From: Ron Dempster (rdempste) Date: Fri, 21 Jul 2023 13:36:02 +0000 (+0000) Subject: Pull request #3856: main: increase the user policy id range to 0 - 18446744073709551614 X-Git-Tag: 3.1.67.0~9 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9d1d586562bf53a0f997b75a7335151d0e8c200e;p=thirdparty%2Fsnort3.git Pull request #3856: main: increase the user policy id range to 0 - 18446744073709551614 Merge in SNORT/snort3 from ~RDEMPSTE/snort3:user_policy_id to master Squashed commit of the following: commit c80819df62302afaf9035df83bfec62f4d1a14eb Author: Ron Dempster (rdempste) Date: Fri May 19 14:43:53 2023 -0400 main: increase the user policy id range to 0 - 18446744073709551614 --- diff --git a/doc/user/params.txt b/doc/user/params.txt index 7629ef42c..2b9582f7e 100644 --- a/doc/user/params.txt +++ b/doc/user/params.txt @@ -59,4 +59,6 @@ Parameter limits: * max32 = 4294967295 * max53 = 9007199254740992 * maxSZ = 9007199254740992 +* max63 = 9223372036854775807 +* max64 = 18446744073709551615 diff --git a/src/connectors/file_connector/test/file_connector_module_test.cc b/src/connectors/file_connector/test/file_connector_module_test.cc index 6d8cf780b..2968235bf 100644 --- a/src/connectors/file_connector/test/file_connector_module_test.cc +++ b/src/connectors/file_connector/test/file_connector_module_test.cc @@ -80,15 +80,15 @@ TEST(file_connector_module, test) FileConnectorConfig::FileConnectorConfigSet* config_set = module.get_and_clear_config(); - CHECK(config_set != nullptr); + CHECK(nullptr != config_set); - CHECK(config_set->size() == 1); + CHECK(1 == config_set->size()); FileConnectorConfig config = *(config_set->front()); - CHECK(config.name == "rx"); - CHECK(config.connector_name == "rx"); - CHECK(config.direction == Connector::CONN_RECEIVE); - CHECK(config.text_format == false); + CHECK("rx" == config.name); + CHECK("rx" == config.connector_name); + CHECK(Connector::CONN_RECEIVE == config.direction); + CHECK(false == config.text_format); for ( auto conf : *config_set ) delete conf; diff --git a/src/connectors/file_connector/test/file_connector_test.cc b/src/connectors/file_connector/test/file_connector_test.cc index 480e5c2c3..5c6e48d86 100644 --- a/src/connectors/file_connector/test/file_connector_test.cc +++ b/src/connectors/file_connector/test/file_connector_test.cc @@ -63,10 +63,7 @@ FileConnectorModule::FileConnectorModule() : FileConnectorConfig::FileConnectorConfigSet* FileConnectorModule::get_and_clear_config() { - FileConnectorConfig::FileConnectorConfigSet* config_set = - new FileConnectorConfig::FileConnectorConfigSet; - - return config_set; + return new FileConnectorConfig::FileConnectorConfigSet; } FileConnectorModule::~FileConnectorModule() = default; diff --git a/src/connectors/tcp_connector/tcp_connector.cc b/src/connectors/tcp_connector/tcp_connector.cc index 8ded81593..360cbd213 100644 --- a/src/connectors/tcp_connector/tcp_connector.cc +++ b/src/connectors/tcp_connector/tcp_connector.cc @@ -100,12 +100,10 @@ static ReadDataOutcome read_data(int sockfd, uint8_t *data, uint16_t length, ssi static ReadDataOutcome read_message_data(int sockfd, uint16_t length, uint8_t *data) { - ssize_t offset; - ReadDataOutcome rval; - if ( length > 0 ) { - offset = 0; + ReadDataOutcome rval; + ssize_t offset = 0; do { rval = read_data(sockfd, data, length, &offset); diff --git a/src/connectors/tcp_connector/test/tcp_connector_module_test.cc b/src/connectors/tcp_connector/test/tcp_connector_module_test.cc index 03204aeb2..cb4254098 100644 --- a/src/connectors/tcp_connector/test/tcp_connector_module_test.cc +++ b/src/connectors/tcp_connector/test/tcp_connector_module_test.cc @@ -80,20 +80,20 @@ TEST(tcp_connector_module, test_call) TcpConnectorConfig::TcpConnectorConfigSet* config_set = module.get_and_clear_config(); - CHECK(config_set != nullptr); + CHECK(nullptr != config_set); - CHECK(config_set->size() == 1); + CHECK(1 == config_set->size()); TcpConnectorConfig config = *(config_set->front()); - CHECK(config.base_port == 10000); - CHECK(config.address == "127.0.0.1"); - CHECK(config.setup == TcpConnectorConfig::Setup::CALL); - CHECK(config.connector_name == "tcp-c"); - CHECK(config.direction == Connector::CONN_DUPLEX); + CHECK(10000 == config.base_port); + CHECK("127.0.0.1" == config.address); + CHECK(TcpConnectorConfig::Setup::CALL == config.setup); + CHECK("tcp-c" == config.connector_name); + CHECK(Connector::CONN_DUPLEX == config.direction); - CHECK(module.get_pegs() != nullptr ); - CHECK(module.get_counts() != nullptr ); - CHECK(module.get_profile() != nullptr ); + CHECK(nullptr != module.get_pegs()); + CHECK(nullptr != module.get_counts()); + CHECK(nullptr != module.get_profile()); for ( auto conf : *config_set ) delete conf; @@ -117,11 +117,11 @@ TEST(tcp_connector_module, test_answer) TcpConnectorModule module; base_port_val.set(&base_port_param); - CHECK( base_port_param.validate(base_port_val) == true ); + CHECK( true == base_port_param.validate(base_port_val) ); setup_val.set(&setup_param); - CHECK( setup_param.validate(setup_val) == true ); + CHECK( true == setup_param.validate(setup_val) ); connector_val.set(&connector_param); - CHECK( connector_param.validate(connector_val) == true ); + CHECK( true == connector_param.validate(connector_val) ); module.begin("tcp_connector", 0, nullptr); module.begin("tcp_connector", 1, nullptr); @@ -133,15 +133,15 @@ TEST(tcp_connector_module, test_answer) TcpConnectorConfig::TcpConnectorConfigSet* config_set = module.get_and_clear_config(); - CHECK(config_set != nullptr); + CHECK(nullptr != config_set); - CHECK(config_set->size() == 1); + CHECK(1 == config_set->size()); TcpConnectorConfig config = *(config_set->front()); - CHECK(config.base_port == 20000); + CHECK(20000 == config.base_port); // CHECK(config.setup == TcpConnectorConfig::Setup::ANSWER); - CHECK(config.connector_name == "tcp-a"); - CHECK(config.direction == Connector::CONN_DUPLEX); + CHECK("tcp-a" == config.connector_name); + CHECK(Connector::CONN_DUPLEX == config.direction); for ( auto conf : *config_set ) delete conf; diff --git a/src/connectors/tcp_connector/test/tcp_connector_test.cc b/src/connectors/tcp_connector/test/tcp_connector_test.cc index 2f543d0fa..202c8ba2a 100644 --- a/src/connectors/tcp_connector/test/tcp_connector_test.cc +++ b/src/connectors/tcp_connector/test/tcp_connector_test.cc @@ -174,9 +174,7 @@ TcpConnectorModule::TcpConnectorModule() : TcpConnectorConfig::TcpConnectorConfigSet* TcpConnectorModule::get_and_clear_config() { - TcpConnectorConfig::TcpConnectorConfigSet* config_set = new TcpConnectorConfig::TcpConnectorConfigSet; - - return config_set; + return new TcpConnectorConfig::TcpConnectorConfigSet; } TcpConnectorModule::~TcpConnectorModule() = default; diff --git a/src/dump_config/json_config_output.cc b/src/dump_config/json_config_output.cc index e75cdf1df..0e427f4df 100644 --- a/src/dump_config/json_config_output.cc +++ b/src/dump_config/json_config_output.cc @@ -41,7 +41,10 @@ static void dump_value(JsonStream& json, const char* node_name, const BaseConfig json.put_false(node_name); break; case Parameter::PT_INT: - json.put(node_name, value->get_int64()); + if (Value::VT_UNUM == value->get_type()) + json.uput(node_name, value->get_uint64()); + else + json.put(node_name, value->get_int64()); break; case Parameter::PT_REAL: { diff --git a/src/dump_config/text_config_output.cc b/src/dump_config/text_config_output.cc index a6da0c6ae..84ee1c167 100644 --- a/src/dump_config/text_config_output.cc +++ b/src/dump_config/text_config_output.cc @@ -49,7 +49,10 @@ static void dump_value(const BaseConfigNode* node, const std::string& config_nam break; } case Parameter::PT_INT: - std::cout << config_name << "=" << value->get_int64() << std::endl; + if (Value::VT_UNUM == value->get_type()) + std::cout << config_name << "=" << value->get_uint64() << std::endl; + else + std::cout << config_name << "=" << value->get_int64() << std::endl; break; case Parameter::PT_REAL: std::cout << config_name << "=" << value->get_real() << std::endl; diff --git a/src/framework/inspector.h b/src/framework/inspector.h index 41c2bbac4..22320dd1d 100644 --- a/src/framework/inspector.h +++ b/src/framework/inspector.h @@ -164,13 +164,13 @@ public: const char* get_alias_name() const { return alias_name; } - void set_network_policy_user_id(uint32_t user_id) + void set_network_policy_user_id(uint64_t user_id) { network_policy_user_id = user_id; network_policy_user_id_set = true; } - bool get_network_policy_user_id(uint32_t& user_id) const + bool get_network_policy_user_id(uint64_t& user_id) const { user_id = network_policy_user_id; return network_policy_user_id_set; @@ -210,7 +210,7 @@ private: SnortProtocolId snort_protocol_id = 0; // FIXIT-E Use std::string to avoid storing a pointer to