22550237931

Committed 01 Mar 2026 06:56PM UTC coverage: 64.812% (-8.9%) from 73.687%

Build # 22550237931

Build Type

Pull #14920

github

Committed by

web-flow

Commit Message

Merge e05854a6d into 90823fa90

Pull Request Pull Request #14920: draft: rust based configuration file parser and loader - v4

Run Details

561 of 789 new or added lines in 4 files covered. (71.1%)

23225 existing lines in 498 files now uncovered.

131605 of 203055 relevant lines covered (64.81%)

2328818.84 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

81.02

/src/detect-engine-buffer.c

/* Copyright (C) 2025 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 */

#include "suricata-common.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-engine-buffer.h"

int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
{
    BUG_ON(s->init_data == NULL);

    if (s->init_data->list == DETECT_SM_LIST_BASE64_DATA) {
        SCLogError("Rule buffer cannot be reset after base64_data.");
        return -1;
    }

    if (s->init_data->list && s->init_data->transforms.cnt) {
        SCLogError("no matches following transform(s)");
        return -1;
    }
    s->init_data->list = list;
    s->init_data->list_set = true;

    // check if last has matches -> if no, error
    if (s->init_data->curbuf && s->init_data->curbuf->head == NULL) {
        SCLogError("previous sticky buffer has no matches");
        return -1;
    }

    for (uint32_t x = 0; x < s->init_data->buffers_size; x++) {
        SignatureInitDataBuffer *b = &s->init_data->buffers[x];
        for (SigMatch *sm = b->head; sm != NULL; sm = sm->next) {
            SCLogDebug(
                    "buf:%p: id:%u: '%s' pos %u", b, b->id, sigmatch_table[sm->type].name, sm->idx);
        }
        if ((uint32_t)list == b->id) {
            SCLogDebug("found buffer %p for list %d", b, list);
            if (s->init_data->buffers[x].sm_init) {
                s->init_data->buffers[x].sm_init = false;
                SCLogDebug("sm_init was true for %p list %d", b, list);
                s->init_data->curbuf = b;
                return 0;

            } else if (DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list)) {
                // fall through
            } else if (!b->only_ts && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER)) {
                // fall through
            } else if (!b->only_tc && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT)) {
                // fall through
            } else {
                // we create a new buffer for the same id but forced different direction
                SCLogWarning("duplicate instance for %s in '%s'",
                        DetectEngineBufferTypeGetNameById(de_ctx, list), s->sig_str);
                s->init_data->curbuf = b;
                return 0;
            }
        }
    }

    if (list < DETECT_SM_LIST_MAX)
        return 0;

    if (SignatureInitDataBufferCheckExpand(s) < 0) {
        SCLogError("failed to expand rule buffer array");
        return -1;
    }

    /* initialize new buffer */
    s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];
    s->init_data->curbuf->id = list;
    s->init_data->curbuf->head = NULL;
    s->init_data->curbuf->tail = NULL;
    s->init_data->curbuf->multi_capable =
            DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list);
    if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT) {
        s->init_data->curbuf->only_tc = true;
    }
    if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER) {
        s->init_data->curbuf->only_ts = true;
    }

    SCLogDebug("new: idx %u list %d set up curbuf %p", s->init_data->buffer_index - 1, list,
            s->init_data->curbuf);

    return 0;
}

int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
{
    BUG_ON(s->init_data == NULL);

    if (s->init_data->list && s->init_data->transforms.cnt) {
        if (s->init_data->list == DETECT_SM_LIST_NOTSET ||
                s->init_data->list < DETECT_SM_LIST_DYNAMIC_START) {
            SCLogError("previous transforms not consumed "
                       "(list: %u, transform_cnt %u)",
                    s->init_data->list, s->init_data->transforms.cnt);
            SCReturnInt(-1);
        }

        SCLogDebug("buffer %d has transform(s) registered: %d", s->init_data->list,
                s->init_data->transforms.cnt);
        int new_list = DetectEngineBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
                s->init_data->transforms.transforms, s->init_data->transforms.cnt);
        if (new_list == -1) {
            SCReturnInt(-1);
        }
        int base_list = s->init_data->list;
        SCLogDebug("new_list %d", new_list);
        s->init_data->list = new_list;
        s->init_data->list_set = false;
        // reset transforms now that we've set up the list
        s->init_data->transforms.cnt = 0;

        if (s->init_data->curbuf && s->init_data->curbuf->head != NULL) {
            if (SignatureInitDataBufferCheckExpand(s) < 0) {
                SCLogError("failed to expand rule buffer array");
                return -1;
            }
            s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];
            s->init_data->curbuf->multi_capable =
                    DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, base_list);
        }
        if (s->init_data->curbuf == NULL) {
            SCLogError("failed to setup buffer");
            DEBUG_VALIDATE_BUG_ON(1);
            SCReturnInt(-1);
        }
        s->init_data->curbuf->id = new_list;
        SCLogDebug("new list after applying transforms: %u", new_list);
    }

