22553492142

Committed 01 Mar 2026 09:48PM UTC coverage: 70.74% (-2.9%) from 73.687%

Build # 22553492142

Build Type

Pull #14920

github

Committed by

web-flow

Commit Message

Merge e15a765bc into 90823fa90

Pull Request Pull Request #14920: draft: rust based configuration file parser and loader - v4

Run Details

38209 of 77306 branches covered (49.43%)

Branch coverage included in aggregate %.

533 of 779 new or added lines in 5 files covered. (68.42%)

11924 existing lines in 491 files now uncovered.

252429 of 333548 relevant lines covered (75.68%)

2403268.06 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

68.44

/src/detect-engine-buffer.c

/* Copyright (C) 2025 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 */

#include "suricata-common.h"
#include "detect-engine.h"
#include "detect-parse.h"
#include "detect-engine-buffer.h"

int SCDetectBufferSetActiveList(DetectEngineCtx *de_ctx, Signature *s, const int list)
{
    BUG_ON(s->init_data == NULL);

    if (s->init_data->list == DETECT_SM_LIST_BASE64_DATA) {
        SCLogError("Rule buffer cannot be reset after base64_data.");
        return -1;
    }

    if (s->init_data->list && s->init_data->transforms.cnt) {
        SCLogError("no matches following transform(s)");
        return -1;
    }
    s->init_data->list = list;
    s->init_data->list_set = true;

    // check if last has matches -> if no, error
    if (s->init_data->curbuf && s->init_data->curbuf->head == NULL) {
        SCLogError("previous sticky buffer has no matches");
        return -1;
    }

    for (uint32_t x = 0; x < s->init_data->buffers_size; x++) {
        SignatureInitDataBuffer *b = &s->init_data->buffers[x];
        for (SigMatch *sm = b->head; sm != NULL; sm = sm->next) {
            SCLogDebug(
                    "buf:%p: id:%u: '%s' pos %u", b, b->id, sigmatch_table[sm->type].name, sm->idx);
        }
        if ((uint32_t)list == b->id) {
            SCLogDebug("found buffer %p for list %d", b, list);
            if (s->init_data->buffers[x].sm_init) {
                s->init_data->buffers[x].sm_init = false;
                SCLogDebug("sm_init was true for %p list %d", b, list);
                s->init_data->curbuf = b;
                return 0;

            } else if (DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list)) {
                // fall through
            } else if (!b->only_ts && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER)) {
                // fall through
            } else if (!b->only_tc && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT)) {
                // fall through
            } else {
                // we create a new buffer for the same id but forced different direction
                SCLogWarning("duplicate instance for %s in '%s'",
                        DetectEngineBufferTypeGetNameById(de_ctx, list), s->sig_str);
                s->init_data->curbuf = b;
                return 0;
            }
        }
    }

    if (list < DETECT_SM_LIST_MAX)
        return 0;

    if (SignatureInitDataBufferCheckExpand(s) < 0) {
        SCLogError("failed to expand rule buffer array");
        return -1;
    }

    /* initialize new buffer */
    s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];
    s->init_data->curbuf->id = list;
    s->init_data->curbuf->head = NULL;
    s->init_data->curbuf->tail = NULL;
    s->init_data->curbuf->multi_capable =
            DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list);
    if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT) {
        s->init_data->curbuf->only_tc = true;
    }
    if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER) {
        s->init_data->curbuf->only_ts = true;
    }

    SCLogDebug("new: idx %u list %d set up curbuf %p", s->init_data->buffer_index - 1, list,
            s->init_data->curbuf);

    return 0;
}

int DetectBufferGetActiveList(DetectEngineCtx *de_ctx, Signature *s)
{
    BUG_ON(s->init_data == NULL);

    if (s->init_data->list && s->init_data->transforms.cnt) {
        if (s->init_data->list == DETECT_SM_LIST_NOTSET ||
                s->init_data->list < DETECT_SM_LIST_DYNAMIC_START) {
            SCLogError("previous transforms not consumed "
                       "(list: %u, transform_cnt %u)",
                    s->init_data->list, s->init_data->transforms.cnt);
            SCReturnInt(-1);
        }

