From: Michael Altizer (mialtize) Date: Tue, 10 Oct 2017 23:06:08 +0000 (-0400) Subject: Merge pull request #1038 in SNORT/snort3 from unsupported_rule_opts to master X-Git-Tag: 3.0.0-240~17 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3a7998cfcfb3d5b64459f4a224ea09378a4e3ef9;p=thirdparty%2Fsnort3.git Merge pull request #1038 in SNORT/snort3 from unsupported_rule_opts to master Squashed commit of the following: commit 65bf747af341c6deb9ed4ddb3f6b9389bbb4e23f Author: Michael Altizer Date: Mon Oct 9 19:43:24 2017 -0400 snort2lua: Some header cleanups commit d783df2741b7e75287432c52a3fc18be7822de59 Author: Michael Altizer Date: Mon Oct 9 19:42:24 2017 -0400 snort2lua: Correctly identify ftpbounce and sameip as unsupported rule options --- diff --git a/tools/snort2lua/conversion_state.h b/tools/snort2lua/conversion_state.h index edd2642a5..8b6fa8be1 100644 --- a/tools/snort2lua/conversion_state.h +++ b/tools/snort2lua/conversion_state.h @@ -20,21 +20,11 @@ #ifndef CONVERSION_STATE_H #define CONVERSION_STATE_H -#include -#include #include -#include -#include -#include "data/dt_data.h" -#include "data/dt_table_api.h" -#include "data/dt_rule_api.h" - -// the following three files are for the function 'set_next_rule_state' +#include "helpers/converter.h" #include "helpers/s2l_util.h" #include "rule_states/rule_api.h" -#include "helpers/converter.h" -#include "conversion_defines.h" class DataApi; class RuleApi; diff --git a/tools/snort2lua/helpers/converter.cc b/tools/snort2lua/helpers/converter.cc index dd7210c49..28c2bea76 100644 --- a/tools/snort2lua/helpers/converter.cc +++ b/tools/snort2lua/helpers/converter.cc @@ -17,6 +17,12 @@ //-------------------------------------------------------------------------- // converter.cc author Josh Rosenbaum +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "converter.h" + #include #include #include diff --git a/tools/snort2lua/helpers/converter.h b/tools/snort2lua/helpers/converter.h index 14d031da9..8e42b5c7c 100644 --- a/tools/snort2lua/helpers/converter.h +++ b/tools/snort2lua/helpers/converter.h @@ -20,13 +20,11 @@ #ifndef UTILS_CONVERTER_H #define UTILS_CONVERTER_H -#include -#include #include "conversion_defines.h" #include "data/dt_data.h" -#include "data/dt_table_api.h" #include "data/dt_rule_api.h" -#include "util_binder.h" +#include "data/dt_table_api.h" +#include "helpers/util_binder.h" typedef std::pair> PendingBinder; diff --git a/tools/snort2lua/helpers/parse_cmd_line.cc b/tools/snort2lua/helpers/parse_cmd_line.cc index 558fc8830..662419d66 100644 --- a/tools/snort2lua/helpers/parse_cmd_line.cc +++ b/tools/snort2lua/helpers/parse_cmd_line.cc @@ -20,20 +20,14 @@ #include "config.h" #endif -#include "helpers/parse_cmd_line.h" - -#include +#include "parse_cmd_line.h" #include #include -#include -#include - -#include "data/dt_data.h" -#include "helpers/converter.h" -#include "helpers/s2l_util.h" -#include "helpers/s2l_markup.h" -#include "helpers/util_binder.h" + +#include "converter.h" +#include "s2l_markup.h" +#include "s2l_util.h" namespace parser { diff --git a/tools/snort2lua/helpers/s2l_markup.cc b/tools/snort2lua/helpers/s2l_markup.cc index 27d5bc961..dd0ebb325 100644 --- a/tools/snort2lua/helpers/s2l_markup.cc +++ b/tools/snort2lua/helpers/s2l_markup.cc @@ -15,9 +15,14 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// markup.cc author Russ Combs +// s2l_markup.cc author Russ Combs + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif #include "s2l_markup.h" + #include using namespace std; diff --git a/tools/snort2lua/helpers/s2l_util.cc b/tools/snort2lua/helpers/s2l_util.cc index a8369d9b9..c54aef794 100644 --- a/tools/snort2lua/helpers/s2l_util.cc +++ b/tools/snort2lua/helpers/s2l_util.cc @@ -17,20 +17,17 @@ //-------------------------------------------------------------------------- // s2l_util.cc author Josh Rosenbaum -#include -#include -#include -#include -#include +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "s2l_util.h" + #include -#include -#include -#include -#include -#include "helpers/s2l_util.h" +#include + #include "conversion_state.h" -#include "data/dt_data.h" #include "data/data_types/dt_table.h" namespace util diff --git a/tools/snort2lua/helpers/s2l_util.h b/tools/snort2lua/helpers/s2l_util.h index b3d023b32..1cc9ee634 100644 --- a/tools/snort2lua/helpers/s2l_util.h +++ b/tools/snort2lua/helpers/s2l_util.h @@ -20,14 +20,9 @@ #ifndef HELPERS_UTIL_H #define HELPERS_UTIL_H +#include #include #include -#include -#include -#include -#include -#include -#include struct ConvertMap; class Table; diff --git a/tools/snort2lua/helpers/util_binder.cc b/tools/snort2lua/helpers/util_binder.cc index ee1cf56c0..1e3d8e430 100644 --- a/tools/snort2lua/helpers/util_binder.cc +++ b/tools/snort2lua/helpers/util_binder.cc @@ -15,12 +15,17 @@ // with this program; if not, write to the Free Software Foundation, Inc., // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. //-------------------------------------------------------------------------- -// pps_binder.cc author Josh Rosenbaum +// util_binder.cc author Josh Rosenbaum + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "util_binder.h" #include #include -#include "helpers/util_binder.h" #include "data/dt_table_api.h" using namespace std; diff --git a/tools/snort2lua/keyword_states/kws_rule.cc b/tools/snort2lua/keyword_states/kws_rule.cc index 341bf1abc..d1230ba15 100644 --- a/tools/snort2lua/keyword_states/kws_rule.cc +++ b/tools/snort2lua/keyword_states/kws_rule.cc @@ -17,13 +17,7 @@ //-------------------------------------------------------------------------- // kws_rule.cc author Josh Rosenbaum -#include -#include - #include "conversion_state.h" -#include "helpers/converter.h" -#include "helpers/s2l_util.h" -#include "rule_states/rule_api.h" namespace keywords { @@ -113,8 +107,6 @@ static const std::string sblock = "sblock"; static const std::string sdrop = "sdrop"; static const std::string activate = "activate"; static const std::string dynamic = "dynamic"; -static const std::string ftpbounce = "ftpbounce"; -static const std::string sameip = "sameip"; static const ConvertMap alert_api = { alert, rule_ctor<& alert>}; static const ConvertMap block_api = { block, rule_ctor<& block>}; @@ -126,8 +118,6 @@ static const ConvertMap sblock_api = { sblock, conv_rule_ctor<& block, &sblock>} static const ConvertMap sdrop_api = { sdrop, conv_rule_ctor<& block, &sdrop>}; static const ConvertMap activate_api = { activate, dep_rule_ctor<& activate>}; static const ConvertMap dynamic_api = { dynamic, dep_rule_ctor<& dynamic>}; -static const ConvertMap ftpbounce_api = { ftpbounce, dep_rule_ctor<& ftpbounce>}; -static const ConvertMap sameip_api = { sameip, dep_rule_ctor<& sameip>}; const ConvertMap* alert_map = &alert_api; const ConvertMap* block_map = &block_api; @@ -139,7 +129,5 @@ const ConvertMap* sblock_map = &sblock_api; const ConvertMap* sdrop_map = &sdrop_api; const