From: Yurii Chalov -X (ychalov - SOFTSERVE INC at Cisco) Date: Fri, 26 Jul 2024 12:26:18 +0000 (+0000) Subject: Pull request #4397: Snort ML: fix verbose mode output for unlimited options X-Git-Tag: 3.3.2.0~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e000cd1cb8d2d8df04f09bf6d2cd9a674c488b0d;p=thirdparty%2Fsnort3.git Pull request #4397: Snort ML: fix verbose mode output for unlimited options Merge in SNORT/snort3 from ~YCHALOV/snort3:snort_ml_verbose_fix to master Squashed commit of the following: commit 8f1f5f32107471457d4cfcbe73d1f88054bf953a Author: Yurii Chalov Date: Wed Jul 24 16:52:52 2024 +0200 kaizen: fix verbose mode output for unlimited options --- diff --git a/src/network_inspectors/kaizen/kaizen_inspector.cc b/src/network_inspectors/kaizen/kaizen_inspector.cc index 10744ba60..a128374b9 100644 --- a/src/network_inspectors/kaizen/kaizen_inspector.cc +++ b/src/network_inspectors/kaizen/kaizen_inspector.cc @@ -73,26 +73,25 @@ void HttpBodyHandler::handle(DataEvent& de, Flow*) return; int32_t body_len = 0; - const char* body = (const char*)he->get_client_body(body_len); - body_len = std::min(config.client_body_depth, body_len); - if (!body || body_len <= 0) return; + const size_t len = std::min((size_t)config.client_body_depth, (size_t)body_len); + assert(classifier); float output = 0.0; kaizen_stats.libml_calls++; - if (!classifier->run(body, (size_t)body_len, output)) + if (!classifier->run(body, len, output)) return; - kaizen_stats.client_body_bytes += body_len; + kaizen_stats.client_body_bytes += len; - debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (body): %.*s\n", body_len, body); + debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (body): %.*s\n", (int)len, body); debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "output: %f\n", static_cast(output)); if ((double)output > config.http_param_threshold) @@ -131,23 +130,23 @@ void HttpUriHandler::handle(DataEvent& de, Flow*) int32_t query_len = 0; const char* query = (const char*)he->get_uri_query(query_len); - query_len = std::min(config.uri_depth, query_len); - if (!query || query_len <= 0) return; + const size_t len = std::min((size_t)config.uri_depth, (size_t)query_len); + assert(classifier); float output = 0.0; kaizen_stats.libml_calls++; - if (!classifier->run(query, (size_t)query_len, output)) + if (!classifier->run(query, (size_t)len, output)) return; - kaizen_stats.uri_bytes += query_len; + kaizen_stats.uri_bytes += len; - debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (query): %.*s\n", query_len, query); + debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "input (query): %.*s\n", (int)len, query); debug_logf(kaizen_trace, TRACE_CLASSIFIER, nullptr, "output: %f\n", static_cast(output)); if ((double)output > config.http_param_threshold) @@ -164,17 +163,17 @@ void HttpUriHandler::handle(DataEvent& de, Flow*) void Kaizen::show(const SnortConfig*) const { - ConfigLogger::log_value("uri_depth", config.uri_depth); - ConfigLogger::log_value("client_body_depth", config.client_body_depth); + ConfigLogger::log_limit("uri_depth", config.uri_depth, -1); + ConfigLogger::log_limit("client_body_depth", config.client_body_depth, -1); ConfigLogger::log_value("http_param_threshold", config.http_param_threshold); } bool Kaizen::configure(SnortConfig* sc) { - if (config.uri_depth > 0) + if (config.uri_depth != 0) DataBus::subscribe(http_pub_key, HttpEventIds::REQUEST_HEADER, new HttpUriHandler(*this)); - if (config.client_body_depth > 0) + if (config.client_body_depth != 0) DataBus::subscribe(http_pub_key, HttpEventIds::REQUEST_BODY, new HttpBodyHandler(*this)); if(!InspectorManager::get_inspector(KZ_ENGINE_NAME, true, sc)) diff --git a/src/network_inspectors/kaizen/kaizen_module.cc b/src/network_inspectors/kaizen/kaizen_module.cc index 3baec15ef..554b8ed41 100644 --- a/src/network_inspectors/kaizen/kaizen_module.cc +++ b/src/network_inspectors/kaizen/kaizen_module.cc @@ -82,17 +82,9 @@ bool KaizenModule::set(const char*, Value& v, SnortConfig*) "Field::length maximum value should not exceed client_body_depth type range"); if (v.is("uri_depth")) - { conf.uri_depth = v.get_int32(); - if (conf.uri_depth == -1) - conf.uri_depth = INT32_MAX; - } else if (v.is("client_body_depth")) - { conf.client_body_depth = v.get_int32(); - if (conf.client_body_depth == -1) - conf.client_body_depth = INT32_MAX; - } else if (v.is("http_param_threshold")) conf.http_param_threshold = v.get_real();