From 41801e1ccf95a5c47b89bc51350a71e5c12e52af Mon Sep 17 00:00:00 2001
From: Victor Roemer <victor@badsec.org>
Date: Thu, 27 Jul 2023 01:33:34 +0000
Subject: [PATCH] snort3_demo: build so_rule 3_13 using cmake. The result is
 more portable

---
 .../so_and_soid/so_rule/.gitignore            |  3 ++
 .../so_and_soid/so_rule/CMakeLists.txt        | 39 +++++++++++++++++++
 .../ips_options/so_and_soid/so_rule/Makefile  | 13 +++++++
 .../so_and_soid/{ => so_rule}/sid_3_13.cc     |  0
 .../so_and_soid/so_rule/sid_3_13.txt          | 17 ++++++++
 tests/ips_options/so_and_soid/test.bats       | 26 +++++--------
 6 files changed, 82 insertions(+), 16 deletions(-)
 create mode 100644 tests/ips_options/so_and_soid/so_rule/.gitignore
 create mode 100644 tests/ips_options/so_and_soid/so_rule/CMakeLists.txt
 create mode 100644 tests/ips_options/so_and_soid/so_rule/Makefile
 rename tests/ips_options/so_and_soid/{ => so_rule}/sid_3_13.cc (100%)
 create mode 100644 tests/ips_options/so_and_soid/so_rule/sid_3_13.txt

diff --git a/tests/ips_options/so_and_soid/so_rule/.gitignore b/tests/ips_options/so_and_soid/so_rule/.gitignore
new file mode 100644
index 0000000..4804527
--- /dev/null
+++ b/tests/ips_options/so_and_soid/so_rule/.gitignore
@@ -0,0 +1,3 @@
+build/
+install/
+sid_3_13.h
diff --git a/tests/ips_options/so_and_soid/so_rule/CMakeLists.txt b/tests/ips_options/so_and_soid/so_rule/CMakeLists.txt
new file mode 100644
index 0000000..24d5972
--- /dev/null
+++ b/tests/ips_options/so_and_soid/so_rule/CMakeLists.txt
@@ -0,0 +1,39 @@
+cmake_minimum_required ( VERSION 3.4.3 )
+project (sorule_id_3_13 C CXX)
+
+set (CMAKE_CXX_STANDARD 14)
+set (CMAKE_CXX_STANDARD_REQUIRED ON)
+set (CMAKE_CXX_EXTENSIONS OFF)
+
+include ( FindPkgConfig )
+pkg_search_module ( SNORT3 REQUIRED snort>=3 )
+
+add_library (
+    so_rule
+    MODULE
+    sid_3_13.cc
+    sid_3_13.h
+)
+
+target_compile_options (
+    so_rule
+    PRIVATE
+        -fno-rtti
+)
+
+set_target_properties (
+    so_rule
+    PROPERTIES
+        PREFIX ""
+)
+
+target_include_directories (
+    so_rule PUBLIC
+    ${SNORT3_INCLUDE_DIRS}
+)
+
+install (
+    TARGETS so_rule
+    LIBRARY
+    DESTINATION "${CMAKE_SOURCE_DIR}/install"
+)
diff --git a/tests/ips_options/so_and_soid/so_rule/Makefile b/tests/ips_options/so_and_soid/so_rule/Makefile
new file mode 100644
index 0000000..2c70db5
--- /dev/null
+++ b/tests/ips_options/so_and_soid/so_rule/Makefile
@@ -0,0 +1,13 @@
+.PHONY: build install sid_3-13.h
+
+build:
+	cmake -B build/ -G Ninja .
+	cmake --build build/
+
+install:
+	cmake --install build/
+
+sid_3_13.h: sid_3_13.txt
+	snort --rule-to-text < sid_3_13.txt > sid_3_13.h
+
+
diff --git a/tests/ips_options/so_and_soid/sid_3_13.cc b/tests/ips_options/so_and_soid/so_rule/sid_3_13.cc
similarity index 100%
rename from tests/ips_options/so_and_soid/sid_3_13.cc
rename to tests/ips_options/so_and_soid/so_rule/sid_3_13.cc
diff --git a/tests/ips_options/so_and_soid/so_rule/sid_3_13.txt b/tests/ips_options/so_and_soid/so_rule/sid_3_13.txt
new file mode 100644
index 0000000..c93625c
--- /dev/null
+++ b/tests/ips_options/so_and_soid/so_rule/sid_3_13.txt
@@ -0,0 +1,17 @@
+alert http
+(
+    msg:"Too much Cheez Whiz is bad mkay.";
+    flow:to_server,established;
+    http_uri; content:"crazy";
+    http_uri:query; content:"withThe=CheezWhiz";
+    http_uri:query; content:"cans=";
+    service:http;
+    reference:url,http://www.kraftbrands.com/cheezwhiz/;
+    classtype:misc-activity;
+    gid:3;
+    sid:13;
+    rev:1;
+    soid:3_13_1;
+    so:cans 7;
+)
+
diff --git a/tests/ips_options/so_and_soid/test.bats b/tests/ips_options/so_and_soid/test.bats
index dd209ed..e84be39 100644
--- a/tests/ips_options/so_and_soid/test.bats
+++ b/tests/ips_options/so_and_soid/test.bats
@@ -5,30 +5,25 @@ base=sid_3_13
 pcap="cheez.pcap"
 cfg="snort.lua"
 
-gcc_opts="-std=c++14 -Wall -g -ggdb -O0"
-stub_opts="--warn-all --plugin-path ."
+stub_opts="--warn-all --plugin-path so_rule/install"
 run_opts="-q -A csv"
 
 setup()
 {
-    CXX=g++
-
-    if [[ "$OSTYPE" == "freebsd"* ]]; then
-        CXX='clang++'
-    elif [[ "$OSTYPE" == "linux-musl"* ]]; then
-        gcc_opts="-std=c++14 -Wall -g -ggdb -O0"
-    fi
-
-    local cppflags="$(pkg-config --cflags snort) $(pkg-config --variable=DAQ_CPPFLAGS snort)"
-
-    $snort --rule-to-text < $base.txt > $base.h
-    ${CXX} -c $gcc_opts $cppflags -fPIC -o $base.o $base.cc
-    ${CXX} -shared -o $base.so $base.o
+    pushd so_rule/
+    make sid_3_13.h build install
+    popd
+    ls -alh so_rule/install
 }
 
 @test "SO and SOID - 3:13" {
+    echo $snort $stub_opts --dump-dynamic-rules > stub.rule
     $snort $stub_opts --dump-dynamic-rules > stub.rule
+
+    echo $snort $stub_opts -c $cfg -R stub.rule -r $pcap $run_opts &> snort.out
     $snort $stub_opts -c $cfg -R stub.rule -r $pcap $run_opts &> snort.out
+
+    cat snort.out
     cat stub.rule snort.out | diff expected -
 }
 
@@ -36,4 +31,3 @@ teardown()
 {
     rm -f snort.out *.z *.o *.so stub.rule *.h
 }
-