From: Russ Combs (rucombs) <rucombs@cisco.com>
Date: Fri, 26 Oct 2018 14:25:09 +0000 (-0400)
Subject: Merge pull request #1403 in SNORT/snort3 from nuke_146 to master
X-Git-Tag: 3.0.0-249~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c791fe06e4e564f4afcd9e933007e3b537b301c1;p=thirdparty%2Fsnort3.git

Merge pull request #1403 in SNORT/snort3 from nuke_146 to master

Squashed commit of the following:

commit bf14cb08701526cdba5040dffdf5322b4c67da5e
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Oct 25 12:40:34 2018 -0400

    snort2lua: tweak for style consistency

commit ca3fb174a817679df1f2085c91aacced499d86cc
Author: Russ Combs <rucombs@cisco.com>
Date:   Thu Oct 25 12:40:13 2018 -0400

    snort2lua: comment out deleted gid 146 rules
---

diff --git a/tools/snort2lua/data/dt_rule_api.cc b/tools/snort2lua/data/dt_rule_api.cc
index e8bf89967..b0443e6f0 100644
--- a/tools/snort2lua/data/dt_rule_api.cc
+++ b/tools/snort2lua/data/dt_rule_api.cc
@@ -32,16 +32,17 @@
 std::size_t RuleApi::error_count = 0;
 std::string RuleApi::remark;
 
-std::set<GidSid> RuleApi::address_anomaly_rules = {
-                                            {"116", "403"},
-                                            {"116", "411"},
-                                            {"116", "412"},
-                                            {"129", "9"},
-                                            {"129", "10"},
-                                        };
-
-RuleApi::RuleApi()
-    :   curr_rule(nullptr),
+std::set<GidSid> RuleApi::address_anomaly_rules =
+{
+    {"116", "403"},
+    {"116", "411"},
+    {"116", "412"},
+    {"129", "9"},
+    {"129", "10"},
+};
+
+RuleApi::RuleApi() :
+    curr_rule(nullptr),
     curr_data_bad(false)
 {
     bad_rules = new Comments(start_bad_rules, 0,
@@ -106,9 +107,10 @@ void RuleApi::make_rule_a_comment()
 bool RuleApi::enable_addr_anomaly_detection()
 {
     if (curr_rule != nullptr)
-        return address_anomaly_rules.count({curr_rule->get_option("gid"),
-                                          curr_rule->get_option("sid")}) != 0;
-
+    {
+        return address_anomaly_rules.count(
+            { curr_rule->get_option("gid"), curr_rule->get_option("sid") }) != 0;
+    }
     return false;
 }
 
diff --git a/tools/snort2lua/rule_states/rule_gid_sid.cc b/tools/snort2lua/rule_states/rule_gid_sid.cc
index 66114b4db..f10abe78b 100644
--- a/tools/snort2lua/rule_states/rule_gid_sid.cc
+++ b/tools/snort2lua/rule_states/rule_gid_sid.cc
@@ -41,6 +41,9 @@ class Gid : public ConversionState
 public:
     Gid(Converter& c) : ConversionState(c) { }
     bool convert(std::istringstream& data_stream) override;
+
+private:
+    static bool rem_146;
 };
 
 class Sid : public ConversionState
@@ -56,12 +59,24 @@ public:
 // Gid
 //
 
+bool Gid::rem_146 = false;
+
 bool Gid::convert(std::istringstream& data_stream)
 {
     std::string gid = util::get_rule_option_args(data_stream);
-
     const std::string old_http_gid("120");
-    if (gid.compare(old_http_gid) == 0)
+    const std::string file_id = "146";
+
+    if ( gid == file_id )
+    {
+        if ( !rem_146 )
+        {
+            rule_api.add_comment("deleted all gid:" + file_id + " rules");
+            rem_146 = true;
+        }
+        rule_api.make_rule_a_comment();
+    }
+    else if (gid.compare(old_http_gid) == 0)
     {
         const std::string nhi_gid("119");
         gid.assign(nhi_gid);
@@ -75,7 +90,6 @@ bool Gid::convert(std::istringstream& data_stream)
             rule_api.update_option("sid", sid);
         }
     }
-
     rule_api.add_option("gid", gid);
     return set_next_rule_state(data_stream);
 }