return -1;
}
+static int DatajsonLoadTypeFromJSON(Dataset *set, char *json_key, char *array_key,
+ uint32_t (*DatajsonAddTypeElement)(Dataset *, json_t *, char *, bool *))
+{
+ if (strlen(set->load) == 0)
+ return 0;
+
+ SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
+
+ uint32_t cnt = 0;
+ json_t *json;
+ bool found = false;
+ SCLogDebug("dataset: array_key '%s' %p", array_key, array_key);
+ if (ParseJsonFile(set->load, &json, array_key) == -1) {
+ SCLogError("dataset: %s failed to parse from '%s'", set->name, set->load);
+ return -1;
+ }
+
+ size_t index;
+ json_t *value;
+ json_array_foreach (json, index, value) {
+ cnt += DatajsonAddTypeElement(set, value, json_key, &found);
+ }
+ json_decref(json);
+
+ if (found == false) {
+ FatalErrorOnInit(
+ "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
+ return -1;
+ }
+ THashConsolidateMemcap(set->hash);
+
+ SCLogConfig("dataset: %s loaded %u records", set->name, cnt);
+ return 0;
+}
+
+static uint32_t DatajsonLoadTypeFromJsonline(Dataset *set, char *json_key,
+ uint32_t (*DatajsonAddTypeElement)(Dataset *, json_t *, char *, bool *))
+{
+ uint32_t cnt = 0;
+ FILE *fp = fopen(set->load, "r");
+ bool found = false;
+
+ if (fp == NULL) {
+ SCLogError("dataset: %s failed to open file '%s'", set->name, set->load);
+ return 0;
+ }
+
+ char line[DATAJSON_JSON_LENGTH];
+ while (fgets(line, sizeof(line), fp) != NULL) {
+ json_t *json = json_loads(line, 0, NULL);
+ if (json == NULL) {
+ SCLogError("dataset: %s failed to parse line '%s'", set->name, line);
+ goto out_err;
+ }
+ cnt += DatajsonAddTypeElement(set, json, json_key, &found);
+ json_decref(json);
+ }
+ int close_op = fclose(fp);
+ if (close_op != 0) {
+ SCLogError("dataset: %s failed to close file '%s'", set->name, set->load);
+ return 0;
+ }
+
+ if (found == false) {
+ FatalErrorOnInit(
+ "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
+ return 0;
+ }
+ return cnt;
+out_err:
+ close_op = fclose(fp);
+ if (close_op != 0) {
+ SCLogError("dataset: %s failed to close file '%s'", set->name, set->load);
+ }
+ return 0;
+}
+
static uint32_t DatajsonAddStringElement(Dataset *set, json_t *value, char *json_key, bool *found)
{
json_t *key = GetSubObjectByKey(value, json_key);
return 0;
}
-static int DatajsonLoadString(Dataset *set, char *json_key, char *array_key)
+static int DatajsonLoadString(Dataset *set, char *json_key, char *array_key, DatasetFormats format)
{
if (strlen(set->load) == 0)
return 0;
SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
uint32_t cnt = 0;
- json_t *json;
- bool found = false;
- SCLogDebug("dataset: array_key '%s' %p", array_key, array_key);
- if (ParseJsonFile(set->load, &json, array_key) == -1) {
- SCLogError("dataset: %s failed to parse from '%s'", set->name, set->load);
- return -1;
- }
-
- size_t index;
- json_t *value;
- json_array_foreach (json, index, value) {
- cnt += DatajsonAddStringElement(set, value, json_key, &found);
- }
- json_decref(json);
-
- if (found == false) {
- FatalErrorOnInit(
- "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
- return -1;
+ if (format == DATASET_FORMAT_JSON) {
+ cnt = DatajsonLoadTypeFromJSON(set, json_key, array_key, DatajsonAddStringElement);
+ } else if (format == DATASET_FORMAT_JSONLINE) {
+ cnt = DatajsonLoadTypeFromJsonline(set, json_key, DatajsonAddStringElement);
}
THashConsolidateMemcap(set->hash);
return 0;
}
-static uint32_t DatajsonLoadMd5FromJSON(Dataset *set, char *array_key, char *json_key)
-{
- uint32_t cnt = 0;
- json_t *json;
- bool found = false;
-
- if (ParseJsonFile(set->load, &json, array_key) == -1)
- return -1;
-
- size_t index;
- json_t *value;
- json_array_foreach (json, index, value) {
- cnt += DatajsonAddMd5Element(set, value, json_key, &found);
- }
- json_decref(json);
-
- if (found == false) {
- FatalErrorOnInit(
- "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
- return -1;
- }
-
- return cnt;
-}
-
-static int DatajsonLoadMd5(Dataset *set, char *json_key, char *array_key)
+static int DatajsonLoadMd5(Dataset *set, char *json_key, char *array_key, DatasetFormats format)
{
if (strlen(set->load) == 0)
return 0;
SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
- uint32_t cnt = DatajsonLoadMd5FromJSON(set, array_key, json_key);
+ uint32_t cnt = 0;
+ if (format == DATASET_FORMAT_JSON) {
+ cnt = DatajsonLoadTypeFromJSON(set, json_key, array_key, DatajsonAddMd5Element);
+ } else if (format == DATASET_FORMAT_JSONLINE) {
+ cnt = DatajsonLoadTypeFromJsonline(set, json_key, DatajsonAddMd5Element);
+ }
THashConsolidateMemcap(set->hash);
SCLogConfig("dataset: %s loaded %u records", set->name, cnt);
return 0;
}
-static uint32_t DatajsonLoadSHA256FromJSON(Dataset *set, char *array_key, char *json_key)
-{
- uint32_t cnt = 0;
- json_t *json;
- bool found = false;
-
- if (ParseJsonFile(set->load, &json, array_key) == -1)
- return -1;
-
- size_t index;
- json_t *value;
- json_array_foreach (json, index, value) {
- cnt += DatajsonAddSha256Element(set, value, json_key, &found);
- }
- json_decref(json);
-
- if (found == false) {
- FatalErrorOnInit(
- "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
- return -1;
- }
- return cnt;
-}
-
-static int DatajsonLoadSha256(Dataset *set, char *json_key, char *array_key)
+static int DatajsonLoadSha256(Dataset *set, char *json_key, char *array_key, DatasetFormats format)
{
if (strlen(set->load) == 0)
return 0;
SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
- uint32_t cnt = DatajsonLoadSHA256FromJSON(set, array_key, json_key);
+ uint32_t cnt = 0;
+ if (format == DATASET_FORMAT_JSON) {
+ cnt = DatajsonLoadTypeFromJSON(set, json_key, array_key, DatajsonAddSha256Element);
+ } else if (format == DATASET_FORMAT_JSONLINE) {
+ cnt = DatajsonLoadTypeFromJsonline(set, json_key, DatajsonAddSha256Element);
+ }
THashConsolidateMemcap(set->hash);
SCLogConfig("dataset: %s loaded %u records", set->name, cnt);
return 0;
}
-static uint32_t DatajsonLoadIPv4FromJSON(Dataset *set, char *array_key, char *json_key)
-{
- uint32_t cnt = 0;
- json_t *json;
- bool found = false;
-
- if (ParseJsonFile(set->load, &json, array_key) == -1)
- return -1;
-
- size_t index;
- json_t *value;
- json_array_foreach (json, index, value) {
- cnt += DatajsonAddIpv4Element(set, value, json_key, &found);
- }
- json_decref(json);
-
- if (found == false) {
- FatalErrorOnInit(
- "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
- return 0;
- }
-
- return cnt;
-}
-
-static int DatajsonLoadIPv4(Dataset *set, char *json_key, char *array_key)
+static int DatajsonLoadIPv4(Dataset *set, char *json_key, char *array_key, DatasetFormats format)
{
if (strlen(set->load) == 0)
return 0;
SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
- uint32_t cnt = DatajsonLoadIPv4FromJSON(set, array_key, json_key);
+ uint32_t cnt = 0;
+
+ if (format == DATASET_FORMAT_JSON) {
+ cnt = DatajsonLoadTypeFromJSON(set, json_key, array_key, DatajsonAddIpv4Element);
+ } else if (format == DATASET_FORMAT_JSONLINE) {
+ cnt = DatajsonLoadTypeFromJsonline(set, json_key, DatajsonAddIpv4Element);
+ }
THashConsolidateMemcap(set->hash);
SCLogConfig("dataset: %s loaded %u records", set->name, cnt);
return 0;
}
-static uint32_t DatajsonLoadIPv6FromJSON(Dataset *set, char *array_key, char *json_key)
-{
- uint32_t cnt = 0;
- json_t *json;
- bool found = false;
-
- if (ParseJsonFile(set->load, &json, array_key) == -1)
- return -1;
-
- size_t index;
- json_t *value;
- json_array_foreach (json, index, value) {
- cnt += DatajsonAddIPv6Element(set, value, json_key, &found);
- }
- json_decref(json);
-
- if (found == false) {
- FatalErrorOnInit(
- "No valid entries for key '%s' found in the file '%s'", json_key, set->load);
- return 0;
- }
- return cnt;
-}
-
-static int DatajsonLoadIPv6(Dataset *set, char *json_key, char *array_key)
+static int DatajsonLoadIPv6(Dataset *set, char *json_key, char *array_key, DatasetFormats format)
{
if (strlen(set->load) == 0)
return 0;
SCLogConfig("dataset: %s loading from '%s'", set->name, set->load);
- uint32_t cnt = DatajsonLoadIPv6FromJSON(set, array_key, json_key);
+ uint32_t cnt = 0;
