aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,769 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '474e0e3644'
${ noResults }
Commit Graph

12769 Commits (474e0e364471fed2b6765b2c105f143e8b1864ea)
 

Author SHA1 Message Date
Victor Julien 474e0e3644 sip: enable for 5061/udp 3 years ago
Victor Julien 1203750388 sip: add frames support 
Frames:
- sip.pdu
- sip.request_line
- sip.response_line
- sip.request_headers
- sip.response_headers
- sip.request_body
- sip.response_body

The `sip.pdu` frame is always created, the rest only if the record
parser succeeded.

Ticket: #5036.
 3 years ago
Victor Julien c96d22e8a1 frames: support UDP frames 
UDP frames point to the UDP packet payloads.

The frames are removed after each packet.

Ticket: #4983.
 3 years ago
Victor Julien 97ef60cd9b output/file: remove 'waldo' code 
It was no longer used after "file-store v1" was removed.
 3 years ago
Victor Julien f9c04992c3 file/store: warning grammer fixup 3 years ago
Victor Julien b06bd1a1fe htp: rearrange tx user data for more efficiency 3 years ago
Victor Julien 39b1f1aca6 output/lua: minor cleanups 3 years ago
Victor Julien e5fd0d4f76 output/streaming: use unique thread data name 3 years ago
Victor Julien b36683e04f output/stats: use unique thread data name 3 years ago
Victor Julien 008f4aee69 output/packet: use unique thread data name 3 years ago
Victor Julien dd1dc88c65 output/filedata: use unique thread data name 3 years ago
Victor Julien c7db9aa50d output/file: use unique thread data name 3 years ago
Victor Julien 45f13b3d01 output/tx: use unique thread data name 3 years ago
Victor Julien 0be99f3e35 output: minor header cleanups 3 years ago
Victor Julien 645a04c233 output: declare OutputLoggerThreadStore once 3 years ago
Victor Julien 0ccf5b9147 app-layer: fix error counter logic 3 years ago
Victor Julien b0cad24705 github: enable dependabot for Rust/cargo 3 years ago
Modupe Falodun cf5c58c075 detect-uricontent: convert unittests to FAIL/PASS APIs 3 years ago
Modupe Falodun dc8908b282 detect-uricontent: remove unittests 
These tests are reimplemented as Suricata-verify

Task: 4911
 3 years ago
Modupe Falodun 26c9e66586 detect-engine-enip: remove unittests 
These test is reimplemented in Suricata-Verify

Task: 4911
 3 years ago
Victor Julien 609a7eaab2 app-layer: error counters 
Per app-layer error counters for:
gap, parser, internal (AppLayerResult issues), alloc
 3 years ago
Victor Julien ae0b8d92da flow/manager: remove dead code 3 years ago
Victor Julien 5618886aa9 stream: remove unused defines 3 years ago
Victor Julien 811b2cd334 doc: refresh main README; more accurate CI description 3 years ago
Modupe Falodun d2dad66a2b detect-dce-opnum: remove unittests 
These tests are reimplemented in Suricata-Verify

Task: 4911
 3 years ago
Jason Ish b9a429e6ce devguide: move image generation into sphinx setup 
While ReadTheDocs can't execute arbitrary scripts, we can install
mscgen in the container that builds the docs (see .readthedocs.yaml).

Then instead of calling generate-images.sh from the Makefile, move this
into the setup function defined on conf.yaml, which will generate the
scripts as part of a normal Sphinx workflow.

This should give us an image generation solution that works on
ReadTheDocs, and locally within anyones build system provided they have
mscgen installed.
 3 years ago
Philippe Antoine 4247605d87 smtp: check if we have a current transaction 
Ticket: 4948

This is not the perfect solution, but it prevents to trigger
the assert, and keep the assert.
A better solution would need to create transaction from
the reponse parsing, in case a later command was buffered and
not answered. But this would not be enough as NoNewTx prevents
the creation of a new transaction for RSET...
 3 years ago
Philippe Antoine 11d3af551b doc: suricata.yaml fields about maximum transactions 
For HTTP2, MQTT and FTP.
 3 years ago
Philippe Antoine 2ef4172437 ftp: limits the number of active transactions per flow 
Ticket: 4530

As for HTTP2 and MQTT.
In FTP case, transactions are pipelined, not identified by an id.
So, there are less chances of DOS by quadratic complexity.
 3 years ago
Philippe Antoine e42094f238 mqtt: make max transactions configurable 
Allows users to find balance between completeness of decoding
and increases resource consumption, which can DOS suricata.
 3 years ago
Philippe Antoine 4f90d4254e http2: makes some settings configurable 
max-streams and max-table-size

Allows users to find balance between completeness of decoding
and increases resource consumption, which can DOS suricata.
 3 years ago
Philippe Antoine a8079dc978 mqtt: limits the number of active transactions per flow 
Ticket: 4530

So, that we do not get DOS by quadratic complexity, while
looking for a new pkt_id over the ever growing list
of active transactions
 3 years ago
Philippe Antoine 5475212f21 http2: limits the number of active transactions per flow 
Ticket: 4530

So, that we do not get DOS by quadratic complexity, while
looking for a new stream id over the ever growing list
of active streams
 3 years ago
Philippe Antoine b39554b11f fuzz: target for applayer cleans transactions 
Ticket: 4530

Otherwise, we timeout because we kept too many of them
as Suricata would not
 3 years ago
Aaron Bungay a5d3a1f92c src: use bool instead of int 3 years ago
Aaron Bungay 272786908c smtp/mime: configurable url scheme extraction 
Parse extract-url-schemes from the mime config.
e.g. 'extract-urls-schemes: [http, https, ftp, mailto]'
Update MimeDecConfig struct to new url extraction fields.
Change app-layer-smtp.c & util-decode-mime.c to initialize new struct
fields for MimeDecConfig.
Sets the default value for extract-url-schemes if not found in the
config to 'extract-urls-schemes: [http]' for backwards compatibility.

Uses the schemes defined in the mime config value for
extract-urls-schemes to search for URLS starting with those scheme
names followed by "://".
Logs the URLS with the scheme + '://' at the start if the
log-url-scheme is set in the mime config, otherwise the old behaviour
is reverted to and the urls are logged with the schemes stripped.

Removed unused constant URL_STR now that URLS are being searched for
using extract-urls-schemes mime config values instead of just URL's
starting with 'http://'.

Added commented out new options for extract-urls-schemes and
log-url-scheme to suricata.yaml.in.

Update FindUrlStrings comments.
Remove old outdated comments/commented code from FindUrlStrings.
Update test case for mime which now needs schemes list to be set.
Add Test Cases for FindUrlStrings() method.

Feature: #2054
 3 years ago
Victor Julien 6c240938b5 github-ci: replace failing CentOS 8 by AlmaLinux 8.4 3 years ago
Modupe Falodun b77d1d7d2e detect-flowbits: remove unittests 
These tests are reimplemented in Suricata-Verify

Task: 4911
 3 years ago
Philippe Antoine f0e869b26b mqtt: parse properties with the right buffer's length 3 years ago
Philippe Antoine df2cbd6517 http2: event for variable-length integer overflow 
http2_parse_var_uint can overflow the variable-length
integer it is decoding. In this case, it now returns an error
of kind LengthValue.

The new function http2_parse_headers_blocks, which factorizes
the code loop for headers, push promise, and continuation, will
check for this specific error, and instead of erroring itself,
will return the list of so far parsed headers, plus another one
with HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIntegerOverflow

This status is then checked by process_headers to create an
app-layer event.
 3 years ago
Philippe Antoine b86beb9b68 http2: check overflow before it happens 
instead of checking afterwards if value got smaller
 3 years ago
Jason Ish f8e143030c github-ci: update commit and formatting containers 
Update the Ubuntu containers for the commit and formatting checks to
Ubuntu 20.04.

The latest version of the checkout action requires git v2.18 in order to
checkout the code as a git repo, which is required for these workflows.

With older versions of git the action will download the code as a
tarball and lack the .git directory.
 3 years ago
Jason Ish 234a44bf85 github-ci: pin actions to specific versions 
Resolve the GitHub scanning pinned-dependencies for most of our GitHub
actions.  The oss-fuzz actions have not been updated.
 3 years ago
Philippe Antoine 1e1a4ab1c4 detect: logs an error if a protocol is disabled 
So that the user knows that the rule cannot match
 3 years ago
Philippe Antoine bf30eb344a detect: checking validity of rules with http protocol 
We want to check that a rule beginning with alert http
can be valid, that is if either HTTP1 or HTTP2 is enabled.
So, AppLayerProtoDetectGetProtoName will do a more complex
check for this ALPROTO_HTTP (any).
 3 years ago
Jeff Lucovsky b53fced452 general: Fix typo 3 years ago
Jeff Lucovsky be2155b4ed config/ref: Raise errors for ref.config parsing 
This commit raises an error in configuration test mode if there was an
error parsing reference.config.

Issue: 4659
 3 years ago
Modupe Falodun 8d615842f9 detect/bypass: remove unittest 
This test is reimplemented in Suricata-Verify

Task: 4911
 3 years ago
Victor Julien 7b152d0021 github-ci: update codecov 
Update to v2 API.
Pin the version as suggested by Scorecard.
No longer fail on error. This was not found to be very actionable.
 3 years ago
Jason Ish ee933794aa github-ci: set workflow permissions to read-all 3 years ago