|
|
@@ -23,7 +23,7 @@ using namespace std; |
|
|
|
|
|
|
|
//// Version Info |
|
|
|
|
|
|
|
const char* SNF_ENGINE_VERSION = "SNFMulti Engine Version 3.0.16 Build: " __DATE__ " " __TIME__; |
|
|
|
const char* SNF_ENGINE_VERSION = "SNFMulti Engine Version 3.0.17 Build: " __DATE__ " " __TIME__; |
|
|
|
|
|
|
|
//// Script Caller Methods |
|
|
|
|
|
|
@@ -1283,6 +1283,20 @@ string snf_EngineHandler::extractMessageID( |
|
|
|
|
|
|
|
const LogicFault FaultBadMessageBuffer1("snf_EngineHandler::scanMessage():FaultBadMessageBuffer1(NULL == inputMessageBuffer)"); |
|
|
|
const LogicFault FaultBadMessageBuffer2("snf_EngineHandler::scanMessage():FaultBadMessageBuffer2(0 >= inputMessageLength)"); |
|
|
|
|
|
|
|
const char Unknown_SNFMatchFlag = '-';
|
|
|
|
const char Panic_SNFMatchFlag = 'p';
|
|
|
|
const char Match_SNFMatchFlag = 'm';
|
|
|
|
const char White_SNFMatchFlag = 'w';
|
|
|
|
const char Final_SNFMatchFlag = 'f';
|
|
|
|
|
|
|
|
void captureMatchRecord(snf_match& M, MatchRecord* R) {
|
|
|
|
M.flag = Unknown_SNFMatchFlag;
|
|
|
|
M.ruleid = R->RuleId();
|
|
|
|
M.symbol = R->RuleGroup();
|
|
|
|
M.index = R->MatchStartPosition;
|
|
|
|
M.endex = R->MatchEndPosition;
|
|
|
|
}
|
|
|
|
|
|
|
|
int snf_EngineHandler::scanMessage( // Scan this message (in buffer). |
|
|
|
const unsigned char* inputMessageBuffer, // -- this is the message buffer. |
|
|
@@ -1590,37 +1604,34 @@ int snf_EngineHandler::scanMessage( |
|
|
|
|
|
|
|
snf_match TmpSNFMatch; // We'll need a buffer for our matches. |
|
|
|
|
|
|
|
while(NULL!=ResultCursor) { // We will run through the results. |
|
|
|
if(MyCFGPacket.isRulePanic(ResultCursor->RuleId())) { // If we have a rule panic then |
|
|
|
MyScanData.RulePanics.insert(ResultCursor->RuleId()); // add the rule ID to our panics list. |
|
|
|
TmpSNFMatch.flag = 'p'; // Record the match as a panic. |
|
|
|
TmpSNFMatch.ruleid = ResultCursor->RuleId(); // Fill out the details of the match. |
|
|
|
TmpSNFMatch.symbol = ResultCursor->RuleGroup(); // and add it to our list. |
|
|
|
TmpSNFMatch.index = ResultCursor->MatchStartPosition; |
|
|
|
TmpSNFMatch.endex = ResultCursor->MatchEndPosition; |
|
|
|
MyScanData.MatchRecords.push_back(TmpSNFMatch); |
|
|
|
} else { // If we did not have a panic then |
|
|
|
if(ResultCursor->RuleGroup()<S) { // if we find a better symbol we |
|
|
|
FinalResult = ResultCursor; // can grab the result record and the |
|
|
|
S = ResultCursor->RuleGroup(); // symbol value. |
|
|
|
} |
|
|
|
if( // Figure out what kind of match this is. |
|
|
|
(MyCFGPacket.Config()->TrainingWhiteRuleHandler.isListed( // If the symbol is in the known white |
|
|
|
ResultCursor->RuleGroup())) || // rule groups OR if the symbol is |
|
|
|
(0 == ResultCursor->RuleGroup()) // zero (same as clean) then |
|
|
|
) { // we will record this match |
|
|
|
TmpSNFMatch.flag = 'w'; // as a white-rule... set the flag to w. |
|
|
|
} else { // For all other cases we will |
|
|
|
TmpSNFMatch.flag = 'm'; // simply record a match (m). |
|
|
|
} |
|
|
|
TmpSNFMatch.ruleid = ResultCursor->RuleId(); // Fill out the details of the match. |
|
|
|
TmpSNFMatch.symbol = ResultCursor->RuleGroup(); // and add it to our list. |
|
|
|
TmpSNFMatch.index = ResultCursor->MatchStartPosition; |
|
|
|
TmpSNFMatch.endex = ResultCursor->MatchEndPosition; |
|
|
|
MyScanData.MatchRecords.push_back(TmpSNFMatch); |
|
|
|
} |
|
|
|
ResultsCount++; // Count this result. |
|
|
|
ResultCursor=ResultCursor->NextMatchRecord; // Then we keep looking. |
|
|
|
while(NULL!=ResultCursor) { // While we have records to process...
|
|
|
|
captureMatchRecord(TmpSNFMatch, ResultCursor); // grab the next record and evaluate it.
|
|
|
|
|
|
|
|
bool isPanickedRule = MyCFGPacket.isRulePanic(TmpSNFMatch.ruleid);
|
|
|
|
bool isVotingCandidate = (false == isPanickedRule);
|
|
|
|
bool isWhiteRule = (
|
|
|
|
MyCFGPacket.Config()->TrainingWhiteRuleHandler.isListed(TmpSNFMatch.ruleid) ||
|
|
|
|
0 == TmpSNFMatch.symbol
|
|
|
|
);
|
|
|
|
bool isBestResultCode = (TmpSNFMatch.symbol < S);
|
|
|
|
|
|
|
|
// Set an appropriate flag.
|
|
|
|
|
|
|
|
if(isPanickedRule) TmpSNFMatch.flag = Panic_SNFMatchFlag;
|
|
|
|
else if(isWhiteRule) TmpSNFMatch.flag = White_SNFMatchFlag;
|
|
|
|
else TmpSNFMatch.flag = Match_SNFMatchFlag;
|
|
|
|
|
|
|
|
// Vote for best rule match.
|
|
|
|
|
|
|
|
if(isVotingCandidate && isBestResultCode) {
|
|
|
|
FinalResult = ResultCursor;
|
|
|
|
S = TmpSNFMatch.symbol;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Move on to next result.
|
|
|
|
|
|
|
|
ResultsCount++;
|
|
|
|
ResultCursor=ResultCursor->NextMatchRecord;
|
|
|
|
} |
|
|
|
|
|
|
|
if(NO_SYMBOL != S) { // If a pattern match was detected then |