From 8620b1b7cdd9aef8c081583843c73fb9bf75bf0c Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 29 Nov 2023 12:57:23 -0600
Subject: [PATCH] detect-parse: parse sid in pre-scan

During the pre-scan for "requires", also parse the SID if possible. If
the rule fails high level parsing (syntax), the SID will not be
parsed.

But every keyword other than "sid" and "requires" should expect to be
provided with a parsed sid.
---
 src/detect-parse.c | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/detect-parse.c b/src/detect-parse.c
index 47c1b690a159..d185801a1ea2 100644
--- a/src/detect-parse.c
+++ b/src/detect-parse.c
@@ -903,7 +903,7 @@ static int SigParseOptions(DetectEngineCtx *de_ctx, Signature *s, char *optstr,
     optname = optstr;
 
     if (requires) {
-        if (strcmp(optname, "requires")) {
+        if (strcmp(optname, "requires") && strcmp(optname, "sid")) {
             goto finish;
         }
     }
@@ -2139,10 +2139,7 @@ static int SigValidate(DetectEngineCtx *de_ctx, Signature *s)
             AppLayerHtpNeedFileInspection();
         }
     }
-    if (s->id == 0) {
-        SCLogError("Signature missing required value \"sid\".");
-        SCReturnInt(0);
-    }
+
     SCReturnInt(1);
 }
 
@@ -2183,6 +2180,12 @@ static Signature *SigInitHelper(DetectEngineCtx *de_ctx, const char *sigstr,
         goto error;
     }
 
+    /* Check for a SID before continuuing. */
+    if (sig->id == 0) {
+        SCLogError("Signature missing required value \"sid\".");
+        goto error;
+    }
+
     /* Now completely parse the rule. */
     ret = SigParse(de_ctx, sig, sigstr, dir, &parser, false);
     BUG_ON(ret == -4);