1 /* Copyright (C) 2009 Trend Micro Inc.
4 * This program is a free software; you can redistribute it
5 * and/or modify it under the terms of the GNU General Public
6 * License (version 2) as published by the FSF - Free Software
18 #define ARGV0 "ossec-regex-convert"
20 typedef struct _OSConvertionMap {
21 const char *old_element;
22 const char *new_element;
30 /* Global variables */
31 const OSConvertionMap conv_map[] = {
32 {.old_element = "regex", .new_element = "pcre2", .map = OS_CONVERT_REGEX},
33 {.old_element = "match", .new_element = "match_pcre2", .map = OS_CONVERT_MATCH},
34 {.old_element = "program_name", .new_element = "program_name_pcre2", .map = OS_CONVERT_MATCH},
35 {.old_element = "prematch", .new_element = "prematch_pcre2", .map = OS_CONVERT_REGEX},
36 {.old_element = "srcgeoip", .new_element = "srcgeoip_pcre2", .map = OS_CONVERT_MATCH},
37 {.old_element = "dstgeoip", .new_element = "dstgeoip_pcre2", .map = OS_CONVERT_MATCH},
38 {.old_element = "srcport", .new_element = "srcport_pcre2", .map = OS_CONVERT_MATCH},
39 {.old_element = "dstport", .new_element = "dstport_pcre2", .map = OS_CONVERT_MATCH},
40 {.old_element = "user", .new_element = "user_pcre2", .map = OS_CONVERT_MATCH},
41 {.old_element = "url", .new_element = "url_pcre2", .map = OS_CONVERT_MATCH},
42 {.old_element = "id", .new_element = "id_pcre2", .map = OS_CONVERT_MATCH},
43 {.old_element = "status", .new_element = "status_pcre2", .map = OS_CONVERT_MATCH},
44 {.old_element = "hostname", .new_element = "hostname_pcre2", .map = OS_CONVERT_MATCH},
45 {.old_element = "extra_data", .new_element = "extra_data_pcre2", .map = OS_CONVERT_MATCH},
47 const struct option getopt_options[] = {
48 {"help", no_argument, NULL, 'h'},
49 {"batch", no_argument, NULL, 'b'},
50 {"regex", no_argument, NULL, 'r'},
51 {"match", no_argument, NULL, 'm'},
52 {"tags", no_argument, NULL, 't'},
56 int main(int argc, char *const argv[])
58 char *converted_pattern = NULL;
59 const OSConvertionMap *m = NULL;
61 int regex_to_pcre2 = 1;
62 int match_to_pcre2 = 1;
65 const char *pattern = NULL;
66 const char *type = NULL;
71 while ((opt = getopt_long(argc, argv, "hbrmt", getopt_options, NULL)) != EOF) {
75 return (EXIT_SUCCESS);
89 return (EXIT_SUCCESS);
92 return (EXIT_FAILURE);
101 return (EXIT_FAILURE);
105 for (i = 0; i < argc; i += 2) {
107 pattern = argv[i + 1];
109 for (idx = 0; idx < sizeof(conv_map) / sizeof(OSConvertionMap); idx++) {
111 if (strcmp(m->old_element, type) == 0) {
116 fprintf(stderr, "Invalid type \"%s\"\n", type);
119 if (OSRegex_Convert(pattern, &converted_pattern, m->map)) {
120 printf("%s %s\n", m->new_element, converted_pattern);
121 free(converted_pattern);
127 for (i = 0; i < argc; i++) {
132 printf("pattern = %s\n", pattern);
133 if (regex_to_pcre2) {
134 OSRegex_Convert(pattern, &converted_pattern, OS_CONVERT_REGEX);
135 printf("regex = %s\n", converted_pattern);
136 if (converted_pattern) {
137 free(converted_pattern);
140 if (match_to_pcre2) {
141 OSRegex_Convert(pattern, &converted_pattern, OS_CONVERT_MATCH);
142 printf("match = %s\n", converted_pattern);
143 if (converted_pattern) {
144 free(converted_pattern);
150 return (EXIT_SUCCESS);
153 if (converted_pattern) {
154 free(converted_pattern);
157 return (EXIT_FAILURE);
164 for (idx = 0; idx < sizeof(conv_map) / sizeof(OSConvertionMap); idx++) {
165 printf("%s\n", conv_map[idx].old_element);
172 "OSSEC HIDS %s: ossec-regex-convert -h\n"
173 "OSSEC HIDS %s: ossec-regex-convert -t\n"
174 "OSSEC HIDS %s: ossec-regex-convert [-mr] PATTERN [PATTERN...]\n"
175 "OSSEC HIDS %s: ossec-regex-convert -b TAG PATTERN [TAG PATTERN...]\n"
176 " -h, --help : displays this message and exits.\n"
177 " -b, --batch : runs in batch mode.\n"
178 " -r, --regex : only convert patterns from OSRegex to PCRE2 (default is both).\n"
179 " -m, --match : only convert patterns from OSMatch to PCRE2 (default is both).\n"
180 " -t, --tags : list XML tags that can be converted.\n"
181 " PATTERN : pattern to convert.\n"
182 " TAG : a valid XML tag (list available with -t,--tags).\n",
183 ARGV0, ARGV0, ARGV0, ARGV0);