|
| 1 | +/* Copyright (C) 2024 Open Information Security Foundation |
| 2 | + * |
| 3 | + * You can copy, redistribute or modify this Program under the terms of |
| 4 | + * the GNU General Public License version 2 as published by the Free |
| 5 | + * Software Foundation. |
| 6 | + * |
| 7 | + * This program is distributed in the hope that it will be useful, |
| 8 | + * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 9 | + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 10 | + * GNU General Public License for more details. |
| 11 | + * |
| 12 | + * You should have received a copy of the GNU General Public License |
| 13 | + * version 2 along with this program; if not, write to the Free Software |
| 14 | + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA |
| 15 | + * 02110-1301, USA. |
| 16 | + */ |
| 17 | + |
| 18 | +// Author: QianKaiLin <linqiankai666@outlook.com> |
| 19 | + |
| 20 | +/// Detect |
| 21 | +/// Get the mysql query |
| 22 | +use super::mysql::{MysqlTransaction, ALPROTO_MYSQL}; |
| 23 | +use crate::detect::{ |
| 24 | + DetectBufferSetActiveList, DetectHelperBufferMpmRegister, DetectHelperGetData, |
| 25 | + DetectHelperGetMultiData, DetectHelperKeywordRegister, DetectHelperMultiBufferMpmRegister, |
| 26 | + DetectSignatureSetAppProto, SCSigTableElmt, SIGMATCH_NOOPT, |
| 27 | +}; |
| 28 | +use std::os::raw::{c_int, c_void}; |
| 29 | + |
| 30 | +static mut G_MYSQL_COMMAND_BUFFER_ID: c_int = 0; |
| 31 | +static mut G_MYSQL_ROWS_BUFFER_ID: c_int = 0; |
| 32 | + |
| 33 | +#[no_mangle] |
| 34 | +unsafe extern "C" fn SCMysqlCommandSetup( |
| 35 | + de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, |
| 36 | +) -> c_int { |
| 37 | + if DetectSignatureSetAppProto(s, ALPROTO_MYSQL) != 0 { |
| 38 | + return -1; |
| 39 | + } |
| 40 | + if DetectBufferSetActiveList(de, s, G_MYSQL_COMMAND_BUFFER_ID) < 0 { |
| 41 | + return -1; |
| 42 | + } |
| 43 | + return 0; |
| 44 | +} |
| 45 | + |
| 46 | +#[no_mangle] |
| 47 | +unsafe extern "C" fn SCMysqlGetCommand( |
| 48 | + de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, |
| 49 | + tx: *const c_void, list_id: c_int, |
| 50 | +) -> *mut c_void { |
| 51 | + return DetectHelperGetData( |
| 52 | + de, |
| 53 | + transforms, |
| 54 | + flow, |
| 55 | + flow_flags, |
| 56 | + tx, |
| 57 | + list_id, |
| 58 | + SCMysqlGetCommandData, |
| 59 | + ); |
| 60 | +} |
| 61 | + |
| 62 | +#[no_mangle] |
| 63 | +unsafe extern "C" fn SCMysqlGetCommandData( |
| 64 | + tx: *const c_void, _flags: u8, buf: *mut *const u8, len: *mut u32, |
| 65 | +) -> bool { |
| 66 | + let tx = cast_pointer!(tx, MysqlTransaction); |
| 67 | + if let Some(command) = &tx.command { |
| 68 | + if !command.is_empty() { |
| 69 | + *buf = command.as_ptr(); |
| 70 | + *len = command.len() as u32; |
| 71 | + return true; |
| 72 | + } |
| 73 | + } |
| 74 | + |
| 75 | + false |
| 76 | +} |
| 77 | + |
| 78 | +#[no_mangle] |
| 79 | +unsafe extern "C" fn SCMysqlRowsSetup( |
| 80 | + de: *mut c_void, s: *mut c_void, _raw: *const std::os::raw::c_char, |
| 81 | +) -> c_int { |
| 82 | + if DetectSignatureSetAppProto(s, ALPROTO_MYSQL) != 0 { |
| 83 | + return -1; |
