From: Hui Cao (huica) <huica@cisco.com>
Date: Thu, 7 Dec 2017 17:47:25 +0000 (-0500)
Subject: Merge pull request #1081 in SNORT/snort3 from fw_file to master
X-Git-Tag: 3.0.0-241~4
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aafb009e60bb1aa513353a52c3698108fdf28c8e;p=thirdparty%2Fsnort3.git

Merge pull request #1081 in SNORT/snort3 from fw_file to master

Squashed commit of the following:

commit 4c6479b2146dbb65db38bf6ff90365ea54cfc0c8
Author: huica <huica@cisco.com>
Date:   Wed Dec 6 11:40:38 2017 -0500

    File API: move file verdict enforcement out of file policy

commit f872a9dddf17ea051baa445af34f49e0d095cb1b
Author: Victor Roemer (viroemer) <viroemer@cisco.com>
Date:   Tue Dec 5 14:37:15 2017 -0500

    file_api: Set the FileContext verdict, not a local verdict
---

diff --git a/src/file_api/file_lib.cc b/src/file_api/file_lib.cc
index 1b4d40327..963c17716 100644
--- a/src/file_api/file_lib.cc
+++ b/src/file_api/file_lib.cc
@@ -354,9 +354,12 @@ void FileContext::finish_signature_lookup(Flow* flow, bool final_lookup, FilePol
     if (get_file_sig_sha256())
     {
         //Check file type based on file policy
-        FileVerdict verdict = policy->signature_lookup(flow, this);
+        verdict = policy->signature_lookup(flow, this);
         if ( verdict != FILE_VERDICT_UNKNOWN || final_lookup )
         {
+            FileEnforcer* file_enforcer = FileService::get_file_enforcer();
+            if (file_enforcer)
+                file_enforcer->apply_verdict(flow, this, verdict, false, policy);
             log_file_event(flow, policy);
             config_file_signature(false);
             file_stats->signatures_processed[get_file_type()][get_file_direction()]++;
diff --git a/src/file_api/file_policy.cc b/src/file_api/file_policy.cc
index 6443e6d7d..557cee8b4 100644
--- a/src/file_api/file_policy.cc
+++ b/src/file_api/file_policy.cc
@@ -157,7 +157,7 @@ FileVerdict FilePolicy::type_lookup(Flow*, FileInfo* file)
     return rule.use.verdict;
 }
 
-FileVerdict FilePolicy::signature_lookup(Flow* flow, FileInfo* file)
+FileVerdict FilePolicy::signature_lookup(Flow*, FileInfo* file)
 {
     FileRule& rule = match_file_rule(nullptr, file);
 
@@ -171,10 +171,5 @@ FileVerdict FilePolicy::signature_lookup(Flow* flow, FileInfo* file)
             delete captured;
     }
 
-    FileVerdict verdict = match_file_signature(nullptr, file);
-    FileEnforcer* file_enforcer = FileService::get_file_enforcer();
-    if (file_enforcer)
-        file_enforcer->apply_verdict(flow, file, verdict, false, this);
-
-    return verdict;
+    return match_file_signature(nullptr, file);
 }