external std::string buffers const char* alias_name = nullptr; - uint32_t network_policy_user_id = 0; + uint64_t network_policy_user_id = 0; bool network_policy_user_id_set = false; }; diff --git a/src/framework/parameter.cc b/src/framework/parameter.cc index 576af029e..a415a877b 100644 --- a/src/framework/parameter.cc +++ b/src/framework/parameter.cc @@ -99,8 +99,16 @@ int64_t Parameter::get_int(const char* r) if ( !strncmp(r, "max32", 5) ) return 4294967295; + // Lua represents numbers in a 64-bit double. The max representable value is 9007199254740992 + // and the min is -9007199254740992 if ( !strncmp(r, "max53", 5) ) return 9007199254740992; + + if ( !strncmp(r, "max63", 5) ) + return 9223372036854775807; + + if ( !strncmp(r, "max64", 5) ) + return -1; } char* end = nullptr; int64_t i = (int64_t)strtoll(r, &end, 0); @@ -109,6 +117,35 @@ int64_t Parameter::get_int(const char* r) return i; } +uint64_t Parameter::get_uint(const char* r) +{ + if ( *r == 'm' ) + { + if ( !strncmp(r, "maxSZ", 5) ) + r = (sizeof(size_t) == 4) ? "max32" : "max53"; + + if ( !strncmp(r, "max31", 5) ) + return 2147483647; + + if ( !strncmp(r, "max32", 5) ) + return 4294967295; + + if ( !strncmp(r, "max53", 5) ) + return 9007199254740992; + + if ( !strncmp(r, "max63", 5) ) + return 9223372036854775807; + + if ( !strncmp(r, "max64", 5) ) + return 18446744073709551615ULL; + } + char* end = nullptr; + uint64_t i = (uint64_t)strtoull(r, &end, 0); + assert(!*end or *end == ':'); + + return i; +} + //-------------------------------------------------------------------------- // validation methods //-------------------------------------------------------------------------- @@ -119,42 +156,105 @@ static bool valid_bool(const Value& v, const char*) } // FIXIT-L allow multiple , separated ranges -static bool valid_int(const Value& v, const char* r) +static bool valid_int(Value& v, const char* r) { - if ( v.get_type() != Value::VT_NUM ) - return false; - - if ( v.get_real() != v.get_int64() ) - return false; - - if ( !r ) - return true; - - int64_t d = v.get_int64(); + bool signed_values; + switch (v.get_type()) + { + case Value::VT_STR: + { + const char* str = v.get_string(); + if (!str[0]) + return false; + signed_values = ('-' == str[0]); + if (!r || !r[0]) + { + if (signed_values) + v.set((int64_t)strtoll(str, nullptr, 0)); + else + v.set((uint64_t)strtoull(str, nullptr, 0)); + return true; + } + } + break; + + case Value::VT_REAL: + { + double d = v.get_real(); + signed_values = (0.0 > d); + if (!r || !r[0]) + { + if (signed_values) + v.set((int64_t)d); + else + v.set((uint64_t)d); + return true; + } + } + break; + + default: + return false; + } // require no leading or trailing whitespace // and either # | #: | :# | #:# // where # is a valid pos or neg dec, hex, or octal number const char* t = strchr(r, ':'); - - if ( *r != ':' ) + if (!signed_values) { - int64_t low = Parameter::get_int(r); - - if ( d < low ) - return false; - - if ( !t ) - return d == low; + if ('-' == r[0]) + signed_values = true; + if (t && '-' == t[1]) + signed_values = true; } - if ( t and *++t ) + if (signed_values) { - int64_t hi = Parameter::get_int(t); - - if ( d > hi ) - return false; + int64_t d; + if (Value::VT_STR == v.get_type()) + d = (int64_t)Parameter::get_int(v.get_string()); + else + d = (int64_t)v.get_real(); + v.set(d); + if (':' != *r) + { + int64_t low = Parameter::get_int(r); + if (d < low) + return false; + if (!t) + return d == low; + } + if (t && *++t) + { + int64_t hi = Parameter::get_int(t); + if (d > hi) + return false; + } + } + else + { + uint64_t d; + if (Value::VT_STR == v.get_type()) + d = Parameter::get_uint(v.get_string()); + else + d = (uint64_t)v.get_real(); + v.set(d); + if (':' != *r) + { + uint64_t low = Parameter::get_uint(r); + if (d < low) + return false; + if (!t) + return d == low; + } + if (t && *++t) + { + uint64_t hi = Parameter::get_uint(t); + if (d > hi) + return false; + } } return true; } @@ -174,9 +274,18 @@ static bool valid_interval(const Value&, const char*) { return true; } // FIXIT-L allow multiple , separated ranges -static bool valid_real(const Value& v, const char* r) +static bool valid_real(Value& v, const char* r) { - if ( v.get_type() != Value::VT_NUM ) + if (Value::VT_STR == v.get_type()) + { + const char* str = v.get_string(); + if (!str[0]) + return false; + + double d = strtod(str, nullptr); + v.set(d); + } + else if (Value::VT_REAL != v.get_type()) return false; if ( !r ) @@ -323,7 +432,7 @@ static bool valid_ip4(Value& v, const char*) if ( ip4 == INADDR_NONE ) return false; - v.set((double)ip4); + v.set((uint64_t)ip4); return true; } @@ -567,13 +676,14 @@ int Parameter::index(const char* r, const char* s) TEST_CASE("bool", "[Parameter]") { Value v(true); - CHECK(valid_bool(v, nullptr)); + CHECK(true == valid_bool(v, nullptr)); + CHECK(true == valid_interval(v, nullptr)); } struct { bool expected; - bool (*validate)(const Value&, const char*); + bool (*validate)(Value&, const char*); double value; const char* range; } @@ -598,8 +708,10 @@ num_tests[] = { true, valid_int, -10, "-11:-9" }, { true, valid_int, 10, "9:11" }, { true, valid_int, 10, "0xA:11" }, - - { true, valid_interval, 0, nullptr }, + { true, valid_int, -11, ":-11" }, + { true, valid_int, -30, ":-11" }, + { false, valid_int, -10, ":-11" }, + { false, valid_int, 10, ":-11" }, { true, valid_real, 0.0, nullptr }, { true, valid_real, 0.0, "" }, @@ -637,6 +749,79 @@ TEST_CASE("num", "[Parameter]") } } +struct +{ + bool expected; + bool (*validate)(Value&, const char*); + const char* value; + const char* range; +} +str_num_tests[] = +{ +// __STRDUMP_DISABLE__ + { true, valid_int, "5", "-53:53" }, + { true, valid_int, "-9223372036854775808", "-9223372036854775808:9223372036854775807" }, + { true, valid_int, "0x7fffffffffffffff", "-9223372036854775808:9223372036854775807" }, + { true, valid_int, "9223372036854775806", "-9223372036854775808:9223372036854775807" }, + { true, valid_int, "0", "-9223372036854775808:9223372036854775807" }, + { false, valid_int, "9223372036854775807", "-9223372036854775808:9223372036854775806" }, + { false, valid_int, "-9223372036854775808", "-9223372036854775807:9223372036854775806" }, + { true, valid_int, "0", "0:18446744073709551615" }, + { true, valid_int, "0", "0:18446744073709551614" }, + { true, valid_int, "1024", "0:18446744073709551614" }, + { true, valid_int, "18446744073709551614", "0:18446744073709551614" }, + { false, valid_int, "18446744073709551615", "0:18446744073709551614" }, + { true, valid_int, "18446744073709551615", "18446744073709551615" }, + { true, valid_int, "18446744073709551615", "max64" }, + { true, valid_int, "4294967295", "max32" }, + { false, valid_int, "4294967296", "max32" }, + { true, valid_int, "2147483647", "max31" }, + { false, valid_int, "2147483648", "max31" }, + { true, valid_int, "50", "50:50" }, + { false, valid_int, "51", "50:50" }, + { true, valid_int, "-50", "-50:-50" }, + { false, valid_int, "51", "-50:-50" }, + { false, valid_int, "-51", "-50:-50" }, + { true, valid_int, "-53", ":-53" }, + { true, valid_int, "-54", ":-53" }, + { true, valid_int, "-9223372036854775808", ":-53" }, + { false, valid_int, "-52", ":-53" }, + { false, valid_int, "2", ":-53" }, + + { true, valid_real, "0.0", "0.0" }, + { true, valid_real, "0.0", ":0" }, + + { true, valid_real, "0.1", "0:" }, + { true, valid_real, "0.1", ":0.9" }, + { true, valid_real, "0.1", "-0.9:0.9" }, + { true, valid_real, "0.1", "-0.9:" }, + + { false, valid_real, "1", "0.9" }, + { true, valid_real, "1", "0.9:" }, + { false, valid_real, "1", ":0.9" }, + + { true, valid_real, "-10", "-11.1:-9.9" }, + { true, valid_real, "10", "9.9:11.1" }, + { false, valid_real, "10", "011:11" }, + { true, valid_real, "10", "0xA:11" }, + + { false, nullptr, 0, nullptr } +// __STRDUMP_ENABLE__ +}; + +TEST_CASE("str_num", "[Parameter]") +{ + auto test = str_num_tests; + + while ( test->validate ) + { + Value v(test->value); + bool result = test->validate(v, test->range); + CHECK(result == test->expected); + ++test; + } +} + struct { bool expected; @@ -744,11 +929,24 @@ TEST_CASE("max", "[Parameter]") CHECK(Parameter::get_int("max31") == 2147483647); CHECK(Parameter::get_int("max32") == 4294967295); CHECK(Parameter::get_int("max53") == 9007199254740992); + CHECK(Parameter::get_int("max63") == 9223372036854775807); + CHECK(Parameter::get_int("max64") == -1); if ( sizeof(size_t) == 4 ) CHECK(Parameter::get_int("maxSZ") == 4294967295); else CHECK(Parameter::get_int("maxSZ") == 9007199254740992); + + CHECK(Parameter::get_uint("max31") == 2147483647); + CHECK(Parameter::get_uint("max32") == 4294967295); + CHECK(Parameter::get_uint("max53") == 9007199254740992); + CHECK(Parameter::get_uint("max63") == 9223372036854775807); + CHECK(Parameter::get_uint("max64") == 