23350122333

Committed 20 Mar 2026 03:33PM UTC coverage: 76.492% (-2.8%) from 79.315%

Build # 23350122333

Build Type

Pull #15053

github

Committed by

web-flow

Commit Message

Merge f5bf69f97 into 6587e363a

Pull Request Pull Request #15053: Flow queue/v3

Coverage Stats

113 of 129 new or added lines in 9 files covered. (87.6%)

9534 existing lines in 453 files now uncovered.

256601 of 335461 relevant lines covered (76.49%)

4680806.66 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

92.08

/src/detect-priority.c

/* Copyright (C) 2007-2020 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

/**
 * \file
 *
 * \author Victor Julien <victor@inliniac.net>
 * \author Anoop Saldanha <anoopsaldanha@gmail.com>
 *
 * Implements the priority keyword
 */

#include "suricata-common.h"
#include "detect.h"
#include "detect-parse.h"
#include "detect-priority.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "util-error.h"
#include "util-debug.h"
#include "util-unittest.h"

#define PARSE_REGEX "^\\s*(\\d+|\"\\d+\")\\s*$"

static DetectParseRegex parse_regex;

static int DetectPrioritySetup (DetectEngineCtx *, Signature *, const char *);
#ifdef UNITTESTS
static void PriorityRegisterTests(void);
#endif

/**
 * \brief Registers the handler functions for the "priority" keyword
 */
void DetectPriorityRegister (void)
{
    sigmatch_table[DETECT_PRIORITY].name = "priority";
    sigmatch_table[DETECT_PRIORITY].desc = "rules with a higher priority will be examined first";
    sigmatch_table[DETECT_PRIORITY].url = "/rules/meta.html#priority";
    sigmatch_table[DETECT_PRIORITY].Setup = DetectPrioritySetup;
#ifdef UNITTESTS
    sigmatch_table[DETECT_PRIORITY].RegisterTests = PriorityRegisterTests;
#endif
    DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);
}

static int DetectPrioritySetup (DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
{
    char copy_str[128] = "";
    size_t pcre2len;

    pcre2_match_data *match = NULL;
    int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);
    if (ret < 0) {
        SCLogError("Invalid Priority in Signature "
                   "- %s",
                rawstr);
        if (match)
            pcre2_match_data_free(match);
        return -1;
    }

    pcre2len = sizeof(copy_str);
    ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);
    if (ret < 0) {
        SCLogError("pcre2_substring_copy_bynumber failed");
        pcre2_match_data_free(match);
        return -1;
    }

    pcre2_match_data_free(match);
    char *endptr = NULL;
    int prio = (int)strtol(copy_str, &endptr, 10);
    if (endptr == NULL || *endptr != '\0') {
        SCLogError("Saw an invalid character as arg "
                   "to priority keyword");
        return -1;
    }

    if (s->init_data->init_flags & SIG_FLAG_INIT_PRIO_EXPLICIT) {
        SCLogWarning("duplicate priority "
                     "keyword. Using highest priority in the rule");
        s->prio = MIN(s->prio, prio);
    } else {
        s->prio = prio;
        s->init_data->init_flags |= SIG_FLAG_INIT_PRIO_EXPLICIT;
    }
    return 0;
}

/*------------------------------Unittests-------------------------------------*/

#ifdef UNITTESTS

static int DetectPriorityTest01(void)
{
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "
                               "(msg:\"Priority test\"; priority:2; sid:1;)");
    FAIL_IF_NULL(de_ctx->sig_list);

    FAIL_IF_NOT(de_ctx->sig_list->prio == 2);

    DetectEngineCtxFree(de_ctx);
    PASS;
}

static int DetectPriorityTest02(void)
{
    DetectEngineCtx *de_ctx = DetectEngineCtxInit();
    FAIL_IF_NULL(de_ctx);

    Signature *sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:1; sid:1;)");
    FAIL_IF_NULL(sig);
    FAIL_IF_NOT(sig->prio == 1);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:boo; sid:2;)");
    FAIL_IF_NOT_NULL(sig);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:10boo; sid:3;)");
    FAIL_IF_NOT_NULL(sig);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:b10oo; sid:4;)");
    FAIL_IF_NOT_NULL(sig);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:boo10; sid:5;)");
    FAIL_IF_NOT_NULL(sig);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:-1; sid:6;)");
    FAIL_IF_NOT_NULL(sig);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; sid:7;)");
    FAIL_IF_NULL(sig);
    FAIL_IF_NOT(sig->prio == 3);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:5; priority:4; sid:8;)");
    FAIL_IF_NULL(sig);
    FAIL_IF_NOT(sig->prio == 4);

    sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
                  "(msg:\"Priority test\"; priority:5; priority:4; "
                  "priority:1; sid:9;)");
    FAIL_IF_NULL(sig);
    FAIL_IF_NOT(sig->prio == 1);

