aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,172 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10ef4e832f'
${ noResults }
Commit Graph

16172 Commits (10ef4e832f13ee383c077f0c1b081e1cd27e6f95)
 

Author SHA1 Message Date
Philippe Antoine fd262df457 http: fix nul deref on memcap reached 
HttpRangeOpenFileAux may return NULL in different cases, including
when memcap is reached.
But is only caller did not check it before calling HttpRangeAppendData
which would dereference the NULL value.

Ticket: 7029
 9 months ago
Shivani Bhardwaj f073cf2350 eve/schema: add tls.subjectaltname fields 
Feature 5234
 9 months ago
Shivani Bhardwaj 232c44eb4a output/json: log tls subjectaltname 
Feature 5234
 9 months ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 9 months ago
Shivani Bhardwaj 83af42cc03 detect/tls-subjectaltname: add sticky buffer 
Add TLS SubjectAltName sticky buffer. It is implemented as multi-buffer.

Feature 5234
 9 months ago
Shivani Bhardwaj 3a1c12414a tls: store list of subject alternative names 
So far, the SANs were available as a part of IssuerDN via x509_parser
crate but SANs were not available to the SSLState* to be directly used
to setup and match against a sticky buffer.
Expose it to SSLStateConnp.

Feature 5234
 9 months ago
Jason Ish 8560564657 rust: rename .cargo/config to .cargo/config.toml 
Addresses this warning from the Rust compiler:

warning: `../rust/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
 10 months ago
Jason Ish 6d2d8c26d3 detect-lua: small cleanups 
- remove unused headers
- cleanup/rename flags
 10 months ago
Jason Ish 224f55ba21 detect/lua: don't treat a crashed script as no match 
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.

Instead cleanup and exit early if the rule script crashed and don't
run negation logic.

A stat, detect.lua.errors has been added to count how many times a
script crashes.

Also consolidates the running of the Lua script and return value
handling to a common function.

Bug: #6940
 10 months ago
Philippe Antoine f2c39fc87b ftp: protocol detection avoiding FP on POP3 10 months ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 10 months ago
Philippe Antoine ed895c04ff smtp: exit data mode if data command was rejected 
And the server was advertising pipelining.

Ticket: 6906
 10 months ago
Philippe Antoine dfdf2e2d1a detect: checks for space in http.protcol keyword 10 months ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 10 months ago
Giuseppe Longo b728916ca6 decode/gre: decode arp packets 10 months ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 10 months ago
Giuseppe Longo 01586d884d output-json/arp: implement logger 
This adds a logger for ARP, disabled by default.

Ticket #6827
 10 months ago
Giuseppe Longo a1c6328156 output/json: check 5-tuple values prior to logging 
This commit enhances the JSON output by introducing a feature for conditional port logging.
Now, port logging is dependent on the underlying protocol
(such as TCP, UDP, or SCTP), where port information is pertinent, while it
avoids unnecessary logging for protocols where a port is not utilized (e.g. ARP).

Furthermore, this update ensures that IP addresses and the protocol have
meaningful values set, rather than being logged as empty strings.

These changes will make each log entry more precise, eliminating cases where
5-tuple fields are empty or set to zero, indicating the absence of a field.
 10 months ago
Giuseppe Longo 987a27923d output/json: make JSONFormatAndAddMACAddr public 
This change exposes 'JSONFormatAndAddMACAddr' as a public function,
allowing it to be reused across modules, such as the ARP logger, for logging
MAC addresses extracted from ARP packets.
 10 months ago
Giuseppe Longo 5219a5da5f decode/arp: implement decoder 
This adds a decoder for ARP.

Ticket #6827
 10 months ago
Shivani Bhardwaj 12d027f6a2 base64: re-add the check for destination space 
Cover all the calls to DecodeBase64Block with the check for enough
space. Found by the recently introduced fuzz target.

