            name == "http_raw_cookie" ||
             name == "http_method" ||
+            name == "http_raw_cookie" ||
+            name == "http_raw_header" ||
+            name == "http_raw_uri" ||
             name == "http_stat_code" ||
             name == "http_stat_msg" ||
-            name == "http_header" ||
+            name == "http_uri")
+        {
+            curr_sticky_buffer = name;
+            ++iter;
+        }
+        else if (name == "http_header" ||
             name == "http_client_body" ||
             name == "sip_header" ||
             name == "sip_body")