From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 27 Jun 2024 11:42:34 +0000 (+0200)
Subject: detect: parse units for integer for every cases
X-Git-Tag: suricata-8.0.0-beta1~1065
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7dfddab9ede45baf17263d491b618c05d5cd96b4;p=thirdparty%2Fsuricata.git

detect: parse units for integer for every cases

Ticket: #6423

Not just equality, but also >3MB should work
For example flow.bytes_toserver>3MB
---

diff --git a/rust/src/detect/uint.rs b/rust/src/detect/uint.rs
index fdfc4c30f8..23438a2759 100644
--- a/rust/src/detect/uint.rs
+++ b/rust/src/detect/uint.rs
@@ -113,13 +113,13 @@ pub fn detect_parse_uint_value_hex<T: DetectIntType>(i: &str) -> IResult<&str, T
 pub fn detect_parse_uint_value<T: DetectIntType>(i: &str) -> IResult<&str, T> {
     let (i, arg1) = alt((
         detect_parse_uint_value_hex,
-        map_opt(digit1, |s: &str| s.parse::<T>().ok()),
+        detect_parse_uint_with_unit,
     ))(i)?;
     Ok((i, arg1))
 }
 
 pub fn detect_parse_uint_with_unit<T: DetectIntType>(i: &str) -> IResult<&str, T> {
-    let (i, arg1) = detect_parse_uint_value::<T>(i)?;
+    let (i, arg1) = map_opt(digit1, |s: &str| s.parse::<T>().ok())(i)?;
     let (i, unit) = opt(detect_parse_uint_unit)(i)?;
     if arg1 >= T::one() {
         if let Some(u) = unit {
@@ -138,7 +138,7 @@ pub fn detect_parse_uint_start_equal<T: DetectIntType>(
 ) -> IResult<&str, DetectUintData<T>> {
     let (i, _) = opt(tag("="))(i)?;
     let (i, _) = opt(is_a(" "))(i)?;
-    let (i, arg1) = detect_parse_uint_with_unit(i)?;
+    let (i, arg1) = detect_parse_uint_value(i)?;
     Ok((
         i,
         DetectUintData {
@@ -578,7 +578,7 @@ mod tests {
 
         assert!(detect_parse_uint::<u8>("2kb").is_err());
 
-        let (_, val) = detect_parse_uint::<u32>("3MB").unwrap();
+        let (_, val) = detect_parse_uint::<u32>("> 3MB").unwrap();
         assert_eq!(val.arg1, 3 * 1024 * 1024);
     }
 }