From: Oleg Torubara -X (otorubar - SOFTSERVE INC at Cisco) Date: Thu, 29 Aug 2024 03:53:06 +0000 (+0000) Subject: Pull request #4422: file_api: filename for file processing X-Git-Tag: 3.3.5.0~4 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=55965b833032fa95113a428d2706a838975a73c6;p=thirdparty%2Fsnort3.git Pull request #4422: file_api: filename for file processing Merge in SNORT/snort3 from ~OTORUBAR/snort3:filename_for_file_processing to master Squashed commit of the following: commit c25848c0fca7d9d7f33fece004314ad88a3c8e8d Author: Serhii Vlasiuk Date: Fri Jul 26 15:13:52 2024 -0400 file_api: set file name for file processing --- diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc index ccf4b6415..6cc014b2e 100644 --- a/src/file_api/file_flows.cc +++ b/src/file_api/file_flows.cc @@ -324,7 +324,7 @@ void FileFlows::remove_processed_file_context(uint64_t file_id) */ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_data, int data_size, uint64_t offset, FileDirection dir, uint64_t multi_file_processing_id, - FilePosition position) + FilePosition position, const uint8_t* fname, uint32_t name_size) { int64_t file_depth = FileService::get_max_file_depth(); bool continue_processing; @@ -342,13 +342,13 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da } FileContext* context = get_file_context(file_id, true, is_new_context, multi_file_processing_id); - if (!context) { FILE_DEBUG(file_trace , DEFAULT_TRACE_OPTION_ID, TRACE_CRITICAL_LEVEL, p, "file_process:context missing, returning \n"); return false; } + context->set_file_name((const char*)fname, name_size, false); if (PacketTracer::is_daq_activated()) PacketTracer::restart_timer(); @@ -423,7 +423,7 @@ bool FileFlows::file_process(Packet* p, uint64_t file_id, const uint8_t* file_da * false: ignore this file */ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size, - FilePosition position, bool upload, size_t file_index) + FilePosition position, bool upload, size_t file_index, const uint8_t* fname, uint32_t name_size) { FileContext* context; FileDirection direction = upload ? FILE_UPLOAD : FILE_DOWNLOAD; @@ -448,6 +448,7 @@ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size, context = find_main_file_context(position, direction, file_index); set_current_file_context(context); + context->set_file_name((const char*)fname, name_size, false); context->set_signature_state(gen_signature); bool file_process_ret = context->process(p, file_data, data_size, position, file_policy); diff --git a/src/file_api/file_flows.h b/src/file_api/file_flows.h index 6cd9e3a2c..4978e39d2 100644 --- a/src/file_api/file_flows.h +++ b/src/file_api/file_flows.h @@ -91,12 +91,12 @@ public: // This is used when there is only one file per session bool file_process(Packet* p, const uint8_t* file_data, int data_size, FilePosition, - bool upload, size_t file_index = 0); + bool upload, size_t file_index = 0, const uint8_t* fname = nullptr, uint32_t name_size = 0); // This is used for each file context. Support multiple files per session bool file_process(Packet* p, uint64_t file_id, const uint8_t* file_data, int data_size, uint64_t offset, FileDirection, uint64_t multi_file_processing_id=0, - FilePosition=SNORT_FILE_POSITION_UNKNOWN); + FilePosition=SNORT_FILE_POSITION_UNKNOWN, const uint8_t* fname = nullptr, uint32_t name_size = 0); static unsigned file_flow_data_id; diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc index 6891b346a..ed9d100ab 100644 --- a/src/file_api/file_lib.cc +++ b/src/file_api/file_lib.cc @@ -161,14 +161,13 @@ FileInfo& FileInfo::operator=(const FileInfo& other) /*File properties*/ -void FileInfo::set_file_name(const char* name, uint32_t