From: jason taylor Date: Wed, 15 May 2019 18:03:29 +0000 (-0400) Subject: detect/content: clean up logging output X-Git-Tag: suricata-5.0.0-rc1~451 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fa0008dbbed1b38c6e92f6737e3268121f8338b3;p=thirdparty%2Fsuricata.git detect/content: clean up logging output Signed-off-by: jason taylor --- diff --git a/src/detect-content.c b/src/detect-content.c index 7a2b1f5bdb..b4d0345615 100644 --- a/src/detect-content.c +++ b/src/detect-content.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2014 Open Information Security Foundation +/* Copyright (C) 2007-2019 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -140,7 +140,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr, } else if (str[i] != ',') { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code in " - "content - %s, hex %c. Invalidating signature", str, str[i]); + "content - %s, hex %c. Invalidating signature.", str, str[i]); goto error; } } else if (escape) { @@ -158,7 +158,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr, escape = 0; converted = 1; } else if (str[i] == '"') { - SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid unescaped double quote within content section"); + SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid unescaped double quote within content section."); goto error; } else { str[x] = str[i]; @@ -169,7 +169,7 @@ int DetectContentDataParse(const char *keyword, const char *contentstr, if (bin_count % 2 != 0) { SCLogError(SC_ERR_INVALID_SIGNATURE, "Invalid hex code assembly in " - "%s - %s. Invalidating signature", keyword, contentstr); + "%s - %s. Invalidating signature.", keyword, contentstr); goto error; } @@ -395,13 +395,13 @@ _Bool DetectContentPMATCHValidateCallback(const Signature *s) uint32_t right_edge = cd->content_len + cd->offset; if (cd->content_len > max_right_edge) { SCLogError(SC_ERR_INVALID_SIGNATURE, - "signature can't match as content length %u is bigger than dsize %u", + "signature can't match as content length %u is bigger than dsize %u.", cd->content_len, max_right_edge); return FALSE; } if (right_edge > max_right_edge) { SCLogError(SC_ERR_INVALID_SIGNATURE, - "signature can't match as content length %u with offset %u (=%u) is bigger than dsize %u", + "signature can't match as content length %u with offset %u (=%u) is bigger than dsize %u.", cd->content_len, cd->offset, right_edge, max_right_edge); return FALSE; } diff --git a/src/detect-depth.c b/src/detect-depth.c index 7f97b677b4..bb7e595bd4 100644 --- a/src/detect-depth.c +++ b/src/detect-depth.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2019 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -76,7 +76,7 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char * "http_method option, http_cookie, http_raw_uri, " "http_stat_msg, http_stat_code, http_user_agent, " "http_host, http_raw_host or " - "file_data/dce_stub_data sticky buffer options"); + "file_data/dce_stub_data sticky buffer options."); goto end; } @@ -96,19 +96,19 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char * } if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " - "negated keyword set along with a fast_pattern"); + "negated keyword set along with 'fast_pattern'."); goto end; } if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " - "keyword set along with a fast_pattern:only;"); + "keyword set along with 'fast_pattern:only;'."); goto end; } if (str[0] != '-' && isalpha((unsigned char)str[0])) { SigMatch *bed_sm = DetectByteExtractRetrieveSMVar(str, s); if (bed_sm == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var " - "seen in depth - %s\n", str); + "seen in depth - %s.", str); goto end; } cd->depth = ((DetectByteExtractData *)bed_sm->ctx)->local_id; @@ -117,13 +117,13 @@ static int DetectDepthSetup (DetectEngineCtx *de_ctx, Signature *s, const char * if (ByteExtractStringUint16(&cd->depth, 0, 0, str) != (int)strlen(str)) { SCLogError(SC_ERR_INVALID_SIGNATURE, - "invalid value for depth: %s", str); + "invalid value for depth: %s.", str); goto end; } if (cd->depth < cd->content_len) { SCLogError(SC_ERR_INVALID_SIGNATURE, "depth:%u smaller than " - "content of len %u", cd->depth, cd->content_len); + "content of len %u.", cd->depth, cd->content_len); return -1; } /* Now update the real limit, as depth is relative to the offset */ @@ -145,7 +145,7 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1); if (pm == NULL) { SCLogError(SC_ERR_DEPTH_MISSING_CONTENT, "startswith needs a " - "preceding content option"); + "preceding content option."); goto end; } @@ -154,7 +154,7 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c if (cd->flags & DETECT_CONTENT_DEPTH) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple " - "depth/startswith settings for the same content"); + "depth/startswith settings for the same content."); goto end; } if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { @@ -166,17 +166,17 @@ static int DetectStartsWithSetup (DetectEngineCtx *de_ctx, Signature *s, const c } if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " - "negated keyword set along with a fast_pattern"); + "negated keyword set along with a 'fast_pattern'."); goto end; } if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " - "keyword set along with a fast_pattern:only;"); + "keyword set along with 'fast_pattern:only;'."); goto end; } if (cd->flags & DETECT_CONTENT_OFFSET) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't mix offset " - "with startswith"); + "with startswith."); goto end; } diff --git a/src/detect-offset.c b/src/detect-offset.c index 6ea9929a12..1ec31549f2 100644 --- a/src/detect-offset.c +++ b/src/detect-offset.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2010 Open Information Security Foundation +/* Copyright (C) 2007-2019 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -63,7 +63,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset pm = DetectGetLastSMFromLists(s, DETECT_CONTENT, -1); if (pm == NULL) { SCLogError(SC_ERR_OFFSET_MISSING_CONTENT, "offset needs " - "preceding content option"); + "preceding content option."); goto end; } @@ -71,11 +71,11 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset DetectContentData *cd = (DetectContentData *)pm->ctx; if (cd->flags & DETECT_CONTENT_STARTS_WITH) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use offset with startswith"); + SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use offset with startswith."); goto end; } if (cd->flags & DETECT_CONTENT_OFFSET) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple offsets for the same content. "); + SCLogError(SC_ERR_INVALID_SIGNATURE, "can't use multiple offsets for the same content."); goto end; } if ((cd->flags & DETECT_CONTENT_WITHIN) || (cd->flags & DETECT_CONTENT_DISTANCE)) { @@ -87,12 +87,12 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset } if (cd->flags & DETECT_CONTENT_NEGATED && cd->flags & DETECT_CONTENT_FAST_PATTERN) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " - "negated keyword set along with a fast_pattern"); + "negated keyword set along with 'fast_pattern'."); goto end; } if (cd->flags & DETECT_CONTENT_FAST_PATTERN_ONLY) { SCLogError(SC_ERR_INVALID_SIGNATURE, "can't have a relative " - "keyword set along with a fast_pattern:only;"); + "keyword set along with 'fast_pattern:only;'."); goto end; } if (str[0] != '-' && isalpha((unsigned char)str[0])) { @@ -100,7 +100,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset DetectByteExtractRetrieveSMVar(str, s); if (bed_sm == NULL) { SCLogError(SC_ERR_INVALID_SIGNATURE, "unknown byte_extract var " - "seen in offset - %s\n", str); + "seen in offset - %s.", str); goto end; } cd->offset = ((DetectByteExtractData *)bed_sm->ctx)->local_id; @@ -108,7 +108,7 @@ int DetectOffsetSetup (DetectEngineCtx *de_ctx, Signature *s, const char *offset } else { if (ByteExtractStringUint16(&cd->offset, 0, 0, str) != (int)strlen(str)) { - SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid value for offset: %s", str); + SCLogError(SC_ERR_INVALID_SIGNATURE, "invalid value for offset: %s.", str); goto end; } if (cd->depth != 0) {