Merge pull request #1081 in SNORT/snort3 from fw_file to master

Squashed commit of the following:

commit 4c6479b2146dbb65db38bf6ff90365ea54cfc0c8
Author: huica <huica@cisco.com>
Date:   Wed Dec 6 11:40:38 2017 -0500

    File API: move file verdict enforcement out of file policy

commit f872a9dddf17ea051baa445af34f49e0d095cb1b
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date:   Tue Dec 5 14:37:15 2017 -0500

    file_api: Set the FileContext verdict, not a local verdict

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 1b4d403278cfaa3217dcd6a4b90f41824247848e..963c177169267ef2da17910c54178d4d1517f803 100644 (file)
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -354,9 +354,12 @@ void FileContext::finish_signature_lookup(Flow* flow, bool final_lookup, FilePol
     if (get_file_sig_sha256())
     {
         //Check file type based on file policy
-        FileVerdict verdict = policy->signature_lookup(flow, this);
+        verdict = policy->signature_lookup(flow, this);
         if ( verdict != FILE_VERDICT_UNKNOWN || final_lookup )
         {
+            FileEnforcer* file_enforcer = FileService::get_file_enforcer();
+            if (file_enforcer)
+                file_enforcer->apply_verdict(flow, this, verdict, false, policy);
             log_file_event(flow, policy);
             config_file_signature(false);
             file_stats->signatures_processed[get_file_type()][get_file_direction()]++;

diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc
index 6443e6d7d48c07775803957830e692f3a48e06b5..557cee8b4f6d39386eb1fd1fad34308e19fdf5d7 100644 (file)
--- a/src/file_api/file_policy.cc
+++ b/src/file_api/file_policy.cc
@@ -157,7 +157,7 @@ FileVerdict FilePolicy::type_lookup(Flow*, FileInfo* file)
     return rule.use.verdict;
 }
 
-FileVerdict FilePolicy::signature_lookup(Flow* flow, FileInfo* file)
+FileVerdict FilePolicy::signature_lookup(Flow*, FileInfo* file)
 {
     FileRule& rule = match_file_rule(nullptr, file);
 
@@ -171,10 +171,5 @@ FileVerdict FilePolicy::signature_lookup(Flow* flow, FileInfo* file)
             delete captured;
     }
 
-    FileVerdict verdict = match_file_signature(nullptr, file);
-    FileEnforcer* file_enforcer = FileService::get_file_enforcer();
-    if (file_enforcer)
-        file_enforcer->apply_verdict(flow, file, verdict, false, this);
-
-    return verdict;
+    return match_file_signature(nullptr, file);
 }