aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,436 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '69ed6f253f'
${ noResults }
Commit Graph

11436 Commits (69ed6f253f793bf3a483fa717e289b5084b77665)
 

Author SHA1 Message Date
Jeff Lucovsky ec07f58705 doc: update file-store stream depth description 5 years ago
Jeff Lucovsky 2f32d7f831 filestore: Use proper string in error case 
When make-open-files has an invalid value, the incorrect value was being
displayed improperly
 5 years ago
Jeff Lucovsky 823f6b35d0 filestore: Validate stream-depth when non-zero 
Make sure that configured non-zero values for stream-depth are
greater than stream_config.depth
 5 years ago
Jeff Lucovsky 6bb89c37f1 output/json: Correct clang warning 
This commit corrects the warning for mismatched type.
 5 years ago
Jeff Lucovsky b2c1dab2da output/alert: Correct FORWARD_NULL Coverity issue. 
This commit corrects the FORWARD_NULL issue in AlertJson by
null-checking p->flow
 5 years ago
Jeff Lucovsky bd22e0d7a4 output/ftp: Correct Coverity DEADCODE issue 
This commit corrects the deadcode (CID 1465224) issue in
EveFTPLogCommand.
 5 years ago
Jeff Lucovsky ac70d925f5 filestore: Correct Coverity RESOURCE_LEAK issue 
This commit corrects the RESOURCE_LEAK issue (CID 1465222) of the `FILE`
pointer.
 5 years ago
Jeff Lucovsky 2d055ed1f7 detect: Correct Coverity REVERSE_INULL issue 
This commit corrects the "Null pointer dereferences" issue (CID
1465221).
 5 years ago
Shivani Bhardwaj db75675f45 qa: add atoi to list of banned functions 5 years ago
Shivani Bhardwaj d27b407bc3 pfring: fix StringParse* warnings 
Closes redmine ticket 3808.
 5 years ago
Shivani Bhardwaj 7cbb8c44c5 ttl: Make IPV4 TTL uint_8t 5 years ago
Shivani Bhardwaj 4ed72addf3 src: remove multiple uses of atoi 
atoi() and related functions lack a mechanism for reporting errors for
invalid values. Replace them with calls to the appropriate
ByteExtractString* functions.

Partially closes redmine ticket 3053.
 5 years ago
Emmanuel Thompson 6e5d64f102 detect/asn1: Simplify errors and checks 5 years ago
Emmanuel Thompson 4fc45b5c60 detect/asn1: Update ASN1 struct lifetime 
- 'static is only realistic when allocating and leaking it over the
FFI boundary
 5 years ago
Emmanuel Thompson 627e90a4bd detect/asn1: Log out errors 
- Failure to parse asn1-max-frames
- Failure on asn1 detection checks
 5 years ago
Emmanuel Thompson 88601b1993 detect/asn1: Update relative_offset keyword 
- To be consistent with recent C version changes
- Add checks for over/underflows
 5 years ago
Emmanuel Thompson 275f6ae96f detect/asn1: Remove asn1 C parser 
- In favor of rust parser
 5 years ago
Emmanuel Thompson 7af6cdb7ec detect/asn1: Update asn1 C files to use rust code 
Mark rust extern "C" functions as pub in asn1 module to expose via cbindgen
Update detect-asn1.c/h to use rust functions
 5 years ago
Emmanuel Thompson 63704fdf13 rust/asn1: Introduce ASN1 rust module 
This module uses the `der-parser` crate to parse ASN1 objects in order to replace src/util-decode-asn1.c
It also handles the parsing of the asn1 keyword rules and detection checks performed in src/detect-asn1.c
 5 years ago
Emmanuel Thompson 6b8517dc12 rust: Update der, kerberos and snmp parser dependencies 
- The update to der-parser allows us to use the latest API changes
 5 years ago
Jeff Lucovsky dfcc8a88f6 util/proto: Convert validation routine to bool 
This commit changes the signature of the protocol validation code to
bool and simplifies the validation steps.
 5 years ago
Jeff Lucovsky 1e8d4af29a output/json: Improve protocol output handling 
Improve protocol label handling by eliminating an unneeded copy.

Additionally, unknown protocol values are no longer zero-padded.
 5 years ago
Jeff Lucovsky a06a706078 output/flow: Improve protocol output handling 
This commit improves handling of the protocol label by removing an
unnecessary copy.

