Skip to content

Commit

Permalink
WIP: issue 2290
Browse files Browse the repository at this point in the history
  • Loading branch information
@jlucovsky
jlucovsky committed Sep 9, 2024
1 parent ebb5196 commit 3865400
Show file tree
Hide file tree
Showing 5 changed files with 18 additions and 8 deletions.
2 changes: 2 additions & 0 deletions src/detect-engine-register.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,7 @@
#include "detect-transform-casechange.h"
#include "detect-transform-header-lowercase.h"
#include "detect-transform-base64.h"
#include "detect-transform-luaxform.h"

#include "util-rule-vars.h"

Expand Down Expand Up @@ -695,6 +696,7 @@ void SigTableSetup(void)
DetectTransformToUpperRegister();
DetectTransformHeaderLowercaseRegister();
DetectTransformFromBase64DecodeRegister();
DetectTransformLuaxformRegister();

DetectFileHandlerRegister();

Expand Down
1 change: 1 addition & 0 deletions src/detect-engine-register.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -316,6 +316,7 @@ enum DetectKeywordId {
DETECT_TRANSFORM_TOUPPER,
DETECT_TRANSFORM_HEADER_LOWERCASE,
DETECT_TRANSFORM_FROM_BASE64,
DETECT_TRANSFORM_LUAXFORM,

DETECT_AL_IKE_EXCH_TYPE,
DETECT_AL_IKE_SPI_INITIATOR,
Expand Down
15 changes: 7 additions & 8 deletions src/detect-lua.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,7 @@
#include "util-var-name.h"

#include "util-lua.h"
#include "util-lua-common.h"
#include "util-lua-sandbox.h"

static int DetectLuaMatch (DetectEngineThreadCtx *,
Expand All @@ -69,7 +70,6 @@ static int DetectLuaSetup (DetectEngineCtx *, Signature *, const char *);
#ifdef UNITTESTS
static void DetectLuaRegisterTests(void);
#endif
static void DetectLuaFree(DetectEngineCtx *, void *);
static int g_smtp_generic_list_id = 0;

/**
Expand Down Expand Up @@ -126,8 +126,6 @@ void DetectLuaRegister(void)
#define FLAG_INSTRUCTION_LIMIT_LOGGED BIT_U32(25)
#define FLAG_MEMORY_LIMIT_LOGGED BIT_U32(26)

#define DEFAULT_LUA_ALLOC_LIMIT 500000
#define DEFAULT_LUA_INSTRUCTION_LIMIT 500000

#if 0
/** \brief dump stack from lua state to screen */
Expand Down Expand Up @@ -464,7 +462,7 @@ static int DetectLuaAppTxMatch (DetectEngineThreadCtx *det_ctx,
static const char *ut_script = NULL;
#endif

static void *DetectLuaThreadInit(void *data)
void *DetectLuaThreadInit(void *data)
{
int status;
DetectLuaData *lua = (DetectLuaData *)data;
Expand Down Expand Up @@ -534,7 +532,7 @@ static void *DetectLuaThreadInit(void *data)
return NULL;
}

static void DetectLuaThreadFree(void *ctx)
void DetectLuaThreadFree(void *ctx)
{
if (ctx != NULL) {
DetectLuaThreadData *t = (DetectLuaThreadData *)ctx;
Expand All @@ -553,7 +551,7 @@ static void DetectLuaThreadFree(void *ctx)
* \retval lua pointer to DetectLuaData on success
* \retval NULL on failure
*/
static DetectLuaData *DetectLuaParse (DetectEngineCtx *de_ctx, const char *str)
DetectLuaData *DetectLuaParse (DetectEngineCtx *de_ctx, const char *str)
{
DetectLuaData *lua = NULL;

Expand Down Expand Up @@ -1041,7 +1039,7 @@ void DetectLuaPostSetup(Signature *s)
*
* \param ptr pointer to DetectLuaData
*/
static void DetectLuaFree(DetectEngineCtx *de_ctx, void *ptr)
void DetectLuaFree(DetectEngineCtx *de_ctx, void *ptr)
{
if (ptr != NULL) {
DetectLuaData *lua = (DetectLuaData *)ptr;
Expand All @@ -1058,7 +1056,8 @@ static void DetectLuaFree(DetectEngineCtx *de_ctx, void *ptr)
VarNameStoreUnregister(lua->flowvar[i], VAR_TYPE_FLOW_VAR);
}

DetectUnregisterThreadCtxFuncs(de_ctx, lua, "lua");
if (lua->thread_ctx_id)
DetectUnregisterThreadCtxFuncs(de_ctx, lua, "lua");

SCFree(lua);
}
Expand Down
5 changes: 5 additions & 0 deletions src/detect-lua.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ typedef struct DetectLuaData {
uint64_t alloc_limit;
uint64_t instruction_limit;
int allow_restricted_functions;
lua_State *luastate;
} DetectLuaData;

/* prototypes */
Expand All @@ -65,6 +66,10 @@ int DetectLuaMatchBuffer(DetectEngineThreadCtx *det_ctx,
const uint8_t *buffer, uint32_t buffer_len, uint32_t offset,
Flow *f);

DetectLuaData *DetectLuaParse (DetectEngineCtx *de_ctx, const char *str);
void DetectLuaFree(DetectEngineCtx *de_ctx, void *ptr);
void DetectLuaPostSetup(Signature *s);
void *DetectLuaThreadInit(void *data);
void DetectLuaThreadFree(void *ctx);

#endif /* SURICATA_DETECT_LUA_H */
3 changes: 3 additions & 0 deletions src/util-lua-common.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,9 @@
#ifndef SURICATA_UTIL_LUA_COMMON_H
#define SURICATA_UTIL_LUA_COMMON_H

#define DEFAULT_LUA_ALLOC_LIMIT 500000
#define DEFAULT_LUA_INSTRUCTION_LIMIT 500000

int LuaCallbackError(lua_State *luastate, const char *msg);
const char *LuaGetStringArgument(lua_State *luastate, int argc);

Expand Down

0 comments on commit 3865400

Please sign in to comment.