From: Tom Peters (thopeter) <thopeter@cisco.com>
Date: Tue, 14 May 2019 16:34:32 +0000 (-0400)
Subject: Merge pull request #1601 in SNORT/snort3 from ~MIREDDEN/snort3:remove_sticky_buffer_d... 
X-Git-Tag: 3.0.0-256~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91d81bb4c4c40d3429ba90bd719df0cbbaef257a;p=thirdparty%2Fsnort3.git

Merge pull request #1601 in SNORT/snort3 from ~MIREDDEN/snort3:remove_sticky_buffer_duplicates to master

Squashed commit of the following:

commit 3d998ed0f4e1faab5372d33decc333d666b6fa57
Author: Mike Redden <miredden@cisco.com>
Date:   Wed May 8 14:27:34 2019 -0400

    snort2lua: Remove sticky buffer duplicates
---

diff --git a/tools/snort2lua/data/data_types/dt_rule.cc b/tools/snort2lua/data/data_types/dt_rule.cc
index 4ca57d101..0e6af65a6 100644
--- a/tools/snort2lua/data/data_types/dt_rule.cc
+++ b/tools/snort2lua/data/data_types/dt_rule.cc
@@ -116,27 +116,20 @@ void Rule::add_suboption(const std::string& keyword, const std::string& val)
 
 void Rule::set_curr_options_buffer(const std::string& new_buffer, bool add_option)
 {
-    if (new_buffer == "pkt_data")
+    /* set the buffer if
+     * 1) No buffer has been set and this is not the default "pkt_data" buffer
+     * 2) The sticky buffer is set and is not equal to the new buffer
+     */
+    if ( (sticky_buffer.empty() && new_buffer != "pkt_data") ||
+        (!sticky_buffer.empty() && sticky_buffer != new_buffer) )
     {
-        if (sticky_buffer.empty())
-        {
-            sticky_buffer = "pkt_data";
-            return;
-        }
-
-        if (sticky_buffer == "pkt_data")
-        {
-            return;
-        }
+        RuleOption* new_opt = new RuleOption(new_buffer);
+        if ( add_option )
+            options.push_back(new_opt);
+        else
+            options.insert(options.end() - 1, new_opt);
+        sticky_buffer = new_buffer;
     }
-
-    RuleOption* new_opt = new RuleOption(new_buffer);
-    if ( add_option )
-        options.push_back(new_opt);
-    else
-        options.insert(options.end() - 1, new_opt);
-
-    sticky_buffer = new_buffer;
 }
 
 std::ostream& operator<<(std::ostream& out, const Rule& rule)
@@ -192,24 +185,20 @@ void Rule::resolve_pcre_buffer_options()
     const bool no_service_http = (service.find("http") == std::string::npos);
     std::string new_buffer;
     std::vector<RuleOption*>::iterator iter = options.begin();
-    std::vector<RuleOption*>::iterator next_opt_iter;
 
     while (iter != options.end())
     {
         std::string name = (*iter)->get_name();
 
         if (name == "pcre_P_option_body" ||
-            name == "pcre_P_option_body_rel" ||
-            name == "pcre_H_option_header" ||
-            name == "pcre_H_option_header_rel")
+            name == "pcre_H_option_header")
         {
             delete(*iter);
             iter = options.erase(iter);
 
             if (service_sip)
             {
-                if (name == "pcre_P_option_body" ||
-                    name == "pcre_P_option_body_rel")
+                if (name == "pcre_P_option_body")
                 {
                     new_buffer = "sip_body";
                 }
@@ -220,8 +209,7 @@ void Rule::resolve_pcre_buffer_options()
             }
             else
             {
-                if (name == "pcre_P_option_body" ||
-                    name == "pcre_P_option_body_rel")
+                if (name == "pcre_P_option_body")
                 {
                     if (no_service_http)
                     {
@@ -239,11 +227,8 @@ void Rule::resolve_pcre_buffer_options()
                 }
             }
 
