From: Jeff Lucovsky <jlucovsky@oisf.net>
Date: Sat, 29 Mar 2025 13:43:30 +0000 (-0400)
Subject: detect/ftp: Use helper functions with ftp.command
X-Git-Tag: suricata-8.0.0-rc1~340
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F13179%2Fhead;p=thirdparty%2Fsuricata.git

detect/ftp: Use helper functions with ftp.command

Refactor ftp.command handling to use helper functions from
detect-engine-helper.[ch] for reduced code duplication.
---

diff --git a/src/detect-ftp-command.c b/src/detect-ftp-command.c
index 97b78b7fec..479f632525 100644
--- a/src/detect-ftp-command.c
+++ b/src/detect-ftp-command.c
@@ -29,14 +29,10 @@
 #include "detect-parse.h"
 #include "detect-engine.h"
 #include "detect-engine-buffer.h"
-#include "detect-engine-mpm.h"
-#include "detect-engine-prefilter.h"
-#include "detect-content.h"
+#include "detect-engine-helper.h"
 
 #include "flow.h"
 
-#include "util-debug.h"
-
 #include "app-layer.h"
 #include "app-layer-ftp.h"
 
@@ -60,8 +56,8 @@ static int DetectFtpCommandSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
     return 0;
 }
 
-static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
-        const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
+static InspectionBuffer *DetectFTPCommandGetData(DetectEngineThreadCtx *det_ctx,
+        const DetectEngineTransforms *transforms, Flow *f, const uint8_t _flow_flags, void *txv,
         const int list_id)
 {
     InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
@@ -73,13 +69,13 @@ static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
 
         const char *b = NULL;
         uint8_t b_len = 0;
-
         if (SCGetFtpCommandInfo(tx->command_descriptor.command_index, &b, NULL, &b_len)) {
             InspectionBufferSetupAndApplyTransforms(
                     det_ctx, list_id, buffer, (const uint8_t *)b, b_len, transforms);
+        } else {
+            return NULL;
         }
     }
-
     return buffer;
 }
 
@@ -92,15 +88,8 @@ void DetectFtpCommandRegister(void)
     sigmatch_table[DETECT_FTP_COMMAND].Setup = DetectFtpCommandSetup;
     sigmatch_table[DETECT_FTP_COMMAND].flags |= SIGMATCH_NOOPT;
 
-    DetectAppLayerInspectEngineRegister(BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOSERVER, 0,
-            DetectEngineInspectBufferGeneric, GetData);
-
-    DetectAppLayerMpmRegister(BUFFER_NAME, SIG_FLAG_TOSERVER, 2, PrefilterGenericMpmRegister,
-            GetData, ALPROTO_FTP, 1);
-
-    DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);
-
-    g_ftp_cmd_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);
+    g_ftp_cmd_buffer_id = DetectHelperBufferMpmRegister(
+            BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandGetData);
 
     SCLogDebug("registering " BUFFER_NAME " rule option");
 }