From: Eric Leblond <eric@regit.org>
Date: Mon, 4 May 2015 15:35:27 +0000 (+0200)
Subject: email-json: add LOG_EMAIL_COMMA type
X-Git-Tag: suricata-3.0RC1~113
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7ef0c05ba28f8d41776ebc1411d9a9e4cc7faf7;p=thirdparty%2Fsuricata.git

email-json: add LOG_EMAIL_COMMA type

extract these data types by treating them as a comma separated list.
---

diff --git a/src/output-json-email-common.c b/src/output-json-email-common.c
index acbf78d08f..bf3214463d 100644
--- a/src/output-json-email-common.c
+++ b/src/output-json-email-common.c
@@ -56,8 +56,9 @@
 #include <jansson.h>
 
 #define LOG_EMAIL_DEFAULT    0
-#define LOG_EMAIL_EXTENDED   1
-#define LOG_EMAIL_ARRAY      2 /* require array handling */
+#define LOG_EMAIL_EXTENDED   (1<<0)
+#define LOG_EMAIL_ARRAY      (1<<1) /* require array handling */
+#define LOG_EMAIL_COMMA      (1<<2) /* require array handling */
 
 struct {
     char *config_field;
@@ -65,7 +66,7 @@ struct {
     uint32_t flags;
 } email_fields[] =  {
     { "reply_to", "reply-to", LOG_EMAIL_DEFAULT },
-    { "bcc", "bcc", LOG_EMAIL_DEFAULT },
+    { "bcc", "bcc", LOG_EMAIL_COMMA },
     { "message_id", "message-id", LOG_EMAIL_EXTENDED },
     { "x_mailer", "x-mailer", LOG_EMAIL_EXTENDED },
     { "user_agent", "user-agent", LOG_EMAIL_EXTENDED },
@@ -75,6 +76,24 @@ struct {
     { NULL, NULL, LOG_EMAIL_DEFAULT},
 };
 
+static json_t* JsonEmailJsonArrayFromCommaList(const uint8_t *val, size_t len)
+{
+    json_t *ajs = json_array();
+    if (likely(ajs != NULL)) {
+        char *savep = NULL;
+        char *p;
+        char *to_line = BytesToString((uint8_t *)val, len);
+        p = strtok_r(to_line, ",", &savep);
+        json_array_append_new(ajs, json_string(p));
+        while ((p = strtok_r(NULL, ",", &savep)) != NULL) {
+            json_array_append_new(ajs, json_string(&p[strspn(p, " ")]));
+        }
+        SCFree(to_line);
+    }
+
+    return ajs;
+}
+
 static int JsonEmailAddToJsonArray(const uint8_t *val, size_t len, void *data)
 {
     json_t *ajs = data;
@@ -111,6 +130,14 @@ static void JsonEmailLogJSONCustom(OutputJsonEmailCtx *email_ctx, json_t *js, SM
                         json_decref(ajs);
                     }
                 }
+            } else if (email_fields[f].flags & LOG_EMAIL_COMMA) {
+                field = MimeDecFindField(entity, email_fields[f].email_field);
+                if (field) {
+                    json_t *ajs = JsonEmailJsonArrayFromCommaList(field->value, field->value_len);
+                    if (ajs) {
+                        json_object_set_new(js, email_fields[f].config_field, ajs);
+                    }
+                }
             } else {
                 field = MimeDecFindField(entity, email_fields[f].email_field);
                 if (field != NULL) {