aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,132 Commits
8 Branches
165 Tags
216 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3bba671273'
${ noResults }
Commit Graph

60 Commits (3bba671273dfadb82e8497c219ebdb8b4ed55adb)

Author SHA1 Message Date
Victor Julien 26bcc97515 detect/keywords: dynamic version part of doc URL 6 years ago
Jeff Lucovsky d3a65fe156 detect: Provide `de_ctx` to free functions 
This commit makes sure that the `DetectEngineCtx *` is available
to each detector's "free" function.
 6 years ago
Jeff Lucovsky 7f6af10fed general: copyright bump 6 years ago
Jeff Lucovsky 4b0085b03c detect: Update to take advantage of PCRE refactor 
This commit changes the keyword detectors to use the refactored PCRE
modifications from detect-parse.[ch]
 6 years ago
Shivani Bhardwaj d801c3e588 detect: Make keyword description consistent 
Closes redmine ticket #3137.
 6 years ago
Shivani Bhardwaj b5b429c288 detect: Add missing keyword URLs and description 
Add missing keyword URLs and their description. Fix the ones that
were incorrect.

Partially closes redmine ticket #2974.
 6 years ago
Victor Julien 579cc9f02b const: constify decoder, app-layer, detect funcs 6 years ago
Shivani Bhardwaj 85b56b633e detect: Improve rule keyword alproto registration 
1. Set WARN_UNUSED macro on DetectSignatureSetAppProto.
2. Replace all direct 'sets' of Signature::alproto from keyword registration.

Closes redmine ticket #3006.
 6 years ago
Victor Julien 5703ce371e detect/byteextract: suppress runtime error messages 7 years ago
Victor Julien 0de86211c6 detect: register dynamic buffers into de_ctx 
Register buffers that are created during rule parsing. Currently
this means an existing buffer with one or more transformations.
 8 years ago
Victor Julien 862780c7c3 detect: add debug statements for byte_extract/isdataat 8 years ago
Victor Julien ab1200fbd7 compiler: more strict compiler warnings 
Set flags by default:

    -Wmissing-prototypes
    -Wmissing-declarations
    -Wstrict-prototypes
    -Wwrite-strings
    -Wcast-align
    -Wbad-function-cast
    -Wformat-security
    -Wno-format-nonliteral
    -Wmissing-format-attribute
    -funsigned-char

Fix minor compiler warnings for these new flags on gcc and clang.
 9 years ago
Victor Julien 7eda6beade detect: don't rescan when just distance is used 
Content inspection optimization: when just distance is used without
within we don't need to search recursively.

E.g. content:"a"; content:"b"; distance:1; will scan the buffer for
'a' and when it finds 'a' it will scan the remainder for 'b'. Until
now, the failure to find 'b' would lead to looking for the next 'a'
and then for 'b' after that. However, we already inspected the
entire buffer for 'b', so we know this will fail.
 9 years ago
Victor Julien cc4010343d detect: add and use util func for alproto sets 9 years ago
Victor Julien dfac5276b8 detect: remove unused SIGMATCH_PAYLOAD flag 9 years ago
Victor Julien 775e182531 detect: remove AppLayerMatch API call 9 years ago
Victor Julien 6346a074a7 http_uri: dynamic buffer 
Clean up tests
 9 years ago
Victor Julien 6bd37611ee file_data: dynamic buffer 9 years ago
Victor Julien 779d40cedf detect: remove hardcoded sm_list logic from setup 
Introduce utility functions to aid this.
 9 years ago
Victor Julien f370e88135 detect: move init only Signature members to init_data 9 years ago
Victor Julien 8edc954e82 detect: get rid of Signature::sm_lists 
Instead use the lists in init_data during setup and the SigMatchData
arrays during runtime.
 9 years ago
Victor Julien bd456076a8 detect: pass SigMatchData to inspect functions 9 years ago
Victor Julien 39613778cd detect: make setup/free/match funcs static where possible 9 years ago
Victor Julien bfd4bc8233 detect: constify Signature/SigMatch use at runtime 9 years ago
Victor Julien e67ae0f174 detect keywords: use parse regex util func 10 years ago
Jason Ish 796dd5223b tests: no longer necessary to provide successful return code 
1 pass, 0 is fail.
 10 years ago
Jason Ish 06dcaec335 byte-extract: for string, default to base "dec" if not provided 
For Snort compatibility, as Snort defaults to "dec" if not provided.

