22553492142

Committed 01 Mar 2026 09:48PM UTC coverage: 70.74% (-2.9%) from 73.687%

Build # 22553492142

Build Type

Pull #14920

github

Committed by

web-flow

Commit Message

Merge e15a765bc into 90823fa90

Pull Request Pull Request #14920: draft: rust based configuration file parser and loader - v4

Run Details

38209 of 77306 branches covered (49.43%)

Branch coverage included in aggregate %.

533 of 779 new or added lines in 5 files covered. (68.42%)

11924 existing lines in 491 files now uncovered.

252429 of 333548 relevant lines covered (75.68%)

2403268.06 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

89.29

/src/detect-http-stat-code.c

/* Copyright (C) 2007-2018 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \ingroup httplayer
 *
 * @{
 */


/**
 * \file
 *
 * \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
 *
 * Implements the http_stat_code keyword
 */

#include "suricata-common.h"
#include "threads.h"
#include "decode.h"
#include "detect.h"

#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-buffer.h"
#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-engine-mpm.h"
#include "detect-engine-prefilter.h"

#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"

#include "util-debug.h"
#include "util-error.h"
#include "util-unittest.h"
#include "util-unittest-helper.h"
#include "util-spm.h"
#include "util-print.h"

#include "app-layer.h"
#include "app-layer-parser.h"

#include "app-layer-htp.h"
#include "detect-http-stat-code.h"
#include "stream-tcp-private.h"
#include "stream-tcp.h"

static int DetectHttpStatCodeSetup(DetectEngineCtx *, Signature *, const char *);
static int DetectHttpStatCodeSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str);
#ifdef UNITTESTS
static void DetectHttpStatCodeRegisterTests(void);
#endif
static int g_http_stat_code_buffer_id = 0;
static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
        const DetectEngineTransforms *transforms, Flow *_f,
        const uint8_t _flow_flags, void *txv, const int list_id);
static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
        const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
        const int list_id);

/**
 * \brief Registration function for keyword: http_stat_code
 */
void DetectHttpStatCodeRegister (void)
{
    /* http_stat_code content modifier */
    sigmatch_table[DETECT_HTTP_STAT_CODE_CM].name = "http_stat_code";
    sigmatch_table[DETECT_HTTP_STAT_CODE_CM].desc =
            "content modifier to match only on HTTP stat-code-buffer";
    sigmatch_table[DETECT_HTTP_STAT_CODE_CM].url = "/rules/http-keywords.html#http-stat-code";
    sigmatch_table[DETECT_HTTP_STAT_CODE_CM].Setup = DetectHttpStatCodeSetup;
#ifdef UNITTESTS
    sigmatch_table[DETECT_HTTP_STAT_CODE_CM].RegisterTests = DetectHttpStatCodeRegisterTests;
#endif
    sigmatch_table[DETECT_HTTP_STAT_CODE_CM].flags |=
            SIGMATCH_NOOPT | SIGMATCH_INFO_CONTENT_MODIFIER;
    sigmatch_table[DETECT_HTTP_STAT_CODE_CM].alternative = DETECT_HTTP_STAT_CODE;

    /* http.stat_code content modifier */
    sigmatch_table[DETECT_HTTP_STAT_CODE].name = "http.stat_code";
    sigmatch_table[DETECT_HTTP_STAT_CODE].desc = "sticky buffer to match only on HTTP stat-code-buffer";
    sigmatch_table[DETECT_HTTP_STAT_CODE].url = "/rules/http-keywords.html#http-stat-code";
    sigmatch_table[DETECT_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetupSticky;
    sigmatch_table[DETECT_HTTP_STAT_CODE].flags |= SIGMATCH_NOOPT|SIGMATCH_INFO_STICKY_BUFFER;

    DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,
            HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);

    DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister,
            GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE);

    DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,
            HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);

    DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister,
            GetData2, ALPROTO_HTTP2, HTTP2StateDataServer);

    DetectBufferTypeSetDescriptionByName("http_stat_code",
            "http response status code");

    g_http_stat_code_buffer_id = DetectBufferTypeGetByName("http_stat_code");
}

/**
 * \brief this function setups the http_stat_code modifier keyword used in the rule
 *
 * \param de_ctx   Pointer to the Detection Engine Context
 * \param s        Pointer to the Signature to which the current keyword belongs
 * \param str      Should hold an empty string always
 *
 * \retval  0 On success
 * \retval -1 On failure
 */

static int DetectHttpStatCodeSetup(DetectEngineCtx *de_ctx, Signature *s, const char *arg)
{
    return DetectEngineContentModifierBufferSetup(
            de_ctx, s, arg, DETECT_HTTP_STAT_CODE_CM, g_http_stat_code_buffer_id, ALPROTO_HTTP1);
}

/**
 * \brief this function setup the http.stat_code keyword used in the rule
 *
 * \param de_ctx   Pointer to the Detection Engine Context
 * \param s        Pointer to the Signature to which the current keyword belongs
 * \param str      Should hold an empty string always
 *
 * \retval 0       On success
 */
static int DetectHttpStatCodeSetupSticky(DetectEngineCtx *de_ctx, Signature *s, const char *str)
{
    if (SCDetectBufferSetActiveList(de_ctx, s, g_http_stat_code_buffer_id) < 0)
        return -1;
    if (SCDetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)
        return -1;
    return 0;
}

static InspectionBuffer *GetData(DetectEngineThreadCtx *det_ctx,
        const DetectEngineTransforms *transforms, Flow *_f,
        const uint8_t _flow_flags, void *txv, const int list_id)
{
    SCEnter();

    InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
    if (buffer->inspect == NULL) {
        htp_tx_t *tx = (htp_tx_t *)txv;

        if (htp_tx_response_status(tx) == NULL)
            return NULL;

        const uint32_t data_len = (uint32_t)bstr_len(htp_tx_response_status(tx));
        const uint8_t *data = bstr_ptr(htp_tx_response_status(tx));

        InspectionBufferSetupAndApplyTransforms(
                det_ctx, list_id, buffer, data, data_len, transforms);
    }

    return buffer;
}

static InspectionBuffer *GetData2(DetectEngineThreadCtx *det_ctx,
        const DetectEngineTransforms *transforms, Flow *_f, const uint8_t _flow_flags, void *txv,
        const int list_id)
{
    SCEnter();

    InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);
    if (buffer->inspect == NULL) {
        uint32_t b_len = 0;
        const uint8_t *b = NULL;

        if (SCHttp2TxGetStatus(txv, &b, &b_len) != 1)
            return NULL;
        if (b == NULL || b_len == 0)
            return NULL;

        InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);
    }

    return buffer;
}

#ifdef UNITTESTS
#include "tests/detect-http-stat-code.c"
#endif /* UNITTESTS */

/**
 * @}
 */

1	/* Copyright (C) 2007-2018 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	* \ingroup httplayer
20	*
21	* @{
22	*/
23
24
25	/**
26	* \file
27	*
28	* \author Gurvinder Singh <gurvindersinghdahiya@gmail.com>
29	* \author Anoop Saldanha <anoopsaldanha@gmail.com>
30	*
31	* Implements the http_stat_code keyword
32	*/
33
34	#include "suricata-common.h"
35	#include "threads.h"
36	#include "decode.h"
37	#include "detect.h"
38
39	#include "detect-parse.h"
40	#include "detect-engine.h"
41	#include "detect-engine-buffer.h"
42	#include "detect-content.h"
43	#include "detect-pcre.h"
44	#include "detect-engine-mpm.h"
45	#include "detect-engine-prefilter.h"
46
47	#include "flow.h"
48	#include "flow-var.h"
49	#include "flow-util.h"
50
51	#include "util-debug.h"
52	#include "util-error.h"
53	#include "util-unittest.h"
54	#include "util-unittest-helper.h"
55	#include "util-spm.h"
56	#include "util-print.h"
57
58	#include "app-layer.h"
59	#include "app-layer-parser.h"
60
61	#include "app-layer-htp.h"
62	#include "detect-http-stat-code.h"
63	#include "stream-tcp-private.h"
64	#include "stream-tcp.h"
65
66	static int DetectHttpStatCodeSetup(DetectEngineCtx , Signature , const char *);
67	static int DetectHttpStatCodeSetupSticky(DetectEngineCtx de_ctx, Signature s, const char *str);
68	#ifdef UNITTESTS
69	static void DetectHttpStatCodeRegisterTests(void);
70	#endif
71	static int g_http_stat_code_buffer_id = 0;
72	static InspectionBuffer GetData(DetectEngineThreadCtx det_ctx,
73	const DetectEngineTransforms transforms, Flow _f,
74	const uint8_t _flow_flags, void *txv, const int list_id);
75	static InspectionBuffer GetData2(DetectEngineThreadCtx det_ctx,
76	const DetectEngineTransforms transforms, Flow _f, const uint8_t _flow_flags, void *txv,
77	const int list_id);
78
79	/**
80	* \brief Registration function for keyword: http_stat_code
81	*/
82	void DetectHttpStatCodeRegister (void)
83	{	2,159✔
84	/* http_stat_code content modifier */
85	sigmatch_table[DETECT_HTTP_STAT_CODE_CM].name = "http_stat_code";	2,159✔
86	sigmatch_table[DETECT_HTTP_STAT_CODE_CM].desc =	2,159✔
87	"content modifier to match only on HTTP stat-code-buffer";	2,159✔
88	sigmatch_table[DETECT_HTTP_STAT_CODE_CM].url = "/rules/http-keywords.html#http-stat-code";	2,159✔
89	sigmatch_table[DETECT_HTTP_STAT_CODE_CM].Setup = DetectHttpStatCodeSetup;	2,159✔
90	#ifdef UNITTESTS	3✔
91	sigmatch_table[DETECT_HTTP_STAT_CODE_CM].RegisterTests = DetectHttpStatCodeRegisterTests;	3✔
92	#endif	3✔
93	sigmatch_table[DETECT_HTTP_STAT_CODE_CM].flags \|=	2,159✔
94	SIGMATCH_NOOPT \| SIGMATCH_INFO_CONTENT_MODIFIER;	2,159✔
95	sigmatch_table[DETECT_HTTP_STAT_CODE_CM].alternative = DETECT_HTTP_STAT_CODE;	2,159✔
96
97	/* http.stat_code content modifier */
98	sigmatch_table[DETECT_HTTP_STAT_CODE].name = "http.stat_code";	2,159✔
99	sigmatch_table[DETECT_HTTP_STAT_CODE].desc = "sticky buffer to match only on HTTP stat-code-buffer";	2,159✔
100	sigmatch_table[DETECT_HTTP_STAT_CODE].url = "/rules/http-keywords.html#http-stat-code";	2,159✔
101	sigmatch_table[DETECT_HTTP_STAT_CODE].Setup = DetectHttpStatCodeSetupSticky;	2,159✔
102	sigmatch_table[DETECT_HTTP_STAT_CODE].flags \|= SIGMATCH_NOOPT\|SIGMATCH_INFO_STICKY_BUFFER;	2,159✔
103
104	DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP1, SIG_FLAG_TOCLIENT,	2,159✔
105	HTP_RESPONSE_PROGRESS_LINE, DetectEngineInspectBufferGeneric, GetData);	2,159✔
106
