From f82e9975ea778a2ffa7692e864b9ed49dd651bad Mon Sep 17 00:00:00 2001 From: Cyrille Bagard <nocbos@gmail.com> Date: Sun, 22 Oct 2023 23:21:51 +0200 Subject: Do not expect initialized trackers when there is no real defined search pattern. --- src/analysis/scan/patterns/tokens/node.c | 13 +++++++++++++ tests/analysis/scan/fuzzing.py | 22 ++++++++++++++++++++-- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/src/analysis/scan/patterns/tokens/node.c b/src/analysis/scan/patterns/tokens/node.c index 604cf86..71fcf05 100644 --- a/src/analysis/scan/patterns/tokens/node.c +++ b/src/analysis/scan/patterns/tokens/node.c @@ -416,6 +416,17 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c if (ocount > 0) { + /** + * Dans le cas où un unique noeud ne renvoie que vers un espace (par + * exemple : "$a = { [0] }"), il n'y a pas de résultats, donc pas + * d'initialisation. + * + * La réinitialisation des décomptes va tiquer pour cet état. La + * phase d'extension des résultats inexistants est ainsi sautée. + */ + if (count_pending_matches(matches) == 0) + goto offset_done; + reset_pending_matches_ttl(matches); pending_ptr = get_all_pending_matches(matches, &pcount); @@ -447,6 +458,8 @@ void g_scan_token_node_check_forward(const GScanTokenNode *node, GScanContext *c */ /* purge_pending_matches(matches); */ + offset_done: + disable_all_ranges_in_node_search_offset(&offset); } diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index c38b25c..044fe54 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -132,7 +132,7 @@ rule test { rule test { bytes: - $a = "a" + $a = "a" condition: maxcommon($a) == 0 @@ -150,7 +150,25 @@ rule test { rule test { bytes: - $a = "0000a0I0" nocase + $a = "0000a0I0" nocase + + condition: + $a + +} +''' + + self.check_rule_failure(rule) + + + def testAAsAcharacter(self): + """Do not expect initialized trackers when there is no real defined search pattern.""" + + rule = ''' +rule test { + + bytes: + $a = {[0]} condition: $a -- cgit v0.11.2-87-g4458