From: Veera Reddy Evuri (vevuri) <vevuri@cisco.com>
Date: Wed, 12 Nov 2025 16:57:03 +0000 (+0000)
Subject: Pull request #4859: file_api: copy cacheable property to new context from cached... 
X-Git-Tag: 3.10.0.0~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=924d1ad55446e81b8f2aa570bac5fc87a9aad6d3;p=thirdparty%2Fsnort3.git

Pull request #4859: file_api: copy cacheable property to new context from cached context and use filecontext from cache, only if the entry is marked as cacheable

Merge in SNORT/snort3 from ~VEVURI/snort3:dlp-verdict-cache-txns to master

Squashed commit of the following:

commit 00181875a2fbe3e67d92cbd137fe93919b437f46
Author: Veera Reddy Evuri <vevuri@cisco.com>
Date:   Sun Nov 2 22:49:21 2025 -0800

    file_api: copy cacheable property to new context from cached context and use filecontext from cache, only if the entry is marked as cacheable
---

diff --git a/src/file_api/file_cache.cc b/src/file_api/file_cache.cc
index b39b80c8a..2f70c0b4c 100644
--- a/src/file_api/file_cache.cc
+++ b/src/file_api/file_cache.cc
@@ -351,7 +351,7 @@ void FileCache::publish_file_cache_event(Flow* flow, FileInfo* file, int64_t tim
     }
 }
 
-int FileCache::store_verdict(Flow* flow, FileInfo* file, int64_t timeout, bool &cache_full)
+int FileCache::store_verdict(Flow* flow, FileInfo* file, int64_t timeout, bool &cache_full, bool is_cacheable)
 {
     assert(file);
     uint64_t file_id = file->get_file_id();
@@ -370,6 +370,9 @@ int FileCache::store_verdict(Flow* flow, FileInfo* file, int64_t timeout, bool &
         publish_file_cache_event(flow, file, cache_expire);
         *((FileInfo*)(file_got)) = *file;
 
+        if (file != file_got and not is_cacheable)
+            file_got->set_not_cacheable();
+
         if (FILE_VERDICT_PENDING == file->verdict and file != file_got)
         {
             if (file->get_file_data() and !file_got->get_file_data())
@@ -512,7 +515,7 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd
 
             if (resume)
                 policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
-            else if (store_verdict(flow, file_ctx, lookup_timeout, cache_full) != 0)
+            else if (store_verdict(flow, file_ctx, lookup_timeout, cache_full, file_ctx->is_cacheable()) != 0)
             {
                 if (cache_full)
                 {
@@ -547,9 +550,9 @@ bool FileCache::apply_verdict(Packet* p, FileContext* file_ctx, FileVerdict verd
         file_ctx->log_file_event(flow, policy);
         policy->log_file_action(flow, file_ctx, FILE_RESUME_BLOCK);
     }
-    else if (file_ctx->is_cacheable())
+    else if (bool is_cacheable = file_ctx->is_cacheable())
     {
-        if (store_verdict(flow, file_ctx, block_timeout, cache_full) != 0)
+        if (store_verdict(flow, file_ctx, block_timeout, cache_full, is_cacheable) != 0)
         {
             if (PacketTracer::is_active())
             {
diff --git a/src/file_api/file_cache.h b/src/file_api/file_cache.h
index 8c7ed5db1..1903332ba 100644
--- a/src/file_api/file_cache.h
+++ b/src/file_api/file_cache.h
@@ -72,7 +72,7 @@ private:
     snort::FileContext* get_file(snort::Flow*, uint64_t file_id, bool to_create,
         int64_t timeout, bool using_cache_entry, bool &cache_full, int64_t& cache_expire);
     FileVerdict check_verdict(snort::Packet*, snort::FileInfo*, snort::FilePolicyBase*,const uint8_t* current_data, uint32_t current_data_len);
-    int store_verdict(snort::Flow*, snort::FileInfo*, int64_t timeout, bool &cache_full);
+    int store_verdict(snort::Flow*, snort::FileInfo*, int64_t timeout, bool &cache_full, bool is_cacheable);
     void publish_file_cache_event(snort::Flow* flow, snort::FileInfo* file, int64_t timeout);
 
     /* The hash table of expected files */
diff --git a/src/file_api/file_flows.cc b/src/file_api/file_flows.cc
index de855e5bb..b1950de7c 100644
--- a/src/file_api/file_flows.cc
+++ b/src/file_api/file_flows.cc
@@ -459,6 +459,13 @@ bool FileFlows::file_process(Packet* p, const uint8_t* file_data, int data_size,
         PacketTracer::restart_timer();
 
     context = find_main_file_context(position, direction, file_index);
+    FileCache* file_cache = FileService::get_file_cache();
+    if (file_cache)
+    {
+        FileContext *cached_context = file_cache->get_file(flow, file_index, false, false);
+        if (cached_context and not cached_context->is_cacheable())
+            context->set_not_cacheable();
+    }
 
     set_current_file_context(context);
     context->set_weak_file_name((const char*)fname, name_size);
diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 438c99736..1a1cbee55 100644
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -122,7 +122,8 @@ void FileInfo::copy(const FileInfo& other, bool clear_data)
 
     if (other.sha256)
     {
-        sha256 = new uint8_t[SHA256_HASH_SIZE];
+        if (!sha256)
+            sha256 = new uint8_t[SHA256_HASH_SIZE];
         memcpy( (char*)sha256, (const char*)other.sha256, SHA256_HASH_SIZE);
     }