107	DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister,	2,159✔
108	GetData, ALPROTO_HTTP1, HTP_RESPONSE_PROGRESS_LINE);	2,159✔
109
110	DetectAppLayerInspectEngineRegister("http_stat_code", ALPROTO_HTTP2, SIG_FLAG_TOCLIENT,	2,159✔
111	HTTP2StateDataServer, DetectEngineInspectBufferGeneric, GetData2);	2,159✔
112
113	DetectAppLayerMpmRegister("http_stat_code", SIG_FLAG_TOCLIENT, 4, PrefilterGenericMpmRegister,	2,159✔
114	GetData2, ALPROTO_HTTP2, HTTP2StateDataServer);	2,159✔
115
116	DetectBufferTypeSetDescriptionByName("http_stat_code",	2,159✔
117	"http response status code");	2,159✔
118
119	g_http_stat_code_buffer_id = DetectBufferTypeGetByName("http_stat_code");	2,159✔
120	}	2,159✔
121
122	/**
123	* \brief this function setups the http_stat_code modifier keyword used in the rule
124	*
125	* \param de_ctx Pointer to the Detection Engine Context
126	* \param s Pointer to the Signature to which the current keyword belongs
127	* \param str Should hold an empty string always
128	*
129	* \retval 0 On success
130	* \retval -1 On failure
131	*/
132
133	static int DetectHttpStatCodeSetup(DetectEngineCtx de_ctx, Signature s, const char *arg)
134	{	76✔
135	return DetectEngineContentModifierBufferSetup(	76✔
136	de_ctx, s, arg, DETECT_HTTP_STAT_CODE_CM, g_http_stat_code_buffer_id, ALPROTO_HTTP1);	76✔
137	}	76✔
138
139	/**
140	* \brief this function setup the http.stat_code keyword used in the rule
141	*
142	* \param de_ctx Pointer to the Detection Engine Context
143	* \param s Pointer to the Signature to which the current keyword belongs
144	* \param str Should hold an empty string always
145	*
146	* \retval 0 On success
147	*/
148	static int DetectHttpStatCodeSetupSticky(DetectEngineCtx de_ctx, Signature s, const char *str)
149	{	1,029✔
150	if (SCDetectBufferSetActiveList(de_ctx, s, g_http_stat_code_buffer_id) < 0)	1,029!
UNCOV 151	return -1;	×
152	if (SCDetectSignatureSetAppProto(s, ALPROTO_HTTP) < 0)	1,029!
UNCOV 153	return -1;	×
154	return 0;	1,029✔
155	}	1,029✔
156
157	static InspectionBuffer GetData(DetectEngineThreadCtx det_ctx,
158	const DetectEngineTransforms transforms, Flow _f,
159	const uint8_t _flow_flags, void *txv, const int list_id)
160	{	113✔
161	SCEnter();	113✔
162
163	InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);	113✔
164	if (buffer->inspect == NULL) {	113✔
165	htp_tx_t tx = (htp_tx_t )txv;	52✔
166
167	if (htp_tx_response_status(tx) == NULL)	52!
UNCOV 168	return NULL;	×
169
170	const uint32_t data_len = (uint32_t)bstr_len(htp_tx_response_status(tx));	52✔
171	const uint8_t *data = bstr_ptr(htp_tx_response_status(tx));	52✔
172
173	InspectionBufferSetupAndApplyTransforms(	52✔
174	det_ctx, list_id, buffer, data, data_len, transforms);	52✔
175	}	52✔
176
177	return buffer;	113✔
178	}	113✔
179
180	static InspectionBuffer GetData2(DetectEngineThreadCtx det_ctx,
181	const DetectEngineTransforms transforms, Flow _f, const uint8_t _flow_flags, void *txv,
182	const int list_id)
183	{	7✔
184	SCEnter();	7✔
185
186	InspectionBuffer *buffer = InspectionBufferGet(det_ctx, list_id);	7✔
187	if (buffer->inspect == NULL) {	7✔
188	uint32_t b_len = 0;	6✔
189	const uint8_t *b = NULL;	6✔
190
191	if (SCHttp2TxGetStatus(txv, &b, &b_len) != 1)	6✔
192	return NULL;	4✔
193	if (b == NULL \|\| b_len == 0)	2!
194	return NULL;	×
195
196	InspectionBufferSetupAndApplyTransforms(det_ctx, list_id, buffer, b, b_len, transforms);	2✔
197	}	2✔
198
199	return buffer;	3✔
200	}	7✔
201
202	#ifdef UNITTESTS
203	#include "tests/detect-http-stat-code.c"
204	#endif /* UNITTESTS */
205
206	/**
207	* @}
208	*/

OISF / suricata / 22553492142

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous