Changeset 588 for trunk/src/sh_log_evalrule.c

Timestamp:

Oct 26, 2025, 12:17:47 PM (16 hours ago)

Author:

katerina

Message:

Fix for ticket #476 (move logfile monitoring module from PCRE to PCRE2).

File:

• trunk/src/sh_log_evalrule.c (modified) (27 diffs)

trunk/src/sh_log_evalrule.c

@@ -15 +15 @@
 #define FIL__  _("sh_log_evalrule.c")
 
-/* Debian/Ubuntu: libpcre3-dev */
-#ifdef HAVE_PCRE_PCRE_H
-#include <pcre/pcre.h>
+/* Debian/Ubuntu: libpcre2-dev */
+#define PCRE2_CODE_UNIT_WIDTH 8
+#ifdef HAVE_PCRE2_PCRE2_H
+#include <pcre2/pcre2.h>
 #else
-#include <pcre.h>
+#include <pcre2.h>
 #endif
 
-#ifndef PCRE_NO_AUTO_CAPTURE
-#define PCRE_NO_AUTO_CAPTURE 0
+#ifndef PCRE2_NO_AUTO_CAPTURE
+#define PCRE2_NO_AUTO_CAPTURE 0
 #endif
 
@@ -95 +96 @@
 struct sh_geval  /* Group of rules (may be a single rule) */
 {
-  sh_string       * label;           /* label for this group    */
-  pcre            * rule;            /* compiled regex for rule */
-  pcre_extra      * rule_extra;
-  int             * ovector;         /* captured substrings     */
-  int               ovecnum;         /* how many captured       */
-  int               captures;        /* (captures+1)*3 required */
-  int               flags;           /* bit flags               */
-  unsigned long     delay;           /* delay for keep rules    */
-  zAVLTree        * counterlist;     /* counters if EVAL_SUM    */
-  struct sh_qeval * queue;           /* queue for this rule     */
-  struct sh_geval * nextrule;        /* next rule in this group */
-  struct sh_geval * next;            /* next group of rules     */
-  struct sh_geval * gnext;           /* grouplist next          */
+  sh_string        * label;           /* label for this group    */
+  pcre2_code       * rule;            /* compiled regex for rule */
+
+  pcre2_match_data * match_data;      /* captured substrings     */
+  int                ovecnum;         /* how many captured       */
+  int                captures;        /* (captures+1)*3 required */
+  int                flags;           /* bit flags               */
+  unsigned long      delay;           /* delay for keep rules    */
+  zAVLTree         * counterlist;     /* counters if EVAL_SUM    */
+  struct sh_qeval  * queue;           /* queue for this rule     */
+  struct sh_geval  * nextrule;        /* next rule in this group */
+  struct sh_geval  * next;            /* next group of rules     */
+  struct sh_geval  * gnext;           /* grouplist next          */
 };
 
 struct sh_heval  /* host-specific rules */
 {
-  pcre            * hostname;        /* compiled regex for hostname */
-  pcre_extra      * hostname_extra;
+  pcre2_code      * hostname;        /* compiled regex for hostname */
   struct sh_geval * rulegroups;      /* list of group of rules      */
   struct sh_heval * next;
@@ -142 +142 @@
   struct sh_geval * ng;
   struct sh_geval * tmp;
-  pcre *  group;
-  pcre_extra * group_extra;
-  const char * error;
-  int          erroffset;
+  pcre2_code * group;
+
+  int          error;
+  PCRE2_SIZE   erroffset;
   unsigned int nfields = 2;
   size_t       lengths[2];
+  
   char *       new = sh_util_strdup(str);
   char **      splits = split_array(new, &nfields, ':', lengths);
@@ -164 +165 @@
     }
 
-  group = pcre_compile(splits[1], PCRE_NO_AUTO_CAPTURE, 
+  group = pcre2_compile((PCRE2_SPTR8)splits[1], lengths[1], PCRE2_NO_AUTO_CAPTURE, 
                        &error, &erroffset, NULL);
   if (!group)
@@ -183 +184 @@
       return -1;
     }
-  group_extra = NULL; /* pcre_study(group, 0, &error); */
 
   ng = SH_ALLOC(sizeof(struct sh_geval));
@@ -192 +192 @@
 
   ng->rule        = group;
-  ng->rule_extra  = group_extra;
-  ng->ovector     = NULL;
+
+  ng->match_data  = pcre2_match_data_create_from_pattern(group, NULL);
   ng->ovecnum     = 0;
   ng->captures    = 0;
@@ -206 +206 @@
       if (0 != sh_eval_hadd("^.*"))
         {
-          pcre_free(group);
+          pcre2_code_free(group);
+          pcre2_match_data_free(ng->match_data);
           sh_string_destroy(&(ng->label));
           SH_FREE(splits);
@@ -266 +267 @@
   struct sh_heval * nh;
   struct sh_heval * tmp;
-  pcre *  host;
-  pcre_extra * host_extra;
-  const char * error;
-  int          erroffset;
+  pcre2_code     *  host;
+
+  int               error;
+  PCRE2_SIZE        erroffset;
 
   if (host_open)
     host_open = NULL;
 
-  host = pcre_compile(str, PCRE_NO_AUTO_CAPTURE, 
-                      &error, &erroffset, NULL);
+  host = pcre2_compile((PCRE2_SPTR8)str, PCRE2_ZERO_TERMINATED, PCRE2_NO_AUTO_CAPTURE, 
+                       &error, &erroffset, NULL);
   if (!host)
     {
@@ -291 +292 @@
       return -1;
     }
-  host_extra = NULL; /* pcre_study(host, 0, &error); */
 
   nh = SH_ALLOC(sizeof(struct sh_heval));
@@ -297 +297 @@
 
   nh->hostname = host;
-  nh->hostname_extra = host_extra;
   nh->rulegroups = NULL;
 
@@ -478 +477 @@
   struct sh_geval * tmp;
   struct sh_qeval * queue;
-  pcre *  rule;
-  pcre_extra * rule_extra;
-  const char * error;
-  int          erroffset;
-  int          captures = 0;
+  pcre2_code    *  rule;
+
+  int          error;
+  PCRE2_SIZE   erroffset;
+  unsigned int captures = 0;
   unsigned int nfields = 2; /* queue:regex */
   size_t       lengths[3];
@@ -576 +575 @@
     }
 
-  rule = pcre_compile(splits[rpos], 0, 
-                      &error, &erroffset, NULL);
+  rule = pcre2_compile((PCRE2_SPTR8)splits[rpos], lengths[rpos], 0, 
+                       &error, &erroffset, NULL);
   if (!rule)
     {
@@ -595 +594 @@
       return -1;
     }
-  rule_extra = NULL; /* pcre_study(rule, 0, &error); */
-  pcre_fullinfo(rule, rule_extra, PCRE_INFO_CAPTURECOUNT, &captures);
+
+  pcre2_pattern_info(rule, PCRE2_INFO_CAPTURECOUNT, &captures);
 
   if (flag_err_debug == S_TRUE)
@@ -602 +601 @@
       char * emsg = SH_ALLOC(SH_ERRBUF_SIZE);
       if (dstr)
-        sl_snprintf(emsg,  SH_ERRBUF_SIZE, _("Adding rule: |%s| with %d captures, keep(%lu,%s)"), 
+        sl_snprintf(emsg,  SH_ERRBUF_SIZE, _("Adding rule: |%s| with %u captures, keep(%lu,%s)"), 
                     splits[rpos], captures, dsec, dstr);
       else
-        sl_snprintf(emsg,  SH_ERRBUF_SIZE, _("Adding rule: |%s| with %d captures"), 
+        sl_snprintf(emsg,  SH_ERRBUF_SIZE, _("Adding rule: |%s| with %u captures"), 
                     splits[rpos], captures);
       SH_MUTEX_LOCK(mutex_thread_nolog);
@@ -614 +613 @@
     }
 
-  DEBUG("adding rule: |%s| with %d captures\n", splits[rpos], captures);
+  DEBUG("adding rule: |%s| with %u captures\n", splits[rpos], captures);
 
   SH_FREE(splits);
@@ -627 +626 @@
 
   nr->rule        = rule;
-  nr->rule_extra  = rule_extra;
+
   nr->captures    = captures;
-  nr->ovector     = SH_ALLOC(sizeof(int) * (captures+1) * 3);
+  nr->match_data  = pcre2_match_data_create_from_pattern(rule, NULL);
   nr->ovecnum     = 0;
   nr->counterlist = NULL;
@@ -695 +694 @@
               if (nr->label)
                 sh_string_destroy(&(nr->label));
-              SH_FREE(nr->ovector);
+              if (nr->rule)
+                pcre2_code_free(nr->rule);
+              if (nr->match_data)
+                pcre2_match_data_free(nr->match_data);
               SH_FREE(nr);
               return -1;
@@ -743 +745 @@
           if (nr->label)
             sh_string_destroy(&(nr->label));
-          SH_FREE(nr->ovector);
+          if (nr->rule)
+            pcre2_code_free(nr->rule);
+          if (nr->match_data)
+            pcre2_match_data_free(nr->match_data);
           SH_FREE(nr);
           return -1;
@@ -763 +768 @@
       grouplist = gtmp->gnext;
 
-      if (gtmp->label)      sh_string_destroy(&(gtmp->label));
-      if (gtmp->rule_extra) (*pcre_free)(gtmp->rule_extra);
-      if (gtmp->rule)       (*pcre_free)(gtmp->rule);
+      if (gtmp->label)
+        sh_string_destroy(&(gtmp->label));
+      if (gtmp->rule)
+        pcre2_code_free(gtmp->rule);
+      if (gtmp->match_data)
+        pcre2_match_data_free(gtmp->match_data);
       if (gtmp->counterlist)
         zAVLFreeTree(gtmp->counterlist, sh_ceval_free);
-      if (gtmp->ovector)
-        SH_FREE(gtmp->ovector);
+
 #if 0
       while (gtmp->nextrule)
@@ -776 +783 @@
           gtmp->nextrule = tmp->nextrule;
 
-          if (tmp->rule_extra) (*pcre_free)(tmp->rule_extra);
-          if (tmp->rule)       (*pcre_free)(tmp->rule);
+          if (tmp->rule)
+            pcre2_code_free(tmp->rule);
           if (tmp->counterlist)
             zAVLFreeTree(tmp->counterlist, sh_ceval_free);
@@ -800 +807 @@
   while (htmp)
     {
-      if (htmp->hostname_extra) (*pcre_free)(htmp->hostname_extra);
-      if (htmp->hostname)       (*pcre_free)(htmp->hostname);
-      if (htmp->rulegroups)     htmp->rulegroups = NULL;
+      if (htmp->hostname)
+        pcre2_code_free(htmp->hostname);
+      if (htmp->rulegroups)
+        htmp->rulegroups = NULL;
       hostlist = htmp->next;
       htmp->next = NULL;
@@ -862 +870 @@
 
         DEBUG("debug: check rule %d for <%s>\n", count, msg->str);
-        res = pcre_exec(rule->rule, rule->rule_extra, 
-                        sh_string_str(msg), (int)sh_string_len(msg), 0,
-                        0, rule->ovector, (3*(1+rule->captures)));
-        if (res >= 0)
+        
+        res = pcre2_match(rule->rule, 
+                          (PCRE2_SPTR8)sh_string_str(msg), (int)sh_string_len(msg), 0,
+                          0,   rule->match_data, NULL);
+
+        if (res > 0)
           {
-            rule->ovecnum = res;
+            rule->ovecnum = pcre2_get_ovector_count(rule->match_data);
 
             if (flag_err_debug == S_TRUE)
@@ -965 +975 @@
 
             DEBUG("debug: if group->label %s\n", sh_string_str(group->label));
-            if (pcre_exec(group->rule, group->rule_extra,
-                          sh_string_str(msg), (int) sh_string_len(msg),
-                          0, 0, NULL, 0) >= 0)
+            
+            if (pcre2_match(group->rule,
+                            (PCRE2_SPTR8)sh_string_str(msg), (int) sh_string_len(msg), 0,
+                            0, NULL, NULL) > 0)
               {
                 result = test_rule(group->nextrule, msg, timestamp);
@@ -1017 +1028 @@
     {
       do {
-        if (pcre_exec(hlist->hostname, hlist->hostname_extra, 
-                      sh_string_str(host), (int) sh_string_len(host), 
-                      0, 0, NULL, 0) >= 0)
+        if (pcre2_match(hlist->hostname, 
+                        (PCRE2_SPTR8)sh_string_str(host), (int) sh_string_len(host), 0, 
+                        0, NULL, NULL) > 0)
           {
             /* matching host, check rules/groups of rules */
@@ -1035 +1046 @@
  */
 static sh_string * replace_captures(const sh_string * message, 
-                                    int * ovector, int ovecnum)
+                                    size_t * ovector, int ovecnum)
 {
   sh_string * retval = sh_string_new_from_lchar(sh_string_str(message), 
@@ -1058 +1069 @@
   SH_MUTEX_LOCK(mutex_thread_nolog);
   if (rule) {
-    mmm = replace_captures(record->message, rule->ovector, 
+    mmm = replace_captures(record->message, pcre2_get_ovector_pointer(rule->match_data), 
                            rule->ovecnum);
     rule->ovecnum = 0;
@@ -1170 +1181 @@
   if (!(counter->counted_str))
     {
-      counter->counted_str = replace_captures(record->message, rule->ovector, 
+      counter->counted_str = replace_captures(record->message,  pcre2_get_ovector_pointer(rule->match_data), 
                                               rule->ovecnum);
       rule->ovecnum        = 0;