From 025b364871c7a78ac03652dc6e47ee29e38199a0 Mon Sep 17 00:00:00 2001 From: Cyrille Bagard Date: Wed, 15 Nov 2023 01:53:22 +0100 Subject: Ban pattern count indexes sooner (from the grammar). --- src/analysis/scan/exprs/handler.c | 23 +++++++++++++++++++++++ src/analysis/scan/exprs/handler.h | 3 +++ src/analysis/scan/grammar.y | 9 ++++++++- tests/analysis/scan/fuzzing.py | 20 ++++++++++++++++++++ 4 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/analysis/scan/exprs/handler.c b/src/analysis/scan/exprs/handler.c index ea24443..ecc5a21 100644 --- a/src/analysis/scan/exprs/handler.c +++ b/src/analysis/scan/exprs/handler.c @@ -248,6 +248,29 @@ bool g_scan_pattern_handler_create(GScanPatternHandler *handler, GSearchPattern /****************************************************************************** * * * Paramètres : handler = instance à initialiser pleinement. * +* * +* Description : Indique le type de manipulation de correspondances spécifié. * +* * +* Retour : Type de manipulation de correspondances représentée. * +* * +* Remarques : - * +* * +******************************************************************************/ + +ScanHandlerType g_scan_pattern_handler_get_handler_type(const GScanPatternHandler *handler) +{ + ScanHandlerType result; /* Nature à retourner */ + + result = handler->type; + + return result; + +} + + +/****************************************************************************** +* * +* Paramètres : handler = instance à initialiser pleinement. * * ctx = contexte de suivi de l'analyse courante. * * count = quantité de correspondances enregistrées. [OUT] * * * diff --git a/src/analysis/scan/exprs/handler.h b/src/analysis/scan/exprs/handler.h index 407ccdc..24c4e8f 100644 --- a/src/analysis/scan/exprs/handler.h +++ b/src/analysis/scan/exprs/handler.h @@ -62,6 +62,9 @@ GType g_scan_pattern_handler_get_type(void); /* Met en place une manipulation de correspondances établies. */ GScanExpression *g_scan_pattern_handler_new(GSearchPattern ** const, size_t, ScanHandlerType); +/* Indique le type de manipulation de correspondances spécifié. */ +ScanHandlerType g_scan_pattern_handler_get_handler_type(const GScanPatternHandler *); + /* Fournit la liste de toutes les correspondances représentées. */ GScanMatch **g_scan_pattern_handler_get_all_matches(const GScanPatternHandler *, GScanContext *, size_t *); diff --git a/src/analysis/scan/grammar.y b/src/analysis/scan/grammar.y index 801898f..8380a81 100644 --- a/src/analysis/scan/grammar.y +++ b/src/analysis/scan/grammar.y @@ -1541,11 +1541,18 @@ relational_expr : cexpression "<" cexpression { $$ = $1; } - | pattern_handler "[" cexpression "]" + | _pattern_handler "[" cexpression "]" { + if (g_scan_pattern_handler_get_handler_type(G_SCAN_PATTERN_HANDLER($1)) == SHT_COUNTER) + { + raise_error("Match counts can not get indexed"); + YYERROR; + } + $$ = g_scan_set_item_new($1, $3); g_object_unref(G_OBJECT($1)); g_object_unref(G_OBJECT($3)); + } ; diff --git a/tests/analysis/scan/fuzzing.py b/tests/analysis/scan/fuzzing.py index 1bebdd3..1b9b25b 100644 --- a/tests/analysis/scan/fuzzing.py +++ b/tests/analysis/scan/fuzzing.py @@ -267,3 +267,23 @@ rule test { ''' self.check_rule_failure(rule) + + + def testCountIndex(self): + """Ban pattern count indexes from the grammer.""" + + rule = ''' +rule test { + + bytes: + $a = "1" + + condition: + #*[0] + +} +''' + + with self.assertRaisesRegex(ValueError, 'Unable to create content scanner'): + + scanner = ContentScanner(rule) -- cgit v0.11.2-87-g4458