Fixed issue 1697:
https://redmine.openinfosecfoundation.org/issues/1697
 10 years ago
Giuseppe Longo 41a1a9f4af find and replace HSBDMATCH by FILEDATA 
This commit do a find and replace of the following:

- DETECT_SM_LIST_HSBDMATCH by DETECT_SM_LIST_FILEDATA
  sed -i 's/DETECT_SM_LIST_HSBDMATCH/DETECT_SM_LIST_FILEDATA/g' src/*

- HSBD by FILEDATA:
  sed -i 's/HSBDMATCH/FILEDATA/g' src/*
 11 years ago
Jason Ish a18e2ef402 Bug 1230: Check all SigMatch lists for a named byte_extract variable. 11 years ago
Victor Julien 1de9256b18 byte-extract: switch to pcre_copy_substring 
Fixes memory leaks (str_ptr was never freed).
Fixes cppcheck warning:
    [src/detect-byte-extract.c:268]: (error) Uninitialized variable: str_ptr

Bug #1046.
 12 years ago
Victor Julien 684d787567 Coverity fix 
Coverity 992695, fix potential array index with negative int. Very unlikely
case at rule keyword parsing stage.
 12 years ago
Victor Julien 3fa958b9a7 byte_extract/test/jump: fix coverity issues 
During keyword setup there was a path that in theory could lead to
indexing an array with a negative int.

Coverity 992695, 400605, 400604
 12 years ago
Anoop Saldanha b1dffdfbe0 Add app layer protocol packet event detection support. 12 years ago
Victor Julien 7292998a58 Content: set up sticky buffers like file_data and dce_stub_data w/o flags, but with a list variable 13 years ago
Anoop Saldanha c3d98f9640 Fix the bug specified in the previous commit. 
Bug emanates from byte_test, byte_jump and byte_extract keyword being
unable to handle negative offsets when the inspection pointer is at the
end of the buffer.
 13 years ago
Anoop Saldanha 0b5d277254 code cleanup for all content based keywords. 13 years ago
Anoop Saldanha 51dcf19817 turn dce_stub_data into a sticky buffer. 13 years ago
Anoop Saldanha a308d718ae Allow the use of relative without the presence of a related previous keyword. 13 years ago
Last G 8ae11f73b2 Added parentheses to fix Eclipse static code analysis 
Fixed bug in action priority (REJECT_DST had lowest prio)
 13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment. 
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
 13 years ago
Anoop Saldanha 5878d83174 byte_extract_id var now a non-global de_ctx specific var 14 years ago
Anoop Saldanha bff2866aed more coverity fixes 14 years ago
Anoop Saldanha 37f66e5f46 update handling negative offsets in byte_extract. Also improve validation in byte_extract to not extract values out of the buffer range 14 years ago
Victor Julien d72b82fae0 Misc fixes. 14 years ago
Eileen Donlon 9b2bd9280a fix invalid unittests with mixed content modifiers 
Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers.
 14 years ago
Anoop Saldanha 1acb7cdc7d All http_server_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_SERVER_BODY 14 years ago
Anoop Saldanha 4810ee9c5f All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns 14 years ago
Anoop Saldanha ac68c3f893 code cleanup - replace SigMatchAppendDcePayload with SigMatchAppendSMToList 14 years ago
Anoop Saldanha 6cab663bf0 code cleanup - replace SigMatchAppendPayload with SigMatchAppendSMToList 14 years ago
Anoop Saldanha c4cb37b8da code cleanup - replace SigMatchAppendUricontent with SigMatchAppendSMToList 14 years ago