1 //--------------------------------------------------------------------------
2 // Copyright (C) 2014-2021 Cisco and/or its affiliates. All rights reserved.
3 // Copyright (C) 2012-2013 Sourcefire, Inc.
4 //
5 // This program is free software; you can redistribute it and/or modify it
6 // under the terms of the GNU General Public License Version 2 as published
7 // by the Free Software Foundation. You may not use, modify or distribute
8 // this program under any other version of the GNU General Public License.
9 //
10 // This program is distributed in the hope that it will be useful, but
11 // WITHOUT ANY WARRANTY; without even the implied warranty of
12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 // General Public License for more details.
14 //
15 // You should have received a copy of the GNU General Public License along
16 // with this program; if not, write to the Free Software Foundation, Inc.,
17 // 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18 //--------------------------------------------------------------------------
19
20 // file_mime_config.cc author Hui Cao <huica@cisco.com>
21 // 9.25.2012 - Initial Source Code. Hui Cao
22
23 #ifdef HAVE_CONFIG_H
24 #include "config.h"
25 #endif
26
27 #include "file_mime_config.h"
28
29 #include "log/messages.h"
30 #include "file_api/file_service.h"
31
32 using namespace snort;
33
set_ignore_data(bool ignored)34 void DecodeConfig::set_ignore_data(bool ignored)
35 {
36 ignore_data = ignored;
37 }
38
is_ignore_data() const39 bool DecodeConfig::is_ignore_data() const
40 {
41 return ignore_data;
42 }
43
set_b64_depth(int depth)44 void DecodeConfig::set_b64_depth(int depth)
45 {
46 b64_depth = depth;
47 }
48
get_b64_depth() const49 int DecodeConfig::get_b64_depth() const
50 {
51 return b64_depth;
52 }
53
set_qp_depth(int depth)54 void DecodeConfig::set_qp_depth(int depth)
55 {
56 qp_depth = depth;
57 }
58
get_qp_depth() const59 int DecodeConfig::get_qp_depth() const
60 {
61 return qp_depth;
62 }
63
set_bitenc_depth(int depth)64 void DecodeConfig::set_bitenc_depth(int depth)
65 {
66 bitenc_depth = depth;
67 }
68
get_bitenc_depth() const69 int DecodeConfig::get_bitenc_depth() const
70 {
71 return bitenc_depth;
72 }
73
set_uu_depth(int depth)74 void DecodeConfig::set_uu_depth(int depth)
75 {
76 uu_depth = depth;
77 }
78
get_uu_depth() const79 int DecodeConfig::get_uu_depth() const
80 {
81 return uu_depth;
82 }
83
set_decompress_pdf(bool enabled)84 void DecodeConfig::set_decompress_pdf(bool enabled)
85 {
86 decompress_pdf = enabled;
87 }
88
is_decompress_pdf() const89 bool DecodeConfig::is_decompress_pdf() const
90 {
91 return decompress_pdf;
92 }
93
set_decompress_swf(bool enabled)94 void DecodeConfig::set_decompress_swf(bool enabled)
95 {
96 decompress_swf = enabled;
97 }
98
is_decompress_swf() const99 bool DecodeConfig::is_decompress_swf() const
100 {
101 return decompress_swf;
102 }
103
set_decompress_zip(bool enabled)104 void DecodeConfig::set_decompress_zip(bool enabled)
105 {
106 decompress_zip = enabled;
107 }
108
is_decompress_zip() const109 bool DecodeConfig::is_decompress_zip() const
110 {
111 return decompress_zip;
112 }
113
set_decompress_vba(bool enabled)114 void DecodeConfig::set_decompress_vba(bool enabled)
115 {
116 decompress_vba = enabled;
117 }
118
is_decompress_vba() const119 bool DecodeConfig::is_decompress_vba() const
120 {
121 return decompress_vba;
122 }
123
set_decompress_buffer_size(uint32_t size)124 void DecodeConfig::set_decompress_buffer_size(uint32_t size)
125 {
126 decompress_buffer_size = size;
127 }
128
get_decompress_buffer_size() const129 uint32_t DecodeConfig::get_decompress_buffer_size() const
130 {
131 return decompress_buffer_size;
132 }
133
get_file_depth() const134 int64_t DecodeConfig::get_file_depth() const
135 {
136 return file_depth;
137 }
138
is_decoding_enabled() const139 bool DecodeConfig::is_decoding_enabled() const
140 {
141 return decode_enabled;
142 }
143
144 // update file depth and max_depth etc
sync_all_depths()145 void DecodeConfig::sync_all_depths()
146 {
147 file_depth = FileService::get_max_file_depth();
148 decode_enabled = (file_depth >= 0) or (b64_depth >= 0) or (qp_depth >= 0) or
149 (bitenc_depth >= 0) or (uu_depth >= 0);
150 }
151
get_max_depth(int decode_depth) const152 int DecodeConfig::get_max_depth(int decode_depth) const
153 {
154 if ( file_depth and decode_depth )
155 return (file_depth > decode_depth) ? file_depth : decode_depth;
156
157 return 0;
158 }
159
160 //FIXIT-L update this after mime decode depths are revisited
show(bool full) const161 void DecodeConfig::show(bool full) const
162 {
163 if ( !decode_enabled )
164 {
165 ConfigLogger::log_flag("decode_enabled", decode_enabled);
166 return;
167 }
168
169 auto b64 = (b64_depth == 0) ? -1 : ((b64_depth == -1) ? 0 : b64_depth);
170 auto qp = (qp_depth == 0) ? -1 : ((qp_depth == -1) ? 0 : qp_depth);
171 auto uu = (uu_depth == 0) ? -1 : ((uu_depth == -1) ? 0 : uu_depth);
172 auto bitenc = (bitenc_depth == 0) ? -1 : ((bitenc_depth == -1) ? 0 : bitenc_depth);
173 ConfigLogger::log_limit("b64_decode_depth", b64, -1, 0);
174 ConfigLogger::log_limit("qp_decode_depth", qp, -1, 0);
175 ConfigLogger::log_limit("uu_decode_depth", uu, -1, 0);
176 ConfigLogger::log_limit("bitenc_decode_depth", bitenc, -1, 0);
177
178 if ( full )
179 ConfigLogger::log_flag("ignore_data", ignore_data);
180
181 ConfigLogger::log_flag("decompress_pdf", decompress_pdf);
182 ConfigLogger::log_flag("decompress_swf", decompress_swf);
183 ConfigLogger::log_flag("decompress_zip", decompress_zip);
184 ConfigLogger::log_flag("decompress_vba", decompress_vba);
185 ConfigLogger::log_value("decompress_buffer_size", decompress_buffer_size);
186 }
187
188