From: Ron Dempster (rdempste) <rdempste@cisco.com>
Date: Mon, 29 Jul 2024 19:57:59 +0000 (+0000)
Subject: Pull request #4392: flow: clear deferred trust after the flow is trusted to stop... 
X-Git-Tag: 3.3.2.0~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7814d3915bd5c41b1b7249a05f8191816560a6e2;p=thirdparty%2Fsnort3.git

Pull request #4392: flow: clear deferred trust after the flow is trusted to stop repeated trusting

Merge in SNORT/snort3 from ~RDEMPSTE/snort3:insight_active to master

Squashed commit of the following:

commit ad008ef09d827ea88c8ab48a1b3607b633f32b17
Author: Ron Dempster (rdempste) <rdempste@cisco.com>
Date:   Fri Jul 19 16:51:57 2024 -0400

    flow: clear deferred trust after the flow is trusted to stop repeated trusting
---

diff --git a/src/flow/deferred_trust.cc b/src/flow/deferred_trust.cc
index 672e40bf9..5421c4205 100644
--- a/src/flow/deferred_trust.cc
+++ b/src/flow/deferred_trust.cc
@@ -39,8 +39,7 @@ void DeferredTrust::set_deferred_trust(unsigned module_id, bool on)
                 deferred_trust = TRUST_DEFER_ON;
         }
         auto element = deferred_trust_modules.begin();
-        for (; element != deferred_trust_modules.end() && *element != module_id;
-            ++element);
+        for (; element != deferred_trust_modules.end() && *element != module_id; ++element);
         if (element == deferred_trust_modules.end())
             deferred_trust_modules.emplace_front(module_id);
     }
@@ -62,7 +61,10 @@ void DeferredTrust::finalize(Active& active)
     if (active.session_was_blocked())
         clear();
     else if (TRUST_DEFER_DO_TRUST == deferred_trust && active.session_was_allowed())
+    {
         active.set_trust();
+        clear();
+    }
     else if ((TRUST_DEFER_ON == deferred_trust || TRUST_DEFER_DEFERRING == deferred_trust)
         && active.session_was_trusted())
     {
diff --git a/src/flow/test/deferred_trust_test.cc b/src/flow/test/deferred_trust_test.cc
index f95479403..686be07a7 100644
--- a/src/flow/test/deferred_trust_test.cc
+++ b/src/flow/test/deferred_trust_test.cc
@@ -114,15 +114,16 @@ TEST(deferred_trust_test, finalize)
     deferred_trust.set_deferred_trust(1, false);
     CHECK_TEXT(!deferred_trust.is_active(), "Deferred trust should not be active");
     // State should be do trust
-    deferred_trust.finalize(active);
-    CHECK_TEXT(active.session_was_trusted(), "Session was not trusted from do trust");
-
     // Enable with state do trust goes to deferring
-    deferred_trust.set_deferred_trust(1, true);
+    deferred_trust.set_deferred_trust(2, true);
     CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");
     CHECK_TEXT(deferred_trust.is_deferred(), "Deferred trust should be deferring");
+    deferred_trust.set_deferred_trust(2, false);
+    CHECK_TEXT(!deferred_trust.is_active(), "Deferred trust should not be active");
+    // State should be do trust
+    deferred_trust.finalize(active);
+    CHECK_TEXT(active.session_was_trusted(), "Session was not trusted from do trust");
 
-    deferred_trust.clear();
     // Enable
     deferred_trust.set_deferred_trust(1, true);
     CHECK_TEXT(deferred_trust.is_active(), "Deferred trust should be active");