        SCLogDebug("buffer %d has transform(s) registered: %d", s->init_data->list,
                s->init_data->transforms.cnt);
        int new_list = DetectEngineBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,
                s->init_data->transforms.transforms, s->init_data->transforms.cnt);
        if (new_list == -1) {
            SCReturnInt(-1);
        }
        int base_list = s->init_data->list;
        SCLogDebug("new_list %d", new_list);
        s->init_data->list = new_list;
        s->init_data->list_set = false;
        // reset transforms now that we've set up the list
        s->init_data->transforms.cnt = 0;

        if (s->init_data->curbuf && s->init_data->curbuf->head != NULL) {
            if (SignatureInitDataBufferCheckExpand(s) < 0) {
                SCLogError("failed to expand rule buffer array");
                return -1;
            }
            s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];
            s->init_data->curbuf->multi_capable =
                    DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, base_list);
        }
        if (s->init_data->curbuf == NULL) {
            SCLogError("failed to setup buffer");
            DEBUG_VALIDATE_BUG_ON(1);
            SCReturnInt(-1);
        }
        s->init_data->curbuf->id = new_list;
        SCLogDebug("new list after applying transforms: %u", new_list);
    }

    SCReturnInt(0);
}

SigMatch *DetectBufferGetFirstSigMatch(const Signature *s, const uint32_t buf_id)
{
    for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {
        if (buf_id == s->init_data->buffers[i].id) {
            return s->init_data->buffers[i].head;
        }
    }
    return NULL;
}

SigMatch *DetectBufferGetLastSigMatch(const Signature *s, const uint32_t buf_id)
{
    SigMatch *last = NULL;
    for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {
        if (buf_id == s->init_data->buffers[i].id) {
            last = s->init_data->buffers[i].tail;
        }
    }
    return last;
}

int SCDetectSignatureAddTransform(Signature *s, int transform, void *options)
{
    /* we only support buffers */
    if (s->init_data->list == 0) {
        SCReturnInt(-1);
    }
    if (!s->init_data->list_set) {
        SCLogError("transforms must directly follow stickybuffers");
        SCReturnInt(-1);
    }
    if (s->init_data->transforms.cnt >= DETECT_TRANSFORMS_MAX) {
        SCReturnInt(-1);
    }

    s->init_data->transforms.transforms[s->init_data->transforms.cnt].transform = transform;
    s->init_data->transforms.transforms[s->init_data->transforms.cnt].options = options;

    s->init_data->transforms.cnt++;
    SCLogDebug("Added transform #%d [%s]", s->init_data->transforms.cnt, s->sig_str);

