From: Shravan Rangarajuvenkata (shrarang) Date: Fri, 28 Jan 2022 12:44:44 +0000 (+0000) Subject: Pull request #3250: appid: rename efp (encrypted fingerprint) to eve (encrypted visib... X-Git-Tag: 3.1.22.0~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a80c988b21590b80cabdb65cf88d35329b87593c;p=thirdparty%2Fsnort3.git Pull request #3250: appid: rename efp (encrypted fingerprint) to eve (encrypted visibility engine) Merge in SNORT/snort3 from ~SATHIRKA/snort3:rename_efp_to_eve to master Squashed commit of the following: commit 1d8b5ebd3194fd7db291963652febd2b0389ecf1 Author: Sreeja Athirkandathil Narayanan Date: Wed Jan 26 14:20:23 2022 -0500 appid: rename efp (encrypted fingerprint) to eve (encrypted visibility engine) --- diff --git a/src/network_inspectors/appid/CMakeLists.txt b/src/network_inspectors/appid/CMakeLists.txt index c333882d6..7b7ff55be 100644 --- a/src/network_inspectors/appid/CMakeLists.txt +++ b/src/network_inspectors/appid/CMakeLists.txt @@ -35,8 +35,8 @@ set ( CP_APPID_SOURCES client_plugins/client_detector.h client_plugins/client_discovery.cc client_plugins/client_discovery.h - client_plugins/efp_ca_patterns.cc - client_plugins/efp_ca_patterns.h + client_plugins/eve_ca_patterns.cc + client_plugins/eve_ca_patterns.h ) set ( SP_APPID_SOURCES @@ -150,8 +150,8 @@ set ( APPID_SOURCES appid_discovery.cc appid_discovery.h appid_dns_session.h - appid_efp_process_event_handler.cc - appid_efp_process_event_handler.h + appid_eve_process_event_handler.cc + appid_eve_process_event_handler.h appid_ha.cc appid_ha.h appid_http_session.cc diff --git a/src/network_inspectors/appid/appid_app_descriptor.h b/src/network_inspectors/appid/appid_app_descriptor.h index 57822661d..26b142de3 100644 --- a/src/network_inspectors/appid/appid_app_descriptor.h +++ b/src/network_inspectors/appid/appid_app_descriptor.h @@ -243,17 +243,17 @@ public: return my_username.empty() ? nullptr : my_username.c_str(); } - void set_efp_client_app_id(AppId id) + void set_eve_client_app_id(AppId id) { - efp_client_app_id = id; + eve_client_app_id = id; } - AppId get_efp_client_app_id() const + AppId get_eve_client_app_id() const { - return efp_client_app_id; + return eve_client_app_id; } - void set_efp_client_app_detect_type(ClientAppDetectType client_app_detect_type) + void set_eve_client_app_detect_type(ClientAppDetectType client_app_detect_type) { my_client_detect_type = client_app_detect_type; } @@ -266,7 +266,7 @@ public: private: std::string my_username; AppId my_user_id = APP_ID_NONE; - AppId efp_client_app_id = APP_ID_NONE; + AppId eve_client_app_id = APP_ID_NONE; ClientAppDetectType my_client_detect_type = CLIENT_APP_DETECT_APPID; }; diff --git a/src/network_inspectors/appid/appid_config.cc b/src/network_inspectors/appid/appid_config.cc index a4257625b..10eda764d 100644 --- a/src/network_inspectors/appid/appid_config.cc +++ b/src/network_inspectors/appid/appid_config.cc @@ -168,7 +168,7 @@ void OdpContext::initialize(AppIdInspector& inspector) service_disco_mgr.finalize_service_patterns(); client_disco_mgr.finalize_client_patterns(); http_matchers.finalize_patterns(); - efp_ca_matchers.finalize_patterns(); + eve_ca_matchers.finalize_patterns(); // sip patterns need to be finalized after http patterns because they // are dependent on http patterns sip_matchers.finalize_patterns(*this); @@ -184,7 +184,7 @@ void OdpContext::reload() client_pattern_detector->reload_client_port_patterns(); service_disco_mgr.reload_service_patterns(); client_disco_mgr.reload_client_patterns(); - efp_ca_matchers.reload_patterns(); + eve_ca_matchers.reload_patterns(); http_matchers.reload_patterns(); sip_matchers.reload_patterns(); ssl_matchers.reload_patterns(); diff --git a/src/network_inspectors/appid/appid_config.h b/src/network_inspectors/appid/appid_config.h index f954da94c..adae41630 100644 --- a/src/network_inspectors/appid/appid_config.h +++ b/src/network_inspectors/appid/appid_config.h @@ -30,7 +30,7 @@ #include "app_info_table.h" #include "client_plugins/client_discovery.h" -#include "client_plugins/efp_ca_patterns.h" +#include "client_plugins/eve_ca_patterns.h" #include "detector_plugins/dns_patterns.h" #include "detector_plugins/http_url_patterns.h" #include "detector_plugins/sip_patterns.h" @@ -179,9 +179,9 @@ public: return http_matchers; } - EfpCaPatternMatchers& get_efp_ca_matchers() + EveCaPatternMatchers& get_eve_ca_matchers() { - return efp_ca_matchers; + return