From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Date: Fri, 5 Aug 2022 18:56:15 +0000 (+0000)
Subject: Pull request #3542: ips_options: remove obfuscate_pii caching in sd_pattern option
X-Git-Tag: 3.1.39.0~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64863657d587e732c2a95abcb7efd395773531b8;p=thirdparty%2Fsnort3.git

Pull request #3542: ips_options: remove obfuscate_pii caching in sd_pattern option

Merge in SNORT/snort3 from ~VHORBATO/snort3:pii_cache to master

Squashed commit of the following:

commit 38ecd019f507df15b9411a265099f81f7dc307b9
Author: Vitalii <vhorbato@cisco.com>
Date:   Wed Aug 3 17:18:27 2022 +0300

    ips_options: remove obfuscate_pii caching in sd_pattern option
---

diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc
index 82a2602b7..cf1789a62 100644
--- a/src/ips_options/ips_sd_pattern.cc
+++ b/src/ips_options/ips_sd_pattern.cc
@@ -77,7 +77,7 @@ struct SdPatternConfig
 
     std::string pii;
     unsigned threshold = 1;
-    bool obfuscate_pii = false;
+    bool can_be_obfuscated = false;
     bool forced_boundary = false;
     int (* validate)(const uint8_t* buf, unsigned long long buflen) = nullptr;
 
@@ -95,7 +95,7 @@ struct SdPatternConfig
     {
         pii.clear();
         threshold = 1;
-        obfuscate_pii = false;
+        can_be_obfuscated = false;
         validate = nullptr;
         db = nullptr;
     }
@@ -229,7 +229,11 @@ static int hs_match(unsigned int /*id*/, unsigned long long from,
 
     ctx->count++;
 
-    if ( ctx->config.obfuscate_pii )
+    IpsPolicy* p = get_ips_policy();
+
+    assert(p);
+
+    if ( p->obfuscate_pii and ctx->config.can_be_obfuscated )
     {
         if ( !ctx->packet->obfuscator )
             ctx->packet->obfuscator = new Obfuscator();
@@ -348,25 +352,23 @@ bool SdPatternModule::set(const char*, Value& v, SnortConfig*)
 
 bool SdPatternModule::end(const char*, int, SnortConfig*)
 {
-    IpsPolicy* p = get_ips_policy();
-
     if (config.pii == "credit_card")
     {
         config.pii = SD_CREDIT_PATTERN_ALL;
         config.validate = SdLuhnAlgorithm;
-        config.obfuscate_pii = p->obfuscate_pii;
+        config.can_be_obfuscated = true;
         config.forced_boundary = true;
     }
     else if (config.pii == "us_social")
     {
         config.pii = SD_SOCIAL_PATTERN;
-        config.obfuscate_pii = p->obfuscate_pii;
+        config.can_be_obfuscated = true;
         config.forced_boundary = true;
     }
     else if (config.pii == "us_social_nodashes")
     {
         config.pii = SD_SOCIAL_NODASHES_PATTERN;
-        config.obfuscate_pii = p->obfuscate_pii;
+        config.can_be_obfuscated = true;
         config.forced_boundary = true;
     }