42static void TransformLuaxform(
45#define LUAXFORM_MAX_ARGS 10
64static void DetectTransformLuaxformId(
const uint8_t **data, uint32_t *length,
void *context)
68 *data = (uint8_t *)lua->
id_data;
95static int DetectTransformLuaxformSetupPrime(
102 luaL_openlibs(luastate);
108 int status = luaL_loadfile(luastate, ld->
filename);
110 SCLogError(
"couldn't load file: %s", lua_tostring(luastate, -1));
115 if (lua_pcall(luastate, 0, 0, 0) != 0) {
116 SCLogError(
"couldn't prime file: %s", lua_tostring(luastate, -1));
120 lua_getglobal(luastate,
"transform");
121 if (lua_type(luastate, -1) != LUA_TFUNCTION) {
122 SCLogError(
"no transform function in script");
125 lua_pop(luastate, 1);
142 FatalError(
"unable to allocate memory for Lua transform: %s", optsstr);
145 lua->
copystr = strdup(optsstr);
146 lua->
id_data = strdup(optsstr);
148 FatalError(
"unable to allocate memory for Lua transform: %s", optsstr);
154 char *saveptr = NULL;
155 char *token = strtok_r(lua->
copystr,
",", &saveptr);
157 lua->
args[count++] = token;
158 token = strtok_r(NULL,
",", &saveptr);
178 DetectTransformLuaxformFree(
de_ctx, lua);
182static void *DetectLuaxformThreadInit(
void *data)
189 FatalError(
"unable to allocate luaxform context memory");
212 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
218 lua_getglobal(t->
luastate,
"thread_init");
219 if (lua_isfunction(t->
luastate, -1)) {
220 if (lua_pcall(t->
luastate, 0, 0, 0) != 0) {
221 SCLogError(
"couldn't run script 'thread_init' function: %s",
238static void DetectLuaxformThreadFree(
void *
ctx)
266 SCLogError(
"Lua rules disabled by security configuration: security.lua.allow-rules");
277 int allow_restricted_functions = 0;
278 (void)
SCConfGetInt(
"security.lua.max-bytes", &lua_alloc_limit);
279 (void)
SCConfGetInt(
"security.lua.max-instructions", &lua_instruction_limit);
280 (void)
SCConfGetBool(
"security.lua.allow-restricted-functions", &allow_restricted_functions);
286 if (DetectTransformLuaxformSetupPrime(
de_ctx, lua, s) == -1) {
291 de_ctx,
"luaxform", DetectLuaxformThreadInit, (
void *)lua, DetectLuaxformThreadFree, 0);
301 DetectTransformLuaxformFree(
de_ctx, lua);
305static void TransformLuaxform(
319 lua_getglobal(tlua->
luastate,
"transform");
321 const uint8_t *input = buffer->
inspect;
333 for (
int i = 1; i < lua->
arg_count + 1; i++) {
341 if (LUA_OK != lua_pcall(tlua->
luastate, 2, 2, 0)) {
345 int return_value_count = lua_gettop(tlua->
luastate);
346 if (return_value_count != 2) {
347 SCLogDebug(
"Error: expected 2 return values but got %d", return_value_count);
351 if (lua_isstring(tlua->
luastate, -2)) {
352 const char *transformed_buffer = lua_tostring(tlua->
luastate, -2);
353 lua_Integer transformed_buffer_byte_count = lua_tointeger(tlua->
luastate, -1);
354 if (transformed_buffer != NULL && transformed_buffer_byte_count > 0)
356 (uint32_t)transformed_buffer_byte_count);
357 SCLogDebug(
"transform returns [nbytes %d] \"%p\"",
358 (uint32_t)transformed_buffer_byte_count, transformed_buffer);
363 while (lua_gettop(tlua->
luastate) > 0) {
372 "pass inspection buffer to a Lua function along with "
373 "arguments supplied to the transform";
int SCConfGetInt(const char *name, intmax_t *val)
Retrieve a configuration value as an integer.
int SCConfGetBool(const char *name, int *val)
Retrieve a configuration value as a boolean.
int SCDetectSignatureAddTransform(Signature *s, int transform, void *options)
void InspectionBufferCopy(InspectionBuffer *buffer, uint8_t *buf, uint32_t buf_len)
char * DetectLoadCompleteSigPath(const DetectEngineCtx *de_ctx, const char *sig_file)
Create the path if default-rule-path was specified.
@ DETECT_TRANSFORM_LUAXFORM
void * DetectThreadCtxGetKeywordThreadCtx(DetectEngineThreadCtx *det_ctx, int id)
Retrieve thread local keyword ctx by id.
int DetectRegisterThreadCtxFuncs(DetectEngineCtx *de_ctx, const char *name, void *(*InitFunc)(void *), void *data, void(*FreeFunc)(void *), int mode)
Register Thread keyword context Funcs.
int DetectUnregisterThreadCtxFuncs(DetectEngineCtx *de_ctx, void *data, const char *name)
Remove Thread keyword context registration.
#define DEFAULT_LUA_INSTRUCTION_LIMIT
#define DEFAULT_LUA_ALLOC_LIMIT
SigTableElmt * sigmatch_table
#define SIGMATCH_QUOTES_OPTIONAL
main detection engine ctx
int(* Setup)(DetectEngineCtx *, Signature *, const char *)
void(* Free)(DetectEngineCtx *, void *)
void(* TransformId)(const uint8_t **data, uint32_t *length, void *context)
void(* Transform)(DetectEngineThreadCtx *, InspectionBuffer *, void *context)
struct lua_State lua_State
#define SCLogError(...)
Macro used to log ERROR messages.
void SCLuaRequirefBuiltIns(lua_State *L)
Register Suricata built-in modules for loading in a non-sandboxed environment.
void SCLuaSbStateClose(lua_State *L)
void SCLuaSbLoadLibs(lua_State *L)
lua_State * SCLuaSbStateNew(uint64_t alloclimit, uint64_t instructionlimit)
Allocate a new Lua sandbox.
void SCLuaSbResetInstructionCounter(lua_State *L)
int LuaPushStringBuffer(lua_State *luastate, const uint8_t *input, size_t input_len)
int LuaPushInteger(lua_State *luastate, lua_Integer n)