diff --git a/configure.ac b/configure.ac index 71d77f500cea..1eaf7c11a3fb 100644 --- a/configure.ac +++ b/configure.ac @@ -2422,7 +2422,7 @@ fi AC_PATH_PROG(CBINDGEN, cbindgen, "no") if test "x$CBINDGEN" != "xno"; then cbindgen_version=$(cbindgen --version 2>&1 | cut -d' ' -f2-) - min_cbindgen_version="0.10.0" + min_cbindgen_version="0.16.0" AS_VERSION_COMPARE([$cbindgen_version], [$min_cbindgen_version], [cbindgen_ok="no"], [cbindgen_ok="yes"], diff --git a/rust/src/conf.rs b/rust/src/conf.rs index 50acf6cae895..0d28f4d8b494 100644 --- a/rust/src/conf.rs +++ b/rust/src/conf.rs @@ -81,13 +81,8 @@ pub fn conf_get(key: &str) -> Option<&str> { // Return the value of key as a boolean. A value that is not set is // the same as having it set to false. pub fn conf_get_bool(key: &str) -> bool { - if let Some(val) = conf_get(key) { - match val { - "1" | "yes" | "true" | "on" => { - return true; - }, - _ => {}, - } + if let Some("1" | "yes" | "true" | "on") = conf_get(key) { + return true; } return false; diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs index 3a1af7df5316..62b2e1164eff 100644 --- a/rust/src/dcerpc/dcerpc.rs +++ b/rust/src/dcerpc/dcerpc.rs @@ -507,8 +507,8 @@ impl DCERPCState { /// type: unsigned 32 bit integer /// description: call_id param derived from TCP Header /// * `dir`: - /// type: enum Direction - /// description: direction of the flow + /// type: enum Direction + /// description: direction of the flow /// /// Return value: /// Option mutable reference to DCERPCTransaction diff --git a/rust/src/dcerpc/dcerpc_udp.rs b/rust/src/dcerpc/dcerpc_udp.rs index 7c83bbc04a58..05d49973c864 100644 --- a/rust/src/dcerpc/dcerpc_udp.rs +++ b/rust/src/dcerpc/dcerpc_udp.rs @@ -410,11 +410,8 @@ mod tests { 0x1c, 0x7d, 0xcf, 0x11, ]; - match parser::parse_dcerpc_udp_header(request) { - Ok((_rem, _header)) => { - { assert!(false); } - } - _ => {} + if let Ok((_rem, _header)) = parser::parse_dcerpc_udp_header(request) { + { assert!(false); } } } diff --git a/rust/src/dcerpc/detect.rs b/rust/src/dcerpc/detect.rs index 81f2854ace6d..2a0209c80cc6 100644 --- a/rust/src/dcerpc/detect.rs +++ b/rust/src/dcerpc/detect.rs @@ -212,13 +212,8 @@ pub extern "C" fn rs_dcerpc_iface_match( } match state.get_hdr_type() { - Some(x) => match x { - DCERPC_TYPE_REQUEST | DCERPC_TYPE_RESPONSE => {} - _ => { - return 0; - } - }, - None => { + Some(DCERPC_TYPE_REQUEST | DCERPC_TYPE_RESPONSE) => {} + _ => { return 0; } }; diff --git a/rust/src/detect/uint.rs b/rust/src/detect/uint.rs index 3d6a5baab0ca..312dad0ca96a 100644 --- a/rust/src/detect/uint.rs +++ b/rust/src/detect/uint.rs @@ -417,11 +417,8 @@ mod tests { assert!(false); } } - match detect_parse_uint::("2kb") { - Ok((_, _val)) => { - assert!(false); - } - Err(_) => {} + if let Ok((_, _val)) = detect_parse_uint::("2kb") { + assert!(false); } match detect_parse_uint::("3MB") { Ok((_, val)) => { diff --git a/rust/src/http2/parser.rs b/rust/src/http2/parser.rs index 1a46437d65a5..f1850511268d 100644 --- a/rust/src/http2/parser.rs +++ b/rust/src/http2/parser.rs @@ -882,11 +882,8 @@ mod tests { match r { Ok((rem, ctx)) => { assert_eq!(ctx.id, HTTP2SettingsId::EnablePush); - match ctx.value { - Some(_) => { - panic!("Unexpected value"); - } - None => {} + if ctx.value.is_some() { + panic!("Unexpected value"); } assert_eq!(rem.len(), 0); } diff --git a/rust/src/ssh/parser.rs b/rust/src/ssh/parser.rs index bfad8c005a9d..0c57c88229d1 100644 --- a/rust/src/ssh/parser.rs +++ b/rust/src/ssh/parser.rs @@ -198,7 +198,7 @@ impl<'a> SshPacketKeyExchange<'a> { slices .iter() .for_each(|&x| hassh_string.extend_from_slice(x)); - hassh.extend(format!("{:x}", Md5::new().chain(&hassh_string).finalize()).as_bytes()); + hassh.extend(format!("{:x}", Md5::new().chain(hassh_string).finalize()).as_bytes()); } } @@ -552,11 +552,8 @@ mod tests { ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00 ,0x00]; let mut hassh_string: Vec = vec!(); let mut hassh: Vec = vec!(); - match ssh_parse_key_exchange(&client_key_exchange){ - Ok((_, key_exchange)) => { - key_exchange.generate_hassh(&mut hassh_string, &mut hassh, &true); - } - Err(_) => { } + if let Ok((_, key_exchange)) = ssh_parse_key_exchange(&client_key_exchange) { + key_exchange.generate_hassh(&mut hassh_string, &mut hassh, &true); } assert_eq!(hassh_string, "curve25519-sha256,curve25519-sha256@libssh.org,\ @@ -643,11 +640,8 @@ mod tests { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00]; let mut hassh_server_string: Vec = vec!(); let mut hassh_server: Vec = vec!(); - match ssh_parse_key_exchange(&server_key_exchange){ - Ok((_, key_exchange)) => { - key_exchange.generate_hassh(&mut hassh_server_string, &mut hassh_server, &true); - } - Err(_) => { } + if let Ok((_, key_exchange)) = ssh_parse_key_exchange(&server_key_exchange) { + key_exchange.generate_hassh(&mut hassh_server_string, &mut hassh_server, &true); } assert_eq!(hassh_server, "b12d2871a1189eff20364cf5333619ee".as_bytes().to_vec()); } diff --git a/src/Makefile.am b/src/Makefile.am index 582be4585c2b..8377d39e4819 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -1343,7 +1343,7 @@ if BUILD_FUZZTARGETS LDFLAGS_FUZZ = $(all_libraries) $(SECLDFLAGS) LDADD_FUZZ = libsuricata_c.a $(RUST_SURICATA_LIB) $(HTP_LDADD) $(RUST_LDADD) -fuzz_applayerprotodetectgetproto_SOURCES = tests/fuzz/fuzz_applayerprotodetectgetproto.c +fuzz_applayerprotodetectgetproto_SOURCES = tests/fuzz/fuzz_applayerprotodetectgetproto.c tests/fuzz/confyaml.c fuzz_applayerprotodetectgetproto_LDFLAGS = $(LDFLAGS_FUZZ) fuzz_applayerprotodetectgetproto_LDADD = $(LDADD_FUZZ) if HAS_FUZZLDFLAGS @@ -1354,7 +1354,7 @@ endif # force usage of CXX for linker nodist_EXTRA_fuzz_applayerprotodetectgetproto_SOURCES = force-cxx-linking.cxx -fuzz_applayerparserparse_SOURCES = tests/fuzz/fuzz_applayerparserparse.c +fuzz_applayerparserparse_SOURCES = tests/fuzz/fuzz_applayerparserparse.c tests/fuzz/confyaml.c fuzz_applayerparserparse_LDFLAGS = $(LDFLAGS_FUZZ) fuzz_applayerparserparse_LDADD = $(LDADD_FUZZ) if