From: Hui Cao (huica) Date: Tue, 12 Jun 2018 17:38:01 +0000 (-0400) Subject: Merge pull request #1261 in SNORT/snort3 from snort2lua-file_type to master X-Git-Tag: 3.0.0-246~58 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=3e1cd92d76a9e461308afa9076745bcdca3b0448;p=thirdparty%2Fsnort3.git Merge pull request #1261 in SNORT/snort3 from snort2lua-file_type to master Squashed commit of the following: commit 0c59049b4f003255aaaccda7177b3916c65574dc Author: Victor Roemer (viroemer) Date: Wed Jun 6 14:18:49 2018 -0400 snort2lua: translate file_type rule option --- diff --git a/tools/snort2lua/rule_states/CMakeLists.txt b/tools/snort2lua/rule_states/CMakeLists.txt index 87b4c2911..3e95975d2 100644 --- a/tools/snort2lua/rule_states/CMakeLists.txt +++ b/tools/snort2lua/rule_states/CMakeLists.txt @@ -7,6 +7,7 @@ add_library( rule_states OBJECT rule_dnp3_obj.cc rule_dsize.cc rule_file_data.cc + rule_file_type.cc rule_gid_sid.cc rule_http_encode.cc rule_isdataat.cc @@ -18,8 +19,8 @@ add_library( rule_states OBJECT rule_stream_reassemble.cc rule_stream_size.cc rule_tag.cc - rule_ttl.cc rule_threshold.cc + rule_ttl.cc rule_unchanged.cc rule_unsupported.cc rule_urilen.cc diff --git a/tools/snort2lua/rule_states/rule_api.cc b/tools/snort2lua/rule_states/rule_api.cc index 6890f1639..eeda20209 100644 --- a/tools/snort2lua/rule_states/rule_api.cc +++ b/tools/snort2lua/rule_states/rule_api.cc @@ -49,9 +49,10 @@ extern const ConvertMap* dnp3_ind_map; extern const ConvertMap* dnp3_obj_map; extern const ConvertMap* dsize_map; extern const ConvertMap* file_data_map; +extern const ConvertMap* file_type_map; extern const ConvertMap* flags_map; -extern const ConvertMap* flow_map; extern const ConvertMap* flowbits_map; +extern const ConvertMap* flow_map; extern const ConvertMap* fragbits_map; extern const ConvertMap* fragoffset_map; extern const ConvertMap* ftpbounce_map; @@ -70,15 +71,15 @@ extern const ConvertMap* isdataat_map; extern const ConvertMap* itype_map; extern const ConvertMap* logto_map; extern const ConvertMap* metadata_map; -extern const ConvertMap* msg_map; extern const ConvertMap* modbus_data_map; extern const ConvertMap* modbus_func_map; extern const ConvertMap* modbus_unit_map; +extern const ConvertMap* msg_map; extern const ConvertMap* pcre_map; extern const ConvertMap* pkt_data_map; -extern const ConvertMap* react_map; extern const ConvertMap* priority_map; extern const ConvertMap* protected_content_map; +extern const ConvertMap* react_map; extern const ConvertMap* reference_map; extern const ConvertMap* replace_map; extern const ConvertMap* resp_map; @@ -93,14 +94,14 @@ extern const ConvertMap* sip_body_map; extern const ConvertMap* sip_header_map; extern const ConvertMap* sip_method_map; extern const ConvertMap* sip_stat_code_map; -extern const ConvertMap* stream_reassemble_map; -extern const ConvertMap* stream_size_map; extern const ConvertMap* ssl_state_map; extern const ConvertMap* ssl_version_map; +extern const ConvertMap* stream_reassemble_map; +extern const ConvertMap* stream_size_map; extern const ConvertMap* tag_map; extern const ConvertMap* threshold_map; -extern const ConvertMap* ttl_map; extern const ConvertMap* tos_map; +extern const ConvertMap* ttl_map; extern const ConvertMap* uricontent_map; extern const ConvertMap* urilen_map; extern const ConvertMap* window_map; @@ -132,9 +133,10 @@ const std::vector rule_options_api = dnp3_obj_map, dsize_map, file_data_map, + file_type_map, flags_map, - flow_map, flowbits_map, + flow_map, fragbits_map, fragoffset_map, ftpbounce_map, @@ -153,10 +155,10 @@ const std::vector rule_options_api = itype_map, logto_map, metadata_map, - msg_map, modbus_data_map, modbus_func_map, modbus_unit_map, + msg_map, pcre_map, pkt_data_map, priority_map, @@ -176,14 +178,14 @@ const std::vector rule_options_api = sip_header_map, sip_method_map, sip_stat_code_map, - stream_reassemble_map, - stream_size_map, ssl_state_map, ssl_version_map, + stream_reassemble_map, + stream_size_map, tag_map, threshold_map, - ttl_map, tos_map, + ttl_map, uricontent_map, urilen_map, window_map, diff --git a/tools/snort2lua/rule_states/rule_file_type.cc b/tools/snort2lua/rule_states/rule_file_type.cc new file mode 100644 index 000000000..0eb4d04df --- /dev/null +++ b/tools/snort2lua/rule_states/rule_file_type.cc @@ -0,0 +1,67 @@ +//-------------------------------------------------------------------------- +// Copyright (C) 2014-2018 Cisco and/or its affiliates. All rights reserved. +// +// This program is free software; you can redistribute it and/or modify it +// under the terms of the GNU General Public License Version 2 as published +// by the Free Software Foundation. You may not use, modify or distribute +// this program under any other version of the GNU General Public License. +// +// This program is distributed in the hope that it will be useful, but +// WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. +//-------------------------------------------------------------------------- +// rule_file_type.cc author Victor Roemer + +#include +#include +#include + +#include "conversion_state.h" +#include "helpers/converter.h" +#include "rule_states/rule_api.h" +#include "helpers/s2l_util.h" + +namespace rules +{ +namespace +{ +class FileType : public ConversionState +{ +public: + FileType(Converter& c) : ConversionState(c) { } + bool convert(std::istringstream&) override; +}; +} // namespace + +bool FileType::convert(std::istringstream& stream) +{ + std::string types = util::get_rule_option_args(stream); + if (types.empty()) + { + rule_api.bad_rule(stream, "file_type: expecting at least one argument"); + } + + std::replace(types.begin(), types.end(), '|', ' '); + rule_api.add_option("file_type", "\"" + types + "\""); + + return set_next_rule_state(stream); +} + +static ConversionState* ctor(Converter& c) +{ return new FileType(c); } + +static const std::string file_type = "file_type"; +static const ConvertMap file_type_api = +{ + file_type, + ctor, +}; + +const ConvertMap* file_type_map = &file_type_api; +} // namespace rules +