From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Mon, 29 Apr 2019 21:42:31 +0000 (-0400)
Subject: Merge pull request #1588 in SNORT/snort3 from ~RUCOMBS/snort3:includer to master
X-Git-Tag: 3.0.0-255~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6735d74a699ce0e28e575003c460f11c49c17938;p=thirdparty%2Fsnort3.git

Merge pull request #1588 in SNORT/snort3 from ~RUCOMBS/snort3:includer to master

Squashed commit of the following:

commit 62464559e2ebd8b9739db1ea8c10907bc6830aeb
Author: russ <rucombs@cisco.com>
Date:   Sat Apr 27 16:03:45 2019 -0400

    ips: add includer for better relative path support
---

diff --git a/src/main/modules.cc b/src/main/modules.cc
index f2470b874..520f2d557 100755
--- a/src/main/modules.cc
+++ b/src/main/modules.cc
@@ -1228,7 +1228,10 @@ static const Parameter ips_params[] =
       "correlate unified2 events with configuration" },
 
     { "include", Parameter::PT_STRING, nullptr, nullptr,
-      "legacy snort rules and includes" },
+      "snort rules and includes" },
+
+    { "includer", Parameter::PT_STRING, "(optional)", nullptr,
+      "for internal use; where includes are included from" },
 
     // FIXIT-L no default; it breaks initialization by -Q
     { "mode", Parameter::PT_ENUM, "tap | inline | inline-test", nullptr,
@@ -1280,6 +1283,9 @@ bool IpsModule::set(const char*, Value& v, SnortConfig* sc)
     else if ( v.is("include") )
         p->include = v.get_string();
 
+    else if ( v.is("includer") )
+        p->includer = v.get_string();
+
     else if ( v.is("mode") )
         p->policy_mode = (PolicyMode)v.get_uint8();
 
diff --git a/src/main/policy.cc b/src/main/policy.cc
index de627555f..b33f6fcdc 100644
--- a/src/main/policy.cc
+++ b/src/main/policy.cc
@@ -113,7 +113,6 @@ IpsPolicy::IpsPolicy(PolicyId id)
     policy_mode = POLICY_MODE__MAX;
 
     var_table = nullptr;
-    parse_from = get_parse_file();
 
     var_id = 1;
     ip_vartable = sfvt_alloc_table();
diff --git a/src/main/policy.h b/src/main/policy.h
index a652613f4..ba8088674 100644
--- a/src/main/policy.h
+++ b/src/main/policy.h
@@ -150,9 +150,9 @@ public:
     PolicyMode policy_mode = POLICY_MODE__MAX;
     bool enable_builtin_rules;
 
+    std::string includer;
     std::string include;
     std::string rules;
-    std::string parse_from;
 
     uint32_t var_id;
 
diff --git a/src/managers/bootstrap.lua b/src/managers/bootstrap.lua
index 3340e94c2..c01c4b321 100644
--- a/src/managers/bootstrap.lua
+++ b/src/managers/bootstrap.lua
@@ -34,12 +34,6 @@ const char* push_include_path(const char*);
 void pop_include_path();
 ]]
 
-function include(file)
-    local base_name = ffi.C.push_include_path(file)
-    dofile(ffi.string(base_name))
-    ffi.C.pop_include_path()
-end
-
 function snort_traverse(tab, fqn)
     local key, val
 
@@ -66,7 +60,7 @@ function snort_set(fqn, key, val)
     local name
     local idx = 0
     local what = type(val)
-        
+
     if ( not fqn ) then
         name = key
 
@@ -118,3 +112,41 @@ function snort_config(tab)
     end
 end
 
+---------------------------------------------------------------------------
+-- path magic for includes
+---------------------------------------------------------------------------
+
+function path_push(file)
+    if ( _snort_path == nil ) then
+        _snort_path = { }
+    end
+    _snort_path[#_snort_path + 1] = file
+end
+
+function path_pop()
+    if ( _snort_path == nil ) then
+        return
+    end
+    table.remove(_snort_path, #_snort_path)
+end
+
+function path_top()
+    if ( _snort_path == nil ) then
+        return nil
+    end
+    return _snort_path[#_snort_path]
+end
+
+function include(file)
+    local cname = ffi.C.push_include_path(file)
+    local fname = ffi.string(cname);
+    path_push(fname)
+    dofile(fname)
+    local iname = path_top()
+    if ( (ips ~= nil) and (ips.includer == nil) and (iname ~= nil) ) then
+        ips.includer = iname
+    end
+    path_pop()
+    ffi.C.pop_include_path()
+end
+
diff --git a/src/parser/parse_conf.cc b/src/parser/parse_conf.cc
index 3268098bf..6410ba3e1 100644
--- a/src/parser/parse_conf.cc
+++ b/src/parser/parse_conf.cc
@@ -136,9 +136,10 @@ static bool relative_to_parse_dir(const char* file, std::string& path)
     if ( !path.length() )
         path = get_parse_file();
     size_t idx = path.rfind('/');
-    if ( idx == std::string::npos )
-        idx = 0;
-    path.erase(idx);
+    if ( idx != std::string::npos )
+        path.erase(idx);
+    else
+        path = ".";
     return valid_file(file, path);
 }
 
@@ -185,7 +186,7 @@ void parse_include(SnortConfig* sc, const char* arg)
 {
     assert(arg);
     arg = ExpandVars(sc, arg);
-    std::string file;
+    std::string file = get_ips_policy()->includer;
 
     const char* code = get_config_file(arg, file);
 
diff --git a/src/parser/parser.cc b/src/parser/parser.cc
index ace9940f5..a1d3f4d71 100644
--- a/src/parser/parser.cc
+++ b/src/parser/parser.cc
@@ -355,7 +355,7 @@ void ParseRules(SnortConfig* sc)
             ModuleManager::load_rules(sc);
 
         const char* fname = p->include.c_str();
-        std::string file = p->parse_from;
+        std::string file = p->includer;
 
         if ( fname && *fname )
         {