Propagate failure reason in spicy::decline_input/zeek::reject_protocol.

Closes #3276.
2025-10-02 14:48:21 +00:00 · 2023-09-06 08:19:38 +02:00 · 2023-09-06 08:19:38 +02:00 · d7c3e0ac69
commit d7c3e0ac69
parent 7e11501d3c
8 changed files with 50 additions and 7 deletions
--- a/src/spicy/manager.cc
+++ b/src/spicy/manager.cc
@ -586,8 +586,8 @@ static void hook_decline_input(const std::string& reason) {

    if ( auto x = cookie->protocol ) {
        auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag());
-        SPICY_DEBUG(hilti::rt::fmt("rejecting protocol %s", tag.AsString()));
-        return x->analyzer->AnalyzerViolation("protocol rejected", nullptr, 0, tag);
+        SPICY_DEBUG(hilti::rt::fmt("rejecting protocol %s: %s", tag.AsString(), reason));
+        return x->analyzer->AnalyzerViolation(reason.c_str(), nullptr, 0, tag);
    }
 }

--- a/src/spicy/runtime-support.cc
+++ b/src/spicy/runtime-support.cc
@ -450,8 +450,8 @@ void rt::reject_protocol(const std::string& reason) {

    if ( auto x = cookie->protocol ) {
        auto tag = spicy_mgr->tagForProtocolAnalyzer(x->analyzer->GetAnalyzerTag());
-        SPICY_DEBUG(hilti::rt::fmt("rejecting protocol %s", tag.AsString()));
-        return x->analyzer->AnalyzerViolation("protocol rejected", nullptr, 0, tag);
+        SPICY_DEBUG(hilti::rt::fmt("rejecting protocol %s: %s", tag.AsString(), reason));
+        return x->analyzer->AnalyzerViolation(reason.c_str(), nullptr, 0, tag);
    }
    else
        throw ValueUnavailable("no current connection available");
--- a/src/spicy/runtime-support.h
+++ b/src/spicy/runtime-support.h
@ -275,7 +275,7 @@ void confirm_protocol();
 *
 * @param reason short description of what went wrong
 */
-void reject_protocol(const std::string& reason);
+void reject_protocol(const std::string& reason = "protocol rejected");

 /**
 * Opaque handle to a protocol analyzer.
--- a/testing/btest/Baseline/spicy.decline_input-2/analyzer.log
+++ b/testing/btest/Baseline/spicy.decline_input-2/analyzer.log
@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+SPICY_FOO	my reasons	-
+SPICY_FOO	my reasons	-
+SPICY_FOO	my reasons	-
+SPICY_FOO	my reasons	-
--- a/testing/btest/Baseline/spicy.decline_input/analyzer.log
+++ b/testing/btest/Baseline/spicy.decline_input/analyzer.log
@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+SPICY_FOO	my reasons	-
+SPICY_FOO	my reasons	-
+SPICY_FOO	my reasons	-
+SPICY_FOO	my reasons	-
--- a/testing/btest/Baseline/spicy.ssh-banner/analyzer.log
+++ b/testing/btest/Baseline/spicy.ssh-banner/analyzer.log
@ -7,6 +7,6 @@
 #open XXXX-XX-XX-XX-XX-XX
 #fields	ts	cause	analyzer_kind	analyzer_name	uid	fuid	id.orig_h	id.orig_p	id.resp_h	id.resp_p	failure_reason	failure_data
 #types	time	string	string	string	string	string	addr	port	addr	port	string	string
-XXXXXXXXXX.XXXXXX	violation	protocol	SPICY_SSH	CHhAvVGS1DHFjwGM9	-	141.142.228.5	53595	54.243.55.129	80	protocol rejected	-
+XXXXXXXXXX.XXXXXX	violation	protocol	SPICY_SSH	CHhAvVGS1DHFjwGM9	-	141.142.228.5	53595	54.243.55.129	80	kaputt	-
 XXXXXXXXXX.XXXXXX	violation	protocol	SPICY_SSH	CHhAvVGS1DHFjwGM9	-	141.142.228.5	53595	54.243.55.129	80	failed to match regular expression (<...>/ssh.spicy:7:15)	POST /post HTTP/1.1\x0d\x0aUser-Agent: curl/7.
 #close XXXX-XX-XX-XX-XX-XX
--- a/testing/btest/Baseline/spicy.ssh-banner/output
+++ b/testing/btest/Baseline/spicy.ssh-banner/output
@ -7,4 +7,4 @@ SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, res
 confirm, Analyzer::ANALYZER_SPICY_SSH
 === violation
 violation, Analyzer::ANALYZER_SPICY_SSH, failed to match regular expression (<...>/ssh.spicy:7:15)
-violation, Analyzer::ANALYZER_SPICY_SSH, protocol rejected
+violation, Analyzer::ANALYZER_SPICY_SSH, kaputt
--- a/testing/btest/spicy/decline_input.spicy
+++ b/testing/btest/spicy/decline_input.spicy
@ -0,0 +1,33 @@
+# @TEST-REQUIRES: have-spicy
+#
+# @TEST-EXEC: spicyz -d -o foo.hlto foo.spicy foo.evt %INPUT
+# @TEST-EXEC: zeek -Cr ${TRACES}/udp-packet.pcap foo.hlto
+# @TEST-EXEC: cat analyzer.log | zeek-cut analyzer_name failure_reason failure_data > analyzer.log2 && mv analyzer.log2 analyzer.log
+# @TEST-EXEC: btest-diff analyzer.log
+#
+# @TEST-DOC: Validates that decline_input is propagated properly. This is a regression test for #3276.
+
+# @TEST-START-FILE foo.spicy
+module foo;
+
+public type X = unit {
+    : bytes &eod;
+};
+# @TEST-END-FILE
+
+# @TEST-START-FILE foo.evt
+protocol analyzer spicy::foo over UDP:
+    parse with foo::X,
+    ports { 12345/udp, 31337/udp };
+# @TEST-END-FILE
+
+module zeek_foo;
+import zeek;
+import foo;
+on foo::X::%done { zeek::reject_protocol("my reasons"); }
+
+# @TEST-START-NEXT
+module zeek_foo;
+import spicy;
+import foo;
+on foo::X::%done { spicy::decline_input("my reasons"); }