eve_ca_matchers; } SipPatternMatchers& get_sip_matchers() @@ -221,7 +221,7 @@ private: LengthCache length_cache; DnsPatternMatchers dns_matchers; HttpPatternMatchers http_matchers; - EfpCaPatternMatchers efp_ca_matchers; + EveCaPatternMatchers eve_ca_matchers; ServiceDiscovery service_disco_mgr; SipPatternMatchers sip_matchers; SslPatternMatchers ssl_matchers; diff --git a/src/network_inspectors/appid/appid_efp_process_event_handler.cc b/src/network_inspectors/appid/appid_eve_process_event_handler.cc similarity index 82% rename from src/network_inspectors/appid/appid_efp_process_event_handler.cc rename to src/network_inspectors/appid/appid_eve_process_event_handler.cc index a8e4bdb0b..1789b2b22 100644 --- a/src/network_inspectors/appid/appid_efp_process_event_handler.cc +++ b/src/network_inspectors/appid/appid_eve_process_event_handler.cc @@ -16,13 +16,13 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// appid_efp_process_event_handler.cc author Cliff Judge +// appid_eve_process_event_handler.cc author Cliff Judge #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "appid_efp_process_event_handler.h" +#include "appid_eve_process_event_handler.h" #include "detection/detection_engine.h" #include "appid_debug.h" @@ -31,7 +31,7 @@ using namespace snort; -void AppIdEfpProcessEventHandler::handle(DataEvent& event, Flow* flow) +void AppIdEveProcessEventHandler::handle(DataEvent& event, Flow* flow) { assert(flow); AppIdSession* asd = appid_api.get_appid_session(*flow); @@ -43,19 +43,19 @@ void AppIdEfpProcessEventHandler::handle(DataEvent& event, Flow* flow) (pkt_thread_odp_ctxt->get_version() != asd->get_odp_ctxt_version())) return; - const EfpProcessEvent &efp_process_event = static_cast(event); + const EveProcessEvent &eve_process_event = static_cast(event); - const std::string& name = efp_process_event.get_process_name(); - uint8_t conf = efp_process_event.get_process_confidence(); - const std::string& server_name = efp_process_event.get_server_name(); + const std::string& name = eve_process_event.get_process_name(); + uint8_t conf = eve_process_event.get_process_confidence(); + const std::string& server_name = eve_process_event.get_server_name(); AppId app_id = APP_ID_NONE; if (!name.empty()) { - app_id = asd->get_odp_ctxt().get_efp_ca_matchers().match_efp_ca_pattern(name, + app_id = asd->get_odp_ctxt().get_eve_ca_matchers().match_eve_ca_pattern(name, conf); - asd->set_efp_client_app_id(app_id); + asd->set_eve_client_app_id(app_id); } if (appidDebug->is_active()) diff --git a/src/network_inspectors/appid/appid_efp_process_event_handler.h b/src/network_inspectors/appid/appid_eve_process_event_handler.h similarity index 78% rename from src/network_inspectors/appid/appid_efp_process_event_handler.h rename to src/network_inspectors/appid/appid_eve_process_event_handler.h index 165f6517f..38454feab 100644 --- a/src/network_inspectors/appid/appid_efp_process_event_handler.h +++ b/src/network_inspectors/appid/appid_eve_process_event_handler.h @@ -16,18 +16,18 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// appid_efp_process_event_handler.h author Cliff Judge +// appid_eve_process_event_handler.h author Cliff Judge -#ifndef APPID_EFP_PROCESS_EVENT_HANDLER_H -#define APPID_EFP_PROCESS_EVENT_HANDLER_H +#ifndef APPID_EVE_PROCESS_EVENT_HANDLER_H +#define APPID_EVE_PROCESS_EVENT_HANDLER_H -#include "pub_sub/efp_process_event.h" +#include "pub_sub/eve_process_event.h" #include "appid_module.h" -class AppIdEfpProcessEventHandler : public snort::DataHandler +class AppIdEveProcessEventHandler : public snort::DataHandler { public: - AppIdEfpProcessEventHandler() : DataHandler(MOD_NAME) { } + AppIdEveProcessEventHandler() : DataHandler(MOD_NAME) { } void handle(snort::DataEvent& event, snort::Flow* flow) override; }; diff --git a/src/network_inspectors/appid/appid_inspector.cc b/src/network_inspectors/appid/appid_inspector.cc index a6f90629d..435c5af85 100644 --- a/src/network_inspectors/appid/appid_inspector.cc +++ b/src/network_inspectors/appid/appid_inspector.cc @@ -38,7 +38,7 @@ #include "appid_dcerpc_event_handler.h" #include "appid_debug.h" #include "appid_discovery.h" -#include "appid_efp_process_event_handler.h" +#include "appid_eve_process_event_handler.h" #include "appid_ha.h" #include "appid_http_event_handler.h" #include "appid_http2_req_body_event_handler.h" @@ -138,7 +138,7 @@ bool AppIdInspector::configure(SnortConfig* sc) DataBus::subscribe_network(OPPORTUNISTIC_TLS_EVENT, new AppIdOpportunisticTlsEventHandler()); - DataBus::subscribe_network(EFP_PROCESS_EVENT, new AppIdEfpProcessEventHandler()); + DataBus::subscribe_network(EVE_PROCESS_EVENT, new AppIdEveProcessEventHandler()); DataBus::subscribe_network(SSH_EVENT, new SshEventHandler()); diff --git a/src/network_inspectors/appid/appid_session.cc b/src/network_inspectors/appid/appid_session.cc index d302887c8..33e637fe8 100644 --- a/src/network_inspectors/appid/appid_session.cc +++ b/src/network_inspectors/appid/appid_session.cc @@ -842,25 +842,25 @@ AppId AppIdSession::pick_ss_client_app_id() const tmp_id = api.hsessions[0]->client.get_id(); if (tmp_id > APP_ID_NONE) { - api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID); + api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID); return tmp_id; } - if (api.client.get_efp_client_app_id() > APP_ID_NONE and + if (api.client.get_eve_client_app_id() > APP_ID_NONE and (api.client.get_id() == APP_ID_SSL_CLIENT or api.client.get_id() <= APP_ID_NONE)) { - api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP); - return api.client.get_efp_client_app_id(); + api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP); + return api.client.get_eve_client_app_id(); } if (api.client.get_id() > APP_ID_NONE) { - api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID); + api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID); return api.client.get_id(); } - api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID); + api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID); return encrypted.client_id; } diff --git a/src/network_inspectors/appid/appid_session.h b/src/network_inspectors/appid/appid_session.h index 9877c4988..6a7a3f72a 100644 --- a/src/network_inspectors/appid/appid_session.h +++ b/src/network_inspectors/appid/appid_session.h @@ -510,14 +510,14 @@ public: api.client.update_user(id, username, change_bits); } - void set_efp_client_app_id(AppId id) + void set_eve_client_app_id(AppId id) { - api.client.set_efp_client_app_id(id); + api.client.set_eve_client_app_id(id); } - AppId get_efp_client_app_id() const + AppId get_eve_client_app_id() const { - return api.client.get_efp_client_app_id(); + return api.client.get_eve_client_app_id(); } AppId get_payload_id() const diff --git a/src/network_inspectors/appid/client_plugins/efp_ca_patterns.cc b/src/network_inspectors/appid/client_plugins/eve_ca_patterns.cc similarity index 61% rename from src/network_inspectors/appid/client_plugins/efp_ca_patterns.cc rename to src/network_inspectors/appid/client_plugins/eve_ca_patterns.cc index ba754c5ea..f79e8e126 100644 --- a/src/network_inspectors/appid/client_plugins/efp_ca_patterns.cc +++ b/src/network_inspectors/appid/client_plugins/eve_ca_patterns.cc @@ -16,13 +16,13 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// efp_ca_patterns.cc author Cliff Judge +// eve_ca_patterns.cc author Cliff Judge #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "efp_ca_patterns.h" +#include "eve_ca_patterns.h" #include @@ -33,39 +33,39 @@ using namespace snort; using namespace std; -void EfpCaPatternMatchers::add_efp_ca_pattern(AppId app_id, const string& pattern_str, +void EveCaPatternMatchers::add_eve_ca_pattern(AppId app_id, const string& pattern_str, uint8_t confidence, const string& detector) { - auto match = find_if(efp_ca_load_list.begin(), efp_ca_load_list.end(), - [app_id, pattern_str] (EfpCaPattern* efp_ca) - { return (efp_ca->pattern == pattern_str and efp_ca->app_id != app_id); }); + auto match = find_if(eve_ca_load_list.begin(), eve_ca_load_list.end(), + [app_id, pattern_str] (EveCaPattern* eve_ca) + { return (eve_ca->pattern == pattern_str and eve_ca->app_id != app_id); }); - if (match != efp_ca_load_list.end()) + if (match != eve_ca_load_list.end()) WarningMessage("appid: detector %s - process name '%s' for client app %d is already " "mapped to client app %d\n", detector.c_str(), (*match)->pattern.c_str(), app_id, (*match)->app_id); - EfpCaPattern* new_efp_ca_pattern = new EfpCaPattern(app_id, pattern_str, confidence); - efp_ca_load_list.push_back(new_efp_ca_pattern); + EveCaPattern* new_eve_ca_pattern = new EveCaPattern(app_id, pattern_str, confidence); + eve_ca_load_list.push_back(new_eve_ca_pattern); } -static int efp_ca_pattern_match(void* id, void*, int, void* data, void*) +static int eve_ca_pattern_match(void* id, void*, int, void* data, void*) { - EfpCaPatternList* efp_ca_match_list = (EfpCaPatternList *)data; - efp_ca_match_list->push_back((EfpCaPattern *)id); + EveCaPatternList* eve_ca_match_list = (EveCaPatternList *)data; + eve_ca_match_list->push_back((EveCaPattern *)id); return 0; } -AppId EfpCaPatternMatchers::match_efp_ca_pattern(const string& pattern, +AppId EveCaPatternMatchers::match_eve_ca_pattern(const string& pattern, uint8_t reported_confidence) { - EfpCaPatternList* efp_ca_match_list = new EfpCaPatternList(); - EfpCaPattern* best_match = nullptr; + EveCaPatternList* eve_ca_match_list = new EveCaPatternList(); + EveCaPattern* best_match = nullptr; - efp_ca_pattern_matcher.find_all(pattern.data(), pattern.size(), efp_ca_pattern_match, - false, efp_ca_match_list); + eve_ca_pattern_matcher.find_all(pattern.data(), pattern.size(), eve_ca_pattern_match, + false, eve_ca_match_list); - for (auto &mp : *efp_ca_match_list) + for (auto &mp : *eve_ca_match_list) { if (mp->pattern.size() == pattern.size()) { @@ -86,34 +86,34 @@ AppId EfpCaPatternMatchers::match_efp_ca_pattern(const string& pattern, if (best_match) ret_app_id = best_match->app_id; - delete efp_ca_match_list; + delete eve_ca_match_list; return ret_app_id; } -EfpCaPatternMatchers::~EfpCaPatternMatchers() +EveCaPatternMatchers::~EveCaPatternMatchers() { - for (auto& p : efp_ca_load_list) + for (auto& p : eve_ca_load_list) delete p; - efp_ca_load_list.clear(); + eve_ca_load_list.clear(); } -void EfpCaPatternMatchers::finalize_patterns() +void EveCaPatternMatchers::finalize_patterns() { - for (auto& p : efp_ca_load_list) + for (auto& p : eve_ca_load_list) { - efp_ca_pattern_matcher.add(p->pattern.data(), p->pattern.size(), p, true); + eve_ca_pattern_matcher.add(p->pattern.data(), p->pattern.size(), p, true); #ifdef REG_TEST - LogMessage("Adding EFP Client App pattern %d %s %d\n", + LogMessage("Adding EVE Client App pattern %d %s %d\n", p->app_id, p->pattern.c_str(), p->confidence); #endif } - efp_ca_pattern_matcher.prep(); + eve_ca_pattern_matcher.prep(); } -void EfpCaPatternMatchers::reload_patterns() +void EveCaPatternMatchers::reload_patterns() { - efp_ca_pattern_matcher.reload(); + eve_ca_pattern_matcher.reload(); } diff --git a/src/network_inspectors/appid/client_plugins/efp_ca_patterns.h b/src/network_inspectors/appid/client_plugins/eve_ca_patterns.h similarity index 71% rename from src/network_inspectors/appid/client_plugins/efp_ca_patterns.h rename to src/network_inspectors/appid/client_plugins/eve_ca_patterns.h index dcdb1d03e..7c395f0f2 100644 --- a/src/network_inspectors/appid/client_plugins/efp_ca_patterns.h +++ b/src/network_inspectors/appid/client_plugins/eve_ca_patterns.h @@ -16,42 +16,42 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// efp_ca_patterns.h author Cliff Judge +// eve_ca_patterns.h author Cliff Judge -#ifndef EFP_CA_PATTERNS_H -#define EFP_CA_PATTERNS_H +#ifndef EVE_CA_PATTERNS_H +#define EVE_CA_PATTERNS_H #include #include "search_engines/search_tool.h" #include "application_ids.h" -struct EfpCaPattern +struct EveCaPattern { const AppId app_id; const std::string pattern; const uint8_t confidence; - EfpCaPattern(AppId id, const std::string& name, uint8_t conf) : app_id(id), pattern(name), + EveCaPattern(AppId id, const std::string& name, uint8_t conf) : app_id(id), pattern(name), confidence(conf) {} - ~EfpCaPattern() {} + ~EveCaPattern() {} }; -typedef std::vector EfpCaPatternList; +typedef std::vector EveCaPatternList; -class EfpCaPatternMatchers +class EveCaPatternMatchers { public: - ~EfpCaPatternMatchers(); - AppId match_efp_ca_pattern(const std::string&, uint8_t); - void add_efp_ca_pattern(AppId, const std::string&, uint8_t, const std::string&); + ~EveCaPatternMatchers(); + AppId match_eve_ca_pattern(const std::string&, uint8_t); + void add_eve_ca_pattern(AppId, const std::string&, uint8_t, const std::string&); void finalize_patterns(); void reload_patterns(); private: - snort::SearchTool efp_ca_pattern_matcher = snort::SearchTool(); - EfpCaPatternList efp_ca_load_list; + snort::SearchTool eve_ca_pattern_matcher = snort::SearchTool(); + EveCaPatternList eve_ca_load_list; }; #endif diff --git a/src/network_inspectors/appid/client_plugins/test/CMakeLists.txt b/src/network_inspectors/appid/client_plugins/test/CMakeLists.txt index 9dcc7c489..bbcb84ee9 100644 --- a/src/network_inspectors/appid/client_plugins/test/CMakeLists.txt +++ b/src/network_inspectors/appid/client_plugins/test/CMakeLists.txt @@ -1,5 +1,5 @@ include_directories ( appid