"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tools/snort2lua/rule_states/rule_gid_sid.cc" between
snort3-3.1.36.0.tar.gz and snort3-3.1.38.0.tar.gz

About: Snort 3 is a network intrusion prevention and detection system (IDS/IPS) combining the benefits of signature, protocol and anomaly-based inspection.

rule_gid_sid.cc  (snort3-3.1.36.0):rule_gid_sid.cc  (snort3-3.1.38.0)
skipping to change at line 29 skipping to change at line 29
// //
// Handle special case of deprecated gid 120: // Handle special case of deprecated gid 120:
// Rules were moved to gid 119, with sids starting from 35. // Rules were moved to gid 119, with sids starting from 35.
// //
// In case the rule is using gid 120 - convert it to gid 119 and update // In case the rule is using gid 120 - convert it to gid 119 and update
// sid. // sid.
// Handle 2 cases: sid was read before/after gid. // Handle 2 cases: sid was read before/after gid.
#include <sstream> #include <sstream>
#include <unordered_map>
#include "conversion_state.h" #include "conversion_state.h"
#include "helpers/converter.h" #include "helpers/converter.h"
#include "helpers/s2l_util.h" #include "helpers/s2l_util.h"
#include "rule_api.h" #include "rule_api.h"
namespace rules namespace rules
{ {
namespace namespace
{ {
static const std::string removed_gids[] = { "146" , "147" }; static const std::string removed_gids[] = { "146" , "147" };
constexpr uint8_t MAX_GIDS = (sizeof(removed_gids) / sizeof(removed_gids[0])); constexpr uint8_t MAX_GIDS = (sizeof(removed_gids) / sizeof(removed_gids[0]));
// first -> gid, second -> error message
static const std::unordered_map<std::string, std::string> rejected_gids =
{
{"138", "gid 138(sensitive data) rules should be written with Snort3 functio
nality in mind"}
};
class Gid : public ConversionState class Gid : public ConversionState
{ {
public: public:
Gid(Converter& c) : ConversionState(c) { } Gid(Converter& c) : ConversionState(c) { }
bool convert(std::istringstream& data_stream) override; bool convert(std::istringstream& data_stream) override;
private: private:
static bool gids_seen[MAX_GIDS]; static bool gids_seen[MAX_GIDS];
}; };
skipping to change at line 103 skipping to change at line 110
// Update sid // Update sid
std::string sid = rule_api.get_option("sid"); std::string sid = rule_api.get_option("sid");
if (!sid.empty()) if (!sid.empty())
{ {
Sid::convert_sid(sid, data_stream, rule_api); Sid::convert_sid(sid, data_stream, rule_api);
rule_api.update_option("sid", sid); rule_api.update_option("sid", sid);
} }
} }
rule_api.add_option("gid", gid); rule_api.add_option("gid", gid);
auto reject_it = rejected_gids.find(gid);
if ( reject_it != rejected_gids.end() )
rule_api.bad_rule(data_stream, reject_it->second);
return set_next_rule_state(data_stream); return set_next_rule_state(data_stream);
} }
// //
// Sid // Sid
// //
void Sid::convert_sid(std::string& sid, std::istringstream& data_stream, RuleApi & r_api) void Sid::convert_sid(std::string& sid, std::istringstream& data_stream, RuleApi & r_api)
{ {
int sid_num; int sid_num;
 End of changes. 3 change blocks. 
0 lines changed or deleted 14 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)