From: Pranav Bhalerao (prbhaler) Date: Fri, 12 Mar 2021 11:48:11 +0000 (+0000) Subject: Merge pull request #2782 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_lua to master X-Git-Tag: 3.1.3.0~21 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c0a340d6abc72c9a5cb90b3b52acced0517e1905;p=thirdparty%2Fsnort3.git Merge pull request #2782 in SNORT/snort3 from ~VIGNVISW/snort3:vignvisw_lua to master Squashed commit of the following: commit 40ef99ede336f6b2970d1fc42846369a3b986232 Author: Vigneshwari Viswanathan Date: Mon Mar 8 03:48:53 2021 -0500 snort2lua: Fixing lua conversion of http preproc options --- diff --git a/tools/snort2lua/conversion_state.h b/tools/snort2lua/conversion_state.h index 60fb9973f..2e35c1cf7 100644 --- a/tools/snort2lua/conversion_state.h +++ b/tools/snort2lua/conversion_state.h @@ -20,6 +20,7 @@ #ifndef CONVERSION_STATE_H #define CONVERSION_STATE_H +#include #include #include "helpers/converter.h" @@ -182,6 +183,49 @@ protected: return false; } + // parse and add a curly bracketed list to the table + inline bool parse_curly_bracket_precedence_list(const std::string& list_name, + std::istringstream& stream, int max) + { + std::string elem, tmp; + bool retval = true; + std::map order; + int dig; + + if (!(stream >> elem) || (elem != "{")) + return false; + + while (stream >> elem && elem != "}") + { + if ( elem == "[" || elem == "]") + continue; + + if (stream >> dig) + { + if (dig <= max) + { + order.insert(std::pair(dig, elem)); + } + else + { + table_api.add_comment("Unable to add " + elem + + ". Max precedence value is " + std::to_string(max)); + } + } + } + for (auto i = order.begin(); i != order.end(); i++) + { + tmp += " " + i->second; + } + + // remove the extra space at the beginning of the string + if (!tmp.empty()) + tmp.erase(tmp.begin()); + + table_api.add_option(list_name, tmp); + return retval; + } + // parse and add a curly bracketed list to the table inline bool parse_curly_bracket_list(const std::string& list_name, std::istringstream& stream) { diff --git a/tools/snort2lua/preprocessor_states/pps_http_inspect.cc b/tools/snort2lua/preprocessor_states/pps_http_inspect.cc index 7d2b58b8b..ac8e2cdaf 100644 --- a/tools/snort2lua/preprocessor_states/pps_http_inspect.cc +++ b/tools/snort2lua/preprocessor_states/pps_http_inspect.cc @@ -95,6 +95,12 @@ bool HttpInspect::convert(std::istringstream& data_stream) else if (keyword == "uu_decode_depth") parse_deleted_option("uu_decode_depth", data_stream); + else if (keyword == "normalize_random_nulls_in_text") + parse_deleted_option("normalize_random_nulls_in_text", data_stream); + + else if (keyword == "fast_blocking") + parse_deleted_option("fast_blocking", data_stream); + else if (keyword == "iis_unicode_map") { std::string codemap; diff --git a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc index 2952d6745..00f02e33a 100644 --- a/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc +++ b/tools/snort2lua/preprocessor_states/pps_http_inspect_server.cc @@ -24,6 +24,8 @@ #include "helpers/s2l_util.h" #include "helpers/util_binder.h" +#define MAX_XFF_HEADER 8 + namespace preprocessors { namespace @@ -329,7 +331,7 @@ bool HttpInspectServer::convert(std::istringstream& data_stream) else if (keyword == "profile") parse_deleted_option("profile", data_stream); else if ( keyword == "xff_headers" ) - tmpval = parse_bracketed_unsupported_list("xff_headers", data_stream); + tmpval = parse_curly_bracket_precedence_list("xff_headers", data_stream, MAX_XFF_HEADER); else { tmpval = false;