ConvertMap* activate_map = &activate_api; const ConvertMap* dynamic_map = &dynamic_api; -const ConvertMap* ftpbounce_map = &ftpbounce_api; -const ConvertMap* sameip_map = &sameip_api; } // namespace keywords diff --git a/tools/snort2lua/output_states/out_syslog.cc b/tools/snort2lua/output_states/out_syslog.cc index ad87636e6..151bda5ce 100644 --- a/tools/snort2lua/output_states/out_syslog.cc +++ b/tools/snort2lua/output_states/out_syslog.cc @@ -17,13 +17,13 @@ //-------------------------------------------------------------------------- // out_syslog.cc author Josh Rosenbaum -#include -#include +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include #include "conversion_state.h" -#include "helpers/converter.h" -#include "rule_states/rule_api.h" -#include "helpers/s2l_util.h" namespace output { diff --git a/tools/snort2lua/preprocessor_states/pps_dcerpc_server.cc b/tools/snort2lua/preprocessor_states/pps_dcerpc_server.cc index ebfcebcd7..1d9ae1970 100644 --- a/tools/snort2lua/preprocessor_states/pps_dcerpc_server.cc +++ b/tools/snort2lua/preprocessor_states/pps_dcerpc_server.cc @@ -17,17 +17,15 @@ //-------------------------------------------------------------------------- // pps_dcerpc_server.cc author Maya Dagon +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include "pps_dcerpc_server.h" -#include -#include -#include +#include #include -#include "conversion_state.h" -#include "helpers/s2l_util.h" -#include "helpers/util_binder.h" - namespace preprocessors { namespace dce diff --git a/tools/snort2lua/preprocessor_states/pps_dcerpc_server.h b/tools/snort2lua/preprocessor_states/pps_dcerpc_server.h index d8ba361c2..ccf7396fb 100644 --- a/tools/snort2lua/preprocessor_states/pps_dcerpc_server.h +++ b/tools/snort2lua/preprocessor_states/pps_dcerpc_server.h @@ -23,8 +23,6 @@ #include #include "conversion_state.h" -#include "helpers/s2l_util.h" -#include "helpers/util_binder.h" namespace preprocessors { diff --git a/tools/snort2lua/rule_states/CMakeLists.txt b/tools/snort2lua/rule_states/CMakeLists.txt index f1f295322..cea816c60 100644 --- a/tools/snort2lua/rule_states/CMakeLists.txt +++ b/tools/snort2lua/rule_states/CMakeLists.txt @@ -20,6 +20,7 @@ add_library( rule_states rule_ttl.cc rule_threshold.cc rule_unchanged.cc + rule_unsupported.cc rule_urilen.cc rule_api.cc rule_api.h diff --git a/tools/snort2lua/rule_states/Makefile.am b/tools/snort2lua/rule_states/Makefile.am index bf6287d1d..4390220e7 100644 --- a/tools/snort2lua/rule_states/Makefile.am +++ b/tools/snort2lua/rule_states/Makefile.am @@ -22,6 +22,7 @@ rule_tag.cc \ rule_ttl.cc \ rule_threshold.cc \ rule_unchanged.cc \ +rule_unsupported.cc \ rule_urilen.cc \ rule_api.cc \ rule_api.h diff --git a/tools/snort2lua/rule_states/rule_api.cc b/tools/snort2lua/rule_states/rule_api.cc index fd85cb8d8..9eef851d5 100644 --- a/tools/snort2lua/rule_states/rule_api.cc +++ b/tools/snort2lua/rule_states/rule_api.cc @@ -25,6 +25,8 @@ namespace rules { extern const ConvertMap* ack_map; +extern const ConvertMap* activated_by_map; +extern const ConvertMap* activates_map; extern const ConvertMap* appid_map; extern const ConvertMap* asn1_map; extern const ConvertMap* base64_data_map; @@ -35,6 +37,7 @@ extern const ConvertMap* byte_math_map; extern const ConvertMap* byte_test_map; extern const ConvertMap* classtype_map; extern const ConvertMap* content_map; +extern const ConvertMap* count_map; extern const ConvertMap* cvs_map; extern const ConvertMap* dce_iface_map; extern