Merge pull request #1261 in SNORT/snort3 from snort2lua-file_type to master

author Hui Cao (huica) <huica@cisco.com>

Tue, 12 Jun 2018 17:38:01 +0000 (13:38 -0400)

committer Hui Cao (huica) <huica@cisco.com>

Tue, 12 Jun 2018 17:38:01 +0000 (13:38 -0400)
author Hui Cao (huica) <huica@cisco.com>
Tue, 12 Jun 2018 17:38:01 +0000 (13:38 -0400)
committer Hui Cao (huica) <huica@cisco.com>
Tue, 12 Jun 2018 17:38:01 +0000 (13:38 -0400)
diff --git a/tools/snort2lua/rule_states/CMakeLists.txt b/tools/snort2lua/rule_states/CMakeLists.txt

index 87b4c2911964351c602d7e534fe8b29f80548719..3e95975d2442414597d150bdba0b6248598bf026 100644 (file)
--- a/tools/snort2lua/rule_states/CMakeLists.txt
+++ b/tools/snort2lua/rule_states/CMakeLists.txt
@@ -7,6 +7,7 @@ add_library( rule_states OBJECT
      rule_dnp3_obj.cc
      rule_dsize.cc
      rule_file_data.cc
+    rule_file_type.cc
      rule_gid_sid.cc
      rule_http_encode.cc
      rule_isdataat.cc
@@ -18,8 +19,8 @@ add_library( rule_states OBJECT
      rule_stream_reassemble.cc
      rule_stream_size.cc
      rule_tag.cc
-    rule_ttl.cc
      rule_threshold.cc
+    rule_ttl.cc
      rule_unchanged.cc
      rule_unsupported.cc
      rule_urilen.cc
diff --git a/tools/snort2lua/rule_states/rule_api.cc b/tools/snort2lua/rule_states/rule_api.cc

index 6890f1639362794e576855919702a55e1be83e65..eeda20209f12724af2cf59b69d03749d931568b6 100644 (file)
--- a/tools/snort2lua/rule_states/rule_api.cc
+++ b/tools/snort2lua/rule_states/rule_api.cc
@@ -49,9 +49,10 @@ extern const ConvertMap* dnp3_ind_map;
  extern const ConvertMap* dnp3_obj_map;
  extern const ConvertMap* dsize_map;
  extern const ConvertMap* file_data_map;
+extern const ConvertMap* file_type_map;
  extern const ConvertMap* flags_map;
-extern const ConvertMap* flow_map;
  extern const ConvertMap* flowbits_map;
+extern const ConvertMap* flow_map;
  extern const ConvertMap* fragbits_map;
  extern const ConvertMap* fragoffset_map;
  extern const ConvertMap* ftpbounce_map;
@@ -70,15 +71,15 @@ extern const ConvertMap* isdataat_map;
  extern const ConvertMap* itype_map;
  extern const ConvertMap* logto_map;
  extern const ConvertMap* metadata_map;
-extern const ConvertMap* msg_map;
  extern const ConvertMap* modbus_data_map;
  extern const ConvertMap* modbus_func_map;
  extern const ConvertMap* modbus_unit_map;
+extern const ConvertMap* msg_map;
  extern const ConvertMap* pcre_map;
  extern const ConvertMap* pkt_data_map;
-extern const ConvertMap* react_map;
  extern const ConvertMap* priority_map;
  extern const ConvertMap* protected_content_map;
+extern const ConvertMap* react_map;
  extern const ConvertMap* reference_map;
  extern const ConvertMap* replace_map;
  extern const ConvertMap* resp_map;
@@ -93,14 +94,14 @@ extern const ConvertMap* sip_body_map;
  extern const ConvertMap* sip_header_map;
  extern const ConvertMap* sip_method_map;
  extern const ConvertMap* sip_stat_code_map;
-extern const ConvertMap* stream_reassemble_map;
-extern const ConvertMap* stream_size_map;
  extern const ConvertMap* ssl_state_map;
  extern const ConvertMap* ssl_version_map;
+extern const ConvertMap* stream_reassemble_map;
+extern const ConvertMap* stream_size_map;
  extern const ConvertMap* tag_map;
  extern const ConvertMap* threshold_map;
-extern const ConvertMap* ttl_map;
  extern const ConvertMap* tos_map;
+extern const ConvertMap* ttl_map;
  extern const ConvertMap* uricontent_map;
  extern const ConvertMap* urilen_map;
  extern const ConvertMap* window_map;
@@ -132,9 +133,10 @@ const std::vector<const ConvertMap*> rule_options_api =
      dnp3_obj_map,
      dsize_map,
      file_data_map,
+    file_type_map,
      flags_map,
-    flow_map,
      flowbits_map,
+    flow_map,
      fragbits_map,
      fragoffset_map,
      ftpbounce_map,
@@ -153,10 +155,10 @@ const std::vector<const ConvertMap*> rule_options_api =
      itype_map,
      logto_map,
      metadata_map,
-    msg_map,
      modbus_data_map,
      modbus_func_map,
      modbus_unit_map,
+    msg_map,
      pcre_map,
      pkt_data_map,
      priority_map,
@@ -176,14 +178,14 @@ const std::vector<const ConvertMap*> rule_options_api =
      sip_header_map,
      sip_method_map,
      sip_stat_code_map,
-    stream_reassemble_map,
-    stream_size_map,
      ssl_state_map,
      ssl_version_map,
+    stream_reassemble_map,
+    stream_size_map,
      tag_map,
      threshold_map,
-    ttl_map,
      tos_map,
+    ttl_map,
      uricontent_map,
      urilen_map,
      window_map,
diff --git a/tools/snort2lua/rule_states/rule_file_type.cc b/tools/snort2lua/rule_states/rule_file_type.cc