-            /* Add sticky buffer option if not equal to current,
-             * or if the pcre option is not relative */
-            if (curr_sticky_buffer != new_buffer ||
-                (name != "pcre_P_option_body_rel" &&
-                name != "pcre_H_option_header_rel"))
+            /* Add sticky buffer option if not equal to current */
+            if (curr_sticky_buffer != new_buffer)
             {
                 curr_sticky_buffer = new_buffer;
                 RuleOption* new_opt = new RuleOption(new_buffer);
@@ -256,14 +241,6 @@ void Rule::resolve_pcre_buffer_options()
             name == "dce_stub_data" ||
             name == "dnp3_data" ||
             name == "modbus_data" ||
-            name == "sip_header" ||
-            name == "sip_body")
-        {
-            curr_sticky_buffer = name;
-            ++iter;
-        }
-        else if (name == "http_header" ||
-            name == "http_client_body" ||
             name == "http_cookie" ||
             name == "http_method" ||
             name == "http_raw_cookie" ||
@@ -273,26 +250,19 @@ void Rule::resolve_pcre_buffer_options()
             name == "http_stat_msg" ||
             name == "http_uri" ||
             name == "raw_data")
+        {
+            curr_sticky_buffer = name;
+            ++iter;
+        }
+        else if (name == "http_header" ||
+            name == "http_client_body" ||
+            name == "sip_header" ||
+            name == "sip_body")
         {
             if (curr_sticky_buffer == name)
             {
-                next_opt_iter = std::next(iter, 1);
-                if (next_opt_iter != options.end())
-                {
-                    if ((*next_opt_iter)->is_relative_content())
-                    {
-                        delete(*iter);
-                        iter = options.erase(iter);
-                    }
-                    else
-                    {
-                        ++iter;
-                    }
-                }
-                else
-                {
-                    ++iter;
-                }
+                delete(*iter);
+                iter = options.erase(iter);
             }
             else
             {
diff --git a/tools/snort2lua/data/data_types/dt_rule_option.cc b/tools/snort2lua/data/data_types/dt_rule_option.cc
index 6be6ad592..7b81941a1 100644
--- a/tools/snort2lua/data/data_types/dt_rule_option.cc
+++ b/tools/snort2lua/data/data_types/dt_rule_option.cc
@@ -51,21 +51,6 @@ bool RuleOption::add_suboption(const std::string& subopt_name,
     return true;
 }
 
-bool RuleOption::is_relative_content()
-{
-    if (get_name() == "content")
-    {
-        for (auto rso : sub_options)
-        {
-            const std::string subopt_name = rso->get_name();
-            if (subopt_name == "within" || subopt_name == "distance")
-                return true;
-        }
-    }
-
-    return false;
-}
-
 std::ostream& operator<<(std::ostream& out, const RuleOption& opt)
 {
     bool first_print = true;
diff --git a/tools/snort2lua/data/data_types/dt_rule_option.h b/tools/snort2lua/data/data_types/dt_rule_option.h
index 6df27f780..1ca5324f5 100644
--- a/tools/snort2lua/data/data_types/dt_rule_option.h
+++ b/tools/snort2lua/data/data_types/dt_rule_option.h
@@ -40,8 +40,6 @@ public:
     bool add_suboption(const std::string& name);
     bool add_suboption(const std::string& name, const std::string& val);
 
-    bool is_relative_content();
-
     // overloading operators
     friend std::ostream& operator<<(std::ostream&, const RuleOption&);
 
diff --git a/tools/snort2lua/data/data_types/dt_rule_suboption.h b/tools/snort2lua/data/data_types/dt_rule_suboption.h
index 1b3bb7fd0..d586e1446 100644
--- a/tools/snort2lua/data/data_types/dt_rule_suboption.h
+++ b/tools/snort2lua/data/data_types/dt_rule_suboption.h
@@ -31,8 +31,6 @@ public:
     RuleSubOption(const std::string& name, const std::string& val);
     virtual ~RuleSubOption() = default;
 
-    inline const std::string& get_name() { return name; }
-
     // overloading operators
     friend std::ostream& operator<<(std::ostream&, const RuleSubOption&);
 
diff --git a/tools/snort2lua/rule_states/rule_pcre.cc b/tools/snort2lua/rule_states/rule_pcre.cc
index 4833ee47a..e7a8137a8 100644
--- a/tools/snort2lua/rule_states/rule_pcre.cc
+++ b/tools/snort2lua/rule_states/rule_pcre.cc
@@ -82,7 +82,6 @@ bool Pcre::convert(std::istringstream& data_stream)
     pattern += pcre_str.substr(0, pattern_end + 1);
     options = pcre_str.substr(pattern_end + 1, std::string::npos);
     new_opts = "";
-    bool relative = false;
 
     for (char c : options )
     {
@@ -109,11 +108,8 @@ bool Pcre::convert(std::istringstream& data_stream)
         case 'E':
         case 'G':
         case 'O':
-        case '"':     // end of reg_ex
-            new_opts += c;
-            break;
         case 'R':
-            relative = true;
+        case '"':     // end of reg_ex
             new_opts += c;
             break;
         default:
@@ -140,14 +136,6 @@ bool Pcre::convert(std::istringstream& data_stream)
 
     rule_api.add_option("pcre", pattern + new_opts);
 
-    if ( relative )
-    {
-        if (buffer == "pcre_P_option_body")
-            buffer = "pcre_P_option_body_rel";
-        else if (buffer == "pcre_H_option_header")
-            buffer = "pcre_H_option_header_rel";
-    }
-
     rule_api.set_curr_options_buffer(buffer);
 
     return set_next_rule_state(data_stream);