Bug 7028

Fixes: c0bc43c393 ("util/base64: use decoder fns per RFC")
 10 months ago
Victor Julien d401082bba github-actions: set bpf to icmp for af-packet 10 months ago
Victor Julien 1240bdd914 github-actions: add pcap live test script and jobs 
Asan and coverage jobs.
 10 months ago
Victor Julien 27b6a31a0c github-actions: unix pcap coverage run 
To increase code coverage.
 10 months ago
Victor Julien ea95aac022 github-actions: add unix socket runmode script and job 
Runs with ASAN.
 10 months ago
Victor Julien 40b87bfd04 github-actions: add ASAN enabled Ubuntu 24.04 build of live tests 10 months ago
Philippe Antoine fcdd7f000a detect: add options to app-layer-protocol keyword 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
 10 months ago
Philippe Antoine 3b5f1173ab Revert "rust: temporary: disable debug assertions" 
This reverts commit 14ab9aa763.
 10 months ago
Philippe Antoine 37a9003736 rust/probing: safety check for null input 
Ticket: 7013

Done consistently for all protocols

This may change some protocols behaviors which failed early
if they found there was not enough data...
 10 months ago
Philippe Antoine 5dc8dea869 rust: return empty slice without using from_raw_parts 
As this triggers rustc 1.78
unsafe precondition(s) violated: slice::from_raw_parts requires
the pointer to be aligned and non-null,
and the total size of the slice not to exceed `isize::MAX`

Ticket: 7013
 10 months ago
Philippe Antoine edd5507ea4 tests: do not bother to free a null pointer 
Ticket: #7013
 10 months ago
Victor Julien 4c33e64d56 github-actions: make sure unix socket is created in dpdk tests 10 months ago
Victor Julien 8e320449f6 github-actions: expand af-packet live test with more unix commands 10 months ago
Victor Julien d02c57bd1f hostbits: release use_cnt for unix (add|remove)-hostbit 
Commands would leave use_cnt incremented, never decrementing them. This
would lead to a asserting triggering at shutdown.

Bug: #7020.
 10 months ago
Victor Julien bc2dfe4c17 device: don't crash on unix command 'iface-bypassed-stat' 
In the default config iface bypass support is not enabled,
and storage API not initialized for it. Using it will lead to a crash.

This commit first checks if the device storage API is initialized.

Bug: #7022.
 10 months ago
Philippe Antoine 806052d762 websocket: fix opcodes values for ping/pong 
And also set close

Ticket: 7025
 10 months ago
Philippe Antoine 8b103ae755 dns: set tx id for frames 10 months ago
Philippe Antoine 715bf048ee frames: rust API makes tx_id explicit 
And set it right for SIP and websocket,
so that relevant tx app-layer metadata gets logged.

Ticket: 6973
 10 months ago
Philippe Antoine 9e01956e77 detect: log relevant frames app-layer metadata 
Ticket: 6973

Completes commit 2b4e10224e
 10 months ago
Shivani Bhardwaj 2e6777c8e3 fuzz: add target for DecodeBase64 
Task 6050
 10 months ago
Shivani Bhardwaj 6d92596548 doc: add note about fast_pattern w base64_data 
Bug 5220
 10 months ago
Shivani Bhardwaj 363050616a base64_data: reject fast_pattern use 
If a rule has fast_pattern on base64_data, it is anyway not applied, so,
consider any such rules invalid.

Bug 5220
 10 months ago
Jeff Lucovsky cb56752bf7 config/ja3: Eliminate warnings when JA3 is disabled 
This commit eliminates warnings when either ja3, ja4 or both are
disabled.
 10 months ago
Jason Ish 14ab9aa763 rust: temporary: disable debug assertions 10 months ago
Jason Ish f7eb94a6c0 github: update pull request template 
Update the pull request template to suggest providing a link to the
SV/LIBHTP pull request as this aides in cross linking.

Also change the way to provide the link to the Redmine ticket, as it
often results in linking to our Redmine, and add a checkbox for the
creation of a ticket.
 10 months ago
Jason Ish cec1c9d853 bundle.sh: accept more forms of a branch name 
For GitHub, add the following branch name formats:
- https://github.com/OISF/libhtp/pull/123
- OISF/libhtp#123
 10 months ago
jason taylor abb74245cc doc: update normalization notes 
Ticket: #6781

Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
jason taylor 5dacf4d92b doc: add http.connection ref and fix location 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 10 months ago
Shivani Bhardwaj 329ac61961 eve/stats: add description for ips 
Ticket 6434
 10 months ago
Shivani Bhardwaj 861ffff972 eve/stats: add description for transactions 
Ticket 6434
 10 months ago