From: Oleksii Shumeiko -X (oshumeik - SOFTSERVE INC at Cisco) <oshumeik@cisco.com>
Date: Tue, 1 Nov 2022 17:53:14 +0000 (+0000)
Subject: Pull request #3638: main: add dependencies versions table to lua sandbox
X-Git-Tag: 3.1.47.0~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=90784c94fbb84b46d69cfffff57c829268c2ff77;p=thirdparty%2Fsnort3.git

Pull request #3638: main: add dependencies versions table to lua sandbox

Merge in SNORT/snort3 from ~ASERBENI/snort3:lua_ext_dep_table to master

Squashed commit of the following:

commit f888a1732033745fbb977d5c9be844afd9b527a6
Author: Andrii Serbeniuk <aserbeni@cisco.com>
Date:   Mon Oct 24 12:49:16 2022 +0300

    main: add variables to lua environment

    Added SNORT_DEP_VERSIONS table with snort devendencies versions.
    Added SNORT_BUILD variable with snort build number.
---

diff --git a/doc/user/overview.txt b/doc/user/overview.txt
index 4c27beadf..701c4c1cf 100644
--- a/doc/user/overview.txt
+++ b/doc/user/overview.txt
@@ -264,6 +264,18 @@ number.
 
     SNORT_PATCH_VERSION = 2
 
+* SNORT_DEP_VERSIONS: Snort dependencies version numbers table.
+If snort wasn't built with some dependency, its value will be nil.
+
+    SNORT_DEP_VERSIONS.DAQ = 3.0.7
+    SNORT_DEP_VERSIONS.LUAJIT = 2.1.0
+    SNORT_DEP_VERSIONS.OPENSSL = 3.0.5
+    SNORT_DEP_VERSIONS.LIBPCAP = 1.9.1
+    SNORT_DEP_VERSIONS.PCRE = 8.45
+    SNORT_DEP_VERSIONS.ZLIB = 1.2.11
+    SNORT_DEP_VERSIONS.HYPERSCAN = 5.4.8
+    SNORT_DEP_VERSIONS.LZMA = 5.0.5
+
 ==== Whitelist
 
 When Snort is run with the --warn-conf-strict option, warnings will be
diff --git a/src/main/bootstrap.lua b/src/main/bootstrap.lua
index ed3a5a00b..3472ec68c 100644
--- a/src/main/bootstrap.lua
+++ b/src/main/bootstrap.lua
@@ -150,12 +150,14 @@ function create_sandbox_env()
         snort_whitelist_add_prefix = snort_whitelist_add_prefix,
         snort_whitelist_append = snort_whitelist_append,
         SNORT_VERSION = SNORT_VERSION,
+        SNORT_BUILD = SNORT_BUILD,
         SNORT_MAJOR_VERSION = SNORT_MAJOR_VERSION,
         SNORT_MINOR_VERSION = SNORT_MINOR_VERSION,
         SNORT_PATCH_VERSION = SNORT_PATCH_VERSION,
         SNORT_SUBLEVEL_VERSION = SNORT_SUBLEVEL_VERSION,
         get_module_version = get_module_version,
         tweaks = tweaks,
+        SNORT_DEP_VERSIONS = SNORT_DEP_VERSIONS
     }
 
     for k, v in pairs(export_to_sandbox) do
diff --git a/src/main/shell.cc b/src/main/shell.cc
index 5d56c5625..4d38ca1ed 100644
--- a/src/main/shell.cc
+++ b/src/main/shell.cc
@@ -27,7 +27,24 @@
 
 #include <cassert>
 #include <fstream>
+#include <openssl/crypto.h>
+#include <pcap.h>
+#include <pcre.h>
 #include <stdexcept>
+#include <vector>
+#include <zlib.h>
+
+#ifdef HAVE_HYPERSCAN
+#include <hs_compile.h>
+#endif
+
+#ifdef HAVE_LZMA
+#include <lzma.h>
+#endif
+
+extern "C" {
+#include <daq.h>
+}
 