    SCReturnInt(0);
}

SigMatch *DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
{
    for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {
        if (buf_id == s->init_data->buffers[i].id) {
            return s->init_data->buffers[i].head;
        }
    }
    return NULL;
}

SigMatch *DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id)
{
    SigMatch *last = NULL;
    for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {
        if (buf_id == s->init_data->buffers[i].id) {
            last = s->init_data->buffers[i].tail;
        }
    }
    return last;
}

int SCDetectSignatureAddTransform(Signature *s, int transform, void *options)
{
    /* we only support buffers */
    if (s->init_data->list == 0) {
        SCReturnInt(-1);
    }
    if (!s->init_data->list_set) {
        SCLogError("transforms must directly follow stickybuffers");
        SCReturnInt(-1);
    }
    if (s->init_data->transforms.cnt >= DETECT_TRANSFORMS_MAX) {
        SCReturnInt(-1);
    }

    s->init_data->transforms.transforms[s->init_data->transforms.cnt].transform = transform;
    s->init_data->transforms.transforms[s->init_data->transforms.cnt].options = options;

    s->init_data->transforms.cnt++;
    SCLogDebug("Added transform #%d [%s]", s->init_data->transforms.cnt, s->sig_str);

    SCReturnInt(0);
}

1	/* Copyright (C) 2025 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	* \file
20	*
21	* \author Victor Julien <victor@inliniac.net>
22	*/
23
24	#include "suricata-common.h"
25	#include "detect-engine.h"
26	#include "detect-parse.h"
27	#include "detect-engine-buffer.h"
28
29	int SCDetectBufferSetActiveList(DetectEngineCtx de_ctx, Signature s, const int list)
30	{	507,035✔
31	BUG_ON(s->init_data == NULL);	507,035✔
32
33	if (s->init_data->list == DETECT_SM_LIST_BASE64_DATA) {	507,035✔
34	SCLogError("Rule buffer cannot be reset after base64_data.");	2✔
35	return -1;	2✔
36	}	2✔
37
38	if (s->init_data->list && s->init_data->transforms.cnt) {	507,033✔
39	SCLogError("no matches following transform(s)");	3,199✔
40	return -1;	3,199✔
41	}	3,199✔
42	s->init_data->list = list;	503,834✔
43	s->init_data->list_set = true;	503,834✔
44
45	// check if last has matches -> if no, error
46	if (s->init_data->curbuf && s->init_data->curbuf->head == NULL) {	503,834✔
47	SCLogError("previous sticky buffer has no matches");	1,748✔
48	return -1;	1,748✔
49	}	1,748✔
50
51	for (uint32_t x = 0; x < s->init_data->buffers_size; x++) {	4,357,202✔
52	SignatureInitDataBuffer *b = &s->init_data->buffers[x];	3,883,071✔
53	for (SigMatch *sm = b->head; sm != NULL; sm = sm->next) {	4,585,070✔
54	SCLogDebug(	701,999✔
55	"buf:%p: id:%u: '%s' pos %u", b, b->id, sigmatch_table[sm->type].name, sm->idx);	701,999✔
56	}	701,999✔
57	if ((uint32_t)list == b->id) {	3,883,071✔
58	SCLogDebug("found buffer %p for list %d", b, list);	77,691✔
59	if (s->init_data->buffers[x].sm_init) {	77,691✔
60	s->init_data->buffers[x].sm_init = false;	328✔
61	SCLogDebug("sm_init was true for %p list %d", b, list);	328✔
62	s->init_data->curbuf = b;	328✔
63	return 0;	328✔
64
65	} else if (DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list)) {	77,363✔
66	// fall through
67	} else if (!b->only_ts && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER)) {	49,701✔
68	// fall through
69	} else if (!b->only_tc && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT)) {	27,627✔
70	// fall through
71	} else {	27,627✔
72	// we create a new buffer for the same id but forced different direction
73	SCLogWarning("duplicate instance for %s in '%s'",	27,627✔
74	DetectEngineBufferTypeGetNameById(de_ctx, list), s->sig_str);	27,627✔
75	s->init_data->curbuf = b;	27,627✔
76	return 0;	27,627✔
77	}	27,627✔
78	}	77,691✔
79	}	3,883,071✔
80
81	if (list < DETECT_SM_LIST_MAX)	474,131✔
82	return 0;	×
83
84	if (SignatureInitDataBufferCheckExpand(s) < 0) {	474,131✔
85	SCLogError("failed to expand rule buffer array");	1✔
86	return -1;	1✔
87	}	1✔
88
89	/* initialize new buffer */
90	s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];	474,130✔
91	s->init_data->curbuf->id = list;	474,130✔
92	s->init_data->curbuf->head = NULL;	474,130✔
93	s->init_data->curbuf->tail = NULL;	474,130✔
94	s->init_data->curbuf->multi_capable =	474,130✔
95	DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list);	474,130✔
96	if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT) {	474,130✔
97	s->init_data->curbuf->only_tc = true;	556✔
98	}	556✔
99	if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER) {	474,130✔
100	s->init_data->curbuf->only_ts = true;	284✔
101	}	284✔
102
103	SCLogDebug("new: idx %u list %d set up curbuf %p", s->init_data->buffer_index - 1, list,	474,130✔
104	s->init_data->curbuf);	474,130✔
105
106	return 0;	474,130✔
107	}	474,131✔
108
109	int DetectBufferGetActiveList(DetectEngineCtx de_ctx, Signature s)
110	{	800,929✔
111	BUG_ON(s->init_data == NULL);	800,929✔
112
113	if (s->init_data->list && s->init_data->transforms.cnt) {	800,929✔
114	if (s->init_data->list == DETECT_SM_LIST_NOTSET \|\|	100,131✔
115	s->init_data->list < DETECT_SM_LIST_DYNAMIC_START) {	100,131✔
116	SCLogError("previous transforms not consumed "	9✔
117	"(list: %u, transform_cnt %u)",	9✔
118	s->init_data->list, s->init_data->transforms.cnt);	9✔
119	SCReturnInt(-1);	9✔
120	}	9✔
121
122	SCLogDebug("buffer %d has transform(s) registered: %d", s->init_data->list,	100,122✔
123	s->init_data->transforms.cnt);	100,122✔
124	int new_list = DetectEngineBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,	100,122✔
125	s->init_data->transforms.transforms, s->init_data->transforms.cnt);	100,122✔
126	if (new_list == -1) {	100,122✔
127	SCReturnInt(-1);	×
128	}	×
129	int base_list = s->init_data->list;	100,122✔
130	SCLogDebug("new_list %d", new_list);	100,122✔
131	s->init_data->list = new_list;	100,122✔
132	s->init_data->list_set = false;	100,122✔
133	// reset transforms now that we've set up the list
134	s->init_data->transforms.cnt = 0;	100,122✔
135
136	if (s->init_data->curbuf && s->init_data->curbuf->head != NULL) {	100,122✔
137	if (SignatureInitDataBufferCheckExpand(s) < 0) {	4,884✔
138	SCLogError("failed to expand rule buffer array");	1✔
139	return -1;	1✔
140	}	1✔
141	s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];	4,883✔
142	s->init_data->curbuf->multi_capable =	4,883✔
143	DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, base_list);	4,883✔
144	}	4,883✔
145	if (s->init_data->curbuf == NULL) {	100,121✔
146	SCLogError("failed to setup buffer");	×
147	DEBUG_VALIDATE_BUG_ON(1);	×
148	SCReturnInt(-1);	×
149	}	×
150	s->init_data->curbuf->id = new_list;	100,121✔
151	SCLogDebug("new list after applying transforms: %u", new_list);	100,121✔
152	}	100,121✔
153
154	SCReturnInt(0);	800,929✔
155	}	800,929✔
156
157	SigMatch DetectBufferGetFirstSigMatch(const Signature s, const uint32_t buf_id)
UNCOV 158	{	×
UNCOV 159	for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {	×
UNCOV 160	if (buf_id == s->init_data->buffers[i].id) {	×
UNCOV 161	return s->init_data->buffers[i].head;	×
UNCOV 162	}	×
UNCOV 163	}	×
UNCOV 164	return NULL;	×
UNCOV 165	}	×
166
167	SigMatch DetectBufferGetLastSigMatch(const Signature s, const uint32_t buf_id)
UNCOV 168	{	×
UNCOV 169	SigMatch *last = NULL;	×
UNCOV 170	for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {	×
UNCOV 171	if (buf_id == s->init_data->buffers[i].id) {	×
UNCOV 172	last = s->init_data->buffers[i].tail;	×
UNCOV 173	}	×
UNCOV 174	}	×
UNCOV 175	return last;	×
UNCOV 176	}	×
177
178	int SCDetectSignatureAddTransform(Signature s, int transform, void options)
179	{	167,364✔
180	/* we only support buffers */
181	if (s->init_data->list == 0) {	167,364✔
182	SCReturnInt(-1);	×
183	}	×
184	if (!s->init_data->list_set) {	167,364✔
185	SCLogError("transforms must directly follow stickybuffers");	2,912✔
186	SCReturnInt(-1);	2,912✔
187	}	2,912✔
188	if (s->init_data->transforms.cnt >= DETECT_TRANSFORMS_MAX) {	164,452✔
189	SCReturnInt(-1);	1✔
190	}	1✔
191
192	s->init_data->transforms.transforms[s->init_data->transforms.cnt].transform = transform;	164,451✔
193	s->init_data->transforms.transforms[s->init_data->transforms.cnt].options = options;	164,451✔
194
195	s->init_data->transforms.cnt++;	164,451✔
196	SCLogDebug("Added transform #%d [%s]", s->init_data->transforms.cnt, s->sig_str);	164,451✔
197
198	SCReturnInt(0);	164,451✔
199	}	164,452✔

OISF / suricata / 22550237931

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous