diff options
Diffstat (limited to 'src/analysis/scan/rule.c')
| -rw-r--r-- | src/analysis/scan/rule.c | 92 |
1 files changed, 78 insertions, 14 deletions
diff --git a/src/analysis/scan/rule.c b/src/analysis/scan/rule.c index 29ae826..650b824 100644 --- a/src/analysis/scan/rule.c +++ b/src/analysis/scan/rule.c @@ -659,34 +659,61 @@ void g_scan_rule_output_to_text(const GScanRule *rule, GScanContext *context, bo GScanOptions *options; /* Options de l'utilisateur */ bool selected; /* Affichage attendu ? */ size_t i; /* Boucle de parcours */ + GBinContent *content; /* Contenu binaire scanné */ + char *desc; /* Description de ce contenu */ options = g_scan_context_get_options(context); - if (rule->tags_count == 0) - selected = g_scan_options_has_tag_as_selected(options, NULL); + selected = g_scan_options_has_tag_as_selected(options, NULL); - else + /** + * Si la règle comporte des étiquettes et que l'utilisateur en a spécifié + * également. + */ + if (rule->tags_count > 0 && !selected) { - selected = false; - for (i = 0; i < rule->tags_count && !selected; i++) selected = g_scan_options_has_tag_as_selected(options, rule->tags[i]); - } if (selected) { - if (full) - for (i = 0; i < rule->bytes_used; i++) - g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd); + write(fd, rule->name, strlen(rule->name)); - if (g_scan_context_has_match_for_rule(context, rule->name)) + if (g_scan_options_get_print_tags(options)) { - write(fd, "Rule '", 6); - write(fd, rule->name, strlen(rule->name)); - write(fd, "' has matched!\n", 15); + write(fd, " [", 2); + + for (i = 0; i < rule->tags_count; i++) + { + if (i > 0) + write(fd, ",", 1); + + write(fd, rule->tags[i], strlen(rule->tags[i])); + + } + + write(fd, "]", 1); + } + write(fd, " ", 1); + + content = g_scan_context_get_content(context); + + desc = g_binary_content_describe(content, true); + + write(fd, desc, strlen(desc)); + write(fd, "\n", 1); + + free(desc); + + g_object_unref(G_OBJECT(content)); + + if (full) + for (i = 0; i < rule->bytes_used; i++) + g_search_pattern_output_to_text(rule->bytes_locals[i], context, fd); + } g_object_unref(G_OBJECT(options)); @@ -787,8 +814,9 @@ char *g_scan_rule_convert_as_text(const GScanRule *rule, GScanContext *context) void g_scan_rule_output_to_json(const GScanRule *rule, GScanContext *context, const sized_string_t *padding, unsigned int level, int fd, bool tail) { - size_t i; /* Boucle de parcours */ + size_t i; /* Boucle de parcours #1 */ bool sub_tail; /* Saut de la virgule finale ? */ + size_t k; /* Boucle de parcours #2 */ /* Introduction */ @@ -808,6 +836,42 @@ void g_scan_rule_output_to_json(const GScanRule *rule, GScanContext *context, co write(fd, "\",\n", 3); + /* Etiquettes ? */ + + for (i = 0; i < (level + 1); i++) + write(fd, padding->data, padding->len); + + write(fd, "\"tags\": [", 9); + + if (rule->tags_count > 0) + { + write(fd, "\n", 1); + + for (k = 0; k < rule->tags_count; k++) + { + for (i = 0; i < (level + 2); i++) + write(fd, padding->data, padding->len); + + write(fd, "\"", 1); + + write(fd, rule->tags[k], strlen(rule->tags[k])); + + write(fd, "\"", 1); + + if ((k + 1) < rule->tags_count) + write(fd, ",", 1); + + write(fd, "\n", 1); + + } + + for (i = 0; i < (level + 1); i++) + write(fd, padding->data, padding->len); + + } + + write(fd, "],\n", 3); + /* Affichage des correspondances d'octets */ for (i = 0; i < (level + 1); i++) |