suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	5bd17934df	http2: do not expand duplicate headers Ticket: 7104 As this can cause a big mamory allocation due to the quadratic nature of the HPACK compression.	8 months ago
Philippe Antoine	37509e8e0e	modbus: abort flow parsing on flood Ticket: 6987 Let's not spend more resources for a flow which is trying to make us do it...	8 months ago
Jeff Lucovsky	5b97f4040c	detect/base64: Use Rust defined modes everywhere Issue: 6487 To avoid ambiguity, a single definition for base 64 decoding modes will be used. The Rust base64 transform contains the definitions for the existing mode types: Strict, RFC2045, RFC4648	8 months ago
Jeff Lucovsky	1823681709	detect/transform: from_base64 option parsing Issue: 6487 Implement from_base64 option parsing in Rust. The Rust module also contains unit tests.	8 months ago
Jeff Lucovsky	ab0cb960a1	detect/parser: Refactor utility routines Refactor utility functions/definitions from the byte_math module into the parser module. This includes parse_var and ResultValue Issue: 6487	8 months ago
Philippe Antoine	5f35035928	filestore: do not try to store a file set to nostore Ticket: 6390 This can happen with keyword filestore:both,flow If one direction does not have a signature group with a filestore, the file is set to nostore on opening, until a signature in the other direction tries to set it to store. Subsequent files will be stored in both directions as flow flags are now set.	8 months ago
Philippe Antoine	5bb5b4f46f	rust: remove unnecessary nested unsafe	9 months ago
Philippe Antoine	4ccbcc4684	sip: use right slice to take line from We iterate over input, but we are now at start. Avois quadratic complexity turning to OOM. Ticket: 7093	9 months ago
Jason Ish	49ecf37126	rust/ike: prefix never read field names with _ New warning from rustc. The other option is to allow dead code, however this is more explicit, and when they are read, its obvious they should be renamed.	9 months ago
Jason Ish	29d7ff026a	rust: simply matches with unwrap_or_default New default clippy warning: https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default	9 months ago
Jason Ish	ee2175cdb6	rust: fix clippy lint for legacy_numeric_constants https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants	9 months ago
Jason Ish	a1bb62c059	cargo: use default-features instead of default_features "default_features" is being deprecated in Rust 2024.	9 months ago
Philippe Antoine	4fe3f04fa3	detect/enip: move keywords to rust Ticket: 4863	9 months ago
Philippe Antoine	ce1eea4ad6	detect/websocket: move keywords to rust Ticket: 4863	9 months ago
Philippe Antoine	16952d67e7	detect/dhcp: move keywords to rust Ticket: 4863	9 months ago
Philippe Antoine	ae72376ebe	detect/snmp: move keywords to rust Ticket: 4863 On the way, convert unit test DetectSNMPCommunityTest to a SV test. And also, make snmp.pdu_type use a generic uint32 for detection, allowing operators, instead of just equality.	9 months ago
Philippe Antoine	4bbe7d92dc	detect: helper to have pure rust keywords detect: make number of keywords dynamic Ticket: 4683	9 months ago
Philippe Antoine	08c511f1bf	enip: remove unnecessary unsafe As the function SCEnipRegisterParsers is already marked as unsafe	9 months ago
Victor Julien	37be66eef9	detect/iprep: update function naming Bring in line with new Rust code naming for FFI functions.	9 months ago
Victor Julien	83976a4cd4	detect/iprep: implement isset and isnotset Implement special "isset" and "isnotset" modes. "isset" matches if an IP address is part of an iprep category with any value. It is internally implemented as ">=,0", which should always be true if there is a value to evaluate, as valid reputation values are 0-127. "isnotset" matches if an IP address is not part of an iprep category. Internally it is implemented outside the uint support. Ticket: #6857.	9 months ago
Victor Julien	539ab3a404	detect/iprep: update keyword parser for extendibility	9 months ago
Jason Ish	f0dbfe863d	misc: prefix functions with SC not Sc	9 months ago
Philippe Antoine	d9d5170ec0	websocket: add data frame Ticket: 7051	9 months ago
Juliana Fajardini	bb45ac71ef	dns: allow triggering raw stream reassembly For TCP streams, app proto stream reassembly can start earlier, instead of waiting and queueing up data before doing so. Task #7018 Related to Bug #7004	9 months ago
Philippe Antoine	82c03f72c3	enip: convert to rust Ticket: 3958 - transactions are now bidirectional - there is a logger - gap support is improved with probing for resync - frames support - app-layer events - enip_command keyword accepts now string enumeration as values. - add enip.status keyword - add keywords : enip.product_name, enip.protocol_version, enip.revision, enip.identity_status, enip.state, enip.serial, enip.product_code, enip.device_type, enip.vendor_id, enip.capabilities, enip.cip_attribute, enip.cip_class, enip.cip_instance, enip.cip_status, enip.cip_extendedstatus	9 months ago
Philippe Antoine	0d267e29a5	files: remove the need for state in callbacks As files now belong to transactions	9 months ago
Philippe Antoine	5167ff6411	smtp/mime: look for urls in base64 message Ticket: 5185 Previously, it was looked for message in plain text, and base64 encoding was only handled for attachments. This commit also fixes the buffering got such base64 data streamed into urls finding, by buffering a beginning non-empty line, and by ensuring that we run extraction on the last line, even if it had no EOL.	9 months ago
Juliana Fajardini	0946c213cd	pgsql: trigger raw stream reassembly Expose the raw stream earlier to the detection engine, as Pgsql can have multiple messages per transaction and usually will have a message complete within one TCP packet. Bug #7000 Related to Bug #7026	9 months ago
Juliana Fajardini	69e26de197	pgsql/logger: open json object from logger function Before, the JsonBuilder object for the pgsql event was being created from the C-side function that actually called the Rust logger. This resulted that if another module - such as the Json Alert called the PGSQL logger, we wouldn't have the `pgsql` key present in the log output - only its inner fields. Bug #6983	9 months ago
Philippe Antoine	7fb10676e7	dns: remove unneeded mut in logger	9 months ago
Philippe Antoine	a10c1f1dde	smtp: use rust for mime parsing Ticket: #3487	9 months ago
Philippe Antoine	5f75b9a6e3	http: use rust for mime parsing Ticket: #3487	9 months ago
Philippe Antoine	5555aa6788	mime: improved token parsing Accepts escaped quote in escaped string	9 months ago
Jason Ish	936930778c	rust/Makefile: cleanup "clean" targets Remove maintainer-clean-local, this is not needed. In distclean-local, remove "rust/dist" and "rust/vendor" as they are created during "make dist". In "clean-local", remove "rust/target" and "rust/gen" as they are created during a normal "make".	9 months ago
Jason Ish	2e440169d6	lua: remove lua as a compile time feature Its always built-in. However, can be disabled at runtime.	9 months ago
Jason Ish	1fd2c1a379	rust/lua: remove lua_int8 feature Now that we're fixed to Lua 5.4, the integer size is always 8.	9 months ago
Jason Ish	bc011f2205	lua: use rust crate to vendor (bundle) lua Remove lua-dev(el) from all CI tests.	9 months ago
Shivani Bhardwaj	3a1c12414a	tls: store list of subject alternative names So far, the SANs were available as a part of IssuerDN via x509_parser crate but SANs were not available to the SSLState* to be directly used to setup and match against a sticky buffer. Expose it to SSLStateConnp. Feature 5234	9 months ago
Jason Ish	8560564657	rust: rename .cargo/config to .cargo/config.toml Addresses this warning from the Rust compiler: warning: `../rust/.cargo/config` is deprecated in favor of `config.toml` note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`	10 months ago
Philippe Antoine	3b5f1173ab	Revert "rust: temporary: disable debug assertions" This reverts commit `14ab9aa763`.	10 months ago
Philippe Antoine	37a9003736	rust/probing: safety check for null input Ticket: 7013 Done consistently for all protocols This may change some protocols behaviors which failed early if they found there was not enough data...	10 months ago
Philippe Antoine	5dc8dea869	rust: return empty slice without using from_raw_parts As this triggers rustc 1.78 unsafe precondition(s) violated: slice::from_raw_parts requires the pointer to be aligned and non-null, and the total size of the slice not to exceed `isize::MAX` Ticket: 7013	10 months ago
Philippe Antoine	806052d762	websocket: fix opcodes values for ping/pong And also set close Ticket: 7025	10 months ago
Philippe Antoine	8b103ae755	dns: set tx id for frames	10 months ago
Philippe Antoine	715bf048ee	frames: rust API makes tx_id explicit And set it right for SIP and websocket, so that relevant tx app-layer metadata gets logged. Ticket: 6973	10 months ago
Jeff Lucovsky	cb56752bf7	config/ja3: Eliminate warnings when JA3 is disabled This commit eliminates warnings when either ja3, ja4 or both are disabled.	10 months ago
Jason Ish	14ab9aa763	rust: temporary: disable debug assertions	10 months ago
Philippe Antoine	c53e9ac0dd	sdp: fix logging medias As introduced by `bff790b6ac` Also handles errors in the caller Ticket: 6994	10 months ago
Jason Ish	df8568ee30	rust/dns: visibility cleanups Remove pub from functions that don't require it.	10 months ago
Jason Ish	556cfe56bf	rust/dns: ffi naming and visibility cleanups - Remove no_mangle and pub from FFI functions that are only accessed with a function pointer. - Rename all no_mangle FFI functions to our C naming scheme.	10 months ago

1 2 3 4 5 ...

1439 Commits (405491c3fcdd8c30cdd66e3ef922f0b8a8717a9e)