    SCReturnInt(0);
}

1	/* Copyright (C) 2025 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	* \file
20	*
21	* \author Victor Julien <victor@inliniac.net>
22	*/
23
24	#include "suricata-common.h"
25	#include "detect-engine.h"
26	#include "detect-parse.h"
27	#include "detect-engine-buffer.h"
28
29	int SCDetectBufferSetActiveList(DetectEngineCtx de_ctx, Signature s, const int list)
30	{	52,033✔
31	BUG_ON(s->init_data == NULL);	52,033!
32
33	if (s->init_data->list == DETECT_SM_LIST_BASE64_DATA) {	52,033!
UNCOV 34	SCLogError("Rule buffer cannot be reset after base64_data.");	×
UNCOV 35	return -1;	×
UNCOV 36	}	×
37
38	if (s->init_data->list && s->init_data->transforms.cnt) {	52,033!
UNCOV 39	SCLogError("no matches following transform(s)");	×
UNCOV 40	return -1;	×
UNCOV 41	}	×
42	s->init_data->list = list;	52,033✔
43	s->init_data->list_set = true;	52,033✔
44
45	// check if last has matches -> if no, error
46	if (s->init_data->curbuf && s->init_data->curbuf->head == NULL) {	52,033!
UNCOV 47	SCLogError("previous sticky buffer has no matches");	×
UNCOV 48	return -1;	×
UNCOV 49	}	×
50
51	for (uint32_t x = 0; x < s->init_data->buffers_size; x++) {	464,695✔
52	SignatureInitDataBuffer *b = &s->init_data->buffers[x];	413,116✔
53	for (SigMatch *sm = b->head; sm != NULL; sm = sm->next) {	455,470✔
54	SCLogDebug(	42,354!
55	"buf:%p: id:%u: '%s' pos %u", b, b->id, sigmatch_table[sm->type].name, sm->idx);	42,354✔
56	}	42,354✔
57	if ((uint32_t)list == b->id) {	413,116✔
58	SCLogDebug("found buffer %p for list %d", b, list);	459!
59	if (s->init_data->buffers[x].sm_init) {	459✔
60	s->init_data->buffers[x].sm_init = false;	446✔
61	SCLogDebug("sm_init was true for %p list %d", b, list);	446!
62	s->init_data->curbuf = b;	446✔
63	return 0;	446✔
64
65	} else if (DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list)) {	446✔
66	// fall through
67	} else if (!b->only_ts && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER)) {	9!
68	// fall through
69	} else if (!b->only_tc && (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT)) {	8!
70	// fall through
71	} else {	8✔
72	// we create a new buffer for the same id but forced different direction
73	SCLogWarning("duplicate instance for %s in '%s'",	8✔
74	DetectEngineBufferTypeGetNameById(de_ctx, list), s->sig_str);	8✔
75	s->init_data->curbuf = b;	8✔
76	return 0;	8✔
77	}	8✔
78	}	459✔
79	}	413,116✔
80
81	if (list < DETECT_SM_LIST_MAX)	51,579!
82	return 0;	×
83
84	if (SignatureInitDataBufferCheckExpand(s) < 0) {	51,579!
UNCOV 85	SCLogError("failed to expand rule buffer array");	×
UNCOV 86	return -1;	×
UNCOV 87	}	×
88
89	/* initialize new buffer */
90	s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];	51,579✔
91	s->init_data->curbuf->id = list;	51,579✔
92	s->init_data->curbuf->head = NULL;	51,579✔
93	s->init_data->curbuf->tail = NULL;	51,579✔
94	s->init_data->curbuf->multi_capable =	51,579✔
95	DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, list);	51,579✔
96	if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOCLIENT) {	51,579✔
97	s->init_data->curbuf->only_tc = true;	5✔
98	}	5✔
99	if (s->init_data->init_flags & SIG_FLAG_INIT_FORCE_TOSERVER) {	51,579✔
100	s->init_data->curbuf->only_ts = true;	2✔
101	}	2✔
102
103	SCLogDebug("new: idx %u list %d set up curbuf %p", s->init_data->buffer_index - 1, list,	51,579!
104	s->init_data->curbuf);	51,579✔
105
106	return 0;	51,579✔
107	}	51,579✔
108
109	int DetectBufferGetActiveList(DetectEngineCtx de_ctx, Signature s)
110	{	109,203✔
111	BUG_ON(s->init_data == NULL);	109,203!
112
113	if (s->init_data->list && s->init_data->transforms.cnt) {	109,203!
114	if (s->init_data->list == DETECT_SM_LIST_NOTSET \|\|	2,316!
115	s->init_data->list < DETECT_SM_LIST_DYNAMIC_START) {	2,316!
UNCOV 116	SCLogError("previous transforms not consumed "	×
UNCOV 117	"(list: %u, transform_cnt %u)",	×
UNCOV 118	s->init_data->list, s->init_data->transforms.cnt);	×
UNCOV 119	SCReturnInt(-1);	×
UNCOV 120	}	×
121
122	SCLogDebug("buffer %d has transform(s) registered: %d", s->init_data->list,	2,316!
123	s->init_data->transforms.cnt);	2,316✔
124	int new_list = DetectEngineBufferTypeGetByIdTransforms(de_ctx, s->init_data->list,	2,316✔
125	s->init_data->transforms.transforms, s->init_data->transforms.cnt);	2,316✔
126	if (new_list == -1) {	2,316!
127	SCReturnInt(-1);	×
128	}	×
129	int base_list = s->init_data->list;	2,316✔
130	SCLogDebug("new_list %d", new_list);	2,316!
131	s->init_data->list = new_list;	2,316✔
132	s->init_data->list_set = false;	2,316✔
133	// reset transforms now that we've set up the list
134	s->init_data->transforms.cnt = 0;	2,316✔
135
136	if (s->init_data->curbuf && s->init_data->curbuf->head != NULL) {	2,316!
137	if (SignatureInitDataBufferCheckExpand(s) < 0) {	30!
UNCOV 138	SCLogError("failed to expand rule buffer array");	×
UNCOV 139	return -1;	×
UNCOV 140	}	×
141	s->init_data->curbuf = &s->init_data->buffers[s->init_data->buffer_index++];	30✔
142	s->init_data->curbuf->multi_capable =	30✔
143	DetectEngineBufferTypeSupportsMultiInstanceGetById(de_ctx, base_list);	30✔
144	}	30✔
145	if (s->init_data->curbuf == NULL) {	2,316!
146	SCLogError("failed to setup buffer");	×
147	DEBUG_VALIDATE_BUG_ON(1);	×
148	SCReturnInt(-1);	×
149	}	×
150	s->init_data->curbuf->id = new_list;	2,316✔
151	SCLogDebug("new list after applying transforms: %u", new_list);	2,316!
152	}	2,316✔
153
154	SCReturnInt(0);	109,203✔
155	}	109,203✔
156
157	SigMatch DetectBufferGetFirstSigMatch(const Signature s, const uint32_t buf_id)
158	{	244✔
159	for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {	255!
160	if (buf_id == s->init_data->buffers[i].id) {	234!
161	return s->init_data->buffers[i].head;	223✔
162	}	223✔
163	}	234✔
164	return NULL;	21✔
165	}	244✔
166
167	SigMatch DetectBufferGetLastSigMatch(const Signature s, const uint32_t buf_id)
168	{	38✔
169	SigMatch *last = NULL;	38✔
170	for (uint32_t i = 0; i < s->init_data->buffer_index; i++) {	76!
171	if (buf_id == s->init_data->buffers[i].id) {	38!
172	last = s->init_data->buffers[i].tail;	38✔
173	}	38✔
174	}	38✔
175	return last;	38✔
176	}	38✔
177
178	int SCDetectSignatureAddTransform(Signature s, int transform, void options)
179	{	2,324✔
180	/* we only support buffers */
181	if (s->init_data->list == 0) {	2,324!
182	SCReturnInt(-1);	×
183	}	×
184	if (!s->init_data->list_set) {	2,324!
UNCOV 185	SCLogError("transforms must directly follow stickybuffers");	×
UNCOV 186	SCReturnInt(-1);	×
UNCOV 187	}	×
188	if (s->init_data->transforms.cnt >= DETECT_TRANSFORMS_MAX) {	2,324!
UNCOV 189	SCReturnInt(-1);	×
UNCOV 190	}	×
191
192	s->init_data->transforms.transforms[s->init_data->transforms.cnt].transform = transform;	2,324✔
193	s->init_data->transforms.transforms[s->init_data->transforms.cnt].options = options;	2,324✔
194
195	s->init_data->transforms.cnt++;	2,324✔
196	SCLogDebug("Added transform #%d [%s]", s->init_data->transforms.cnt, s->sig_str);	2,324!
197
198	SCReturnInt(0);	2,324✔
199	}	2,324✔

OISF / suricata / 22553492142

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous