engine/analyzer: write rule failure report to correct file

The failure report was always just written to rules_fast_pattern.txt. In
case that setting is disabled or there's nothing fast-pattern related,
the report should be written to the usual rules_analysis.txt.

Bug 7821

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index c6c3b2759617426e6c27a1aca45ad7fe33a6aa6b..f92d595f5cbb6aa1bd6dff518d28a595838a73a0 100644 (file)
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -622,13 +622,15 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
 void EngineAnalysisRulesFailure(
         const DetectEngineCtx *de_ctx, const char *line, const char *file, int lineno)
 {
-    if (de_ctx->ea->fp_engine_analysis_fp) {
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "== Sid: UNKNOWN ==\n");
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "%s\n", line);
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "    FAILURE: invalid rule.\n");
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "    File: %s.\n", file);
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "    Line: %d.\n", lineno);
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "\n");
+    FILE *tmp_fp = de_ctx->ea->fp_engine_analysis_fp ? de_ctx->ea->fp_engine_analysis_fp
+                                                     : de_ctx->ea->rule_engine_analysis_fp;
+    if (tmp_fp) {
+        fprintf(tmp_fp, "== Sid: UNKNOWN ==\n");
+        fprintf(tmp_fp, "%s\n", line);
+        fprintf(tmp_fp, "    FAILURE: invalid rule.\n");
+        fprintf(tmp_fp, "    File: %s.\n", file);
+        fprintf(tmp_fp, "    Line: %d.\n", lineno);
+        fprintf(tmp_fp, "\n");
     }
 }