Additionally, unknown protocol values are no longer zero-padded.
 5 years ago
Jeff Lucovsky 5776a98f67 log/syslog: Improve protocol output handling 
Move protocol handling outside of the packet alert loop.
 5 years ago
Jeff Lucovsky 0a1c36759a log: Use updated SCProtoNameValid signature 5 years ago
Jeff Lucovsky a843b36c97 output/lua: Remove unused proto code 
This commit removes unused protocol string handling logic.
 5 years ago
Jason Ish 43b9bfaed4 applayer template (rust): convert to JsonBuilder 5 years ago
Jason Ish d71fc50212 applayer template (C): convert to JsonBuilder 5 years ago
Shivani Bhardwaj 0ebeaf4fe4 modbus: align comments properly 5 years ago
Shivani Bhardwaj d5a672fbcf modbus: make subfunction uint16_t 5 years ago
Shivani Bhardwaj dfd872c1a7 enip: remove unnecessarry definition 5 years ago
Shivani Bhardwaj 0dac699197 src: remove multiple uses of atoi 
atoi() and related functions lack a mechanism for reporting errors for
invalid values. Replace them with calls to the appropriate
ByteExtractString* functions.

Closes redmine ticket 3053.
 5 years ago
Victor Julien a98a209732 fuzz/sigpcap: make sure hassh is enabled 5 years ago
Vadym Malakhatko a80f705d4b userguide: add documentation for Hassh usage 
1. Rules keywords
2. Json keywords
3. Usage in lua
4. Enabling in configuration file
 5 years ago
Vadym Malakhatko 8a8212d0f6 lua: add functions to get hassh parameters 5 years ago
Vadym Malakhatko 126597144c eve: add Hassh fields to SSH JSON logger and add ssh log condition 5 years ago
Vadym Malakhatko 216a75c522 detect: add (mpm) hassh keywords 
Match on Hassh using ssh.hassh, ssh.hassh.server, ssh.hassh.string, ssh.hassh.server.string keywords, e.g:

alert ssh any any -> any any (msg:"match SSH hash"; ssh.hassh; content:"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; sid:1000010;)
alert ssh any any -> any any (msg:"match SSH hash-server"; ssh.hassh.server; content:"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; sid:1000020;)
alert ssh any any -> any any (msg:"match SSH hash-string"; ssh.hassh.string; content:"none,zlib@openssh.com,zlib"; sid:1000030;)
alert ssh any any -> any any (msg:"match SSH hash-server-string"; ssh.hassh.server.string; content:"umac-64-etm@openssh.com,umac-128-etm@openssh.com,"; sid:1000040;)
 5 years ago
Vadym Malakhatko 536cee3ba9 rust/ssh: add hassh generation 
Add generation of hassh fingerprints based on fields in the kexinit record
 5 years ago
Jeff Lucovsky f7a47a4477 detect/bsize: Use U16 bit macros 
This commit changes the flag bit values to be expressed using the
BIT_U16 macro instead with hex values.
 5 years ago
Jeff Lucovsky 39105917ce detect/bsize: Use SCLogDebug instead of printf 
This commit updates debug "printf" message to use SCLogDebug
 5 years ago
Jeff Lucovsky 620659b5f3 detect: Increase flag size for byte_jump 5 years ago
Jeff Lucovsky 23a65b5824 general: Fix typo in detect-bytejump.c 5 years ago
Jeff Lucovsky 0701d82890 detect/bytejump: Add "from_end" support 
This commit adds support for the byte jump "from_end" keyword and
unittests.
 5 years ago
Jeff Lucovsky d5bb41011c output/ikev2: Convert to JsonBuilder 
Convert the IKEV2 Json logging to use JsonBuilder.
 5 years ago
Philippe Antoine 1e8ac7dadb dnp3: adds unit test against previous bug 5 years ago
Philippe Antoine d465bb8686 dnp3: fix buffer over read in responses parsing 5 years ago
Philippe Antoine 629a16e373 dnp3: probing parser fixes direction based on dnp3 header 5 years ago
Philippe Antoine a90b1c1bcb fuzz: disable DNP3 checksums while fuzzing 5 years ago
Philippe Antoine 00509da286 fuzz: improves fuzz target applayerparserparse 
Does not proceed final chunk if we got an error previously
Flips the direction for last chunk as usual
 5 years ago
Victor Julien b440d0b13e flow: use stream state to string util func 5 years ago