From: Philippe Antoine <contact@catenacyber.fr>
Date: Thu, 17 Sep 2020 13:22:49 +0000 (+0200)
Subject: signature: checks protocol for file.name keyword
X-Git-Tag: suricata-6.0.0~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=61d0cd139972bd7767c7a0013b756fb7e0e2219c;p=thirdparty%2Fsuricata.git

signature: checks protocol for file.name keyword

By setting the flags as for the filename keyword (not sticky version)
---

diff --git a/src/detect-filename.c b/src/detect-filename.c
index 7e6fd36d4d..d737e5b727 100644
--- a/src/detect-filename.c
+++ b/src/detect-filename.c
@@ -349,6 +349,7 @@ static int DetectFilenameSetupSticky(DetectEngineCtx *de_ctx, Signature *s, cons
 {
     if (DetectBufferSetActiveList(s, g_file_name_buffer_id) < 0)
         return -1;
+    s->file_flags |= (FILE_SIG_NEED_FILE | FILE_SIG_NEED_FILENAME);
     return 0;
 }
 
@@ -571,4 +572,4 @@ void DetectFilenameRegisterTests(void)
     UtRegisterTest("DetectFilenameTestParse02", DetectFilenameTestParse02);
     UtRegisterTest("DetectFilenameTestParse03", DetectFilenameTestParse03);
 }
-#endif /* UNITTESTS */
\ No newline at end of file
+#endif /* UNITTESTS */
diff --git a/src/detect-parse.c b/src/detect-parse.c
index b14a15b2e5..3f33f360e8 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -1857,6 +1857,11 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
                     "support file matching", AppProtoToString(s->alproto));
             SCReturnInt(0);
         }
+        if (s->alproto == ALPROTO_HTTP2 && (s->file_flags & FILE_SIG_NEED_FILENAME)) {
+            SCLogError(SC_ERR_NO_FILES_FOR_PROTOCOL,
+                    "protocol HTTP2 doesn't support file name matching");
+            SCReturnInt(0);
+        }
 
         if (s->alproto == ALPROTO_HTTP) {
             AppLayerHtpNeedFileInspection();