From: Shivani Bhardwaj <shivani@oisf.net>
Date: Thu, 17 Jul 2025 06:33:17 +0000 (+0530)
Subject: engine/analyzer: write rule failure report to correct file
X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F13701%2Fhead;p=thirdparty%2Fsuricata.git

engine/analyzer: write rule failure report to correct file

The failure report was always just written to rules_fast_pattern.txt. In
case that setting is disabled or there's nothing fast-pattern related,
the report should be written to the usual rules_analysis.txt.

Bug 7821
---

diff --git a/src/detect-engine-analyzer.c b/src/detect-engine-analyzer.c
index c6c3b27596..f92d595f5c 100644
--- a/src/detect-engine-analyzer.c
+++ b/src/detect-engine-analyzer.c
@@ -622,13 +622,15 @@ static void EngineAnalysisRulesPrintFP(const DetectEngineCtx *de_ctx, const Sign
 void EngineAnalysisRulesFailure(
         const DetectEngineCtx *de_ctx, const char *line, const char *file, int lineno)
 {
-    if (de_ctx->ea->fp_engine_analysis_fp) {
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "== Sid: UNKNOWN ==\n");
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "%s\n", line);
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "    FAILURE: invalid rule.\n");
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "    File: %s.\n", file);
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "    Line: %d.\n", lineno);
-        fprintf(de_ctx->ea->fp_engine_analysis_fp, "\n");
+    FILE *tmp_fp = de_ctx->ea->fp_engine_analysis_fp ? de_ctx->ea->fp_engine_analysis_fp
+                                                     : de_ctx->ea->rule_engine_analysis_fp;
+    if (tmp_fp) {
+        fprintf(tmp_fp, "== Sid: UNKNOWN ==\n");
+        fprintf(tmp_fp, "%s\n", line);
+        fprintf(tmp_fp, "    FAILURE: invalid rule.\n");
+        fprintf(tmp_fp, "    File: %s.\n", file);
+        fprintf(tmp_fp, "    Line: %d.\n", lineno);
+        fprintf(tmp_fp, "\n");
     }
 }