name_size) +void FileInfo::set_file_name(const char* name, uint32_t name_size, bool fn_set) { if (name and name_size) - { file_name.assign(name, name_size); - } - file_name_set = true; + if (fn_set) + file_name_set = fn_set; } void FileInfo::set_url(const char* url_name, uint32_t url_size) diff --git a/src/file_api/file_lib.h b/src/file_api/file_lib.h index bd0776b7c..c9ea2bf47 100644 --- a/src/file_api/file_lib.h +++ b/src/file_api/file_lib.h @@ -55,7 +55,7 @@ public: FileInfo& operator=(const FileInfo& other); uint32_t get_file_type() const; void set_file_type(uint64_t index); - void set_file_name(const char* file_name, uint32_t name_size); + void set_file_name(const char* file_name, uint32_t name_size, bool fn_set = true); void set_url(const char* url, uint32_t url_size); std::string& get_file_name(); std::string& get_url(); diff --git a/src/mime/file_mime_process.cc b/src/mime/file_mime_process.cc index 8e6d48d58..7ae4ebf58 100644 --- a/src/mime/file_mime_process.cc +++ b/src/mime/file_mime_process.cc @@ -913,12 +913,14 @@ void MimeSession::mime_file_process(Packet* p, const uint8_t* data, int data_siz { const FileDirection dir = upload ? FILE_UPLOAD : FILE_DOWNLOAD; continue_inspecting_file = file_flows->file_process(p, get_file_cache_file_id(), data, - data_size, file_offset, dir, get_multiprocessing_file_id(), position); + data_size, file_offset, dir, get_multiprocessing_file_id(), position, (const uint8_t*)filename.c_str(), + filename.length()); } else { continue_inspecting_file = file_flows->file_process(p, data, data_size, position, - upload); + upload, 0, (const uint8_t*)filename.c_str(), + filename.length()); } file_offset += data_size; if (continue_inspecting_file and (isFileStart(position)) && log_state) diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc index d4e90712b..6628e867b 100644 --- a/src/service_inspectors/http_inspect/http_msg_body.cc +++ b/src/service_inspectors/http_inspect/http_msg_body.cc @@ -26,6 +26,7 @@ #include "decompress/file_olefile.h" #include "file_api/file_flows.h" #include "file_api/file_service.h" +#include "hash/hash_key_operations.h" #include "helpers/buffer_data.h" #include "js_norm/js_enum.h" #include "pub_sub/http_request_body_event.h" @@ -688,11 +689,19 @@ void HttpMsgBody::do_file_processing(const Field& file_data) const FileDirection dir = source_id == SRC_SERVER ? FILE_DOWNLOAD : FILE_UPLOAD; - const uint64_t file_index = get_header(source_id)->get_file_cache_index(); + uint64_t file_index = get_header(source_id)->get_file_cache_index(); + + const uint8_t* filename_buffer = nullptr; + uint32_t filename_length = 0; + const uint8_t* uri_buffer = nullptr; + uint32_t uri_length = 0; + if (request != nullptr) + get_file_info(dir, filename_buffer, filename_length, uri_buffer, uri_length); bool continue_processing_file = file_flows->file_process(p, file_index, file_data.start(), fp_length, session_data->file_octets[source_id], dir, - get_header(source_id)->get_multi_file_processing_id(), file_position); + get_header(source_id)->get_multi_file_processing_id(), file_position, + filename_buffer, filename_length); if (continue_processing_file) { session_data->file_depth_remaining[source_id] -= fp_length; @@ -702,12 +711,6 @@ void HttpMsgBody::do_file_processing(const Field& file_data) { if (request != nullptr) { - const uint8_t* filename_buffer; - const uint8_t* uri_buffer; - uint32_t filename_length; - uint32_t uri_length; - get_file_info(dir, filename_buffer, filename_length, uri_buffer, uri_length); - continue_processing_file = file_flows->set_file_name(filename_buffer, filename_length, 0, get_header(source_id)->get_multi_file_processing_id(), uri_buffer,