18446744073709551615ULL); + + if ( sizeof(size_t) == 4 ) + CHECK(Parameter::get_uint("maxSZ") == 4294967295); + else + CHECK(Parameter::get_uint("maxSZ") == 9007199254740992); } #endif diff --git a/src/framework/parameter.h b/src/framework/parameter.h index b63fac731..a06f90aa8 100644 --- a/src/framework/parameter.h +++ b/src/framework/parameter.h @@ -98,8 +98,10 @@ struct SO_PUBLIC Parameter // 0-based; -1 if not found; list is | delimited static int index(const char* list, const char* key); - // convert string to long (including 'maxN' literals) + // convert string to long long (including 'maxN' literals) static int64_t get_int(const char*); + // convert string to unsigned long long (including 'maxN' literals) + static uint64_t get_uint(const char*); }; } #endif diff --git a/src/framework/value.cc b/src/framework/value.cc index 6bbddcbd4..be36de7fd 100644 --- a/src/framework/value.cc +++ b/src/framework/value.cc @@ -42,11 +42,6 @@ void Value::get_mac(uint8_t (&mac)[6]) const memset(mac, 0, sizeof(mac)); } -uint32_t Value::get_ip4() const -{ - return (uint32_t)num; -} - void Value::get_addr(uint8_t (&addr)[16]) const { if ( str.size() <= sizeof(addr) ) @@ -226,20 +221,34 @@ std::string Value::get_as_string() const switch ( type ) { case VT_BOOL: - value_str = num ? "true" : "false"; + value_str = unum ? "true" : "false"; break; case VT_NUM: { stringstream tmp; - tmp << std::fixed; tmp << num; value_str = tmp.str(); + break; + } + case VT_UNUM: + { + stringstream tmp; + tmp << unum; + value_str = tmp.str(); + break; + } + case VT_REAL: + { + stringstream tmp; + tmp << std::fixed; + tmp << real; + value_str = tmp.str(); auto dot_pos = value_str.find('.'); auto pos = value_str.find_last_not_of("0"); if ( pos == dot_pos ) --pos; - value_str = value_str.substr(0, pos + 1); + value_str.resize(pos + 1); break; } default: @@ -256,8 +265,8 @@ std::string Value::get_origin_string() const std::string value; std::string token; - stringstream ss(origin_str); - while ( ss >> token ) + stringstream s(origin_str); + while ( s >> token ) { value += token; value += " "; @@ -322,6 +331,21 @@ void Value::update_mask(uint64_t& mask, uint64_t flag, bool invert) // exercise the APIs to ensure things like length checks are done correctly // and the string value/zero is returned based on the result etc. +TEST_CASE("set double test", "[Value]") +{ + Value test_val((double)123456.89); + CHECK(true == test_val.get_bool()); + CHECK(123456 == test_val.get_size()); + CHECK(-7616 == test_val.get_int16()); + CHECK(0xe240 == test_val.get_uint16()); + CHECK(0x1e240 == test_val.get_int32()); + CHECK(0x1e240 == test_val.get_uint32()); + CHECK(0x1e240 == test_val.get_int64()); + CHECK(0x1e240 == test_val.get_uint64()); + CHECK(123456.89 == test_val.get_real()); + CHECK(0x1e240 == test_val.get_ip4()); +} + TEST_CASE("mac addr negative test", "[Value]") { unsigned int num_chars; @@ -435,9 +459,9 @@ TEST_CASE("token test", "[Value]") test_val.set_first_token(); - CHECK(test_val.get_next_csv_token(test_str)); + CHECK(true == test_val.get_next_csv_token(test_str)); str_val = (const char *)test_str.c_str(); - REQUIRE(str_val != nullptr); + REQUIRE(nullptr != str_val); CHECK((strcmp(str_val,"123456")==0)); } diff --git a/src/framework/value.h b/src/framework/value.h index e23179fa6..4e3c47d81 100644 --- a/src/framework/value.h +++ b/src/framework/value.h @@ -39,7 +39,7 @@ class SO_PUBLIC Value { public: static const unsigned mask_bits = 52; // ieee 754 significand - enum ValueType { VT_BOOL, VT_NUM, VT_STR }; + enum ValueType { VT_BOOL, VT_NUM, VT_UNUM, VT_STR, VT_REAL }; Value(bool b) { set(b); } @@ -47,12 +47,20 @@ public: Value(double d) { set(d); } + Value(int64_t i) + { set(i); } + + Value(uint64_t u) + { set(u); } + Value(const char* s) { set(s); set_origin(s); } Value(const Value& v) : type(v.type), + unum(v.unum), num(v.num), + real(v.real), str(v.str), origin_str(v.origin_str), ss(nullptr), @@ -69,6 +77,8 @@ public: type = v.type; num = v.num; + unum = v.unum; + real = v.real; str = v.str; origin_str = v.origin_str; param = v.param; @@ -83,31 +93,34 @@ public: { delete ss; } void set(bool b) - { type = VT_BOOL; num = b ? 1 : 0; str.clear(); } + { type = VT_BOOL; unum = b ? 1 : 0; } void set(double d) - { type = VT_NUM; num = d; str.clear(); } + { type = VT_REAL; real = d; } + + void set(uint64_t n) + { type = VT_UNUM; unum = n; } - void set(long n) - { set((double)n); } + void set(int64_t n) + { type = VT_NUM; num = n; } void set(const char* s) - { type = VT_STR; str = s; num = 0; } + { type = VT_STR; str = s; } void set_origin(const char* val) { origin_str = val; } void set(const uint8_t* s, unsigned len) - { type = VT_STR; str.assign((const char*)s, len); num = 0; } + { type = VT_STR; str.assign((const char*)s, len); } void set(const Parameter* p) { param = p; } void set_enum(unsigned u) - { type = VT_NUM; num = u; } + { type = VT_UNUM; unum = u; } void set_aux(uint64_t u) - { num = (double)u; } + { type = VT_UNUM; unum = u; } const char* get_name() const { return param ? param->name : nullptr; } @@ -119,34 +132,34 @@ public: { return param ? param->deflt != nullptr : false; } bool get_bool() const - { return num != 0; } + { return 0 != ((VT_REAL == type) ? real : unum); } size_t get_size() const - { return (size_t)num; } + { return (VT_REAL == type) ? (size_t)real : ((VT_UNUM == type) ? (size_t)unum : (size_t)num); } uint8_t get_uint8() const - { return (uint8_t)num; } + { return (VT_REAL == type) ? (uint8_t)real : ((VT_UNUM == type) ? (uint8_t)unum : (uint8_t)num); } int16_t get_int16() const - { return (int16_t)num; } + { return (VT_REAL == type) ? (int16_t)real : ((VT_UNUM == type) ? (int16_t)unum : (int16_t)num); } uint16_t get_uint16() const - { return (uint16_t)num; } + { return (VT_REAL == type) ? (uint16_t)real : ((VT_UNUM == type) ? (uint16_t)unum : (uint16_t)num); } int32_t get_int32() const - { return (int32_t)num; } + { return (VT_REAL == type) ? (int32_t)real : ((VT_UNUM == type) ? (int32_t)unum : (int32_t)num); } uint32_t get_uint32() const - { return (uint32_t)num; } + { return (VT_REAL == type) ? (uint32_t)real : ((VT_UNUM == type) ? (uint32_t)unum : (uint32_t)num); } int64_t get_int64() const - { return (int64_t)num; } + { return (VT_REAL == type) ? (int64_t)real : ((VT_UNUM == type) ? (int64_t)unum : (int64_t)num); } uint64_t get_uint64() const - { return (uint64_t)num; } + { return (VT_REAL == type) ? (uint64_t)real : ((VT_UNUM == type) ? (uint64_t)unum : (uint64_t)num); } double get_real() const - { return num; } + { return real; } const uint8_t* get_buffer(unsigned& n) const { n = (unsigned)str.size(); return (const uint8_t*)str.data(); } @@ -182,11 +195,11 @@ public: bool operator==(const char* s) const { return str == s; } - bool operator==(long n) const - { return (long)num == n; } + bool operator==(uint64_t n) const + { return n == ((VT_UNUM == type) ? unum : (uint64_t)num); } bool operator==(double d) const - { return num == d; } + { return real == d; } void get_bits(PortBitSet&) const; void get_bits(VlanBitSet&) const; @@ -198,7 +211,8 @@ public: void upper() { std::transform(str.begin(), str.end(), str.begin(), ::toupper); } - uint32_t get_ip4() const; + uint32_t get_ip4() const + { return (VT_REAL == type) ? (uint32_t)real : (uint32_t)unum; } void get_mac(uint8_t (&mac)[6]) const; void get_addr(uint8_t (&addr)[16]) const; void get_addr_ip4(uint8_t (&addr)[4]) const; @@ -218,7 +232,9 @@ public: private: ValueType type; - double num; + uint64_t unum = 0; + int64_t num = 0; + double real = 0; std::string str; std::string origin_str; std::stringstream* ss = nullptr; diff --git a/src/helpers/json_stream.cc b/src/helpers/json_stream.cc index a0b26a739..6ee8aee07 100644 --- a/src/helpers/json_stream.cc +++ b/src/helpers/json_stream.cc @@ -98,6 +98,16 @@ void JsonStream::put(const char* key, int64_t val) out << val; } +void JsonStream::uput(const char* key, uint64_t val) +{ + split(); + + if ( key ) + out << std::quoted(key) << ": "; + + out << val; +} + void JsonStream::put(const char* key, const char* val) { if (val and val[0] == '\0') diff --git a/src/helpers/json_stream.h b/src/helpers/json_stream.h index 046cc85aa..8385d001e 100644 --- a/src/helpers/json_stream.h +++ b/src/helpers/json_stream.h @@ -41,6 +41,7 @@ public: void put(const char* key); // null void put(const char* key, int64_t val); + void uput(const char* key, uint64_t val); void put(const char* key, const char* val); void put(const char* key, const std::string& val); void put(const char* key, double val, int precision); diff --git a/src/host_tracker/test/host_tracker_test.cc b/src/host_tracker/test/host_tracker_test.cc index 3998705b6..ca980b09d 100644 --- a/src/host_tracker/test/host_tracker_test.cc +++ b/src/host_tracker/test/host_tracker_test.cc @@ -98,9 +98,9 @@ TEST(host_tracker, add_rediscover_service_payload_test) // Verify we added the services, payload visibility == true for (auto& srv : services) { - CHECK(srv.visibility); + CHECK(true == srv.visibility); for (auto& pld : srv.payloads) - CHECK(pld.second); + CHECK(true == pld.second); } // Delete the service @@ -108,12 +108,14 @@ TEST(host_tracker, add_rediscover_service_payload_test) // Verify that the service (and payloads) are deleted services = ht.get_services(); - for (auto& srv : services) + for (const auto& srv : services) { if (srv.port == 80) - CHECK(srv.visibility == false); - for ( auto& pld : srv.payloads ) - CHECK(pld.second == false); + { + CHECK(false == srv.visibility); + for (const auto& pld : srv.payloads) + CHECK(false == pld.second); + } } // Test rediscovery @@ -124,15 +126,17 @@ TEST(host_tracker, add_rediscover_service_payload_test) ht.add_payload(local_ha, 80, IpProtocol::TCP, 101, 676, 5); services = ht.get_services(); - for (auto& srv : services) + for (const auto& srv : services) { if (srv.port == 80) - CHECK(srv.visibility == true); - for ( auto& pld : srv.payloads ) - CHECK(pld.second); + { + CHECK(true == srv.visibility); + for (const auto& pld : srv.payloads) + CHECK(true == pld.second); + } } - CHECK(services.front().payloads.size() == 2); + CHECK(2 == services.front().payloads.size()); } // Test HostTracker with max payloads and payload reuse @@ -154,40 +158,40 @@ TEST(host_tracker, max_payloads_test) auto services = ht.get_services(); // Verify we added the services, payload visibility == true - CHECK(services.front().payloads.size() == 5); + CHECK(5 == services.front().payloads.size()); for (auto& pld : services.front().payloads) - CHECK(pld.second); + CHECK(true == pld.second); // Delete the service ht.set_service_visibility(80, IpProtocol::TCP, false); // Check all payloads are invisible after service visibility is false services = ht.get_services(); - for (auto& pld : services.front().payloads) - CHECK(pld.second == false); + for (const auto& pld : services.front().payloads) + CHECK(false == pld.second); // Add a payload; we are already at max payloads, so re-use an existing slot ht.add_service(80, IpProtocol::TCP, 676, true); ht.add_payload(local_ha, 80, IpProtocol::TCP, 999, 676, 5); bool found_new = false; services = ht.get_services(); - for (auto& pld : services.front().payloads) + for (const auto& pld : services.front().payloads) { if (pld.first == 999) { - CHECK(pld.second); + CHECK(true == pld.second); found_new = true; } else { - CHECK(pld.second == false); + CHECK(false == pld.second); } } // Check we still have only 5 payloads, and the new payload was added - CHECK(services.front().payloads.size() == 5 and found_new); - CHECK(services.front().num_visible_payloads == 1); + CHECK(5 == services.front().payloads.size() and found_new); + CHECK(1 == services.front().num_visible_payloads); } // Test HostTracker with simple client payload rediscovery @@ -200,37 +204,37 @@ TEST(host_tracker, client_payload_rediscovery_test) // Create a new client, HTTP hc = ht.find_or_add_client(2, "one", 676, new_client); - CHECK(new_client); + CHECK(true == new_client); // Add payloads 123 and 456 ht.add_client_payload(hc, 123, 5); ht.add_client_payload(hc, 456, 5); auto clients = ht.get_clients(); - CHECK(clients.front().payloads.size() == 2); + CHECK(2 == clients.front().payloads.size()); // Delete client, ensure payloads are also deleted ht.set_client_visibility(hc, false); clients = ht.get_clients(); - for (auto& pld : clients.front().payloads) - CHECK(pld.second == false); + for (const auto& pld : clients.front().payloads) + CHECK(false == pld.second); // Rediscover client, make sure payloads are still deleted hc = ht.find_or_add_client(2, "one", 676, new_client); clients = ht.get_clients(); - for (auto& pld : clients.front().payloads) - CHECK(pld.second == false); + for (const auto& pld : clients.front().payloads) + CHECK(false == pld.second); // Re-add payloads, ensure they're actually visible now ht.add_client_payload(hc, 123, 5); ht.add_client_payload(hc, 456, 5); clients = ht.get_clients(); - for (auto& pld : clients.front().payloads) - CHECK(pld.second == true); + for (const auto& pld : clients.front().payloads) + CHECK(true == pld.second); - CHECK(clients.front().payloads.size() == 2); + CHECK(2 == clients.front().payloads.size()); // Make sure we didn't just add an extra client and two new payloads, rather than reusing - CHECK(clients.size() == 1); + CHECK(1 == clients.size()); } // Test HostTracker with max payloads and payload reuse @@ -252,21 +256,21 @@ TEST(host_tracker, client_payload_max_payloads_test) ht.add_client_payload(hc, 555, 5); auto clients = ht.get_clients(); CHECK_FALSE(ht.add_client_payload(hc, 666, 5)); - CHECK(clients.front().payloads.size() == 5); + CHECK(5 == clients.front().payloads.size()); // Delete client, ensure payloads are also deleted ht.set_client_visibility(hc, false); clients = ht.get_clients(); - for (auto& pld : clients.front().payloads) - CHECK(pld.second == false); + for (const auto& pld : clients.front().payloads) + CHECK(false == pld.second); // Rediscover client, make sure payloads are still deleted hc = ht.find_or_add_client(2, "one", 676, new_client); clients = ht.get_clients(); - for (auto& pld : clients.front().payloads) - CHECK(pld.second == false); + for (const auto& pld : clients.front().payloads) + CHECK(false == pld.second); - CHECK(clients.front().num_visible_payloads == 0); + CHECK(0 == clients.front().num_visible_payloads); //Re-add payloads, ensure they're actually visible now ht.add_client_payload(hc, 666, 5); @@ -276,17 +280,17 @@ TEST(host_tracker, client_payload_max_payloads_test) { if (pld.first == 666 or pld.first == 777) { - CHECK(pld.second); + CHECK(true == pld.second); } else { - CHECK(pld.second == false); + CHECK(false == pld.second); } } - CHECK(clients.front().payloads.size() == 5); - CHECK(clients.front().num_visible_payloads == 2); - CHECK(clients.size() == 1); + CHECK(5 == clients.front().payloads.size()); + CHECK(2 == clients.front().num_visible_payloads); + CHECK(1 == clients.size()); } // Test user login information updates for service @@ -294,19 +298,19 @@ TEST(host_tracker, update_service_user_test) { HostTracker ht; - CHECK(ht.add_service(110, IpProtocol::TCP, 788, false) == true); + CHECK(true == ht.add_service(110, IpProtocol::TCP, 788, false)); // The first discoveries of both login success and login failure are updated - CHECK(ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, true) == true); - CHECK(ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, false) == true); + CHECK(true == ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, true)); + CHECK(true == ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, false)); // Subsequent discoveries for login success and login failure are not updated - CHECK(ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, true) == false); - CHECK(ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, false) == false); + CHECK(false == ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, true)); + CHECK(false == ht.update_service_user(110, IpProtocol::TCP, "user1", 1, 1, false)); // Discoveries for a new user name are updated - CHECK(ht.update_service_user(110, IpProtocol::TCP, "user2", 1, 1, false) == true); - CHECK(ht.update_service_user(110, IpProtocol::TCP, "user2", 1, 1, true) == true); + CHECK(true == ht.update_service_user(110, IpProtocol::TCP, "user2", 1, 1, false)); + CHECK(true == ht.update_service_user(110, IpProtocol::TCP, "user2", 1, 1, true)); } // Test copying data and deleting copied list @@ -322,15 +326,15 @@ TEST(host_tracker, copy_data_test) list* p_macs = nullptr; ht.copy_data(p_hops, p_last_seen, p_macs); - CHECK(p_hops == 255); - CHECK(p_last_seen == 1562198400); - CHECK(p_macs != nullptr); - CHECK(p_macs->size() == 1); + CHECK(255 == p_hops); + CHECK(1562198400 == p_last_seen); + CHECK(nullptr != p_macs); + CHECK(1 == p_macs->size()); const auto& copied_data = p_macs->front(); - CHECK(copied_data.ttl == 50); - CHECK(copied_data.primary == 1); - CHECK(copied_data.last_seen == 1562198400); - CHECK(memcmp(copied_data.mac, mac, MAC_SIZE) == 0); + CHECK(50 == copied_data.ttl); + CHECK(1 == copied_data.primary); + CHECK(1562198400 == copied_data.last_seen); + CHECK(0 == memcmp(copied_data.mac, mac, MAC_SIZE)); delete p_macs; } @@ -374,24 +378,24 @@ TEST(host_tracker, rediscover_host) ht.add_service(80, IpProtocol::TCP, 676, true); ht.add_service(443, IpProtocol::TCP, 1122); - CHECK(ht.get_service_count() == 2); + CHECK(2 == ht.get_service_count()); bool is_new; ht.find_or_add_client(1, "one", 100, is_new); ht.find_or_add_client(2, "two", 200, is_new); - CHECK(ht.get_client_count() == 2); + CHECK(2 == ht.get_client_count()); ht.set_visibility(false); - CHECK(ht.get_service_count() == 0); + CHECK(0 == ht.get_service_count()); // rediscover the host, no services and clients should be visible ht.set_visibility(true); - CHECK(ht.get_service_count() == 0); - CHECK(ht.get_client_count() == 0); + CHECK(0 == ht.get_service_count()); + CHECK(0 == ht.get_client_count()); // rediscover a service, that and only that should be visible ht.add_service(443, IpProtocol::TCP, 1122); - CHECK(ht.get_service_count() == 1); + CHECK(1 == ht.get_service_count()); // change the appid of existing service HostApplication ha(443, IpProtocol::TCP, 1133, false); @@ -407,7 +411,7 @@ TEST(host_tracker, rediscover_host) // and a client ht.find_or_add_client(2, "one", 200, is_new); - CHECK(ht.get_client_count() == 1); + CHECK(1 == ht.get_client_count()); string host_tracker_string; ht.stringify(host_tracker_string); diff --git a/src/ips_options/ips_byte_extract.cc b/src/ips_options/ips_byte_extract.cc index 176c0fe30..46475dae4 100644 --- a/src/ips_options/ips_byte_extract.cc +++ b/src/ips_options/ips_byte_extract.cc @@ -824,7 +824,7 @@ TEST_CASE("ExtractModule lifecycle", "[ips_byte_extract]") } SECTION("test of \"begin\" method") { - CHECK(obj.begin(nullptr, 0, nullptr)); + CHECK(true == obj.begin(nullptr, 0, nullptr)); ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, nullptr); @@ -848,7 +848,7 @@ TEST_CASE("ExtractModule lifecycle", "[ips_byte_extract]") v_bytes.set(&p_bytes); obj.set(nullptr, v_bytes, nullptr); - CHECK(obj.end(nullptr, 0, nullptr)); + CHECK(true == obj.end(nullptr, 0, nullptr)); char* name = new char[5]; strcpy(name, "test"); @@ -886,7 +886,7 @@ TEST_CASE("Test of byte_extract_ctor", "[ips_byte_extract]") else { IpsOption* res_null = byte_extract_ctor(&obj, nullptr); - CHECK(res_null == nullptr); + CHECK(nullptr == res_null); delete[] obj.data.name; } } @@ -907,7 +907,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 4, 0, 0, 0, 0, 0, 0, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set offset") @@ -920,7 +920,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 7, 0, 0, 0, 0, 0, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set name") @@ -931,7 +931,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") "name of the variable that will be used in other rule options"}; v.set(&p); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data.name, Catch::Matchers::Equals("test_name")); } SECTION("set relative") @@ -945,7 +945,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set multiplier") @@ -958,7 +958,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set align") @@ -972,7 +972,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 0, 2, 0, 0, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set endianness") @@ -984,7 +984,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected_big; INITIALIZE(expected_big, 0, 0, 0, 0, 0, ENDIAN_BIG, 0, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v_big, nullptr)); + CHECK(true == obj.set(nullptr, v_big, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected_big)); Value v_lit((double)ENDIAN_LITTLE); @@ -993,7 +993,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected_lit; INITIALIZE(expected_lit, 0, 0, 0, 0, 0, ENDIAN_LITTLE, 0, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v_lit, nullptr)); + CHECK(true == obj.set(nullptr, v_lit, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected_lit)); Value v_dce((double)ENDIAN_FUNC); @@ -1003,7 +1003,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected_dce; INITIALIZE(expected_dce, 0, 0, 0, 0, 0, ENDIAN_FUNC, 0, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v_dce, nullptr)); + CHECK(true == obj.set(nullptr, v_dce, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected_dce)); } SECTION("set string") @@ -1016,7 +1016,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 1, 0, 0, 10, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set hex") @@ -1029,7 +1029,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, 0, 16, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set oct") @@ -1042,7 +1042,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, 0, 8, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set dec") @@ -1055,7 +1055,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, 0, 10, 1, 0, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } SECTION("set bitmask") @@ -1069,7 +1069,7 @@ TEST_CASE("ExtractModule::set", "[ips_byte_extract]") ByteExtractData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, 0, 0, 1, 1023, 0, nullptr); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteExtractDataEquals(expected)); } delete[] obj.data.name; @@ -1087,23 +1087,23 @@ TEST_CASE("ByteExtractVerify_valid", "[ips_byte_extract]") SECTION("Minimum values, no string conversion") { INITIALIZE(obj, 1, -65535, 1, 0, 0, ENDIAN_FUNC, 0, 1, 0x1, 0, name); - CHECK(ByteExtractVerify(&obj)); + CHECK(true == ByteExtractVerify(&obj)); } SECTION("Maximum values, no string conversion") { INITIALIZE(obj, MAX_BYTES_TO_GRAB, 65535, 1, 0, 4, ENDIAN_FUNC, 0, 65535, 0xFFFFFFFF, 0, name); - CHECK(ByteExtractVerify(&obj)); + CHECK(true == ByteExtractVerify(&obj)); } SECTION("Minimum values, with string conversion") { INITIALIZE(obj, 1, -65535, 1, 1, 0, ENDIAN_FUNC, 8, 1, 0x1, 0, name); - CHECK(ByteExtractVerify(&obj)); + CHECK(true == ByteExtractVerify(&obj)); } SECTION("Maximum values, with string conversion") { INITIALIZE(obj, PARSELEN, 65535, 1, 1, 4, ENDIAN_FUNC, 16, 65535, 0xFFFFFFFF, 0, name); - CHECK(ByteExtractVerify(&obj)); + CHECK(true == ByteExtractVerify(&obj)); } } @@ -1117,46 +1117,46 @@ TEST_CASE("ByteExtractVerify_invalid", "[ips_byte_extract]") SECTION("bytes_to_extract checks") { obj.bytes_to_extract = MAX_BYTES_TO_GRAB + 1; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); obj.string_convert_flag = true; obj.bytes_to_extract = PARSELEN + 1; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); } SECTION("align checks") { obj.align = 1; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); obj.align = 6; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); } SECTION("offset checks") { obj.offset = -5; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); } SECTION("name checks") { delete[] name; obj.name = nullptr; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); name = new char[6]; strcpy(name, "64bit"); obj.name = name; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); } SECTION("base checks") { obj.base = 16; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); } SECTION("bitmask checks") { obj.bytes_to_extract = 2; obj.bitmask_val = 1048575; - CHECK((!ByteExtractVerify(&obj))); + CHECK(false == ByteExtractVerify(&obj)); } delete[] name; } diff --git a/src/ips_options/ips_byte_math.cc b/src/ips_options/ips_byte_math.cc index 84504b1e9..ab7420dd9 100644 --- a/src/ips_options/ips_byte_math.cc +++ b/src/ips_options/ips_byte_math.cc @@ -264,7 +264,7 @@ int ByteMathOption::calc(uint32_t& value, const uint32_t rvalue) static void parse_base(uint8_t value, ByteMathData& idx) { assert(value <= 2); - int base[] = { 16, 10, 8 }; + const int base[] = { 16, 10, 8 }; idx.base = base[value]; } @@ -1101,7 +1101,7 @@ TEST_CASE("ByteMathModule::begin", "[ips_byte_math]") ByteMathModule obj; SECTION("test of \"begin\" method") { - CHECK(obj.begin(nullptr, 0, nullptr)); + CHECK(true == obj.begin(nullptr, 0, nullptr)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); @@ -1127,10 +1127,11 @@ TEST_CASE("ByteMathModule::end", "[ips_byte_math]") v_bytes.set(&p_bytes); obj.set(nullptr, v_bytes, nullptr); - Value v_operation(0.0); + Value v_operation("+"); Parameter p_operation{"oper", Parameter::PT_ENUM, "+|-|*|/|<<|>>", nullptr, "mathematical operation to perform"}; v_operation.set(&p_operation); + CHECK(true == p_operation.validate(v_operation)); obj.set(nullptr, v_operation, nullptr); char* name = new char[5]; @@ -1144,7 +1145,7 @@ TEST_CASE("ByteMathModule::end", "[ips_byte_math]") v_rvalue.set(&p_rvalue); obj.set(nullptr, v_rvalue, nullptr); - CHECK(obj.end(nullptr, 0, nullptr)); + CHECK(true == obj.end(nullptr, 0, nullptr)); ByteMathData expected; INITIALIZE(expected, 4, 7, 0, 0, name, BM_PLUS, 0, 0, 0, ENDIAN_BIG, @@ -1164,7 +1165,7 @@ TEST_CASE("ByteMathModule::end", "[ips_byte_math]") v_rvalue.set(&p_rvalue); obj.set(nullptr, v_rvalue, nullptr); - CHECK(obj.end(nullptr, 0, nullptr)); + CHECK(true == obj.end(nullptr, 0, nullptr)); ByteMathData expected; INITIALIZE(expected, 4, 0, 0, 0, name, BM_PLUS, 0, 0, 0, @@ -1183,7 +1184,7 @@ TEST_CASE("ByteMathModule::end", "[ips_byte_math]") v_offvalue.set(&p_offvalue); obj.set(nullptr, v_offvalue, nullptr); - CHECK(obj.end(nullptr, 0, nullptr)); + CHECK(true == obj.end(nullptr, 0, nullptr)); ByteMathData expected; INITIALIZE(expected, 4, 0, 0, 0, name, BM_PLUS, 0, 0, @@ -1199,7 +1200,7 @@ TEST_CASE("ByteMathModule::end", "[ips_byte_math]") v_rvalue.set(&p_rvalue); obj.set(nullptr, v_rvalue, nullptr); - CHECK(!