    DetectEngineCtxFree(de_ctx);
    PASS;
}

/**
 * \brief This function registers unit tests for Classification Config API.
 */
static void PriorityRegisterTests(void)
{
    UtRegisterTest("DetectPriorityTest01", DetectPriorityTest01);
    UtRegisterTest("DetectPriorityTest02", DetectPriorityTest02);
}
#endif /* UNITTESTS */

1	/* Copyright (C) 2007-2020 Open Information Security Foundation
2	*
3	* You can copy, redistribute or modify this Program under the terms of
4	* the GNU General Public License version 2 as published by the Free
5	* Software Foundation.
6	*
7	* This program is distributed in the hope that it will be useful,
8	* but WITHOUT ANY WARRANTY; without even the implied warranty of
9	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10	* GNU General Public License for more details.
11	*
12	* You should have received a copy of the GNU General Public License
13	* version 2 along with this program; if not, write to the Free Software
14	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15	* 02110-1301, USA.
16	*/
17
18	/**
19	* \file
20	*
21	* \author Victor Julien <victor@inliniac.net>
22	* \author Anoop Saldanha <anoopsaldanha@gmail.com>
23	*
24	* Implements the priority keyword
25	*/
26
27	#include "suricata-common.h"
28	#include "detect.h"
29	#include "detect-parse.h"
30	#include "detect-priority.h"
31	#include "detect-engine.h"
32	#include "detect-engine-mpm.h"
33	#include "util-error.h"
34	#include "util-debug.h"
35	#include "util-unittest.h"
36
37	#define PARSE_REGEX "^\\s(\\d+\|\"\\d+\")\\s$"	2,222✔
38
39	static DetectParseRegex parse_regex;
40
41	static int DetectPrioritySetup (DetectEngineCtx , Signature , const char *);
42	#ifdef UNITTESTS
43	static void PriorityRegisterTests(void);
44	#endif
45
46	/**
47	* \brief Registers the handler functions for the "priority" keyword
48	*/
49	void DetectPriorityRegister (void)
50	{	2,222✔
51	sigmatch_table[DETECT_PRIORITY].name = "priority";	2,222✔
52	sigmatch_table[DETECT_PRIORITY].desc = "rules with a higher priority will be examined first";	2,222✔
53	sigmatch_table[DETECT_PRIORITY].url = "/rules/meta.html#priority";	2,222✔
54	sigmatch_table[DETECT_PRIORITY].Setup = DetectPrioritySetup;	2,222✔
55	#ifdef UNITTESTS	3✔
56	sigmatch_table[DETECT_PRIORITY].RegisterTests = PriorityRegisterTests;	3✔
57	#endif	3✔
58	DetectSetupParseRegexes(PARSE_REGEX, &parse_regex);	2,222✔
59	}	2,222✔
60
61	static int DetectPrioritySetup (DetectEngineCtx de_ctx, Signature s, const char *rawstr)
62	{	127✔
63	char copy_str[128] = "";	127✔
64	size_t pcre2len;	127✔
65
66	pcre2_match_data *match = NULL;	127✔
67	int ret = DetectParsePcreExec(&parse_regex, &match, rawstr, 0, 0);	127✔
68	if (ret < 0) {	127✔
69	SCLogError("Invalid Priority in Signature "	5✔
70	"- %s",	5✔
71	rawstr);	5✔
72	if (match)	5✔
73	pcre2_match_data_free(match);	5✔
74	return -1;	5✔
75	}	5✔
76
77	pcre2len = sizeof(copy_str);	122✔
78	ret = pcre2_substring_copy_bynumber(match, 1, (PCRE2_UCHAR8 *)copy_str, &pcre2len);	122✔
79	if (ret < 0) {	122✔
UNCOV 80	SCLogError("pcre2_substring_copy_bynumber failed");	×
UNCOV 81	pcre2_match_data_free(match);	×
UNCOV 82	return -1;	×
UNCOV 83	}	×
84
85	pcre2_match_data_free(match);	122✔
86	char *endptr = NULL;	122✔
87	int prio = (int)strtol(copy_str, &endptr, 10);	122✔
88	if (endptr == NULL \|\| *endptr != '\0') {	122✔
89	SCLogError("Saw an invalid character as arg "	×
90	"to priority keyword");	×
91	return -1;	×
92	}	×
93
94	if (s->init_data->init_flags & SIG_FLAG_INIT_PRIO_EXPLICIT) {	122✔
95	SCLogWarning("duplicate priority "	3✔
96	"keyword. Using highest priority in the rule");	3✔
97	s->prio = MIN(s->prio, prio);	3✔
98	} else {	119✔
99	s->prio = prio;	119✔
100	s->init_data->init_flags \|= SIG_FLAG_INIT_PRIO_EXPLICIT;	119✔
101	}	119✔
102	return 0;	122✔
103	}	122✔
104
105	/------------------------------Unittests-------------------------------------/
106
107	#ifdef UNITTESTS
108
109	static int DetectPriorityTest01(void)
110	{	1✔
111	DetectEngineCtx *de_ctx = DetectEngineCtxInit();	1✔
112	FAIL_IF_NULL(de_ctx);	1✔
113
114	de_ctx->sig_list = SigInit(de_ctx, "alert tcp any any -> any any "	1✔
115	"(msg:\"Priority test\"; priority:2; sid:1;)");	1✔
116	FAIL_IF_NULL(de_ctx->sig_list);	1✔
117
118	FAIL_IF_NOT(de_ctx->sig_list->prio == 2);	1✔
119
120	DetectEngineCtxFree(de_ctx);	1✔
121	PASS;	1✔
122	}	1✔
123
124	static int DetectPriorityTest02(void)
125	{	1✔
126	DetectEngineCtx *de_ctx = DetectEngineCtxInit();	1✔
127	FAIL_IF_NULL(de_ctx);	1✔
128
129	Signature *sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
130	"(msg:\"Priority test\"; priority:1; sid:1;)");	1✔
131	FAIL_IF_NULL(sig);	1✔
132	FAIL_IF_NOT(sig->prio == 1);	1✔
133
134	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
135	"(msg:\"Priority test\"; priority:boo; sid:2;)");	1✔
136	FAIL_IF_NOT_NULL(sig);	1✔
137
138	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
139	"(msg:\"Priority test\"; priority:10boo; sid:3;)");	1✔
140	FAIL_IF_NOT_NULL(sig);	1✔
141
142	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
143	"(msg:\"Priority test\"; priority:b10oo; sid:4;)");	1✔
144	FAIL_IF_NOT_NULL(sig);	1✔
145
146	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
147	"(msg:\"Priority test\"; priority:boo10; sid:5;)");	1✔
148	FAIL_IF_NOT_NULL(sig);	1✔
149
150	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
151	"(msg:\"Priority test\"; priority:-1; sid:6;)");	1✔
152	FAIL_IF_NOT_NULL(sig);	1✔
153
154	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
155	"(msg:\"Priority test\"; sid:7;)");	1✔
156	FAIL_IF_NULL(sig);	1✔
157	FAIL_IF_NOT(sig->prio == 3);	1✔
158
159	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
160	"(msg:\"Priority test\"; priority:5; priority:4; sid:8;)");	1✔
161	FAIL_IF_NULL(sig);	1✔
162	FAIL_IF_NOT(sig->prio == 4);	1✔
163
164	sig = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "	1✔
165	"(msg:\"Priority test\"; priority:5; priority:4; "	1✔
166	"priority:1; sid:9;)");	1✔
167	FAIL_IF_NULL(sig);	1✔
168	FAIL_IF_NOT(sig->prio == 1);	1✔
169
170	DetectEngineCtxFree(de_ctx);	1✔
171	PASS;	1✔
172	}	1✔
173
174	/**
175	* \brief This function registers unit tests for Classification Config API.
176	*/
177	static void PriorityRegisterTests(void)
178	{	1✔
179	UtRegisterTest("DetectPriorityTest01", DetectPriorityTest01);	1✔
180	UtRegisterTest("DetectPriorityTest02", DetectPriorityTest02);	1✔
181	}	1✔
182	#endif /* UNITTESTS */

OISF / suricata / 23350122333

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous