From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Wed, 5 Feb 2025 21:38:03 +0000 (-0500)
Subject: detect/entropy: Use entropy matching when needed
X-Git-Tag: suricata-8.0.0-beta1~123
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b93c70fbd84f4d8135080104f9582f7734917730;p=thirdparty%2Fsuricata.git

detect/entropy: Use entropy matching when needed

This commit causes the content inspection engine to recognize and
invoke the entropy "match" function when the entropy keyword is used.

Issue: 4162
---

diff --git a/src/detect-engine-content-inspection.c b/src/detect-engine-content-inspection.c
index 6ccc5e533e..7ee7c19d48 100644
--- a/src/detect-engine-content-inspection.c
+++ b/src/detect-engine-content-inspection.c
@@ -41,6 +41,7 @@
 #include "detect-bytemath.h"
 #include "detect-bytejump.h"
 #include "detect-byte-extract.h"
+#include "detect-entropy.h"
 #include "detect-replace.h"
 #include "detect-engine-content-inspection.h"
 #include "detect-uricontent.h"
@@ -486,6 +487,11 @@ static int DetectEngineContentInspectionInternal(DetectEngineThreadCtx *det_ctx,
             det_ctx->pcre_match_start_offset = prev_offset;
         } while (1);
 
+    } else if (smd->type == DETECT_ENTROPY) {
+        if (!DetectEntropyDoMatch(det_ctx, s, smd->ctx, buffer, buffer_len)) {
+            goto no_match;
+        }
+        goto match;
     } else if (smd->type == DETECT_BYTETEST) {
         const DetectBytetestData *btd = (const DetectBytetestData *)smd->ctx;
         uint16_t btflags = btd->flags;