summaryrefslogtreecommitdiff
path: root/src/analysis/scan/rule.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/analysis/scan/rule.c')
-rw-r--r--src/analysis/scan/rule.c95
1 files changed, 88 insertions, 7 deletions
diff --git a/src/analysis/scan/rule.c b/src/analysis/scan/rule.c
index 68222dd..29ae826 100644
--- a/src/analysis/scan/rule.c
+++ b/src/analysis/scan/rule.c
@@ -102,6 +102,9 @@ static void g_scan_rule_init(GScanRule *rule)
rule->name = NULL;
rule->name_hash = 0;
+ rule->tags = NULL;
+ rule->tags_count = 0;
+
rule->bytes_locals = NULL;
rule->bytes_allocated = 0;
rule->bytes_used = 0;
@@ -151,9 +154,17 @@ static void g_scan_rule_dispose(GScanRule *rule)
static void g_scan_rule_finalize(GScanRule *rule)
{
+ size_t i; /* Boucle de parcours */
+
if (rule->name != NULL)
free(rule->name);
+ for (i = 0; i < rule->tags_count; i++)
+ free(rule->tags[i]);
+
+ if (rule->tags != NULL)
+ free(rule->tags);
+
G_OBJECT_CLASS(g_scan_rule_parent_class)->finalize(G_OBJECT(rule));
}
@@ -270,6 +281,54 @@ const char *g_scan_rule_get_name(const GScanRule *rule, fnv64_t *hash)
/******************************************************************************
* *
+* Paramètres : rule = règle de détection à compléter. *
+* tag = étiquette à associer à la règle. *
+* *
+* Description : Lie une règle à une nouvelle étiquette. *
+* *
+* Retour : - *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+void g_scan_rule_add_tag(GScanRule *rule, const char *tag)
+{
+ rule->tags = realloc(rule->tags, ++rule->tags_count * sizeof(char *));
+
+ rule->tags[rule->tags_count - 1] = strdup(tag);
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : rule = règle de détection à consulter. *
+* count = quantité d'éléments retournés. [OUT] *
+* *
+* Description : Indique les éventuelles étiquettes associées à une règle. *
+* *
+* Retour : Liste d'étiquettes associées à la règle consultée. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+const char * const *g_scan_rule_list_tags(const GScanRule *rule, size_t *count)
+{
+ const char * const *result; /* Liste à retourner */
+
+ result = rule->tags;
+
+ *count = rule->tags_count;
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
* Paramètres : rule = règle de détection à compléter. *
* pattern = nouveau motif de détection. *
* *
@@ -597,19 +656,41 @@ void g_scan_rule_check(GScanRule *rule, GEngineBackend *backend, GScanContext *c
void g_scan_rule_output_to_text(const GScanRule *rule, GScanContext *context, bool full, int fd)
{
+ GScanOptions *options; /* Options de l'utilisateur */
+ bool selected; /* Affichage attendu ? */
size_t i; /* Boucle de parcours */
- if (full)
- for (i = 0; i < rule->bytes_used; i++)
- g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd);
+ options = g_scan_context_get_options(context);
- if (g_scan_context_has_match_for_rule(context, rule->name))
+ if (rule->tags_count == 0)
+ selected = g_scan_options_has_tag_as_selected(options, NULL);
+
+ else
+ {
+ selected = false;
+
+ for (i = 0; i < rule->tags_count && !selected; i++)
+ selected = g_scan_options_has_tag_as_selected(options, rule->tags[i]);
+
+ }
+
+ if (selected)
{
- write(fd, "Rule '", 6);
- write(fd, rule->name, strlen(rule->name));
- write(fd, "' has matched!\n", 15);
+ if (full)
+ for (i = 0; i < rule->bytes_used; i++)
+ g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd);
+
+ if (g_scan_context_has_match_for_rule(context, rule->name))
+ {
+ write(fd, "Rule '", 6);
+ write(fd, rule->name, strlen(rule->name));
+ write(fd, "' has matched!\n", 15);
+ }
+
}
+ g_object_unref(G_OBJECT(options));
+
}
generated by cgit v0.11.2-87-g4458 at 2024-05-15 06:07:36 (GMT)