diff options
author | Cyrille Bagard <nocbos@gmail.com> | 2023-09-25 23:50:02 (GMT) |
---|---|---|
committer | Cyrille Bagard <nocbos@gmail.com> | 2023-09-25 23:50:02 (GMT) |
commit | 2f740fc8aa705df046a6d32fc98e2787df0e47e1 (patch) | |
tree | 5c348351ca39312cb5a54a5c88e95859fe0b7579 /src/analysis/scan/rule.c | |
parent | 4c13ca820e4fa01ca62ad66c0665ebbee150f87c (diff) |
Handle tags linked to ROST rules.
Diffstat (limited to 'src/analysis/scan/rule.c')
-rw-r--r-- | src/analysis/scan/rule.c | 95 |
1 files changed, 88 insertions, 7 deletions
diff --git a/src/analysis/scan/rule.c b/src/analysis/scan/rule.c index 68222dd..29ae826 100644 --- a/src/analysis/scan/rule.c +++ b/src/analysis/scan/rule.c @@ -102,6 +102,9 @@ static void g_scan_rule_init(GScanRule *rule) rule->name = NULL; rule->name_hash = 0; + rule->tags = NULL; + rule->tags_count = 0; + rule->bytes_locals = NULL; rule->bytes_allocated = 0; rule->bytes_used = 0; @@ -151,9 +154,17 @@ static void g_scan_rule_dispose(GScanRule *rule) static void g_scan_rule_finalize(GScanRule *rule) { + size_t i; /* Boucle de parcours */ + if (rule->name != NULL) free(rule->name); + for (i = 0; i < rule->tags_count; i++) + free(rule->tags[i]); + + if (rule->tags != NULL) + free(rule->tags); + G_OBJECT_CLASS(g_scan_rule_parent_class)->finalize(G_OBJECT(rule)); } @@ -270,6 +281,54 @@ const char *g_scan_rule_get_name(const GScanRule *rule, fnv64_t *hash) /****************************************************************************** * * +* Paramètres : rule = règle de détection à compléter. * +* tag = étiquette à associer à la règle. * +* * +* Description : Lie une règle à une nouvelle étiquette. * +* * +* Retour : - * +* * +* Remarques : - * +* * +******************************************************************************/ + +void g_scan_rule_add_tag(GScanRule *rule, const char *tag) +{ + rule->tags = realloc(rule->tags, ++rule->tags_count * sizeof(char *)); + + rule->tags[rule->tags_count - 1] = strdup(tag); + +} + + +/****************************************************************************** +* * +* Paramètres : rule = règle de détection à consulter. * +* count = quantité d'éléments retournés. [OUT] * +* * +* Description : Indique les éventuelles étiquettes associées à une règle. * +* * +* Retour : Liste d'étiquettes associées à la règle consultée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +const char * const *g_scan_rule_list_tags(const GScanRule *rule, size_t *count) +{ + const char * const *result; /* Liste à retourner */ + + result = rule->tags; + + *count = rule->tags_count; + + return result; + +} + + +/****************************************************************************** +* * * Paramètres : rule = règle de détection à compléter. * * pattern = nouveau motif de détection. * * * @@ -597,19 +656,41 @@ void g_scan_rule_check(GScanRule *rule, GEngineBackend *backend, GScanContext *c void g_scan_rule_output_to_text(const GScanRule *rule, GScanContext *context, bool full, int fd) { + GScanOptions *options; /* Options de l'utilisateur */ + bool selected; /* Affichage attendu ? */ size_t i; /* Boucle de parcours */ - if (full) - for (i = 0; i < rule->bytes_used; i++) - g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd); + options = g_scan_context_get_options(context); - if (g_scan_context_has_match_for_rule(context, rule->name)) + if (rule->tags_count == 0) + selected = g_scan_options_has_tag_as_selected(options, NULL); + + else + { + selected = false; + + for (i = 0; i < rule->tags_count && !selected; i++) + selected = g_scan_options_has_tag_as_selected(options, rule->tags[i]); + + } + + if (selected) { - write(fd, "Rule '", 6); - write(fd, rule->name, strlen(rule->name)); - write(fd, "' has matched!\n", 15); + if (full) + for (i = 0; i < rule->bytes_used; i++) + g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd); + + if (g_scan_context_has_match_for_rule(context, rule->name)) + { + write(fd, "Rule '", 6); + write(fd, rule->name, strlen(rule->name)); + write(fd, "' has matched!\n", 15); + } + } + g_object_unref(G_OBJECT(options)); + } |