From 025b364871c7a78ac03652dc6e47ee29e38199a0 Mon Sep 17 00:00:00 2001
From: Cyrille Bagard <nocbos@gmail.com>
Date: Wed, 15 Nov 2023 01:53:22 +0100
Subject: Ban pattern count indexes sooner (from the grammar).
---
src/analysis/scan/exprs/handler.c | 23 +++++++++++++++++++++++
src/analysis/scan/exprs/handler.h | 3 +++
src/analysis/scan/grammar.y | 9 ++++++++-
tests/analysis/scan/fuzzing.py | 20 ++++++++++++++++++++
4 files changed, 54 insertions(+), 1 deletion(-)
diff --git a/src/analysis/scan/exprs/handler.c b/src/analysis/scan/exprs/handler.c
index ea24443..ecc5a21 100644
--- a/src/analysis/scan/exprs/handler.c
+++ b/src/analysis/scan/exprs/handler.c
@@ -248,6 +248,29 @@ bool g_scan_pattern_handler_create(GScanPatternHandler *handler, GSearchPattern
/******************************************************************************
* *
* Paramètres : handler = instance à initialiser pleinement. *
+* *
+* Description : Indique le type de manipulation de correspondances spécifié. *
+* *
+* Retour : Type de manipulation de correspondances représentée. *
+* *
+* Remarques : - *
+* *
+******************************************************************************/
+
+ScanHandlerType g_scan_pattern_handler_get_handler_type(const GScanPatternHandler *handler)
+{
+ ScanHandlerType result; /* Nature à retourner */
+
+ result = handler->type;
+
+ return result;
+
+}
+
+
+/******************************************************************************
+* *
+* Paramètres : handler = instance à initialiser pleinement. *
* ctx = contexte de suivi de l'analyse courante. *
* count = quantité de correspondances enregistrées. [OUT] *
* *
diff --git a/src/analysis/scan/exprs/handler.h b/src/analysis/scan/exprs/handler.h
index 407ccdc..24c4e8f 100644
--- a/src/analysis/scan/exprs/handler.h
+++ b/src/analysis/scan/exprs/handler.h
@@ -62,6 +62,9 @@ GType g_scan_pattern_handler_get_type(void);
/* Met en place une manipulation de correspondances établies. */
GScanExpression *g_scan_pattern_handler_new(GSearchPattern ** const, size_t, ScanHandlerType);
+/* Indique le type de manipulation de correspondances spécifié. */
+ScanHandlerType g_scan_pattern_handler_get_handler_type(const GScanPatternHandler *);
+
/* Fournit la liste de toutes les correspondances représentées. */
GScanMatch **g_scan_pattern_handler_get_all_matches(const GScanPatternHandler *, GScanContext *, size_t *);
diff --git a/src/analysis/scan/grammar.y b/src/analysis/scan/grammar.y
index 801898f..8380a81 100644
--- a/src/analysis/scan/grammar.y
+++ b/src/analysis/scan/grammar.y
@@ -1541,11 +1541,18 @@ relational_expr : cexpression "<" cexpression
{
$$ = $1;
}
- | pattern_handler "[" cexpression "]"
+ | _pattern_handler "[" cexpression "]"
{
+ if (g_scan_pattern_handler_get_handler_type(G_SCAN_PATTERN_HANDLER($1)) == SHT_COUNTER)
+ {
+ raise_error("Match counts can not get indexed");
+ YYERROR;
+ }
+
$$ = g_scan_set_item_new($1, $3);
g_object_unref(G_OBJECT($1));
g_object_unref(G_OBJECT($3));
+
}
;
diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py
index 1bebdd3..1b9b25b 100644
--- a/tests/analysis/scan/fuzzing.py
+++ b/tests/analysis/scan/fuzzing.py
@@ -267,3 +267,23 @@ rule test {
'''
self.check_rule_failure(rule)
+
+
+ def testCountIndex(self):
+ """Ban pattern count indexes from the grammer."""
+
+ rule = '''
+rule test {
+
+ bytes:
+ $a = "1"
+
+ condition:
+ #*[0]
+
+}
+'''
+
+ with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'):
+
+ scanner = ContentScanner(rule)
--
cgit v0.11.2-87-g4458