PRIVATE ${APPID_INCLUDE_DIR} ) -add_cpputest( efp_ca_patterns_test ) +add_cpputest( eve_ca_patterns_test ) diff --git a/src/network_inspectors/appid/client_plugins/test/efp_ca_patterns_test.cc b/src/network_inspectors/appid/client_plugins/test/eve_ca_patterns_test.cc similarity index 59% rename from src/network_inspectors/appid/client_plugins/test/efp_ca_patterns_test.cc rename to src/network_inspectors/appid/client_plugins/test/eve_ca_patterns_test.cc index a8946cba9..7333fb762 100644 --- a/src/network_inspectors/appid/client_plugins/test/efp_ca_patterns_test.cc +++ b/src/network_inspectors/appid/client_plugins/test/eve_ca_patterns_test.cc @@ -16,78 +16,78 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- // -// efp_ca_patterns_test.cc author Sreeja Athirkandathil Narayanan +// eve_ca_patterns_test.cc author Sreeja Athirkandathil Narayanan #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "client_plugins/efp_ca_patterns.cc" +#include "client_plugins/eve_ca_patterns.cc" #include "client_plugins_mock.h" #include #include #include -static EfpCaPatternMatchers* efp_matcher = nullptr; -EfpCaPattern efp_ca(APPID_UT_ID, "firefox", 90); +static EveCaPatternMatchers* eve_matcher = nullptr; +EveCaPattern eve_ca(APPID_UT_ID, "firefox", 90); namespace snort { int SearchTool::find_all(const char* pattern, unsigned, MpseMatch, bool, void* data) { if (strcmp(pattern, "firefox") == 0) - efp_ca_pattern_match(&efp_ca, nullptr, 0, data, nullptr); + eve_ca_pattern_match(&eve_ca, nullptr, 0, data, nullptr); return 0; } } -TEST_GROUP(efp_ca_patterns_tests) +TEST_GROUP(eve_ca_patterns_tests) { void setup() override { - efp_matcher = new EfpCaPatternMatchers(); + eve_matcher = new EveCaPatternMatchers(); } void teardown() override { - delete efp_matcher; + delete eve_matcher; } }; -TEST(efp_ca_patterns_tests, efp_ca_pattern_match) +TEST(eve_ca_patterns_tests, eve_ca_pattern_match) { - EfpCaPatternList data; - EfpCaPattern efp1(APPID_UT_ID + 1, "firefox", 80); - efp_ca_pattern_match(&efp1, nullptr, 0, &data, nullptr); - EfpCaPattern* efp = data.back(); - CHECK(efp->app_id == efp1.app_id); - CHECK(efp->pattern == efp1.pattern); - CHECK(efp->confidence == efp1.confidence); - - EfpCaPattern efp2(APPID_UT_ID + 2, "chrome", 95); - efp_ca_pattern_match(&efp2, nullptr, 0, &data, nullptr); - efp = data.back(); - CHECK(efp->app_id == efp2.app_id); - CHECK(efp->pattern == efp2.pattern); - CHECK(efp->confidence == efp2.confidence); + EveCaPatternList data; + EveCaPattern eve1(APPID_UT_ID + 1, "firefox", 80); + eve_ca_pattern_match(&eve1, nullptr, 0, &data, nullptr); + EveCaPattern* eve = data.back(); + CHECK(eve->app_id == eve1.app_id); + CHECK(eve->pattern == eve1.pattern); + CHECK(eve->confidence == eve1.confidence); + + EveCaPattern eve2(APPID_UT_ID + 2, "chrome", 95); + eve_ca_pattern_match(&eve2, nullptr, 0, &data, nullptr); + eve = data.back(); + CHECK(eve->app_id == eve2.app_id); + CHECK(eve->pattern == eve2.pattern); + CHECK(eve->confidence == eve2.confidence); CHECK(data.size() == 2); } -TEST(efp_ca_patterns_tests, match_efp_ca_pattern) +TEST(eve_ca_patterns_tests, match_eve_ca_pattern) { // 1. pattern not present in pattern matcher list - CHECK(efp_matcher->match_efp_ca_pattern("chrome", 95) == 0); + CHECK(eve_matcher->match_eve_ca_pattern("chrome", 95) == 0); // 2. pattern matches, confidence doesn't match - CHECK(efp_matcher->match_efp_ca_pattern("firefox", 60) == 0); + CHECK(eve_matcher->match_eve_ca_pattern("firefox", 60) == 0); // 3. pattern and confidence matches - CHECK(efp_matcher->match_efp_ca_pattern("firefox", 90) == APPID_UT_ID); + CHECK(eve_matcher->match_eve_ca_pattern("firefox", 90) == APPID_UT_ID); // 4. pattern matches, reported confidence > existing value - CHECK(efp_matcher->match_efp_ca_pattern("firefox", 92) == APPID_UT_ID); + CHECK(eve_matcher->match_eve_ca_pattern("firefox", 92) == APPID_UT_ID); } int main(int argc, char** argv) diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc index 236e7d282..42a3caab6 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/detector_sip_test.cc @@ -153,7 +153,7 @@ void AppIdModule::reset_stats() { } // LCOV_EXCL_STOP DnsPatternMatchers::~DnsPatternMatchers() = default; -EfpCaPatternMatchers::~EfpCaPatternMatchers() = default; +EveCaPatternMatchers::~EveCaPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; HttpPatternMatchers::~HttpPatternMatchers() = default; diff --git a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc index 79ed8240a..f1302eef3 100644 --- a/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc +++ b/src/network_inspectors/appid/detector_plugins/test/http_url_patterns_test.cc @@ -84,7 +84,7 @@ void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; } DnsPatternMatchers::~DnsPatternMatchers() = default; -EfpCaPatternMatchers::~EfpCaPatternMatchers() = default; +EveCaPatternMatchers::~EveCaPatternMatchers() = default; SipPatternMatchers::~SipPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; void AppIdModule::reset_stats() {} diff --git a/src/network_inspectors/appid/lua_detector_api.cc b/src/network_inspectors/appid/lua_detector_api.cc index 2fab466af..c546b4d2d 100644 --- a/src/network_inspectors/appid/lua_detector_api.cc +++ b/src/network_inspectors/appid/lua_detector_api.cc @@ -1006,14 +1006,14 @@ static int add_process_to_client_mapping(lua_State* L) const char* tmp_string = lua_tostring(L, ++index); if (!tmp_string) { - ErrorMessage("appid: Invalid efp process_name string: appid %u.\n", appid); + ErrorMessage("appid: Invalid eve process_name string: appid %u.\n", appid); return 0; } const std::string process_name(tmp_string); uint8_t process_score = lua_tointeger(L, ++index); const std::string detector_name = ud->get_detector()->get_name(); - ud->get_odp_ctxt().get_efp_ca_matchers().add_efp_ca_pattern(appid, process_name, + ud->get_odp_ctxt().get_eve_ca_matchers().add_eve_ca_pattern(appid, process_name, process_score, detector_name); ud->get_odp_ctxt().get_app_info_mgr().set_app_info_active(appid); diff --git a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h index e535be3a3..0fc7c38bf 100644 --- a/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h +++ b/src/network_inspectors/appid/service_plugins/test/service_plugin_mock.h @@ -80,7 +80,7 @@ AppIdSessionApi::AppIdSessionApi(const AppIdSession*, const SfIp&) : StashGenericObject(STASH_GENERIC_OBJECT_APPID) {} } -EfpCaPatternMatchers::~EfpCaPatternMatchers() { } +EveCaPatternMatchers::~EveCaPatternMatchers() { } SslPatternMatchers::~SslPatternMatchers() { } SipPatternMatchers::~SipPatternMatchers() { } HttpPatternMatchers::~HttpPatternMatchers() { } diff --git a/src/network_inspectors/appid/test/CMakeLists.txt b/src/network_inspectors/appid/test/CMakeLists.txt index a56750e6c..794da44a6 100644 --- a/src/network_inspectors/appid/test/CMakeLists.txt +++ b/src/network_inspectors/appid/test/CMakeLists.txt @@ -41,7 +41,7 @@ add_cpputest( appid_http_session_test SOURCES $ ) -add_cpputest( appid_efp_process_event_handler_test +add_cpputest( appid_eve_process_event_handler_test SOURCES $ ) diff --git a/src/network_inspectors/appid/test/appid_discovery_test.cc b/src/network_inspectors/appid/test/appid_discovery_test.cc index dfd74fbba..47e4b3acd 100644 --- a/src/network_inspectors/appid/test/appid_discovery_test.cc +++ b/src/network_inspectors/appid/test/appid_discovery_test.cc @@ -139,7 +139,7 @@ void DataBus::publish(const char*, DataEvent& event, Flow*) // Stubs for matchers static HttpPatternMatchers* http_matchers; DnsPatternMatchers::~DnsPatternMatchers() = default; -EfpCaPatternMatchers::~EfpCaPatternMatchers() = default; +EveCaPatternMatchers::~EveCaPatternMatchers() = default; HttpPatternMatchers::~HttpPatternMatchers() = default; SipPatternMatchers::~SipPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; diff --git a/src/network_inspectors/appid/test/appid_efp_process_event_handler_test.cc b/src/network_inspectors/appid/test/appid_eve_process_event_handler_test.cc similarity index 87% rename from src/network_inspectors/appid/test/appid_efp_process_event_handler_test.cc rename to src/network_inspectors/appid/test/appid_eve_process_event_handler_test.cc index 9eb612cb2..58def9f44 100644 --- a/src/network_inspectors/appid/test/appid_efp_process_event_handler_test.cc +++ b/src/network_inspectors/appid/test/appid_eve_process_event_handler_test.cc @@ -16,13 +16,13 @@ // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- // -// appid_efp_process_event_handler_test.cc author Sreeja Athirkandathil Narayanan +// appid_eve_process_event_handler_test.cc author Sreeja Athirkandathil Narayanan #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "appid_efp_process_event_handler.cc" +#include "appid_eve_process_event_handler.cc" #include @@ -81,12 +81,12 @@ void AppIdModule::reset_stats() { } void AppIdDebug::activate(snort::Flow const*, AppIdSession const*, bool) { } -AppId EfpCaPatternMatchers::match_efp_ca_pattern(const string&, uint8_t) +AppId EveCaPatternMatchers::match_eve_ca_pattern(const string&, uint8_t) { return APPID_UT_ID; } -TEST_GROUP(appid_efp_process_event_handler_tests) +TEST_GROUP(appid_eve_process_event_handler_tests) { void setup() override { @@ -105,14 +105,14 @@ TEST_GROUP(appid_efp_process_event_handler_tests) } }; -TEST(appid_efp_process_event_handler_tests, efp_process_event_handler) +TEST(appid_eve_process_event_handler_tests, eve_process_event_handler) { Packet p; - EfpProcessEvent event(p, "firefox", 90); - AppIdEfpProcessEventHandler event_handler; + EveProcessEvent event(p, "firefox", 90); + AppIdEveProcessEventHandler event_handler; Flow* flow = new Flow(); event_handler.handle(event, flow); - CHECK(session->get_efp_client_app_id() == APPID_UT_ID); + CHECK(session->get_eve_client_app_id() == APPID_UT_ID); delete flow; } diff --git a/src/network_inspectors/appid/test/appid_mock_definitions.h b/src/network_inspectors/appid/test/appid_mock_definitions.h index 476ad3958..603737084 100644 --- a/src/network_inspectors/appid/test/appid_mock_definitions.h +++ b/src/network_inspectors/appid/test/appid_mock_definitions.h @@ -80,7 +80,7 @@ void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; } DnsPatternMatchers::~DnsPatternMatchers() = default; -EfpCaPatternMatchers::~EfpCaPatternMatchers() = default; +EveCaPatternMatchers::~EveCaPatternMatchers() = default; HttpPatternMatchers::~HttpPatternMatchers() = default; SipPatternMatchers::~SipPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; diff --git a/src/network_inspectors/appid/test/appid_mock_session.h b/src/network_inspectors/appid/test/appid_mock_session.h index dcbc15e2b..35551b7f3 100644 --- a/src/network_inspectors/appid/test/appid_mock_session.h +++ b/src/network_inspectors/appid/test/appid_mock_session.h @@ -141,14 +141,14 @@ AppId AppIdSession::pick_ss_misc_app_id() const AppId AppIdSession::pick_ss_client_app_id() const { - if (get_efp_client_app_id() > APP_ID_NONE and get_client_id() <= APP_ID_NONE) + if (get_eve_client_app_id() > APP_ID_NONE and get_client_id() <= APP_ID_NONE) { - api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP); - return get_efp_client_app_id(); + api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_TLS_FP); + return get_eve_client_app_id(); } else { - api.client.set_efp_client_app_detect_type(CLIENT_APP_DETECT_APPID); + api.client.set_eve_client_app_detect_type(CLIENT_APP_DETECT_APPID); return get_client_id(); } } diff --git a/src/network_inspectors/appid/test/appid_session_api_test.cc b/src/network_inspectors/appid/test/appid_session_api_test.cc index 8ad89685f..c91b61662 100644 --- a/src/network_inspectors/appid/test/appid_session_api_test.cc +++ b/src/network_inspectors/appid/test/appid_session_api_test.cc @@ -343,10 +343,10 @@ TEST(appid_session_api, get_client_app_detect_type) ClientAppDetectType detect_type = mock_session->get_api().get_client_app_detect_type(); CHECK_EQUAL(detect_type, CLIENT_APP_DETECT_APPID); - /* Set efp client app to some appid, but keep normal client id set to none. - The efp_client app should be picked, but the detect type should be TLS_FP. */ + /* Set eve client app to some appid, but keep normal client id set to none. + The eve_client app should be picked, but the detect type should be TLS_FP. */ mock_session->set_client_id(APP_ID_NONE); - mock_session->set_efp_client_app_id(638); + mock_session->set_eve_client_app_id(638); AppId id = mock_session->pick_ss_client_app_id(); CHECK_EQUAL(id, 638); detect_type = mock_session->get_api().get_client_app_detect_type(); diff --git a/src/network_inspectors/appid/test/service_state_test.cc b/src/network_inspectors/appid/test/service_state_test.cc index 40dfc363e..7396e9698 100644 --- a/src/network_inspectors/appid/test/service_state_test.cc +++ b/src/network_inspectors/appid/test/service_state_test.cc @@ -121,7 +121,7 @@ int ServiceDiscovery::fail_service(AppIdSession&, const Packet*, AppidSessionDir int ServiceDiscovery::add_service_port(AppIdDetector*, const ServiceDetectorPort&) { return APPID_EINVALID; } DnsPatternMatchers::~DnsPatternMatchers() = default; -EfpCaPatternMatchers::~EfpCaPatternMatchers() = default; +EveCaPatternMatchers::~EveCaPatternMatchers() = default; HttpPatternMatchers::~HttpPatternMatchers() = default; SipPatternMatchers::~SipPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; diff --git