HAS_FUZZLDFLAGS @@ -1398,7 +1398,7 @@ endif # force usage of CXX for linker nodist_EXTRA_fuzz_decodepcapfile_SOURCES = force-cxx-linking.cxx -fuzz_sigpcap_SOURCES = tests/fuzz/fuzz_sigpcap.c +fuzz_sigpcap_SOURCES = tests/fuzz/fuzz_sigpcap.c tests/fuzz/confyaml.c fuzz_sigpcap_LDFLAGS = $(LDFLAGS_FUZZ) fuzz_sigpcap_LDADD = $(LDADD_FUZZ) if HAS_FUZZLDFLAGS @@ -1410,7 +1410,7 @@ endif nodist_EXTRA_fuzz_sigpcap_SOURCES = force-cxx-linking.cxx if HAS_FUZZPCAP -fuzz_sigpcap_aware_SOURCES = tests/fuzz/fuzz_sigpcap_aware.c +fuzz_sigpcap_aware_SOURCES = tests/fuzz/fuzz_sigpcap_aware.c tests/fuzz/confyaml.c fuzz_sigpcap_aware_LDFLAGS = $(LDFLAGS_FUZZ) fuzz_sigpcap_aware_LDADD = $(LDADD_FUZZ) -lfuzzpcap if HAS_FUZZLDFLAGS @@ -1421,7 +1421,7 @@ endif # force usage of CXX for linker nodist_EXTRA_fuzz_sigpcap_aware_SOURCES = force-cxx-linking.cxx -fuzz_predefpcap_aware_SOURCES = tests/fuzz/fuzz_predefpcap_aware.c +fuzz_predefpcap_aware_SOURCES = tests/fuzz/fuzz_predefpcap_aware.c tests/fuzz/confyaml.c fuzz_predefpcap_aware_LDFLAGS = $(LDFLAGS_FUZZ) fuzz_predefpcap_aware_LDADD = $(LDADD_FUZZ) -lfuzzpcap if HAS_FUZZLDFLAGS diff --git a/src/detect-bsize.c b/src/detect-bsize.c index 3b3efe87b7ff..8d8b34ea4be5 100644 --- a/src/detect-bsize.c +++ b/src/detect-bsize.c @@ -157,20 +157,6 @@ int DetectBsizeMatch(const SigMatchCtx *ctx, const uint64_t buffer_size, bool eo return 0; } -/** - * \brief This function is used to parse bsize options passed via bsize: keyword - * - * \param bsizestr Pointer to the user provided bsize options - * - * \retval bsized pointer to DetectU64Data on success - * \retval NULL on failure - */ - -static DetectU64Data *DetectBsizeParse(const char *str) -{ - return DetectU64Parse(str); -} - static int SigParseGetMaxBsize(DetectU64Data *bsz) { switch (bsz->mode) { @@ -208,9 +194,9 @@ static int DetectBsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char * if (list == DETECT_SM_LIST_NOTSET) SCReturnInt(-1); - DetectU64Data *bsz = DetectBsizeParse(sizestr); + DetectU64Data *bsz = DetectU64Parse(sizestr); if (bsz == NULL) - goto error; + SCReturnInt(-1); sm = SigMatchAlloc(); if (sm == NULL) diff --git a/src/detect-dsize.c b/src/detect-dsize.c index 4336e3546b9f..7dd6b4012e3b 100644 --- a/src/detect-dsize.c +++ b/src/detect-dsize.c @@ -124,7 +124,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char * if (DetectGetLastSMFromLists(s, DETECT_DSIZE, -1)) { SCLogError("Can't use 2 or more dsizes in " "the same sig. Invalidating signature."); - goto error; + return -1; } SCLogDebug("\'%s\'", rawstr); @@ -132,7 +132,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char * dd = DetectU16Parse(rawstr); if (dd == NULL) { SCLogError("Parsing \'%s\' failed", rawstr); - goto error; + return -1; } /* Okay so far so good, lets get this into a SigMatch @@ -141,7 +141,7 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char * if (sm == NULL){ SCLogError("Failed to allocate memory for SigMatch"); rs_detect_u16_free(dd); - goto error; + return -1; } sm->type = DETECT_DSIZE; @@ -160,9 +160,6 @@ static int DetectDsizeSetup (DetectEngineCtx *de_ctx, Signature *s, const char * } return 0; - -error: - return -1; } /** diff --git a/src/detect-filesize.c b/src/detect-filesize.c index 05caba8568c1..616ff9dbd941 100644 --- a/src/detect-filesize.c +++ b/src/detect-filesize.c @@ -127,7 +127,7 @@ static int DetectFilesizeSetup (DetectEngineCtx *de_ctx, Signature *s, const cha fsd = DetectU64Parse(str); if (fsd == NULL) - goto error; + SCReturnInt(-1); sm = SigMatchAlloc(); if (sm == NULL) diff --git a/src/detect-icode.c b/src/detect-icode.c index 7758bd9bae05..e9616873ca9d 100644 --- a/src/detect-icode.c +++ b/src/detect-icode.c @@ -121,7 +121,8 @@ static int DetectICodeSetup(DetectEngineCtx *de_ctx, Signature *s, const char *i SigMatch *sm = NULL; icd = DetectU8Parse(icodestr); - if (icd == NULL) goto error; + if (icd == NULL) + return -1; sm = SigMatchAlloc(); if (sm == NULL) goto error; diff --git a/src/detect-itype.c b/src/detect-itype.c index ac067ab355b5..a5abcc970042 100644 --- a/src/detect-itype.c +++ b/src/detect-itype.c @@ -101,20 +101,6 @@ static int DetectITypeMatch (DetectEngineThreadCtx *det_ctx, Packet *p, return DetectU8Match(pitype, itd); } -/** - * \brief This function is used to parse itype options passed via itype: keyword - * - * \param de_ctx Pointer to the detection engine context - * \param itypestr Pointer to the user provided itype options - * - * \retval itd pointer to DetectU8Data on success - * \retval NULL on failure - */ -static DetectU8Data *DetectITypeParse(DetectEngineCtx *de_ctx, const char *itypestr) -{ - return DetectU8Parse(itypestr); -} - /** * \brief this function is used to add the parsed itype data into the current signature * @@ -131,8 +117,9 @@ static int DetectITypeSetup(DetectEngineCtx *de_ctx, Signature *s, const char *i DetectU8Data *itd = NULL; SigMatch *sm = NULL; - itd = DetectITypeParse(de_ctx, itypestr); - if (itd == NULL) goto error; + itd = DetectU8Parse(itypestr); + if (itd == NULL) + return -1; sm = SigMatchAlloc(); if (sm == NULL) goto error; @@ -221,7 +208,7 @@ static bool PrefilterITypeIsPrefilterable(const Signature *s) static int DetectITypeParseTest01(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, "8"); + itd = DetectU8Parse("8"); FAIL_IF_NULL(itd); FAIL_IF_NOT(itd->arg1 == 8); FAIL_IF_NOT(itd->mode == DETECT_UINT_EQ); @@ -237,7 +224,7 @@ static int DetectITypeParseTest01(void) static int DetectITypeParseTest02(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, ">8"); + itd = DetectU8Parse(">8"); FAIL_IF_NULL(itd); FAIL_IF_NOT(itd->arg1 == 8); FAIL_IF_NOT(itd->mode == DETECT_UINT_GT); @@ -253,7 +240,7 @@ static int DetectITypeParseTest02(void) static int DetectITypeParseTest03(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, "<8"); + itd = DetectU8Parse("<8"); FAIL_IF_NULL(itd); FAIL_IF_NOT(itd->arg1 == 8); FAIL_IF_NOT(itd->mode == DETECT_UINT_LT); @@ -269,7 +256,7 @@ static int DetectITypeParseTest03(void) static int DetectITypeParseTest04(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, "8<>20"); + itd = DetectU8Parse("8<>20"); FAIL_IF_NULL(itd); FAIL_IF_NOT(itd->arg1 == 8); FAIL_IF_NOT(itd->arg2 == 20); @@ -286,7 +273,7 @@ static int DetectITypeParseTest04(void) static int DetectITypeParseTest05(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, " 8 "); + itd = DetectU8Parse(" 8 "); FAIL_IF_NULL(itd); FAIL_IF_NOT(itd->arg1 == 8); FAIL_IF_NOT(itd->mode == DETECT_UINT_EQ); @@ -302,7 +289,7 @@ static int DetectITypeParseTest05(void) static int DetectITypeParseTest06(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, " > 8 "); + itd = DetectU8Parse(" > 8 "); FAIL_IF_NULL(itd); FAIL_IF_NOT(itd->arg1 == 8); FAIL_IF_NOT(itd->mode == DETECT_UINT_GT); @@ -318,7 +305,7 @@ static int DetectITypeParseTest06(void) static int DetectITypeParseTest07(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, " 8 <> 20 "); + itd = DetectU8Parse(" 8 <> 20 "); FAIL_IF_NULL(itd); FAIL_IF_NOT(itd->arg1 == 8); FAIL_IF_NOT(itd->arg2 == 20); @@ -334,7 +321,7 @@ static int DetectITypeParseTest07(void) static int DetectITypeParseTest08(void) { DetectU8Data *itd = NULL; - itd = DetectITypeParse(NULL, "> 8 <> 20"); + itd = DetectU8Parse("> 8 <> 20"); FAIL_IF_NOT_NULL(itd); PASS; diff --git a/src/detect-rfb-sectype.c b/src/detect-rfb-sectype.c index 400ee5cb087c..476ea3fd3c06 100644 --- a/src/detect-rfb-sectype.c +++ b/src/detect-rfb-sectype.c @@ -90,20 +90,6 @@ static int DetectRfbSectypeMatch (DetectEngineThreadCtx *det_ctx, SCReturnInt(0); } -/** - * \internal - * \brief Function to parse options passed via rfb.sectype keywords. - * - * \param rawstr Pointer to the user provided options. - * - * \retval dd pointer to DetectU32Data on success. - * \retval NULL on failure. - */ -static DetectU32Data *DetectRfbSectypeParse(const char *rawstr) -{ - return DetectU32Parse(rawstr); -} - /** * \brief Function to add the parsed RFB security type field into the current signature. * @@ -119,10 +105,10 @@ static int DetectRfbSectypeSetup (DetectEngineCtx *de_ctx, Signature *s, const c if (DetectSignatureSetAppProto(s, ALPROTO_RFB) != 0) return -1; - DetectU32Data *dd = DetectRfbSectypeParse(rawstr); + DetectU32Data *dd = DetectU32Parse(rawstr); if (dd == NULL) { SCLogError("Parsing \'%s\' failed", rawstr); - goto error; + return -1; } /* okay so far so good, lets get this into a SigMatch diff --git a/src/output-json.c b/src/output-json.c index 7c3b7e27579c..6e5ff238d7a5 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -445,7 +445,13 @@ void EvePacket(const Packet *p, JsonBuilder *js, unsigned long max_length) if (!jb_open_object(js, "packet_info")) { return; } + /* + * ensure the object is closed on error. This is done defensively + * in case additional logic is added before the final jb_close() + * invocation + */ if (!jb_set_uint(js, "linktype", p->datalink)) { + jb_close(js); return; } jb_close(js); diff --git a/src/tests/detect-bsize.c b/src/tests/detect-bsize.c index 2fcd65658990..f0b13a8944a6 100644 --- a/src/tests/detect-bsize.c +++ b/src/tests/detect-bsize.c @@ -19,7 +19,7 @@ #define TEST_OK(str, m, lo, hi) \ { \ - DetectU64Data *bsz = DetectBsizeParse((str)); \ + DetectU64Data *bsz = DetectU64Parse((str)); \ FAIL_IF_NULL(bsz); \ FAIL_IF_NOT(bsz->mode == (m)); \ DetectBsizeFree(NULL, bsz); \ @@ -27,7 +27,7 @@ } #define TEST_FAIL(str) \ { \ - DetectU64Data *bsz = DetectBsizeParse((str)); \ + DetectU64Data *bsz = DetectU64Parse((str)); \ FAIL_IF_NOT_NULL(bsz); \ } diff --git a/src/tests/fuzz/confyaml.c b/src/tests/fuzz/confyaml.c index d36e8e31339e..e67e40a34727 100644 --- a/src/tests/fuzz/confyaml.c +++ b/src/tests/fuzz/confyaml.c @@ -1,4 +1,4 @@ -const char configNoChecksum[] = "\ +const char *configNoChecksum = "\ %YAML 1.1\n\ ---\n\ pcap-file:\n\ diff --git a/src/tests/fuzz/fuzz_applayerparserparse.c b/src/tests/fuzz/fuzz_applayerparserparse.c index 0ee263fc0b0c..820f32374464 100644 --- a/src/tests/fuzz/fuzz_applayerparserparse.c +++ b/src/tests/fuzz/fuzz_applayerparserparse.c @@ -21,7 +21,7 @@ int LLVMFuzzerInitialize(int *argc, char ***argv); AppLayerParserThreadCtx *alp_tctx = NULL; -#include "confyaml.c" +extern const char *configNoChecksum; /* input buffer is structured this way : * 6 bytes header, diff --git a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c index 598e7cc03ff6..34ec11e16fe5 100644 --- a/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c +++ b/src/tests/fuzz/fuzz_applayerprotodetectgetproto.c @@ -18,7 +18,7 @@ //rule of thumb constant, so as not to timeout target #define PROTO_DETECT_MAX_LEN 1024 -#include "confyaml.c" +extern const char *configNoChecksum; int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size); diff --git a/src/tests/fuzz/fuzz_predefpcap_aware.c b/src/tests/fuzz/fuzz_predefpcap_aware.c index c20e3d341d52..1b230021f342 100644 --- a/src/tests/fuzz/fuzz_predefpcap_aware.c +++ b/src/tests/fuzz/fuzz_predefpcap_aware.c @@ -42,7 +42,7 @@ void *fwd; SCInstance surifuzz; SC_ATOMIC_EXTERN(unsigned int, engine_stage); -#include "confyaml.c" +extern const char *configNoChecksum; char *filepath = NULL; diff --git a/src/tests/fuzz/fuzz_sigpcap.c b/src/tests/fuzz/fuzz_sigpcap.c index e5bd56deb476..216aa926deb0 100644 --- a/src/tests/fuzz/fuzz_sigpcap.c +++ b/src/tests/fuzz/fuzz_sigpcap.c @@ -42,7 +42,7 @@ void *fwd; SCInstance surifuzz; SC_ATOMIC_EXTERN(unsigned int, engine_stage); -#include "confyaml.c" +extern const char *configNoChecksum; int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { diff --git a/src/tests/fuzz/fuzz_sigpcap_aware.c b/src/tests/fuzz/fuzz_sigpcap_aware.c index d2454769859b..ea34925f78de 100644 --- a/src/tests/fuzz/fuzz_sigpcap_aware.c +++ b/src/tests/fuzz/fuzz_sigpcap_aware.c @@ -42,7 +42,7 @@ void *fwd; SCInstance surifuzz; SC_ATOMIC_EXTERN(unsigned int, engine_stage); -#include "confyaml.c" +extern const char *configNoChecksum; static void SigGenerateAware(const uint8_t *data, size_t size, char *r, size_t *len) {