 #include "dump_config/config_output.h"
 #include "log/messages.h"
@@ -50,6 +67,9 @@ using namespace std;
 //-------------------------------------------------------------------------
 
 static const char* versions[] = {
+#ifdef BUILD
+    "SNORT_BUILD",
+#endif
     "SNORT_VERSION",
     "SNORT_MAJOR_VERSION",
     "SNORT_MINOR_VERSION",
@@ -58,19 +78,43 @@ static const char* versions[] = {
     nullptr
 };
 
+static const char* dep_versions[] = {
+    "SNORT_DEP_VERSIONS",
+    "DAQ",
+    "LUAJIT",
+    "OPENSSL",
+    "LIBPCAP",
+    "PCRE",
+    "ZLIB",
+#ifdef HAVE_HYPERSCAN
+    "HYPERSCAN",
+#endif
+#ifdef HAVE_LZMA
+    "LZMA",
+#endif
+    nullptr
+};
+
 static void install_version_strings(lua_State* L)
 {
     assert(versions[0]);
 
+    const char** var_name = versions;
+
 #ifdef BUILD
-    lua_pushstring(L, VERSION "-" BUILD);
+    const char* build = BUILD;
+    lua_pushstring(L, build);
+    lua_setglobal(L, *var_name);
+    ++var_name;
+    lua_pushstring(L, (std::string(VERSION "-") + build).c_str());
 #else
     lua_pushstring(L, VERSION);
 #endif
-    lua_setglobal(L, versions[0]);
+    lua_setglobal(L, *var_name);
+    ++var_name;
 
     std::istringstream vs(VERSION);
-    for ( int i = 1 ; versions[i] ; i++ )
+    while (*var_name)
     {
         std::string tmp;
         int num = 0;
@@ -80,10 +124,51 @@ static void install_version_strings(lua_State* L)
             num = stoi(tmp);
 
         lua_pushinteger(L, num);
-        lua_setglobal(L, versions[i]);
+        lua_setglobal(L, *var_name);
+        ++var_name;
     }
 }
 
+static void install_dependencies_strings(Shell* sh, lua_State* L)
+{
+    assert(dep_versions[0]);
+
+    std::vector<const char*> vs;
+    const char* ljv = LUAJIT_VERSION;
+    const char* osv = OpenSSL_version(SSLEAY_VERSION);
+    const char* lpv = pcap_lib_version();
+
+    while (*ljv and !isdigit(*ljv))
+        ++ljv;
+    while (*osv and !isdigit(*osv))
+        ++osv;
+    while (*lpv and !isdigit(*lpv))
+        ++lpv;
+
+    vs.push_back(daq_version_string());
+    vs.push_back(ljv);
+    vs.push_back(osv);
+    vs.push_back(lpv);
+    vs.push_back(pcre_version());
+    vs.push_back(zlib_version);
+#ifdef HAVE_HYPERSCAN
+    vs.push_back(hs_version());
+#endif
+#ifdef HAVE_LZMA
+    vs.push_back(lzma_version_string());
+#endif
+
+    lua_createtable(L, 0, vs.size());
+    for (int i = 0; dep_versions[i + 1];)
+    {
+        lua_pushstring(L, vs[i]);
+        lua_setfield(L, -2, dep_versions[++i]);
+    }
+    lua_setglobal(L, dep_versions[0]);
+
+    sh->allowlist_append(dep_versions[0], false);
+}
+
 string Shell::fatal;
 std::stack<Shell*> Shell::current_shells;
 ConfigOutput* Shell::s_config_output = nullptr;
@@ -443,6 +528,7 @@ Shell::Shell(const char* s, bool load_defaults) :
     loaded = false;
     load_string(lua_bootstrap, false, "bootstrap");
     install_version_strings(lua);
+    install_dependencies_strings(this, lua);
     Shell** shell_ud = static_cast<Shell**>(lua_newuserdata(lua, sizeof(Shell*)));
     *(shell_ud) = this;
     lua_setglobal(lua, lua_shell_id);