new file mode 100644 (file)

index 0000000..0eb4d04
--- /dev/null
+++ b/tools/snort2lua/rule_states/rule_file_type.cc
@@ -0,0 +1,67 @@
+//--------------------------------------------------------------------------
+// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved.
+//
+// This program is free software; you can redistribute it and/or modify it
+// under the terms of the GNU General Public License Version 2 as published
+// by the Free Software Foundation.  You may not use, modify or distribute
+// this program under any other version of the GNU General Public License.
+//
+// This program is distributed in the hope that it will be useful, but
+// WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+//--------------------------------------------------------------------------
+// rule_file_type.cc author Victor Roemer <viroemer@cisco.com>
+
+#include <algorithm>
+#include <sstream>
+#include <vector>
+
+#include "conversion_state.h"
+#include "helpers/converter.h"
+#include "rule_states/rule_api.h"
+#include "helpers/s2l_util.h"
+
+namespace rules
+{
+namespace
+{
+class FileType : public ConversionState
+{
+public:
+    FileType(Converter& c) : ConversionState(c) { }
+    bool convert(std::istringstream&) override;
+};
+} // namespace
+
+bool FileType::convert(std::istringstream& stream)
+{
+    std::string types = util::get_rule_option_args(stream);
+    if (types.empty())
+    {
+        rule_api.bad_rule(stream, "file_type: expecting at least one argument");
+    }
+
+    std::replace(types.begin(), types.end(), '|', ' ');
+    rule_api.add_option("file_type", "\"" + types + "\"");
+
+    return set_next_rule_state(stream);
+}
+
+static ConversionState* ctor(Converter& c)
+{ return new FileType(c); }
+
+static const std::string file_type = "file_type";
+static const ConvertMap file_type_api =
+{
+    file_type,
+    ctor,
+};
+
+const ConvertMap* file_type_map = &file_type_api;
+} // namespace rules
+
author	Hui Cao (huica) <huica@cisco.com>
	Tue, 12 Jun 2018 17:38:01 +0000 (13:38 -0400)
committer	Hui Cao (huica) <huica@cisco.com>
	Tue, 12 Jun 2018 17:38:01 +0000 (13:38 -0400)
tools/snort2lua/rule_states/CMakeLists.txt		patch \| blob \| blame \| history
tools/snort2lua/rule_states/rule_api.cc		patch \| blob \| blame \| history
tools/snort2lua/rule_states/rule_file_type.cc	[new file with mode: 0644]	patch \| blob