(obj.end(nullptr, 0, nullptr))); + CHECK(false == obj.end(nullptr, 0, nullptr)); } SECTION("offset var doesn't exist") { @@ -1210,7 +1211,7 @@ TEST_CASE("ByteMathModule::end", "[ips_byte_math]") v_offvalue.set(&p_offvalue); obj.set(nullptr, v_offvalue, nullptr); - CHECK(!(obj.end(nullptr, 0, nullptr))); + CHECK(false == obj.end(nullptr, 0, nullptr)); } delete[] obj.data.result_name; @@ -1239,7 +1240,7 @@ TEST_CASE("Test of byte_math_ctor", "[ips_byte_math]") else { IpsOption* res_null = byte_math_ctor(&obj, nullptr); - CHECK(res_null == nullptr); + CHECK(nullptr == res_null); delete[] obj.data.result_name; } } @@ -1259,7 +1260,7 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") ByteMathData expected; INITIALIZE(expected, 4, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set offset") @@ -1271,79 +1272,85 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") ByteMathData expected; INITIALIZE(expected, 0, 0, 3, 0, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set option \"+\"") { - Value v(0.0); + Value v("+"); Parameter p{"oper", Parameter::PT_ENUM, "+|-|*|/|<<|>>", nullptr, "mathematical operation to perform"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set option \"-\"") { - Value v(1.0); + Value v("-"); Parameter p{"oper", Parameter::PT_ENUM, "+|-|*|/|<<|>>", nullptr, "mathematical operation to perform"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_MINUS, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set option \"*\"") { - Value v(2.0); + Value v("*"); Parameter p{"oper", Parameter::PT_ENUM, "+|-|*|/|<<|>>", nullptr, "mathematical operation to perform"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_MULTIPLY, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set option \"/\"") { - Value v(3.0); + Value v("/"); Parameter p{"oper", Parameter::PT_ENUM, "+|-|*|/|<<|>>", nullptr, "mathematical operation to perform"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_DIVIDE, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set option \"<<\"") { - Value v(4.0); + Value v("<<"); Parameter p{"oper", Parameter::PT_ENUM, "+|-|*|/|<<|>>", nullptr, "mathematical operation to perform"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_LEFT_SHIFT, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set option \">>\"") { - Value v(5.0); + Value v(">>"); Parameter p{"oper", Parameter::PT_ENUM, "+|-|*|/|<<|>>", nullptr, "mathematical operation to perform"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_RIGHT_SHIFT, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set rvalue num") @@ -1355,7 +1362,7 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") ByteMathData expected; INITIALIZE(expected, 0, 21, 0, 0, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set result") @@ -1365,7 +1372,7 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") "name of the variable to store the result"}; v.set(&p); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data.result_name, Catch::Matchers::Equals("res_name")); } SECTION("set relative") @@ -1378,32 +1385,34 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 1, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set endianness \"big\"") { - Value v(0.0); + Value v("big"); Parameter p{"endian", Parameter::PT_ENUM, "big|little", nullptr, "specify big/little endian"}; v.set(&p); + CHECK(true == p.validate(v)); obj.set(nullptr, v, nullptr); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, ENDIAN_BIG, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set endianness \"little\"") { - Value v(1.0); + Value v("little"); Parameter p{"endian", Parameter::PT_ENUM, "big|little", nullptr, "specify big/little endian"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, ENDIAN_LITTLE, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set dce") @@ -1415,43 +1424,46 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, ENDIAN_FUNC, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set string, hex base") { - Value v(0.0); + Value v("hex"); Parameter p{"string", Parameter::PT_ENUM, "hex|dec|oct", nullptr, "convert extracted string to dec/hex/oct"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 1, 16, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set string, dec base") { - Value v(1.0); + Value v("dec"); Parameter p{"string", Parameter::PT_ENUM, "hex|dec|oct", nullptr, "convert extracted string to dec/hex/oct"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 1, 10, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set string, oct base") { - Value v(2.0); + Value v("oct"); Parameter p{"string", Parameter::PT_ENUM, "hex|dec|oct", nullptr, "convert extracted string to dec/hex/oct"}; v.set(&p); + CHECK(true == p.validate(v)); ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 1, 8, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("set bitmask") @@ -1463,7 +1475,7 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 1023, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } SECTION("rvalue as variable") @@ -1473,8 +1485,8 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") "value to use mathematical operation against"}; v.set(&p); - CHECK(obj.set(nullptr, v, nullptr)); - CHECK(strcmp(obj.rvalue_var.c_str(), "r_test_var") == 0); + CHECK(true == obj.set(nullptr, v, nullptr)); + CHECK(0 == strcmp(obj.rvalue_var.c_str(), "r_test_var")); } SECTION("offset as variable") { @@ -1483,7 +1495,7 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") "number of bytes into the buffer to start processing"}; v.set(&p); - CHECK(obj.set(nullptr, v, nullptr)); + CHECK(true == obj.set(nullptr, v, nullptr)); CHECK(strcmp(obj.off_var.c_str(), "off_test_var") == 0); } SECTION("rvalue isn't truncated") @@ -1493,8 +1505,8 @@ TEST_CASE("ByteMathModule::set valid", "[ips_byte_math]") "value to use mathematical operation against"}; v.set(&p); - CHECK(obj.set(nullptr, v, nullptr)); - CHECK(obj.data.rvalue == 4294967295UL); + CHECK(true == obj.set(nullptr, v, nullptr)); + CHECK(4294967295UL == obj.data.rvalue); } delete[] obj.data.result_name; @@ -1514,7 +1526,7 @@ TEST_CASE("ByteMathModule::set invalid", "[ips_byte_math]") ByteMathData expected; INITIALIZE(expected, 0, 0, 0, 0, 0, BM_PLUS, 0, 0, 0, 0, 0, 0, 0); - CHECK(!obj.set(nullptr, v, nullptr)); + CHECK(false == obj.set(nullptr, v, nullptr)); CHECK_THAT(obj.data, ByteMathDataEquals(expected)); } } @@ -1530,24 +1542,24 @@ TEST_CASE("ByteMathVerify valid", "[ips_byte_math]") SECTION("Minimum values, no string conversion") { INITIALIZE(obj, 1, 0, -65535, 0, name, BM_PLUS, 1, 0, 0, 0, 0, 0, 0); - CHECK(ByteMathVerify(&obj)); + CHECK(true == ByteMathVerify(&obj)); } SECTION("Maximum values, no string conversion") { INITIALIZE(obj, MAX_BYTES_TO_GRAB, 2147483647, 65535, 0xFFFFFFFF, name, BM_PLUS, 1, 0, 0, ENDIAN_FUNC, NUM_IPS_OPTIONS_VARS, NUM_IPS_OPTIONS_VARS, NUM_IPS_OPTIONS_VARS); - CHECK(ByteMathVerify(&obj)); + CHECK(true == ByteMathVerify(&obj)); } SECTION("Minimum values, with string conversion") { INITIALIZE(obj, 1, 0, -65535, 0, name, BM_PLUS, 1, 1, 8, 0, 0, 0, 0); - CHECK(ByteMathVerify(&obj)); + CHECK(true == ByteMathVerify(&obj)); } SECTION("Maximum values, with string conversion") { INITIALIZE(obj, PARSELEN, 2147483647, 65535, 0xFFFFFFFF, name, BM_PLUS, 1, 1, 16, ENDIAN_FUNC, NUM_IPS_OPTIONS_VARS, NUM_IPS_OPTIONS_VARS, NUM_IPS_OPTIONS_VARS); - CHECK(ByteMathVerify(&obj)); + CHECK(true == ByteMathVerify(&obj)); } } @@ -1562,7 +1574,7 @@ TEST_CASE("ByteMathVerify invalid", "[ips_byte_math]") { obj.result_name = nullptr; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); } SECTION("name not numeric check") { @@ -1570,38 +1582,38 @@ TEST_CASE("ByteMathVerify invalid", "[ips_byte_math]") name = new char[5]; strcpy(name, "6in4"); obj.result_name = name; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); } SECTION("shift > 32 checks") { obj.rvalue = 33; obj.oper = BM_LEFT_SHIFT; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); obj.oper = BM_RIGHT_SHIFT; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); } SECTION("shift and bytes_to_extract > 4 checks") { obj.bytes_to_extract = MAX_BYTES_TO_GRAB + 1; obj.oper = BM_LEFT_SHIFT; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); obj.oper = BM_RIGHT_SHIFT; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); } SECTION("no string conversion and bytes_to_extract > 4 checks") { obj.bytes_to_extract = MAX_BYTES_TO_GRAB + 1; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); } SECTION("bitmask checks") { obj.bytes_to_extract = 2; obj.bitmask_val = 1048575; - CHECK((!ByteMathVerify(&obj))); + CHECK(false == ByteMathVerify(&obj)); } delete[] name; } diff --git a/src/main/analyzer.cc b/src/main/analyzer.cc index 3dc861136..c7a259f1d 100644 --- a/src/main/analyzer.cc +++ b/src/main/analyzer.cc @@ -303,7 +303,7 @@ static DAQ_Verdict distill_verdict(Packet* p) static void packet_trace_dump(Packet* p, DAQ_Verdict verdict, bool msg_was_held) { - PacketTracer::log("Policies: Network %u, Inspection %u, Detection %u\n", + PacketTracer::log("Policies: Network %" PRIu64 ", Inspection %" PRIu64 ", Detection %" PRIu64 "\n", get_network_policy()->user_policy_id, get_inspection_policy()->user_policy_id, get_ips_policy()->user_policy_id); diff --git a/src/main/modules.cc b/src/main/modules.cc index a964470a0..09d93e138 100644 --- a/src/main/modules.cc +++ b/src/main/modules.cc @@ -845,7 +845,7 @@ bool AttributeTableModule::set(const char*, Value& v, SnortConfig* sc) static const Parameter inspection_params[] = { - { "id", Parameter::PT_INT, "0:65535", "0", + { "id", Parameter::PT_INT, "0:max64", "0", "correlate policy and events with other items in configuration" }, #ifdef HAVE_UUID @@ -882,7 +882,7 @@ bool InspectionModule::set(const char*, Value& v, SnortConfig* sc) InspectionPolicy* p = get_inspection_policy(); if ( v.is("id") ) - p->user_policy_id = v.get_uint16(); + p->user_policy_id = v.get_uint64(); #ifdef HAVE_UUID else if ( v.is("uuid") ) @@ -983,7 +983,7 @@ static const Parameter ips_params[] = { "enable_builtin_rules", Parameter::PT_BOOL, nullptr, "false", "enable events from builtin rules w/o stubs" }, - { "id", Parameter::PT_INT, "0:65535", "0", + { "id", Parameter::PT_INT, "0:max64", "0", "correlate unified2 events with configuration" }, { "include", Parameter::PT_STRING, nullptr, nullptr, @@ -1049,7 +1049,7 @@ bool IpsModule::set(const char* fqn, Value& v, SnortConfig*) p->enable_builtin_rules = v.get_bool(); else if ( v.is("id") ) - p->user_policy_id = v.get_uint16(); + p->user_policy_id = v.get_uint64(); else if ( v.is("include") ) p->include = v.get_string(); @@ -1242,7 +1242,7 @@ bool ProcessModule::set(const char*, Value& v, SnortConfig* sc) sc->set_watchdog(v.get_uint16()); else if ( v.is("watchdog_min_thread_count") ) - sc->set_watchdog_min_thread_count(v.get_uint16()); + sc->set_watchdog_min_thread_count(v.get_uint16()); return true; } diff --git a/src/main/network_module.cc b/src/main/network_module.cc index 8c759b7b4..e70df3d94 100644 --- a/src/main/network_module.cc +++ b/src/main/network_module.cc @@ -43,7 +43,9 @@ static const Parameter network_params[] = "all | ip | noip | tcp | notcp | udp | noudp | icmp | noicmp | none", "all", "checksums to verify" }, - { "id", Parameter::PT_INT, "0:max32", "0", + // The maximum is max64-1. This is because the code uses the max64 value to determine if a network policy + // has been set using the network_set_policy command + { "id", Parameter::PT_INT, "0:18446744073709551614", "0", "correlate unified2 events with configuration" }, { "min_ttl", Parameter::PT_INT, "1:255", "1", @@ -71,14 +73,15 @@ static const Parameter network_params[] = static int network_set_policy(lua_State* L) { - int user_id = luaL_optint(L, 1, 0); + const char* user_id_str = luaL_optstring(L, 1, 0); + uint64_t user_id = strtoull(user_id_str, nullptr, 10); Shell::set_network_policy_user_id(L, user_id); return 0; } const Parameter network_set_policy_params[] = { - {"id", Parameter::PT_INT, "0:max32", 0, "user network policy id"}, + {"id", Parameter::PT_INT, "0:18446744073709551614", 0, "user network policy id"}, {nullptr, Parameter::PT_MAX, nullptr, nullptr, nullptr} }; @@ -106,7 +109,7 @@ bool NetworkModule::set(const char*, Value& v, SnortConfig* sc) ConfigChecksumMode(v.get_string()); else if ( v.is("id") ) - p->user_policy_id = v.get_uint32(); + p->user_policy_id = v.get_uint64(); else if ( v.is("min_ttl") ) p->min_ttl = v.get_uint8(); @@ -125,4 +128,3 @@ bool NetworkModule::set(const char*, Value& v, SnortConfig* sc) return true; } - diff --git a/src/main/policy.cc b/src/main/policy.cc index 4d9d7765e..7e1ab9a27 100644 --- a/src/main/policy.cc +++ b/src/main/policy.cc @@ -185,7 +185,6 @@ void InspectionPolicy::configure() IpsPolicy::IpsPolicy(PolicyId id) : action(Actions::get_max_types(), nullptr) { policy_id = id; - user_policy_id = 0; policy_mode = POLICY_MODE__MAX; var_table = nullptr; @@ -377,7 +376,7 @@ std::shared_ptr PolicyMap::get_policies(Shell* sh) return pt == shell_map.end() ? nullptr : pt->second; } -NetworkPolicy* PolicyMap::get_user_network(unsigned user_id) const +NetworkPolicy* PolicyMap::get_user_network(uint64_t user_id) const { auto it = user_network.find(user_id); NetworkPolicy* np = (it == user_network.end()) ? nullptr : it->second; diff --git a/src/main/policy.h b/src/main/policy.h index 996664910..5566c0a11 100644 --- a/src/main/policy.h +++ b/src/main/policy.h @@ -33,6 +33,7 @@ typedef unsigned char uuid_t[16]; #endif #include +#include #include #include #include @@ -56,7 +57,7 @@ struct PortTable; struct vartable_t; struct sfip_var_t; -#define UNDEFINED_NETWORK_USER_POLICY_ID 0xffffffff +#define UNDEFINED_NETWORK_USER_POLICY_ID UINT64_MAX typedef unsigned int PolicyId; typedef snort::GHash PortVarTable; @@ -150,7 +151,7 @@ public: public: PolicyId policy_id = 0; PolicyMode policy_mode = POLICY_MODE__MAX; - uint32_t user_policy_id = 0; + uint64_t user_policy_id = 0; uuid_t uuid{}; struct FrameworkPolicy* framework_policy; @@ -216,10 +217,10 @@ public: snort::DataBus dbus; std::vector inspection_policy; - std::unordered_map user_inspection; + std::unordered_map user_inspection; PolicyId policy_id = 0; - uint32_t user_policy_id = 0; + uint64_t user_policy_id = 0; PolicyId default_ips_policy_id = 0; // minimum possible (allows all but errors to pass by default) @@ -249,7 +250,7 @@ public: public: PolicyId policy_id; - uint32_t user_policy_id = 0; + uint64_t user_policy_id = 0; uuid_t uuid{}; PolicyMode policy_mode = POLICY_MODE__MAX; @@ -322,9 +323,9 @@ public: void set_user_ips(IpsPolicy* p) { user_ips[p->user_policy_id] = p; } - NetworkPolicy* get_user_network(unsigned user_id) const; + NetworkPolicy* get_user_network(uint64_t user_id) const; - IpsPolicy* get_user_ips(unsigned user_id) + IpsPolicy* get_user_ips(uint64_t user_id) { auto it = user_ips.find(user_id); return it == user_ips.end() ? nullptr : it->second; @@ -387,8 +388,8 @@ private: IpsPolicy* empty_ips_policy; std::unordered_map> shell_map; - std::unordered_map user_network; - std::unordered_map user_ips; + std::unordered_map user_network; + std::unordered_map user_ips; snort::PolicySelector* selector = nullptr; SingleInstanceInspectorPolicy* file_id; diff --git a/src/main/shell.cc b/src/main/shell.cc index d0991a72f..f64811ab5 100644 --- a/src/main/shell.cc +++ b/src/main/shell.cc @@ -654,7 +654,7 @@ void Shell::install(const char* name, const luaL_Reg* reg) luaL_register(lua, name, reg); } -void Shell::set_network_policy_user_id(lua_State* L, uint32_t user_id) +void Shell::set_network_policy_user_id(lua_State* L, uint64_t user_id) { lua_getglobal(L, lua_shell_id); Shell* shell = *static_cast(lua_touserdata(L, -1)); diff --git a/src/main/shell.h b/src/main/shell.h index a6a2dffef..6b831518d 100644 --- a/src/main/shell.h +++ b/src/main/shell.h @@ -89,7 +89,7 @@ public: static void set_lua_sandbox(const char* s) { lua_sandbox = s; } - static void set_network_policy_user_id(lua_State*, uint32_t user_id); + static void set_network_policy_user_id(lua_State*, uint64_t user_id); private: static void add_config_root_node(const std::string& root_name, snort::Parameter::Type type); @@ -143,7 +143,7 @@ private: Allowlist internal_allowlist; Allowlist allowlist_prefixes; ConfigData config_data; - uint32_t network_user_policy_id = UNDEFINED_NETWORK_USER_POLICY_ID; + uint64_t network_user_policy_id = UNDEFINED_NETWORK_USER_POLICY_ID; bool load_defaults; }; diff --git a/src/managers/inspector_manager.cc b/src/managers/inspector_manager.cc index 4e1252cb2..eec5a09b6 100644 --- a/src/managers/inspector_manager.cc +++ b/src/managers/inspector_manager.cc @@ -405,7 +405,7 @@ struct TrafficPolicy : public InspectorList PHObjectList* get_specific_handlers(); - void set_inspector_network_policy_user_id(uint32_t); + void set_inspector_network_policy_user_id(uint64_t); }; TrafficPolicy::~TrafficPolicy() @@ -494,7 +494,7 @@ PHInstance* TrafficPolicy::get_instance_by_type(const char* key, InspectorType t return nullptr; } -void TrafficPolicy::set_inspector_network_policy_user_id(uint32_t user_id) +void TrafficPolicy::set_inspector_network_policy_user_id(uint64_t user_id) { for (auto* p : ilist) p->handler->set_network_policy_user_id(user_id); @@ -1359,7 +1359,7 @@ bool InspectorManager::delete_inspector(SnortConfig* sc, const char* iname) void InspectorManager::free_inspector(Inspector* p) { NetworkPolicy* np = get_network_policy(); - uint32_t user_id; + uint64_t user_id; if ( p->get_network_policy_user_id(user_id) ) { const SnortConfig* sc = SnortConfig::get_conf(); diff --git a/src/managers/module_manager.cc b/src/managers/module_manager.cc index 0f0baff71..5768038c0 100644 --- a/src/managers/module_manager.cc +++ b/src/managers/module_manager.cc @@ -1716,20 +1716,30 @@ static void dump_param_range_json(JsonStream& json, const Parameter* p) { std::string tr = range; const char* d = strchr(range, ':'); + bool is_signed = ('-' == *range) || (d && '-' == d[1]); if ( *range == 'm' ) { if ( d ) { - tr = std::to_string(Parameter::get_int(range)) + - tr.substr(tr.find(":")); + if (is_signed) + tr = std::to_string(Parameter::get_int(range)) + tr.substr(tr.find(":")); + else + tr = std::to_string(Parameter::get_uint(range)) + tr.substr(tr.find(":")); } else - tr = std::to_string(Parameter::get_int(range)); + { + if (is_signed) + tr = std::to_string(Parameter::get_int(range)); + else + tr = std::to_string(Parameter::get_uint(range)); + } } if ( d and *++d == 'm' ) { - tr = tr.substr(0, tr.find(":") + 1) + - std::to_string(Parameter::get_int(d)); + if (is_signed) + tr = tr.substr(0, tr.find(":") + 1) + std::to_string(Parameter::get_int(d)); + else + tr = tr.substr(0, tr.find(":") + 1) + std::to_string(Parameter::get_uint(d)); } json.put("range", tr); break; diff --git a/src/managers/test/get_inspector_stubs.h b/src/managers/test/get_inspector_stubs.h index 83a80e0fd..86d07df6d 100644 --- a/src/managers/test/get_inspector_stubs.h +++ b/src/managers/test/get_inspector_stubs.h @@ -33,7 +33,7 @@ THREAD_LOCAL const snort::Trace* snort_trace = nullptr; std::shared_ptr PolicyMap::get_policies(Shell*) { return nullptr; } -NetworkPolicy* PolicyMap::get_user_network(unsigned) const { return nullptr; } +NetworkPolicy* PolicyMap::get_user_network(uint64_t) const { return nullptr; } void InspectionPolicy::configure() { } void BinderModule::add(const char*, const char*) { } void BinderModule::add(unsigned, const char*) { } diff --git a/src/packet_io/test/sfdaq_module_test.cc b/src/packet_io/test/sfdaq_module_test.cc index 738478e99..326b965f5 100644 --- a/src/packet_io/test/sfdaq_module_test.cc +++ b/src/packet_io/test/sfdaq_module_test.cc @@ -43,82 +43,82 @@ TEST_CASE("parse sfdaq config", "[SFDAQModule]") sfdm.begin("daq", 0, &sc); Value module_dir1("/test/dir/1"); - CHECK(sfdm.set("daq.module_dirs", module_dir1, &sc)); + CHECK(true == sfdm.set("daq.module_dirs", module_dir1, &sc)); Value module_dir2("/test/dir/2"); - CHECK(sfdm.set("daq.module_dirs", module_dir2, &sc)); + CHECK(true == sfdm.set("daq.module_dirs", module_dir2, &sc)); Value input1("test_input1"); - CHECK(sfdm.set("daq.inputs", input1, &sc)); + CHECK(true == sfdm.set("daq.inputs", input1, &sc)); Value input2("test_input2"); - CHECK(sfdm.set("daq.inputs", input2, &sc)); + CHECK(true == sfdm.set("daq.inputs", input2, &sc)); Value input3("test_input3"); - CHECK(sfdm.set("daq.inputs", input3, &sc)); + CHECK(true == sfdm.set("daq.inputs", input3, &sc)); Value snaplen(static_cast(6666)); - CHECK(sfdm.set("daq.snaplen", snaplen, &sc)); + CHECK(true == sfdm.set("daq.snaplen", snaplen, &sc)); Value batch_size(static_cast(10)); - CHECK(sfdm.set("daq.batch_size", batch_size, &sc)); + CHECK(true == sfdm.set("daq.batch_size", batch_size, &sc)); - CHECK(sfdm.begin("daq.modules", 0, &sc)); + CHECK(true == sfdm.begin("daq.modules", 0, &sc)); SECTION("empty module config") { // Empty module table entry should fail - CHECK(sfdm.begin("daq.modules", 1, &sc)); + CHECK(true == sfdm.begin("daq.modules", 1, &sc)); CHECK_FALSE(sfdm.end("daq.modules", 1, &sc)); } - CHECK(sfdm.begin("daq.modules", 2, &sc)); + CHECK(true == sfdm.begin("daq.modules", 2, &sc)); Value module_name("dump"); - CHECK(sfdm.set("daq.modules.name", module_name, &sc)); + CHECK(true == sfdm.set("daq.modules.name", module_name, &sc)); Value mode_val("passive"); Parameter mode_param = { "mode", Parameter::PT_ENUM, "passive | inline | read-file", "passive", "DAQ module mode" }; mode_val.set(&mode_param); - CHECK(sfdm.set("daq.modules.mode", mode_val, &sc)); + CHECK(true == sfdm.set("daq.modules.mode", mode_val, &sc)); Value dump_var1("dump_var1=foo"); - CHECK(sfdm.set("daq.modules.variables", dump_var1, &sc)); + CHECK(true == sfdm.set("daq.modules.variables", dump_var1, &sc)); Value dump_var2("dump_var2"); - CHECK(sfdm.set("daq.modules.variables", dump_var2, &sc)); + CHECK(true == sfdm.set("daq.modules.variables", dump_var2, &sc)); - CHECK(sfdm.end("daq.modules", 2, &sc)); - CHECK(sfdm.end("daq.modules", 0, &sc)); - CHECK(sfdm.end("daq", 0, &sc)); + CHECK(true == sfdm.end("daq.modules", 2, &sc)); + CHECK(true == sfdm.end("daq.modules", 0, &sc)); + CHECK(true == sfdm.end("daq", 0, &sc)); SECTION("validate sfdaq config") { /* Validate the configuration */ SFDAQConfig* cfg = sc.daq_config; - REQUIRE((cfg->module_dirs.size() == 2)); + REQUIRE((2 == cfg->module_dirs.size())); CHECK(cfg->module_dirs[0] == module_dir1.get_string()); CHECK(cfg->module_dirs[1] == module_dir2.get_string()); - REQUIRE((cfg->inputs.size() == 3)); + REQUIRE((3 == cfg->inputs.size())); CHECK(cfg->inputs[0] == input1.get_string()); CHECK(cfg->inputs[1] == input2.get_string()); CHECK(cfg->inputs[2] == input3.get_string()); - CHECK((cfg->mru_size == 6666)); - CHECK((cfg->batch_size == 10)); + CHECK((6666 == cfg->mru_size)); + CHECK((10 == cfg->batch_size)); - REQUIRE(cfg->module_configs.size() == 1); + REQUIRE(1 == cfg->module_configs.size()); for (auto it : cfg->module_configs) { SFDAQModuleConfig* mcfg = it; CHECK((mcfg->name == module_name.get_string())); CHECK((mcfg->mode == SFDAQModuleConfig::SFDAQ_MODE_PASSIVE)); - REQUIRE((mcfg->variables.size() == 2)); - CHECK(mcfg->variables[0].first == "dump_var1"); - CHECK(mcfg->variables[0].second == "foo"); + REQUIRE((2 == mcfg->variables.size())); + CHECK("dump_var1" == mcfg->variables[0].first); + CHECK("foo" == mcfg->variables[0].second); CHECK(mcfg->variables[1].first == dump_var2.get_string()); - CHECK(mcfg->variables[1].second.empty()); + CHECK(true == mcfg->variables[1].second.empty()); } } @@ -147,37 +147,37 @@ TEST_CASE("parse sfdaq config", "[SFDAQModule]") SFDAQConfig* cfg = sc.daq_config; cfg->overlay(&overlay_cfg); - REQUIRE(cfg->module_dirs.size() == 1); - CHECK(cfg->module_dirs[0] == "cli_module_dir"); + REQUIRE(1 == cfg->module_dirs.size()); + CHECK("cli_module_dir" == cfg->module_dirs[0]); - REQUIRE((cfg->inputs.size() == 1)); - CHECK(cfg->inputs[0] == "cli_input"); + REQUIRE((1 == cfg->inputs.size())); + CHECK("cli_input" == cfg->inputs[0]); - CHECK((cfg->mru_size == 3333)); - CHECK((cfg->batch_size == 12)); + CHECK((3333 == cfg->mru_size)); + CHECK((12 == cfg->batch_size)); - REQUIRE(cfg->module_configs.size() == 2); + REQUIRE(2 == cfg->module_configs.size()); for (auto it : cfg->module_configs) { SFDAQModuleConfig* mcfg = it; CHECK((mcfg->name == "cli_module_name" or mcfg->name == "dump")); if (mcfg->name == "cli_module_name") { - CHECK(mcfg->mode == SFDAQModuleConfig::SFDAQ_MODE_READ_FILE); - REQUIRE((mcfg->variables.size() == 1)); - CHECK(mcfg->variables[0].first == "cli_module_variable"); - CHECK(mcfg->variables[0].second == "abc"); + CHECK(SFDAQModuleConfig::SFDAQ_MODE_READ_FILE == mcfg->mode); + REQUIRE((1 == mcfg->variables.size())); + CHECK("cli_module_variable" == mcfg->variables[0].first); + CHECK("abc" == mcfg->variables[0].second); } else if (mcfg->name == "dump") { - CHECK(mcfg->mode == SFDAQModuleConfig::SFDAQ_MODE_INLINE); - REQUIRE((mcfg->variables.size() == 3)); - CHECK(mcfg->variables[0].first == "dump_var3"); - CHECK(mcfg->variables[0].second.empty()); - CHECK(mcfg->variables[1].first == "dump_var4"); - CHECK(mcfg->variables[1].second == "bar"); - CHECK(mcfg->variables[2].first == "dump_var5"); - CHECK(mcfg->variables[2].second == "foo"); + CHECK(SFDAQModuleConfig::SFDAQ_MODE_INLINE == mcfg->mode); + REQUIRE((3 == mcfg->variables.size())); + CHECK("dump_var3" == mcfg->variables[0].first); + CHECK(true == mcfg->variables[0].second.empty()); + CHECK("dump_var4" == mcfg->variables[1].first); + CHECK("bar" == mcfg->variables[1].second); + CHECK("dump_var5" == mcfg->variables[2].first); + CHECK("foo" == mcfg->variables[2].second); } } } diff --git a/src/protocols/packet.h b/src/protocols/packet.h index 0b1fbe549..245e9f5bc 100644 --- a/src/protocols/packet.h +++ b/src/protocols/packet.h @@ -160,9 +160,9 @@ struct SO_PUBLIC Packet PseudoPacketType pseudo_type; // valid only when PKT_PSEUDO is set - uint32_t user_inspection_policy_id; - uint32_t user_ips_policy_id; - uint32_t user_network_policy_id; + uint64_t user_inspection_policy_id; + uint64_t user_ips_policy_id; + uint64_t user_network_policy_id; uint8_t vlan_idx; uint8_t ts_packet_flags; // FIXIT-M packet flags should always be thread safe