aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,728 Commits
7 Branches
161 Tags
204 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

17728 Commits (master)
 

Author SHA1 Message Date
Juliana Fajardini 3286ae2cc9 eve: add ip version field 
Adds the field `ip_v` (integer) to the common fields of EVE.
To facilitate searches based on IP version, for instance.

Task #7047
 3 months ago
Victor Julien c85d301712 detect: assist clang to suppress warning 
CC       detect-engine-loader.o
In file included from /usr/include/stdio.h:970,
                 from suricata-common.h:77,
                 from detect-engine-loader.c:24:
In function 'fgets',
    inlined from 'DetectLoadSigFile' at detect-engine-loader.c:139:11:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:313:12: warning: argument 2 value -1 is negative [-Wstringop-overflow=]
  313 |     return __fgets_alias (__s, __n, __stream);
      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/features.h:523,
                 from /usr/include/dirent.h:25,
                 from suricata-common.h:73:
/usr/include/x86_64-linux-gnu/bits/stdio2-decl.h: In function 'DetectLoadSigFile':
/usr/include/x86_64-linux-gnu/bits/stdio2-decl.h:96:14: note: in a call to function '__fgets_alias' declared with attribute 'access (write_only, 1, 2)'
   96 | extern char *__REDIRECT (__fgets_alias,
      |              ^~~~~~~~~~
 3 months ago
Victor Julien 1e68213098 util/pages: suppress scan-build on page check 
Suppress the following warning:

util-pages.c:49:13: warning: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to exploitable memory regions, which could be overwritten with malicious code [security.MmapWriteExec]
   49 |         if (mprotect(ptr, getpagesize(), PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

As the check is done to check if the OS allows it or not, for enabling
JIT in pcre.
 3 months ago
Victor Julien 61b21dd167 mpm/hs: suppress scan-build warning 
util-mpm-hs-cache.c:83:25: warning: Value of 'errno' was not checked and may be overwritten by function 'fread' [unix.Errno]
   83 |     size_t bytes_read = fread(buffer, 1, file_sz, file);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

"After calling 'rewind' reading 'errno' is required to find out if the call has failed".
 3 months ago
Victor Julien 19e3a70ca3 detect/byte_test: suppress scan-build warning 
detect-bytetest.c:523:14: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
  523 |         if (!DetectBytetestValidateNbytes(data, nbytes, optstr)) {
      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
 3 months ago
Victor Julien 159bacb268 github-ci: bump scan-build to 20 on Ubuntu 25.04 3 months ago
Eric Leblond f342ae9e8c misc: add git-clang-format to shell.nix 3 months ago
Eric Leblond 96962536a7 misc: add python support to shell.nix 
This allows to run suricata-verify from the shell environment.

Ticket: #7669
 3 months ago
Eric Leblond 649a032ba9 github-ci: add a nix build 
This will test that shell.nix is working properly and also
test compile-commands Makefile target.

Ticket: #7669
 3 months ago
Eric Leblond 2a2f38ff88 build: add compile-commands target 
It generates a `compile_commands.json` suitable for clangd.
This is almost mandatory to have a command like this one for NixOs
users as tool like bear are not able to intercept correctly the
clang calls due to the usage of a wrapper.

Ticket: #7669
 3 months ago
Eric Leblond 20371dbdf6 build: add EXTRA_CFLAGS 
This can be used from command line to add some build options without
running a full configure. This is convenient for single run build.
 3 months ago
Eric Leblond 90a08ecfc3 misc: add a shell.nix file 
By adding a `shell.nix` file in the root directory of the source,
NixOs (https://nixos.org/) users can get a ready for development
environment by simply running `nix-shell` from the source tree.

This is really convenient as the installation of needed packages
is just done as user and transparently for the user/developer.

Ticket: #7669
 3 months ago
Jason Ish 97eaeef7d8 lua: convert SMTP functions to lib: suricata.smtp 
Ticket: #7606
 3 months ago
Eric Leblond e499a98ba9 datasets: fix set with ip sets 
It can get an IPv6 or an IPv4 so we need to handle both length.

Ticket: #7689
 3 months ago
Victor Julien ee59d9a894 flow: fix unittests for ThreadVars requirement 3 months ago
Victor Julien c648abad0d flow: fix time handling for non-TCP 
Track per flow thread id for UDP and other non-TCP protocols. This
improves the timeout handling as the per thread timestamp is used in
offline mode.

Fixes: ada2bfe009 ("flow/worker: improve flow timeout time accuracy")
Fixes: ef396f7509 ("flow/manager: in offline mode, use owning threads time")

Bug #7687.
 3 months ago
Jeff Lucovsky 44d6886dc1 detect/ftp: Use helper functions with ftp.command 
Refactor ftp.command handling to use helper functions from
detect-engine-helper.[ch] for reduced code duplication.
 3 months ago
Philippe Antoine 7e78ad944c lua: convert ja3 function into suricata.ja3 lib 
Ticket: 7605
 3 months ago
Philippe Antoine c578015edf lua: remove unused code 
Since hooks, we do not need a specific SMTP buffer list id.
 3 months ago
Philippe Antoine 06ad72e83e quic: ja3 getter function uses direction 
so that future lua code can specify a direction
 3 months ago
Philippe Antoine d1bca4a9b9 util/lua: fix new -Wshorten-64-to-32 warning 
Ticket: 6186
 3 months ago
Philippe Antoine 4463fbac15 output/ftp: fix new -Wshorten-64-to-32 warning 
Ticket: 6186

Fixes d674ce2510 ("app/ftp: Use Rust FTP response line handling")
 3 months ago
Philippe Antoine 41fcf3b356 detect: fix some -Wshorten-64-to-32 warnings 
Ticket: #6186
 3 months ago
Philippe Antoine 527b05b6b8 datasets: fix new -Wshorten-64-to-32 warning 
Ticket: #6186
 3 months ago
Philippe Antoine 8545ef2e56 detect: factorize code for DetectSetupDirection 
Ticket: 7665

Instead of each keyword calling DetectSetupDirection, use a
new flag SIGMATCH_SUPPORT_DIR so that DetectSetupDirection gets
called, before parsing the rest of the keyword.

Allows to support filesize keyword in transactional signatures
 3 months ago
Jason Ish 14864d49ac examples/altemplate: remove rs_ naming 3 months ago
Jason Ish e8d7d3d83d scripts/setup-app-layer: fixes for name changes 3 months ago
Jason Ish bf427c69cd rust: remaining rs_ to SC conversions 3 months ago
Jason Ish d16c014641 rust/x509: replace rs_ naming with SC 3 months ago
Jason Ish afce53c8b7 rust/websocket: replace rs_ naming with SC 3 months ago
Jason Ish 7321d7c7db rust/applayertemplate: replace rs_ naming with SC 3 months ago
Jason Ish 2c98ee73ce rust/rfb: replace rs_ naming with SC 3 months ago
Jason Ish e74b4177ac rust/nfs: rust format 3 months ago
Jason Ish 8c1bd60ab1 rust/nfs: replace rs_ naming with SC 3 months ago
Jason Ish 01ce0f92e8 rust/modbus: replace rs_ naming to SC 
This was missed in the previous round.
 3 months ago
Victor Julien 2cbec43b98 mpm/ac-ks: allow cppcheck to inspect included file directly 3 months ago
Victor Julien a8b342a07b debug: suppress cppcheck warning 
src/util-debug.c:1562:5: warning: Either the condition 'sc_lid!=NULL' is redundant or there is possible null pointer dereference: sc_lid. [nullPointerRedundantCheck]
    sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
    ^
src/util-debug.c:1569:16: note: Assuming that condition 'sc_lid!=NULL' is not redundant
    if (sc_lid != NULL)
               ^
src/util-debug.c:1562:5: note: Null pointer dereference
    sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
    ^
 3 months ago
Victor Julien 223c568701 lua/flowvarlib: check malloc result 
src/util-lua-flowvarlib.c:110:12: warning: If memory allocation fails, then there is a possible null pointer dereference: buf [nullPointerOutOfMemory]
    memcpy(buf, value, len);
           ^
src/util-lua-flowvarlib.c:109:28: note: Assuming allocation function fails
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:109:28: note: Assignment 'buf=malloc(len+1)', assigned value is 0
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:110:12: note: Null pointer dereference
    memcpy(buf, value, len);
           ^
src/util-lua-flowvarlib.c:111:5: warning: If memory allocation fails, then there is a possible null pointer dereference: buf [nullPointerOutOfMemory]
    buf[len] = '\0';
    ^
src/util-lua-flowvarlib.c:109:28: note: Assuming allocation function fails
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:109:28: note: Assignment 'buf=malloc(len+1)', assigned value is 0
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:111:5: note: Null pointer dereference
    buf[len] = '\0';
 3 months ago
Jason Ish 4e2f1de308 rust/quic: replace rs_ naming with SC 3 months ago
Jason Ish bfa0acf278 rust/ike: replace rs_ naming with SC 3 months ago
Jason Ish 717e06e351 rust/http2: replace rs_ naming with SC 3 months ago
Jason Ish af15986d41 rust/modbus: replace rs_ naming with SC 3 months ago
Jason Ish c994cfb615 rust/sip: replace rs_ naming with SC 3 months ago
Jason Ish 9b830c92dc rust/tftp: replace rs_ naming with SC 3 months ago
Jason Ish aa24276999 rust/telnet: replace rs_ naming with SC 3 months ago
Jason Ish 1c580f9001 rust/detect: replace rs_ naming with SC 3 months ago
Jason Ish 713034d0dd rust/asn1: replace rs_ naming with SC naming 3 months ago
Jason Ish 90116827fe rust/krb: rust format 3 months ago
Jason Ish 8ba0a5c8ec rust/krb: remove rs_ prefix; visibility fixes 
- remove pub/no_mangle where not needed
- replace rs_ naming with SC naming
 3 months ago
Jason Ish 1f30746e07 rust/dns: rs_ prefix name cleanup 3 months ago