22553492142

Committed 01 Mar 2026 09:48PM UTC coverage: 70.74% (-2.9%) from 73.687%

Build # 22553492142

Build Type

Pull #14920

github

Committed by

web-flow

Commit Message

Merge e15a765bc into 90823fa90

Pull Request Pull Request #14920: draft: rust based configuration file parser and loader - v4

Run Details

38209 of 77306 branches covered (49.43%)

Branch coverage included in aggregate %.

533 of 779 new or added lines in 5 files covered. (68.42%)

11924 existing lines in 491 files now uncovered.

252429 of 333548 relevant lines covered (75.68%)

2403268.06 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.0

/src/detect-ftp-completion-code.c

/* Copyright (C) 2025 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 *
 * \author Jeff Lucovsky <jlucovsky@oisf.net>
 *
 * Implements the ftp.completion-code sticky buffer
 *
 */

#include "suricata-common.h"

#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-buffer.h"
#include "detect-engine-helper.h"
#include "detect-ftp-completion-code.h"

#include "app-layer.h"
#include "app-layer-ftp.h"

#include "flow.h"

#include "util-debug.h"

#define KEYWORD_NAME "ftp.completion_code"
#define KEYWORD_DOC  "ftp-keywords.html#ftp-completion_code"
#define BUFFER_NAME  "ftp.completion_code"
#define BUFFER_DESC  "ftp completion code"

static int g_ftp_ccode_buffer_id = 0;

static int DetectFtpCompletionCodeSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
    if (SCDetectBufferSetActiveList(de_ctx, s, g_ftp_ccode_buffer_id) < 0)
        return -1;

    if (SCDetectSignatureSetAppProto(s, ALPROTO_FTP) < 0)
        return -1;

    return 0;
}

static bool DetectFTPCompletionCodeGetData(DetectEngineThreadCtx *_det_ctx, const void *txv,
        uint8_t _flow_flags, uint32_t index, const uint8_t **buffer, uint32_t *buffer_len)
{
    FTPTransaction *tx = (FTPTransaction *)txv;

    if (tx->command_descriptor.command_code == FTP_COMMAND_UNKNOWN)
        return false;

    if (!TAILQ_EMPTY(&tx->response_list)) {
        uint32_t count = 0;
        FTPResponseWrapper *wrapper;
        TAILQ_FOREACH (wrapper, &tx->response_list, next) {
            DEBUG_VALIDATE_BUG_ON(wrapper->response == NULL);
            if (index == count) {
                *buffer = (const uint8_t *)wrapper->response->code;
                *buffer_len = (uint32_t)wrapper->response->code_length;
                return true;
            }
            count++;
        }
    }

    *buffer = NULL;
    *buffer_len = 0;
    return false;
}

void DetectFtpCompletionCodeRegister(void)
{
    /* ftp.completion_code sticky buffer */
    sigmatch_table[DETECT_FTP_COMPLETION_CODE].name = KEYWORD_NAME;
    sigmatch_table[DETECT_FTP_COMPLETION_CODE].desc =
            "sticky buffer to match on the FTP completion code buffer";
    sigmatch_table[DETECT_FTP_COMPLETION_CODE].url = "/rules/" KEYWORD_DOC;
    sigmatch_table[DETECT_FTP_COMPLETION_CODE].Setup = DetectFtpCompletionCodeSetup;
    sigmatch_table[DETECT_FTP_COMPLETION_CODE].flags =
            SIGMATCH_NOOPT | SIGMATCH_INFO_STICKY_BUFFER | SIGMATCH_INFO_MULTI_BUFFER;

    DetectAppLayerMultiRegister(
            BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, DetectFTPCompletionCodeGetData, 2);

    DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);

    g_ftp_ccode_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);

