Commit Graph

17728 Commits (master)
 

Author SHA1 Message Date
Juliana Fajardini 3286ae2cc9 eve: add ip version field
Adds the field `ip_v` (integer) to the common fields of EVE.
To facilitate searches based on IP version, for instance.

Task #7047
3 months ago
Victor Julien c85d301712 detect: assist clang to suppress warning
CC       detect-engine-loader.o
In file included from /usr/include/stdio.h:970,
                 from suricata-common.h:77,
                 from detect-engine-loader.c:24:
In function 'fgets',
    inlined from 'DetectLoadSigFile' at detect-engine-loader.c:139:11:
/usr/include/x86_64-linux-gnu/bits/stdio2.h:313:12: warning: argument 2 value -1 is negative [-Wstringop-overflow=]
  313 |     return __fgets_alias (__s, __n, __stream);
      |            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/features.h:523,
                 from /usr/include/dirent.h:25,
                 from suricata-common.h:73:
/usr/include/x86_64-linux-gnu/bits/stdio2-decl.h: In function 'DetectLoadSigFile':
/usr/include/x86_64-linux-gnu/bits/stdio2-decl.h:96:14: note: in a call to function '__fgets_alias' declared with attribute 'access (write_only, 1, 2)'
   96 | extern char *__REDIRECT (__fgets_alias,
      |              ^~~~~~~~~~
3 months ago
Victor Julien 1e68213098 util/pages: suppress scan-build on page check
Suppress the following warning:

util-pages.c:49:13: warning: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to exploitable memory regions, which could be overwritten with malicious code [security.MmapWriteExec]
   49 |         if (mprotect(ptr, getpagesize(), PROT_READ|PROT_WRITE|PROT_EXEC) == -1) {
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

As the check is done to check if the OS allows it or not, for enabling
JIT in pcre.
3 months ago
Victor Julien 61b21dd167 mpm/hs: suppress scan-build warning
util-mpm-hs-cache.c:83:25: warning: Value of 'errno' was not checked and may be overwritten by function 'fread' [unix.Errno]
   83 |     size_t bytes_read = fread(buffer, 1, file_sz, file);
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.

"After calling 'rewind' reading 'errno' is required to find out if the call has failed".
3 months ago
Victor Julien 19e3a70ca3 detect/byte_test: suppress scan-build warning
detect-bytetest.c:523:14: warning: 2nd function call argument is an uninitialized value [core.CallAndMessage]
  523 |         if (!DetectBytetestValidateNbytes(data, nbytes, optstr)) {
      |              ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
3 months ago
Victor Julien 159bacb268 github-ci: bump scan-build to 20 on Ubuntu 25.04 3 months ago
Eric Leblond f342ae9e8c misc: add git-clang-format to shell.nix 3 months ago
Eric Leblond 96962536a7 misc: add python support to shell.nix
This allows to run suricata-verify from the shell environment.

Ticket: #7669
3 months ago
Eric Leblond 649a032ba9 github-ci: add a nix build
This will test that shell.nix is working properly and also
test compile-commands Makefile target.

Ticket: #7669
3 months ago
Eric Leblond 2a2f38ff88 build: add compile-commands target
It generates a `compile_commands.json` suitable for clangd.
This is almost mandatory to have a command like this one for NixOs
users as tool like bear are not able to intercept correctly the
clang calls due to the usage of a wrapper.

Ticket: #7669
3 months ago
Eric Leblond 20371dbdf6 build: add EXTRA_CFLAGS
This can be used from command line to add some build options without
running a full configure. This is convenient for single run build.
3 months ago
Eric Leblond 90a08ecfc3 misc: add a shell.nix file
By adding a `shell.nix` file in the root directory of the source,
NixOs (https://nixos.org/) users can get a ready for development
environment by simply running `nix-shell` from the source tree.

This is really convenient as the installation of needed packages
is just done as user and transparently for the user/developer.

Ticket: #7669
3 months ago
Jason Ish 97eaeef7d8 lua: convert SMTP functions to lib: suricata.smtp
Ticket: #7606
3 months ago
Eric Leblond e499a98ba9 datasets: fix set with ip sets
It can get an IPv6 or an IPv4 so we need to handle both length.

Ticket: #7689
3 months ago
Victor Julien ee59d9a894 flow: fix unittests for ThreadVars requirement 3 months ago
Victor Julien c648abad0d flow: fix time handling for non-TCP
Track per flow thread id for UDP and other non-TCP protocols. This
improves the timeout handling as the per thread timestamp is used in
offline mode.

Fixes: ada2bfe009 ("flow/worker: improve flow timeout time accuracy")
Fixes: ef396f7509 ("flow/manager: in offline mode, use owning threads time")

Bug #7687.
3 months ago
Jeff Lucovsky 44d6886dc1 detect/ftp: Use helper functions with ftp.command
Refactor ftp.command handling to use helper functions from
detect-engine-helper.[ch] for reduced code duplication.
3 months ago
Philippe Antoine 7e78ad944c lua: convert ja3 function into suricata.ja3 lib
Ticket: 7605
3 months ago
Philippe Antoine c578015edf lua: remove unused code
Since hooks, we do not need a specific SMTP buffer list id.
3 months ago
Philippe Antoine 06ad72e83e quic: ja3 getter function uses direction
so that future lua code can specify a direction
3 months ago
Philippe Antoine d1bca4a9b9 util/lua: fix new -Wshorten-64-to-32 warning
Ticket: 6186
3 months ago
Philippe Antoine 4463fbac15 output/ftp: fix new -Wshorten-64-to-32 warning
Ticket: 6186

Fixes d674ce2510 ("app/ftp: Use Rust FTP response line handling")
3 months ago
Philippe Antoine 41fcf3b356 detect: fix some -Wshorten-64-to-32 warnings
Ticket: #6186
3 months ago
Philippe Antoine 527b05b6b8 datasets: fix new -Wshorten-64-to-32 warning
Ticket: #6186
3 months ago
Philippe Antoine 8545ef2e56 detect: factorize code for DetectSetupDirection
Ticket: 7665

Instead of each keyword calling DetectSetupDirection, use a
new flag SIGMATCH_SUPPORT_DIR so that DetectSetupDirection gets
called, before parsing the rest of the keyword.

Allows to support filesize keyword in transactional signatures
3 months ago
Jason Ish 14864d49ac examples/altemplate: remove rs_ naming 3 months ago
Jason Ish e8d7d3d83d scripts/setup-app-layer: fixes for name changes 3 months ago
Jason Ish bf427c69cd rust: remaining rs_ to SC conversions 3 months ago
Jason Ish d16c014641 rust/x509: replace rs_ naming with SC 3 months ago
Jason Ish afce53c8b7 rust/websocket: replace rs_ naming with SC 3 months ago
Jason Ish 7321d7c7db rust/applayertemplate: replace rs_ naming with SC 3 months ago
Jason Ish 2c98ee73ce rust/rfb: replace rs_ naming with SC 3 months ago
Jason Ish e74b4177ac rust/nfs: rust format 3 months ago
Jason Ish 8c1bd60ab1 rust/nfs: replace rs_ naming with SC 3 months ago
Jason Ish 01ce0f92e8 rust/modbus: replace rs_ naming to SC
This was missed in the previous round.
3 months ago
Victor Julien 2cbec43b98 mpm/ac-ks: allow cppcheck to inspect included file directly 3 months ago
Victor Julien a8b342a07b debug: suppress cppcheck warning
src/util-debug.c:1562:5: warning: Either the condition 'sc_lid!=NULL' is redundant or there is possible null pointer dereference: sc_lid. [nullPointerRedundantCheck]
    sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
    ^
src/util-debug.c:1569:16: note: Assuming that condition 'sc_lid!=NULL' is not redundant
    if (sc_lid != NULL)
               ^
src/util-debug.c:1562:5: note: Null pointer dereference
    sc_lid->global_log_level = MAX(sc_lid->global_log_level, max_level);
    ^
3 months ago
Victor Julien 223c568701 lua/flowvarlib: check malloc result
src/util-lua-flowvarlib.c:110:12: warning: If memory allocation fails, then there is a possible null pointer dereference: buf [nullPointerOutOfMemory]
    memcpy(buf, value, len);
           ^
src/util-lua-flowvarlib.c:109:28: note: Assuming allocation function fails
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:109:28: note: Assignment 'buf=malloc(len+1)', assigned value is 0
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:110:12: note: Null pointer dereference
    memcpy(buf, value, len);
           ^
src/util-lua-flowvarlib.c:111:5: warning: If memory allocation fails, then there is a possible null pointer dereference: buf [nullPointerOutOfMemory]
    buf[len] = '\0';
    ^
src/util-lua-flowvarlib.c:109:28: note: Assuming allocation function fails
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:109:28: note: Assignment 'buf=malloc(len+1)', assigned value is 0
    uint8_t *buf = SCMalloc(len + 1);
                           ^
src/util-lua-flowvarlib.c:111:5: note: Null pointer dereference
    buf[len] = '\0';
3 months ago
Jason Ish 4e2f1de308 rust/quic: replace rs_ naming with SC 3 months ago
Jason Ish bfa0acf278 rust/ike: replace rs_ naming with SC 3 months ago
Jason Ish 717e06e351 rust/http2: replace rs_ naming with SC 3 months ago
Jason Ish af15986d41 rust/modbus: replace rs_ naming with SC 3 months ago
Jason Ish c994cfb615 rust/sip: replace rs_ naming with SC 3 months ago
Jason Ish 9b830c92dc rust/tftp: replace rs_ naming with SC 3 months ago
Jason Ish aa24276999 rust/telnet: replace rs_ naming with SC 3 months ago
Jason Ish 1c580f9001 rust/detect: replace rs_ naming with SC 3 months ago
Jason Ish 713034d0dd rust/asn1: replace rs_ naming with SC naming 3 months ago
Jason Ish 90116827fe rust/krb: rust format 3 months ago
Jason Ish 8ba0a5c8ec rust/krb: remove rs_ prefix; visibility fixes
- remove pub/no_mangle where not needed
- replace rs_ naming with SC naming
3 months ago
Jason Ish 1f30746e07 rust/dns: rs_ prefix name cleanup 3 months ago