/src/suricata7/rust/src/detect/uri.rs

Source
/* Copyright (C) 2022 Open Information Security Foundation
 *
 * You can copy, redistribute or modify this Program under the terms of
 * the GNU General Public License version 2 as published by the Free
 * Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * version 2 along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301, USA.
 */

use super::uint::*;
use nom7::branch::alt;
use nom7::bytes::complete::{is_a, tag};
use nom7::character::complete::char;
use nom7::combinator::{opt, value};
use nom7::IResult;

use std::ffi::CStr;

#[derive(Debug)]
#[repr(C)]
pub struct DetectUrilenData {
    pub du16: DetectUintData<u16>,
    pub raw_buffer: bool,
}

pub fn detect_parse_urilen_raw(i: &str) -> IResult<&str, bool> {
    let (i, _) = opt(is_a(" "))(i)?;
    let (i, _) = char(',')(i)?;
    let (i, _) = opt(is_a(" "))(i)?;
    return alt((value(true, tag("raw")), value(false, tag("norm"))))(i);
}

pub fn detect_parse_urilen(i: &str) -> IResult<&str, DetectUrilenData> {
    let (i, du16) = detect_parse_uint_notending::<u16>(i)?;
    let (i, raw) = opt(detect_parse_urilen_raw)(i)?;
    match raw {
        Some(raw_buffer) => {
            return Ok((i, DetectUrilenData { du16, raw_buffer }));
        }
        None => {
            return Ok((
                i,
                DetectUrilenData {
                    du16,
                    raw_buffer: false,
                },
            ));
        }
    }
}

#[no_mangle]
pub unsafe extern "C" fn rs_detect_urilen_parse(
    ustr: *const std::os::raw::c_char,
) -> *mut DetectUrilenData {
    let ft_name: &CStr = CStr::from_ptr(ustr); //unsafe
    if let Ok(s) = ft_name.to_str() {
        if let Ok((_, ctx)) = detect_parse_urilen(s) {
            let boxed = Box::new(ctx);
            return Box::into_raw(boxed) as *mut _;
        }
    }
    return std::ptr::null_mut();
}

#[no_mangle]
pub unsafe extern "C" fn rs_detect_urilen_free(ctx: &mut DetectUrilenData) {
    // Just unbox...
    std::mem::drop(Box::from_raw(ctx));
}

Line	Count	Source
1		/* Copyright (C) 2022 Open Information Security Foundation
2		*
3		* You can copy, redistribute or modify this Program under the terms of
4		* the GNU General Public License version 2 as published by the Free
5		* Software Foundation.
6		*
7		* This program is distributed in the hope that it will be useful,
8		* but WITHOUT ANY WARRANTY; without even the implied warranty of
9		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
10		* GNU General Public License for more details.
11		*
12		* You should have received a copy of the GNU General Public License
13		* version 2 along with this program; if not, write to the Free Software
14		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
15		* 02110-1301, USA.
16		*/
17
18		use super::uint::*;
19		use nom7::branch::alt;
20		use nom7::bytes::complete::{is_a, tag};
21		use nom7::character::complete::char;
22		use nom7::combinator::{opt, value};
23		use nom7::IResult;
24
25		use std::ffi::CStr;
26
27		#[derive(Debug)]
28		#[repr(C)]
29		pub struct DetectUrilenData {
30		pub du16: DetectUintData<u16>,
31		pub raw_buffer: bool,
32		}
33
34	2.29k	pub fn detect_parse_urilen_raw(i: &str) -> IResult<&str, bool> {
35	2.29k	let (i, _) = opt(is_a(" "))(i)?;
36	2.29k	let (i, _) = char(',')(i)?;
37	879	let (i, _) = opt(is_a(" "))(i)?;
38	879	return alt((value(true, tag("raw")), value(false, tag("norm"))))(i);
39	2.29k	}
40
41	2.70k	pub fn detect_parse_urilen(i: &str) -> IResult<&str, DetectUrilenData> {
42	2.70k	let (i, du16) = detect_parse_uint_notending::<u16>(i)?;
43	2.29k	let (i, raw) = opt(detect_parse_urilen_raw)(i)?;
44	2.29k	match raw {
45	431	Some(raw_buffer) => {
46	431	return Ok((i, DetectUrilenData { du16, raw_buffer }));
47		}
48		None => {
49	1.86k	return Ok((
50	1.86k	i,
51	1.86k	DetectUrilenData {
52	1.86k	du16,
53	1.86k	raw_buffer: false,
54	1.86k	},
55	1.86k	));
56		}
57		}
58	2.70k	}
59
60		#[no_mangle]
61	2.70k	pub unsafe extern "C" fn rs_detect_urilen_parse(
62	2.70k	ustr: *const std::os::raw::c_char,
63	2.70k	) -> *mut DetectUrilenData {
64	2.70k	let ft_name: &CStr = CStr::from_ptr(ustr); //unsafe
65	2.70k	if let Ok(s) = ft_name.to_str() {
66	2.70k	if let Ok((_, ctx)) = detect_parse_urilen(s) {
67	2.29k	let boxed = Box::new(ctx);
68	2.29k	return Box::into_raw(boxed) as *mut _;
69	406	}
70	0	}
71	406	return std::ptr::null_mut();
72	2.70k	}
73
74		#[no_mangle]
75	2.29k	pub unsafe extern "C" fn rs_detect_urilen_free(ctx: &mut DetectUrilenData) {
76		// Just unbox...
77	2.29k	std::mem::drop(Box::from_raw(ctx));
78	2.29k	}

Coverage Report

Created: 2026-03-31 07:45