a/src/network_inspectors/appid/test/tp_lib_handler_test.cc b/src/network_inspectors/appid/test/tp_lib_handler_test.cc index 5ff7b6024..931ff8544 100644 --- a/src/network_inspectors/appid/test/tp_lib_handler_test.cc +++ b/src/network_inspectors/appid/test/tp_lib_handler_test.cc @@ -56,7 +56,7 @@ void AppIdDiscovery::register_tcp_pattern(AppIdDetector*, unsigned char const*, void AppIdDiscovery::register_udp_pattern(AppIdDetector*, unsigned char const*, unsigned int, int, unsigned int) { } int AppIdDiscovery::add_service_port(AppIdDetector*, ServiceDetectorPort const&) { return 0; } DnsPatternMatchers::~DnsPatternMatchers() = default; -EfpCaPatternMatchers::~EfpCaPatternMatchers() = default; +EveCaPatternMatchers::~EveCaPatternMatchers() = default; HttpPatternMatchers::~HttpPatternMatchers() = default; SipPatternMatchers::~SipPatternMatchers() = default; SslPatternMatchers::~SslPatternMatchers() = default; diff --git a/src/pub_sub/CMakeLists.txt b/src/pub_sub/CMakeLists.txt index 10ddbec07..a453d90ec 100644 --- a/src/pub_sub/CMakeLists.txt +++ b/src/pub_sub/CMakeLists.txt @@ -6,7 +6,7 @@ set (PUB_SUB_INCLUDES daq_message_event.h dcerpc_events.h dhcp_events.h - efp_process_event.h + eve_process_event.h expect_events.h finalize_packet_event.h http_events.h diff --git a/src/pub_sub/efp_process_event.h b/src/pub_sub/eve_process_event.h similarity index 84% rename from src/pub_sub/efp_process_event.h rename to src/pub_sub/eve_process_event.h index f9c5f8b6a..764b6b116 100644 --- a/src/pub_sub/efp_process_event.h +++ b/src/pub_sub/eve_process_event.h @@ -15,23 +15,23 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// efp_process_event.h author Cliff Judge +// eve_process_event.h author Cliff Judge -#ifndef EFP_PROCESS_EVENT_H -#define EFP_PROCESS_EVENT_H +#ifndef EVE_PROCESS_EVENT_H +#define EVE_PROCESS_EVENT_H #include #include "framework/data_bus.h" -#define EFP_PROCESS_EVENT "efp_process_event" +#define EVE_PROCESS_EVENT "eve_process_event" -class EfpProcessEvent : public snort::DataEvent +class EveProcessEvent : public snort::DataEvent { public: - EfpProcessEvent(const snort::Packet& p, const char* process, uint8_t process_conf) : + EveProcessEvent(const snort::Packet& p, const char* process, uint8_t process_conf) : p(p), process_name(process), process_confidence(process_conf) { } - EfpProcessEvent(const snort::Packet& p, const char* server) : p(p), server_name(server) { } + EveProcessEvent(const snort::Packet& p, const char* server) : p(p), server_name(server) { } const snort::Packet* get_packet() override { return &p; } diff --git a/src/pub_sub/test/CMakeLists.txt b/src/pub_sub/test/CMakeLists.txt index 75b7740b5..0a8892ae9 100644 --- a/src/pub_sub/test/CMakeLists.txt +++ b/src/pub_sub/test/CMakeLists.txt @@ -7,7 +7,7 @@ add_cpputest( pub_sub_http_request_body_event_test ../http_request_body_event.cc ../../service_inspectors/http_inspect/http_msg_body_cl.cc ) -add_cpputest( pub_sub_efp_process_event_test +add_cpputest( pub_sub_eve_process_event_test SOURCES - ../efp_process_event.h + ../eve_process_event.h ) diff --git a/src/pub_sub/test/pub_sub_efp_process_event_test.cc b/src/pub_sub/test/pub_sub_eve_process_event_test.cc similarity index 86% rename from src/pub_sub/test/pub_sub_efp_process_event_test.cc rename to src/pub_sub/test/pub_sub_eve_process_event_test.cc index 097c56453..4690ca1f2 100644 --- a/src/pub_sub/test/pub_sub_efp_process_event_test.cc +++ b/src/pub_sub/test/pub_sub_eve_process_event_test.cc @@ -15,13 +15,13 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// pub_sub_efp_process_event_test.cc author Cliff Judge +// pub_sub_eve_process_event_test.cc author Cliff Judge #ifdef HAVE_CONFIG_H #include "config.h" #endif -#include "pub_sub/efp_process_event.h" +#include "pub_sub/eve_process_event.h" #include "protocols/packet.h" #include @@ -33,7 +33,7 @@ using namespace snort; Packet::Packet(bool) { } Packet::~Packet() = default; -TEST_GROUP(pub_sub_efp_process_event_test) +TEST_GROUP(pub_sub_eve_process_event_test) { void teardown() override { @@ -41,10 +41,10 @@ TEST_GROUP(pub_sub_efp_process_event_test) } }; -TEST(pub_sub_efp_process_event_test, efp_process_event) +TEST(pub_sub_eve_process_event_test, eve_process_event) { Packet p; - EfpProcessEvent event(p, "process", 10); + EveProcessEvent event(p, "process", 10); CHECK(event.get_process_name() == "process"); CHECK(event.get_process_confidence() == 10); CHECK(event.get_packet() == &p);