diff options
-rw-r--r-- | src/analysis/scan/patterns/tokens/node.c | 13 | ||||
-rw-r--r-- | tests/analysis/scan/fuzzing.py | 22 |
2 files changed, 33 insertions, 2 deletions
diff --git a/src/analysis/scan/patterns/tokens/node.c b/src/analysis/scan/patterns/tokens/node.c index 604cf86..71fcf05 100644 --- a/src/analysis/scan/patterns/tokens/node.c +++ b/src/analysis/scan/patterns/tokens/node.c @@ -416,6 +416,17 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c if (ocount > 0) { + /** + * Dans le cas où un unique noeud ne renvoie que vers un espace (par + * exemple : "$a = { [0] }"), il n'y a pas de résultats, donc pas + * d'initialisation. + * + * La réinitialisation des décomptes va tiquer pour cet état. La + * phase d'extension des résultats inexistants est ainsi sautée. + */ + if (count_pending_matches(matches) == 0) + goto offset_done; + reset_pending_matches_ttl(matches); pending_ptr = get_all_pending_matches(matches, &pcount); @@ -447,6 +458,8 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c */ /* purge_pending_matches(matches); */ + offset_done: + disable_all_ranges_in_node_search_offset(&offset); } diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index c38b25c..044fe54 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -132,7 +132,7 @@ rule test { rule test { bytes: - $a = "a" + $a = "a" condition: maxcommon($a) == 0 @@ -150,7 +150,25 @@ rule test { rule test { bytes: - $a = "0000a0I0" nocase + $a = "0000a0I0" nocase + + condition: + $a + +} +''' + + self.check_rule_failure(rule) + + + def testAAsAcharacter(self): + """Do not expect initialized trackers when there is no real defined search pattern.""" + + rule = ''' +rule test { + + bytes: + $a = {[0]} condition: $a |