Skip to content

Commit

Permalink
lua/datasets: factor out into its own file
Browse files Browse the repository at this point in the history
This is mainly for header sanitization to avoid pulling in detect
modules into the Lua sandbox definition.

Plus if we namespace modules with names like "suricata.dataset", it
probably makes sense to keep those modules in their own files.
  • Loading branch information
jasonish authored and victorjulien committed Jan 12, 2025
1 parent e397f21 commit 05853fb
Show file tree
Hide file tree
Showing 6 changed files with 165 additions and 140 deletions.
2 changes: 2 additions & 0 deletions src/Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -506,6 +506,7 @@ noinst_HEADERS = \
util-logopenfile.h \
util-log-redis.h \
util-lua-common.h \
util-lua-dataset.h \
util-lua-dnp3.h \
util-lua-dnp3-objects.h \
util-lua-dns.h \
Expand Down Expand Up @@ -1053,6 +1054,7 @@ libsuricata_c_a_SOURCES = \
util-log-redis.c \
util-lua.c \
util-lua-common.c \
util-lua-dataset.c \
util-lua-dnp3.c \
util-lua-dnp3-objects.c \
util-lua-dns.c \
Expand Down
134 changes: 0 additions & 134 deletions src/detect-lua-extensions.c
Original file line number Diff line number Diff line change
Expand Up @@ -24,40 +24,17 @@
*/

#include "suricata-common.h"
#include "conf.h"

#include "threads.h"
#include "decode.h"
#include "datasets.h"

#include "detect.h"
#include "detect-parse.h"
#include "detect-flowvar.h"

#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"

#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"

#include "util-debug.h"
#include "util-spm-bm.h"
#include "util-print.h"

#include "util-unittest.h"
#include "util-unittest-helper.h"

#include "app-layer.h"

#include "stream-tcp.h"

#include "detect-lua.h"

#include "queue.h"
#include "util-cpu.h"

#include "app-layer-parser.h"

#include "util-lua.h"
Expand All @@ -74,13 +51,6 @@

static const char luaext_key_ld[] = "suricata:luadata";

/* hack to please scan-build. Even though LuaCallbackError *always*
* returns 2, scan-build doesn't accept it and generates false
* positives */
#define LUA_ERROR(msg) \
LuaCallbackError(luastate, (msg)); \
return 2

static int GetLuaData(lua_State *luastate, DetectLuaData **ret_ld)
{
*ret_ld = NULL;
Expand Down Expand Up @@ -415,110 +385,6 @@ static int LuaSetFlowint(lua_State *luastate)
return 0;
}

struct LuaDataset {
Dataset *set;
};

static int LuaDatasetGC(lua_State *luastate)
{
SCLogDebug("gc:start");
struct LuaDataset *s = (struct LuaDataset *)lua_touserdata(luastate, 1);
SCLogDebug("deref %s", s->set->name);
s->set = NULL;
SCLogDebug("gc:done");
return 0;
}

static int LuaDatasetGetRef(lua_State *luastate)
{
SCLogDebug("get");
struct LuaDataset *s = (struct LuaDataset *)lua_touserdata(luastate, 1);
if (s == NULL) {
LUA_ERROR("dataset is not initialized");
}

const char *name = lua_tostring(luastate, 2);
if (name == NULL) {
LUA_ERROR("null string");
}

Dataset *dataset = DatasetFind(name, DATASET_TYPE_STRING);
if (dataset == NULL) {
LUA_ERROR("dataset not found");
}
s->set = dataset;
return 0;
}

static int LuaDatasetAdd(lua_State *luastate)
{
SCLogDebug("add:start");
struct LuaDataset *s = (struct LuaDataset *)lua_touserdata(luastate, 1);
if (s == NULL) {
LUA_ERROR("dataset is not initialized");
}
if (!lua_isstring(luastate, 2)) {
LUA_ERROR("1st arg is not a string");
}
if (!lua_isnumber(luastate, 3)) {
LUA_ERROR("2nd arg is not a number");
}

const uint8_t *str = (const uint8_t *)lua_tostring(luastate, 2);
if (str == NULL) {
LUA_ERROR("1st arg is not null string");
}

uint32_t str_len = lua_tonumber(luastate, 3);

int r = DatasetAdd(s->set, (const uint8_t *)str, str_len);
/* return value through luastate, as a luanumber */
lua_pushnumber(luastate, (lua_Number)r);
SCLogDebug("add:end");
return 1;
}

static int LuaDatasetNew(lua_State *luastate)
{
SCLogDebug("new:start");
struct LuaDataset *s = (struct LuaDataset *)lua_newuserdata(luastate, sizeof(*s));
if (s == NULL) {
LUA_ERROR("failed to get userdata");
}
luaL_getmetatable(luastate, "dataset::metatable");
lua_setmetatable(luastate, -2);
SCLogDebug("new:done");
return 1;
}