+
+ if (format == DATASET_FORMAT_JSON) {
+ cnt = DatajsonLoadTypeFromJSON(set, json_key, array_key, DatajsonAddIPv6Element);
+ } else if (format == DATASET_FORMAT_JSONLINE) {
+ cnt = DatajsonLoadTypeFromJsonline(set, json_key, DatajsonAddIPv6Element);
+ }
THashConsolidateMemcap(set->hash);
}
Dataset *DatajsonGet(const char *name, enum DatasetTypes type, const char *load, uint64_t memcap,
- uint32_t hashsize, char *json_key_value, char *json_array_key)
+ uint32_t hashsize, char *json_key_value, char *json_array_key, DatasetFormats format)
{
uint64_t default_memcap = 0;
uint32_t default_hashsize = 0;
hashsize > 0 ? hashsize : default_hashsize);
if (set->hash == NULL)
goto out_err;
- if (DatajsonLoadMd5(set, json_key_value, json_array_key) < 0)
+ if (DatajsonLoadMd5(set, json_key_value, json_array_key, format) < 0)
goto out_err;
break;
case DATASET_TYPE_STRING:
hashsize > 0 ? hashsize : default_hashsize);
if (set->hash == NULL)
goto out_err;
- if (DatajsonLoadString(set, json_key_value, json_array_key) < 0) {
+ if (DatajsonLoadString(set, json_key_value, json_array_key, format) < 0) {
SCLogError("dataset %s loading failed", name);
goto out_err;
}
hashsize > 0 ? hashsize : default_hashsize);
if (set->hash == NULL)
goto out_err;
- if (DatajsonLoadSha256(set, json_key_value, json_array_key) < 0)
+ if (DatajsonLoadSha256(set, json_key_value, json_array_key, format) < 0)
goto out_err;
break;
case DATASET_TYPE_IPV4:
hashsize > 0 ? hashsize : default_hashsize);
if (set->hash == NULL)
goto out_err;
- if (DatajsonLoadIPv4(set, json_key_value, json_array_key) < 0)
+ if (DatajsonLoadIPv4(set, json_key_value, json_array_key, format) < 0)
goto out_err;
break;
case DATASET_TYPE_IPV6:
hashsize > 0 ? hashsize : default_hashsize);
if (set->hash == NULL)
goto out_err;
- if (DatajsonLoadIPv6(set, json_key_value, json_array_key) < 0)
+ if (DatajsonLoadIPv6(set, json_key_value, json_array_key, format) < 0)
goto out_err;
break;
}
if (data == NULL || data_len == 0)
return 0;
- if (sd->format == DATASET_FORMAT_JSON) {
+ if ((sd->format == DATASET_FORMAT_JSON) || (sd->format == DATASET_FORMAT_JSONLINE)) {
return DetectDatajsonBufferMatch(det_ctx, sd, data, data_len);
}
SCLogDebug("format %s", val);
if (strcmp(val, "csv") == 0) {
*format = DATASET_FORMAT_CSV;
+ } else if (strcmp(val, "jsonline") == 0) {
+ *format = DATASET_FORMAT_JSONLINE;
} else if (strcmp(val, "json") == 0) {
*format = DATASET_FORMAT_JSON;
} else {
} else if (strcmp(cmd_str,"isnotset") == 0) {
cmd = DETECT_DATASET_CMD_ISNOTSET;
} else if (strcmp(cmd_str,"set") == 0) {
- if (format == DATASET_FORMAT_JSON) {
+ if ((format == DATASET_FORMAT_JSON) || (format == DATASET_FORMAT_JSONLINE)) {
SCLogError("json format is not supported for 'set' command");
return -1;
}
cmd = DETECT_DATASET_CMD_SET;
} else if (strcmp(cmd_str,"unset") == 0) {
- if (format == DATASET_FORMAT_JSON) {
+ if ((format == DATASET_FORMAT_JSON) || (format == DATASET_FORMAT_JSONLINE)) {
SCLogError("json format is not supported for 'unset' command");
return -1;
}
return -1;
}
- if (format == DATASET_FORMAT_JSON) {
+ if ((format == DATASET_FORMAT_JSON) || (format == DATASET_FORMAT_JSONLINE)) {
if (strlen(save) != 0) {
SCLogError("json format is not supported with 'save' or 'state' option");
return -1;
Dataset *set = NULL;
if (format == DATASET_FORMAT_JSON) {
- set = DatajsonGet(name, type, load, memcap, hashsize, value_key, array_key);
+ set = DatajsonGet(
+ name, type, load, memcap, hashsize, value_key, array_key, DATASET_FORMAT_JSON);
+ } else if (format == DATASET_FORMAT_JSONLINE) {
+ set = DatajsonGet(
+ name, type, load, memcap, hashsize, value_key, NULL, DATASET_FORMAT_JSONLINE);
} else {
set = DatasetGet(name, type, save, load, memcap, hashsize);
}
cd->set = set;
cd->cmd = cmd;
cd->format = format;
- if (format == DATASET_FORMAT_JSON) {
+ if ((format == DATASET_FORMAT_JSON) || (format == DATASET_FORMAT_JSONLINE)) {
strlcpy(cd->json_key, enrichment_key, sizeof(cd->json_key));
}
cd->id = s;
projects / thirdparty / suricata.git / commitdiff