| 84 | + } |
| 85 | + if DetectBufferSetActiveList(de, s, G_MYSQL_ROWS_BUFFER_ID) < 0 { |
| 86 | + return -1; |
| 87 | + } |
| 88 | + return 0; |
| 89 | +} |
| 90 | + |
| 91 | +#[no_mangle] |
| 92 | +unsafe extern "C" fn SCMysqlGetRows( |
| 93 | + de: *mut c_void, transforms: *const c_void, flow: *const c_void, flow_flags: u8, |
| 94 | + tx: *const c_void, list_id: c_int, local_id: u32, |
| 95 | +) -> *mut c_void { |
| 96 | + return DetectHelperGetMultiData( |
| 97 | + de, |
| 98 | + transforms, |
| 99 | + flow, |
| 100 | + flow_flags, |
| 101 | + tx, |
| 102 | + list_id, |
| 103 | + local_id, |
| 104 | + SCMysqlGetRowsData, |
| 105 | + ); |
| 106 | +} |
| 107 | + |
| 108 | +/// Get the mysql rows at index i |
| 109 | +#[no_mangle] |
| 110 | +pub unsafe extern "C" fn SCMysqlGetRowsData( |
| 111 | + tx: *const c_void, _flow_flags: u8, local_id: u32, buf: *mut *const u8, len: *mut u32, |
| 112 | +) -> bool { |
| 113 | + let tx = cast_pointer!(tx, MysqlTransaction); |
| 114 | + if let Some(rows) = &tx.rows { |
| 115 | + if !rows.is_empty() { |
| 116 | + let index = local_id as usize; |
| 117 | + if let Some(row) = rows.get(index) { |
| 118 | + *buf = row.as_ptr(); |
| 119 | + *len = row.len() as u32; |
| 120 | + return true; |
| 121 | + } |
| 122 | + } |
| 123 | + } |
| 124 | + |
| 125 | + false |
| 126 | +} |
| 127 | + |
| 128 | +#[no_mangle] |
| 129 | +pub unsafe extern "C" fn ScDetectMysqlRegister() { |
| 130 | + let kw = SCSigTableElmt { |
| 131 | + name: b"mysql.command\0".as_ptr() as *const libc::c_char, |
| 132 | + desc: b"sticky buffer to match on the MySQL command\0".as_ptr() as *const libc::c_char, |
| 133 | + url: b"/rules/mysql-keywords.html#mysql-command\0".as_ptr() as *const libc::c_char, |
| 134 | + Setup: SCMysqlCommandSetup, |
| 135 | + flags: SIGMATCH_NOOPT, |
| 136 | + AppLayerTxMatch: None, |
| 137 | + Free: None, |
| 138 | + }; |
| 139 | + let _g_mysql_command_kw_id = DetectHelperKeywordRegister(&kw); |
| 140 | + G_MYSQL_COMMAND_BUFFER_ID = DetectHelperBufferMpmRegister( |
| 141 | + b"mysql.command\0".as_ptr() as *const libc::c_char, |
| 142 | + b"mysql.command\0".as_ptr() as *const libc::c_char, |
| 143 | + ALPROTO_MYSQL, |
| 144 | + false, |
| 145 | + true, |
| 146 | + SCMysqlGetCommand, |
| 147 | + ); |
| 148 | + let kw = SCSigTableElmt { |
| 149 | + name: b"mysql.rows\0".as_ptr() as *const libc::c_char, |
| 150 | + desc: b"sticky buffer to match on the MySQL Rows\0".as_ptr() as *const libc::c_char, |
| 151 | + url: b"/rules/mysql-keywords.html#mysql-rows\0".as_ptr() as *const libc::c_char, |
| 152 | + Setup: SCMysqlRowsSetup, |
| 153 | + flags: SIGMATCH_NOOPT, |
| 154 | + AppLayerTxMatch: None, |
| 155 | + Free: None, |
| 156 | + }; |
| 157 | + let _g_mysql_rows_kw_id = DetectHelperKeywordRegister(&kw); |
| 158 | + G_MYSQL_ROWS_BUFFER_ID = DetectHelperMultiBufferMpmRegister( |
| 159 | + b"mysql.rows\0".as_ptr() as *const libc::c_char, |
| 160 | + b"mysql select statement resultset\0".as_ptr() as *const libc::c_char, |
| 161 | + ALPROTO_MYSQL, |
| 162 | + true, |
| 163 | + false, |
| 164 | + SCMysqlGetRows, |
| 165 | + ); |
| 166 | +} |
0 commit comments