const ConvertMap* dce_opnum_map; @@ -51,6 +54,7 @@ extern const ConvertMap* flow_map; extern const ConvertMap* flowbits_map; extern const ConvertMap* fragbits_map; extern const ConvertMap* fragoffset_map; +extern const ConvertMap* ftpbounce_map; extern const ConvertMap* gid_map; extern const ConvertMap* gtp_info_map; extern const ConvertMap* gtp_type_map; @@ -80,6 +84,7 @@ extern const ConvertMap* replace_map; extern const ConvertMap* resp_map; extern const ConvertMap* rev_map; extern const ConvertMap* rpc_map; +extern const ConvertMap* sameip_map; extern const ConvertMap* sd_pattern_map; extern const ConvertMap* seq_map; extern const ConvertMap* session_map; @@ -103,6 +108,8 @@ extern const ConvertMap* window_map; const std::vector rule_options_api = { ack_map, + activated_by_map, + activates_map, appid_map, asn1_map, base64_data_map, @@ -113,6 +120,7 @@ const std::vector rule_options_api = byte_test_map, classtype_map, content_map, + count_map, cvs_map, dce_iface_map, dce_opnum_map, @@ -129,6 +137,7 @@ const std::vector rule_options_api = flowbits_map, fragbits_map, fragoffset_map, + ftpbounce_map, gid_map, gtp_info_map, gtp_type_map, @@ -158,6 +167,7 @@ const std::vector rule_options_api = resp_map, rev_map, rpc_map, + sameip_map, sd_pattern_map, seq_map, session_map, diff --git a/tools/snort2lua/rule_states/rule_unsupported.cc b/tools/snort2lua/rule_states/rule_unsupported.cc new file mode 100644 index 000000000..80adb309a --- /dev/null +++ b/tools/snort2lua/rule_states/rule_unsupported.cc @@ -0,0 +1,73 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2014-2017 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// rule_unsupported.cc author Michael Altizer + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "conversion_state.h" + +namespace rules +{ +template +class UnsupportedRuleOption : public ConversionState +{ +public: + UnsupportedRuleOption(Converter& c) : ConversionState(c) + { + c.get_rule_api().make_rule_a_comment(); + c.get_rule_api().add_comment("The '" + *rule_opt_name + "' rule option keyword is no longer supported"); + } + + bool convert(std::istringstream& stream) override + { + if (has_suboptions) + util::get_rule_option_args(stream); + return set_next_rule_state(stream); + } +}; + +/************************** + ******* A P I *********** + **************************/ + +template +static ConversionState* unsupported_rule_ctor(Converter& c) +{ + return new UnsupportedRuleOption(c); +} + +static const std::string activated_by = "activated_by"; +static const std::string activates = "activates"; +static const std::string count = "count"; +static const std::string ftpbounce = "ftpbounce"; +static const std::string sameip = "sameip"; + +static const ConvertMap activated_by_api = { activated_by, unsupported_rule_ctor<&activated_by, true>}; +static const ConvertMap activates_api = { activates, unsupported_rule_ctor<&activates, true>}; +static const ConvertMap count_api = { count, unsupported_rule_ctor<&count, true>}; +static const ConvertMap ftpbounce_api = { ftpbounce, unsupported_rule_ctor<&ftpbounce, false>}; +static const ConvertMap sameip_api = { sameip, unsupported_rule_ctor<&sameip, false>}; + +const ConvertMap* activated_by_map = &activated_by_api; +const ConvertMap* activates_map = &activates_api; +const ConvertMap* count_map = &count_api; +const ConvertMap* ftpbounce_map = &ftpbounce_api; +const ConvertMap* sameip_map = &sameip_api; +} // namespace rules