suricata
detect-requires.c
Go to the documentation of this file.
1 /* Copyright (C) 2023 Open Information Security Foundation
2  *
3  * You can copy, redistribute or modify this Program under the terms of
4  * the GNU General Public License version 2 as published by the Free
5  * Software Foundation.
6  *
7  * This program is distributed in the hope that it will be useful,
8  * but WITHOUT ANY WARRANTY; without even the implied warranty of
9  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10  * GNU General Public License for more details.
11  *
12  * You should have received a copy of the GNU General Public License
13  * version 2 along with this program; if not, write to the Free Software
14  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15  * 02110-1301, USA.
16  */
17 
18 #include "detect-requires.h"
19 #include "suricata-common.h"
20 #include "detect-engine.h"
21 #include "rust.h"
22 
23 static int DetectRequiresSetup(DetectEngineCtx *de_ctx, Signature *s, const char *rawstr)
24 {
25  if (de_ctx->requirements == NULL) {
26  de_ctx->requirements = (void *)SCDetectRequiresStatusNew();
27  BUG_ON(de_ctx->requirements == NULL);
28  }
29 
30  const char *errmsg = NULL;
31  int res = SCDetectCheckRequires(rawstr, PROG_VER, &errmsg, de_ctx->requirements);
32  if (res == -1) {
33  // The requires expression is bad, log an error.
34  SCLogError("%s: %s", errmsg, rawstr);
35  de_ctx->sigerror = errmsg;
36  } else if (res < -1) {
37  // This Suricata instance didn't meet the requirements.
38  SCLogInfo("Suricata did not meet the rule requirements: %s: %s", errmsg, rawstr);
39  return -4;
40  }
41  return res;
42 }
43 
45 {
46  sigmatch_table[DETECT_REQUIRES].name = "requires";
47  sigmatch_table[DETECT_REQUIRES].desc = "require Suricata version or features";
48  sigmatch_table[DETECT_REQUIRES].url = "/rules/meta-keywords.html#requires";
49  sigmatch_table[DETECT_REQUIRES].Setup = DetectRequiresSetup;
50 }
SigTableElmt_::url
const char * url
Definition: detect.h:1312
detect-engine.h
SigTableElmt_::desc
const char * desc
Definition: detect.h:1311
sigmatch_table
SigTableElmt * sigmatch_table
Definition: detect-parse.c:128
SigTableElmt_::name
const char * name
Definition: detect.h:1309
DetectEngineCtx_
main detection engine ctx
Definition: detect.h:843
rust.h
SigTableElmt_::Setup
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
Definition: detect.h:1294
DETECT_REQUIRES
@ DETECT_REQUIRES
Definition: detect-engine-register.h:135
DetectEngineCtx_::requirements
SCDetectRequiresStatus * requirements
Definition: detect.h:1049
de_ctx
DetectEngineCtx * de_ctx
Definition: fuzz_siginit.c:17
BUG_ON
#define BUG_ON(x)
Definition: suricata-common.h:300
detect-requires.h
DetectRequiresRegister
void DetectRequiresRegister(void)
Definition: detect-requires.c:44
SCLogInfo
#define SCLogInfo(...)
Macro used to log INFORMATIONAL messages.
Definition: util-debug.h:224
suricata-common.h
SCLogError
#define SCLogError(...)
Macro used to log ERROR messages.
Definition: util-debug.h:261
Signature_
Signature container.
Definition: detect.h:603
DetectEngineCtx_::sigerror
const char * sigerror
Definition: detect.h:939
PROG_VER
#define PROG_VER
Definition: suricata.h:71