// clang-format off
const luaL_Reg datasetlib[] = {
{ "new", LuaDatasetNew },
{ "get", LuaDatasetGetRef },
{ "add", LuaDatasetAdd },
{ "__gc", LuaDatasetGC },
{ NULL, NULL }
};
// clang-format on

static void SetFuncs(lua_State *luastate, const luaL_Reg *lib)
{
for (; lib->name != NULL; lib++) {
lua_pushstring(luastate, lib->name);
lua_pushcfunction(luastate, lib->func);
lua_settable(luastate, -3);
}
}

void LuaLoadDatasetLib(lua_State *luastate)
{
luaL_newmetatable(luastate, "dataset::metatable");
lua_pushvalue(luastate, -1);
lua_setfield(luastate, -2, "__index");
luaL_setfuncs(luastate, datasetlib, 0);
luaL_newlib(luastate, datasetlib);
}

static int LuaIncrFlowint(lua_State *luastate)
{
uint32_t idx;
Expand Down
7 changes: 7 additions & 0 deletions src/util-lua-common.h
Original file line number Diff line number Diff line change
Expand Up @@ -35,4 +35,11 @@ int LuaRegisterFunctions(lua_State *luastate);

int LuaStateNeedProto(lua_State *luastate, AppProto alproto);

/* hack to please scan-build. Even though LuaCallbackError *always*
* returns 2, scan-build doesn't accept it and generates false
* positives */
#define LUA_ERROR(msg) \
LuaCallbackError(luastate, (msg)); \
return 2

#endif /* SURICATA_UTIL_LUA_COMMON_H */
130 changes: 130 additions & 0 deletions src/util-lua-dataset.c
Original file line number Diff line number Diff line change
@@ -0,0 +1,130 @@
/* Copyright (C) 2025 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

/**
* \file
*
* Dataset API for Lua.
*
* local dataset = require("suricata.dataset")
*/

#include "suricata-common.h"

#include "util-lua-dataset.h"

#include "app-layer-protos.h" /* Required by util-lua-common. */
#include "util-lua-common.h"
#include "util-lua.h"
#include "util-debug.h"

#include "datasets.h"

struct LuaDataset {
Dataset *set;
};

static int LuaDatasetGC(lua_State *luastate)
{
SCLogDebug("gc:start");
struct LuaDataset *s = (struct LuaDataset *)lua_touserdata(luastate, 1);
SCLogDebug("deref %s", s->set->name);
s->set = NULL;
SCLogDebug("gc:done");
return 0;
}

static int LuaDatasetGetRef(lua_State *luastate)
{
SCLogDebug("get");
struct LuaDataset *s = (struct LuaDataset *)lua_touserdata(luastate, 1);
if (s == NULL) {
LUA_ERROR("dataset is not initialized");
}

const char *name = lua_tostring(luastate, 2);
if (name == NULL) {
LUA_ERROR("null string");
}

Dataset *dataset = DatasetFind(name, DATASET_TYPE_STRING);
if (dataset == NULL) {
LUA_ERROR("dataset not found");
}
s->set = dataset;
return 0;
}

static int LuaDatasetAdd(lua_State *luastate)
{
SCLogDebug("add:start");
struct LuaDataset *s = (struct LuaDataset *)lua_touserdata(luastate, 1);
if (s == NULL) {
LUA_ERROR("dataset is not initialized");
}
if (!lua_isstring(luastate, 2)) {
LUA_ERROR("1st arg is not a string");
}
if (!lua_isnumber(luastate, 3)) {
LUA_ERROR("2nd arg is not a number");
}

const uint8_t *str = (const uint8_t *)lua_tostring(luastate, 2);
if (str == NULL) {
LUA_ERROR("1st arg is not null string");
}

uint32_t str_len = lua_tonumber(luastate, 3);

int r = DatasetAdd(s->set, (const uint8_t *)str, str_len);
/* return value through luastate, as a luanumber */
lua_pushnumber(luastate, (lua_Number)r);
SCLogDebug("add:end");
return 1;
}

static int LuaDatasetNew(lua_State *luastate)
{
SCLogDebug("new:start");
struct LuaDataset *s = (struct LuaDataset *)lua_newuserdata(luastate, sizeof(*s));
if (s == NULL) {
LUA_ERROR("failed to get userdata");
}
luaL_getmetatable(luastate, "dataset::metatable");
lua_setmetatable(luastate, -2);
SCLogDebug("new:done");
return 1;
}

// clang-format off
static const luaL_Reg datasetlib[] = {
{ "new", LuaDatasetNew },
{ "get", LuaDatasetGetRef },
{ "add", LuaDatasetAdd },
{ "__gc", LuaDatasetGC },
{ NULL, NULL }
};
// clang-format on

void LuaLoadDatasetLib(lua_State *luastate)
{
luaL_newmetatable(luastate, "dataset::metatable");
lua_pushvalue(luastate, -1);
lua_setfield(luastate, -2, "__index");
luaL_setfuncs(luastate, datasetlib, 0);
luaL_newlib(luastate, datasetlib);
}
25 changes: 25 additions & 0 deletions src/util-lua-dataset.h
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
/* Copyright (C) 2025 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/

#ifndef SURICATA_UTIL_LUA_DATASET_H
#define SURICATA_UTIL_LUA_DATASET_H

#include "lua.h"

void LuaLoadDatasetLib(lua_State *luastate);

#endif /* SURICATA_UTIL_LUA_DATASET_H */
7 changes: 1 addition & 6 deletions src/util-lua-sandbox.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,7 @@
#include "util-debug.h"
#include "util-validate.h"
#include "util-lua-sandbox.h"

/* TODO: Need to get Lua dataset support out of detect-lua-extensions,
* shouldn't need to pull in detect-engine, if via another include. */
#include "detect-lua.h"
#include "detect-engine.h"
#include "detect-lua-extensions.h"
#include "util-lua-dataset.h"

#define SANDBOX_CTX "SANDBOX_CTX"

Expand Down

0 comments on commit 05853fb

Please sign in to comment.