    SCLogDebug("registering " BUFFER_NAME " rule option");
}

1	/* Copyright (C) 2025 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	*
20	* \author Jeff Lucovsky <jlucovsky@oisf.net>
21	*
22	* Implements the ftp.completion-code sticky buffer
23	*
24	*/
25
26	#include "suricata-common.h"
27
28	#include "detect.h"
29	#include "detect-parse.h"
30	#include "detect-engine.h"
31	#include "detect-engine-buffer.h"
32	#include "detect-engine-helper.h"
33	#include "detect-ftp-completion-code.h"
34
35	#include "app-layer.h"
36	#include "app-layer-ftp.h"
37
38	#include "flow.h"
39
40	#include "util-debug.h"
41
42	#define KEYWORD_NAME "ftp.completion_code"	2,159✔
43	#define KEYWORD_DOC "ftp-keywords.html#ftp-completion_code"	2,159✔
44	#define BUFFER_NAME "ftp.completion_code"	6,477✔
45	#define BUFFER_DESC "ftp completion code"	2,159✔
46
47	static int g_ftp_ccode_buffer_id = 0;
48
49	static int DetectFtpCompletionCodeSetup(DetectEngineCtx de_ctx, Signature s, const char *str)
50	{	11✔
51	if (SCDetectBufferSetActiveList(de_ctx, s, g_ftp_ccode_buffer_id) < 0)	11!
UNCOV 52	return -1;	×
53
54	if (SCDetectSignatureSetAppProto(s, ALPROTO_FTP) < 0)	11!
UNCOV 55	return -1;	×
56
57	return 0;	11✔
58	}	11✔
59
60	static bool DetectFTPCompletionCodeGetData(DetectEngineThreadCtx _det_ctx, const void txv,
61	uint8_t _flow_flags, uint32_t index, const uint8_t *buffer, uint32_t buffer_len)
62	{	17✔
63	FTPTransaction tx = (FTPTransaction )txv;	17✔
64
65	if (tx->command_descriptor.command_code == FTP_COMMAND_UNKNOWN)	17✔
66	return false;	1✔
67
68	if (!TAILQ_EMPTY(&tx->response_list)) {	16!
69	uint32_t count = 0;	16✔
70	FTPResponseWrapper *wrapper;	16✔
71	TAILQ_FOREACH (wrapper, &tx->response_list, next) {	20✔
72	DEBUG_VALIDATE_BUG_ON(wrapper->response == NULL);	20✔
73	if (index == count) {	20✔
74	buffer = (const uint8_t )wrapper->response->code;	9✔
75	*buffer_len = (uint32_t)wrapper->response->code_length;	9✔
76	return true;	9✔
77	}	9✔
78	count++;	11✔
79	}	11✔
80	}	16✔
81
82	*buffer = NULL;	7✔
83	*buffer_len = 0;	7✔
84	return false;	7✔
85	}	16✔
86
87	void DetectFtpCompletionCodeRegister(void)
88	{	2,159✔
89	/* ftp.completion_code sticky buffer */
90	sigmatch_table[DETECT_FTP_COMPLETION_CODE].name = KEYWORD_NAME;	2,159✔
91	sigmatch_table[DETECT_FTP_COMPLETION_CODE].desc =	2,159✔
92	"sticky buffer to match on the FTP completion code buffer";	2,159✔
93	sigmatch_table[DETECT_FTP_COMPLETION_CODE].url = "/rules/" KEYWORD_DOC;	2,159✔
94	sigmatch_table[DETECT_FTP_COMPLETION_CODE].Setup = DetectFtpCompletionCodeSetup;	2,159✔
95	sigmatch_table[DETECT_FTP_COMPLETION_CODE].flags =	2,159✔
96	SIGMATCH_NOOPT \| SIGMATCH_INFO_STICKY_BUFFER \| SIGMATCH_INFO_MULTI_BUFFER;	2,159✔
97
98	DetectAppLayerMultiRegister(	2,159✔
99	BUFFER_NAME, ALPROTO_FTP, SIG_FLAG_TOCLIENT, 0, DetectFTPCompletionCodeGetData, 2);	2,159✔
100
101	DetectBufferTypeSetDescriptionByName(BUFFER_NAME, BUFFER_DESC);	2,159✔
102
103	g_ftp_ccode_buffer_id = DetectBufferTypeGetByName(BUFFER_NAME);	2,159✔
104
105	SCLogDebug("registering " BUFFER_NAME " rule option");	2,159!
106	}	2,159✔

OISF / suricata / 22553492142

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous