22553492142

Committed 01 Mar 2026 09:48PM UTC coverage: 70.74% (-2.9%) from 73.687%

Build # 22553492142

Build Type

Pull #14920

github

Committed by

web-flow

Commit Message

Merge e15a765bc into 90823fa90

Pull Request Pull Request #14920: draft: rust based configuration file parser and loader - v4

Run Details

38209 of 77306 branches covered (49.43%)

Branch coverage included in aggregate %.

533 of 779 new or added lines in 5 files covered. (68.42%)

11924 existing lines in 491 files now uncovered.

252429 of 333548 relevant lines covered (75.68%)

2403268.06 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

87.5

/src/detect-ftp-command-data.c

/* Copyright (C) 2025 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 *
 * \author Jeff Lucovsky <jlucovsky@oisf.net>
 *
 * Implements the ftp.command_data sticky buffer
 *
 */

#include "suricata-common.h"
#include "detect.h"

#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-buffer.h"
#include "detect-engine-mpm.h"
#include "detect-engine-prefilter.h"
#include "detect-engine-helper.h"
#include "detect-content.h"

#include "flow.h"

#include "util-debug.h"

#include "app-layer.h"
#include "app-layer-ftp.h"

#include "detect-ftp-command-data.h"

#define KEYWORD_NAME "ftp.command_data"
#define KEYWORD_DOC  "ftp-keywords.html#ftp-command_data"
#define BUFFER_NAME  "ftp.command_data"
#define BUFFER_DESC  "ftp command_data"

static int g_ftp_cmd_data_buffer_id = 0;

static int DetectFtpCommandDataSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
    if (SCDetectBufferSetActiveList(de_ctx, s, g_ftp_cmd_data_buffer_id) < 0)
        return -1;

    if (SCDetectSignatureSetAppProto(s, ALPROTO_FTP) < 0)
        return -1;

    return 0;
}

static bool DetectFTPCommandDataGetData(
        const void *txv, const uint8_t _flow_flags, const uint8_t **buffer, uint32_t *buffer_len)
{
    FTPTransaction *tx = (FTPTransaction *)txv;

    if (tx->command_descriptor.command_code == FTP_COMMAND_UNKNOWN)
        return false;

    const char *b;
    uint8_t b_len;
    if (SCGetFtpCommandInfo(tx->command_descriptor.command_index, &b, NULL, &b_len)) {
        if ((tx->request_length - b_len - 1) > 0) {
            // command data starts here: advance past command + 1 space
            *buffer = tx->request + b_len + 1;
            *buffer_len = tx->request_length - b_len - 1;
            SCLogDebug("command data: \"%s\" [bytes %d]", *buffer, *buffer_len);
            return true;
        }
    }

    *buffer = NULL;
    *buffer_len = 0;
    return false;
}

void DetectFtpCommandDataRegister(void)
{
    /* ftp.command sticky buffer */
    sigmatch_table[DETECT_FTP_COMMAND_DATA].name = KEYWORD_NAME;
    sigmatch_table[DETECT_FTP_COMMAND_DATA].desc =
            "sticky buffer to match on the FTP command data buffer";
    sigmatch_table[DETECT_FTP_COMMAND_DATA].url = "/rules/" KEYWORD_DOC;
    sigmatch_table[DETECT_FTP_COMMAND_DATA].Setup = DetectFtpCommandDataSetup;
    sigmatch_table[DETECT_FTP_COMMAND_DATA].flags |= SIGMATCH_NOOPT;

    SCDetectHelperBufferMpmRegister(
            BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandDataGetData);

    DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);

    g_ftp_cmd_data_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);

    SCLogDebug("registering " BUFFER_NAME " rule option");
}

1	/* Copyright (C) 2025 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	*
20	* \author Jeff Lucovsky <jlucovsky@oisf.net>
21	*
22	* Implements the ftp.command_data sticky buffer
23	*
24	*/
25
26	#include "suricata-common.h"
27	#include "detect.h"
28
29	#include "detect-parse.h"
30	#include "detect-engine.h"
31	#include "detect-engine-buffer.h"
32	#include "detect-engine-mpm.h"
33	#include "detect-engine-prefilter.h"
34	#include "detect-engine-helper.h"
35	#include "detect-content.h"
36
37	#include "flow.h"
38
39	#include "util-debug.h"
40
41	#include "app-layer.h"
42	#include "app-layer-ftp.h"
43
44	#include "detect-ftp-command-data.h"
45
46	#define KEYWORD_NAME "ftp.command_data"	2,159✔
47	#define KEYWORD_DOC "ftp-keywords.html#ftp-command_data"	2,159✔
48	#define BUFFER_NAME "ftp.command_data"	6,477✔
49	#define BUFFER_DESC "ftp command_data"	4,318✔
50
51	static int g_ftp_cmd_data_buffer_id = 0;
52
53	static int DetectFtpCommandDataSetup(DetectEngineCtx de_ctx, Signature s, const char *str)
54	{	4✔
55	if (SCDetectBufferSetActiveList(de_ctx, s, g_ftp_cmd_data_buffer_id) < 0)	4!
UNCOV 56	return -1;	×
57
58	if (SCDetectSignatureSetAppProto(s, ALPROTO_FTP) < 0)	4!
UNCOV 59	return -1;	×
60
61	return 0;	4✔
62	}	4✔
63
64	static bool DetectFTPCommandDataGetData(
65	const void txv, const uint8_t _flow_flags, const uint8_t buffer, uint32_t buffer_len)
66	{	8✔
67	FTPTransaction tx = (FTPTransaction )txv;	8✔
68
69	if (tx->command_descriptor.command_code == FTP_COMMAND_UNKNOWN)	8✔
70	return false;	1✔
71
72	const char *b;	7✔
73	uint8_t b_len;	7✔
74	if (SCGetFtpCommandInfo(tx->command_descriptor.command_index, &b, NULL, &b_len)) {	7!
75	if ((tx->request_length - b_len - 1) > 0) {	7✔
76	// command data starts here: advance past command + 1 space
77	*buffer = tx->request + b_len + 1;	5✔
78	*buffer_len = tx->request_length - b_len - 1;	5✔
79	SCLogDebug("command data: \"%s\" [bytes %d]", buffer, buffer_len);	5!
80	return true;	5✔
81	}	5✔
82	}	7✔
83
84	*buffer = NULL;	2✔
85	*buffer_len = 0;	2✔
86	return false;	2✔
87	}	7✔
88
89	void DetectFtpCommandDataRegister(void)
90	{	2,159✔
91	/* ftp.command sticky buffer */
92	sigmatch_table[DETECT_FTP_COMMAND_DATA].name = KEYWORD_NAME;	2,159✔
93	sigmatch_table[DETECT_FTP_COMMAND_DATA].desc =	2,159✔
94	"sticky buffer to match on the FTP command data buffer";	2,159✔
95	sigmatch_table[DETECT_FTP_COMMAND_DATA].url = "/rules/" KEYWORD_DOC;	2,159✔
96	sigmatch_table[DETECT_FTP_COMMAND_DATA].Setup = DetectFtpCommandDataSetup;	2,159✔
97	sigmatch_table[DETECT_FTP_COMMAND_DATA].flags \|= SIGMATCH_NOOPT;	2,159✔
98
99	SCDetectHelperBufferMpmRegister(	2,159✔
100	BUFFER_NAME, BUFFER_DESC, ALPROTO_FTP, STREAM_TOSERVER, DetectFTPCommandDataGetData);	2,159✔
101
102	DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);	2,159✔
103
104	g_ftp_cmd_data_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);	2,159✔
105
106	SCLogDebug("registering " BUFFER_NAME " rule option");	2,159!
107	}	2,159✔

OISF / suricata / 22553492142

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous