aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,936 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '765b05f139'
${ noResults }
Commit Graph

14936 Commits (765b05f1391a68b0be7a530542f953e52757e7b3)
 

Author SHA1 Message Date
Shivani Bhardwaj c2ae87eecf util/base64: update test macro to use user data 2 years ago
Shivani Bhardwaj 62d782156c util/base64: check dest buf size to hold 3Bytes 
The destination buffer should be able to hold at least 3 Bytes during
the processing of the last block of data. If it cannot hold at least 3
Bytes, then that may lead to dynamic buffer overflow while decoding.
 2 years ago
Shivani Bhardwaj 0e8b451699 util/base64: check for dest buf size in last block 
Just like the check for destination buffer size done previously for
complete data, it should also be done for the trailing data to avoid
goind out of bounds.
 2 years ago
Shivani Bhardwaj 095c335c72 util/base64: fix padding bytes for trailing data 
Padding bytes for the last remainder data should be as follows:

Case   |    Remainder bytes     |    Padding
----------------------------------------------
  I    |              1         |      3
  II   |              2         |      2
  III  |              3         |      1

However, we calculate the decoded_bytes with the formula:
decoded_bytes = ASCII_BLOCK - padding

this means for Case I when padding is 3 bytes, the decoded_bytes would
be 0. This is incorrect for any trailing data. In any of the above
cases, if the parsing was successful, there should at least be 1 decoded
byte.
 2 years ago
Shivani Bhardwaj e46b0337e5 util/base64: skip any invalid char for RFC2045 
RFC 2045 states that any invalid character should be skipped over, this
is the RFC used by mime handler in Suricata code to deal with base64
encoded data.
So far, only spaces were skipped as a part of implementation of this
RFC, extend it to also skip over any other invalid character. Add
corresponding test.
 2 years ago
Shivani Bhardwaj 85ae1d25e4 util/base64: add test for long string w RFC4648 2 years ago
Philippe Antoine fb2fbafed2 http: remove obsolete checks for files 
With libhtp having been improved, Suricata does not need to check
that there is either a response line or HTTP/0.9 as libhtp
will trigger the callbacks only in those cases
 2 years ago
Philippe Antoine 02dece5db5 http2: file tracker is initialized when file is closed 
Ticket: #6130

This avoids quadratic complexity by having http2_range_key_get
looking in a growing number of frames
 2 years ago
Jason Ish 4a28f07298 file-data: better error for conflicting keywords 
Instead of just erroring out with "rule contains conflicting
keywords", give an error that says what is actually wrong.
 2 years ago
Jason Ish 4ccc9aed01 github-ci: remove fedora 36 builds 
Fedora 36 is now EOL.
 2 years ago
Jason Ish 84674f4205 github-ci: update rust versions 
New minimum Rust version: 1.63.0.
Current latest known good version: 1.70.0.

Add test specifically for MSRV as we didn't have one.

Ticket: #4163
 2 years ago
Jason Ish 401d895b1d configure: set minimum rust version to 1.63.0 
Ticket: #4163
 2 years ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 2 years ago
Philippe Antoine 4f4651e360 output/file: http2 metdata is logged in http object 
as is done for http2 events and alerts.
The http.version integer can help to determine if this is HTTP2

Ticket: #6165
 2 years ago
Victor Julien 9b09b29350 detect/fileext: reimplement based on file.name 
Ticket: #6194.
 2 years ago
Victor Julien 74f095c915 detect/filename: switch to file.name implementation 
Ticket: #6194.
 2 years ago
Victor Julien 1f22b51848 detect/filemagic: switch to file.magic implementation 
Replace implementation of the legacy `filemagic` keyword by the
implementation for the `file.magic` variant. This leads to better
performance and hooks the rules into the detection engine better.

Remove unittests that depended on the old logic.

Ticket: #6194.
 2 years ago
Victor Julien ee68947460 detect/tls: minor fingerprint cleanup 2 years ago
Victor Julien c4ed599f9b detect/content: minor cleanup 2 years ago
Jeff Lucovsky b05375f22e config/af-packet: Warn/replace rollover usage 
Issue: 6128

No longer permit rollover/cluster_rollover to be used. Usage will
generate a warning message and cluster_flow will be used instead.
 2 years ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation 
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
 2 years ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 2 years ago
Jeff Lucovsky cb30b7185f detect/stat: Display 0 instead of nan 
This commit updates the summary message when Suricata terminates.
Without this commit, "nan" was displayed if there were no drops/packets
 2 years ago
Jason Ish ebdf482580 github-ci: add CentOS Stream builders 
Builders for CentOS Stream 8 and 9.
 2 years ago
Jason Ish ca68b6b994 github-ci: replace dist builder with Debian 12 
Add new dist builder job based on Debian 12. Debian 12 gives us news
Sphinx that AlmaLinux 8, plus avoids any potential disruption in the
RHEL rebuild ecosystem.

Also make dist building its own job so it finishes quicker, allowing
other jobs to proceed.  The new non-dist building Debian 12 job will
still do a complete distcheck, as do other jobs.
 2 years ago
Jason Ish 96dd6a7ca0 github-ci: add Debian 12 builder 2 years ago
Juliana Fajardini e306bc6ecc exception: fix use of master switch with default 
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.

Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.

Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.

Bug #6169
 2 years ago
Sascha Steinbiss 1521b77edd rfb: also set unimplemented auth types 2 years ago
Sascha Steinbiss 1606aca881 rfb: ensure logging of incompletely parsed txs 2 years ago
Philippe Antoine a3168fda78 mime: compute full body md5 
Previously, the problem was that nested headers/boundaries were not
used to compute the hash

Solution is to move up the call to the hash computation from
ProcessMimeBody to its caller ProcessMimeEntity, and add a set of
conditions to ensure that we are not in the principal headers.

Ticket: #6185
 2 years ago
Philippe Antoine 2a768dfa95 smtp: avoid counting last eol in file 
As it is part of the boundary

Ticket: #6023

On the way, look for urls even on incomplete lines
 2 years ago
Shivani Bhardwaj 157af18d60 python: remove futile exec perm from files 2 years ago
Shivani Bhardwaj 18947c01e0 suricatasc: update running instructions 2 years ago
Shivani Bhardwaj 4ece79b6de python: remove unneeded setup.py 
We no longer use this script or upload packages to PyPi.
 2 years ago
Shivani Bhardwaj ad03b5ce8b suricatasc: remove unneeded shebang 
The caller for suricatasc is in python/bin. The script is never executed
directly and doesn't need the shebang.
 2 years ago
Jason Ish f870dcd4cc github-ci: allow pull request URL in SV_BRANCH 
Allow the SV_BRANCH variable to contain the full link to an
OISF/suricata-verify pull request. This will cause GitHub to create a
cross-link for us.
 2 years ago
Jason Ish 8511ef5e2d pcap-log: close pcap_dead_handle on close 
Fixes leaked handle on exit.
 2 years ago
Jason Ish d2a5a55e0a log-pcap: one time errors on file open 
If compression was not enabled, the open error was actually suppressed
by default by only being logged at info level, however with
compression it was logged as an error. As opening is retried as long
as it fails to open, make both log as error but wrap in a flag so the
error is logged once until success.
 2 years ago
Jason Ish bf589f0812 log-pcap: only open dumper after successful file open (lz4) 
When LZ4 compression is enabled, open the dumper after successful open
of the file. The dump handle is what forms the check if opening the
file needs to be retried.

Ticket: #5022
 2 years ago
Jeff Lucovsky d822ba58e1 doc/multi-tenant: Clarify live traffic support 
Issue: 5930

This commit clarifies the live traffic support for multi-tenancy.
 2 years ago
Sascha Steinbiss 1f8a5874fb rfb: never return error on unknown traffic 
We only try to parse a small subset of what is possible in
RFB. Currently we only understand some standard auth schemes
and stop parsing when the server-client handshake is complete.
Since in IPS mode returning an error from the parser causes
drops that are likely uncalled for, we do not want to return
errors when we simply do not understand what happens in the
traffic. This addresses Redmine #5912.

Bug: #5912.
 2 years ago
Sascha Steinbiss 836fff3679 rfb: add myself as contributor 2 years ago
Sascha Steinbiss bd1fbf392e rfb: be more strict parsing the version 2 years ago
Jason Ish dd786cd6e4 eve/alert: warn on obsolete flags 
Log a warning but otherwise ignore obsolete flags under
eve-log.alert. This also prevents accidentially turning off app-layer
logging by attempting to disable a single protocol.

These flags have been deprecated since 5.0, time to stop respecting
them.

Ticket: #6175
 2 years ago
Shivani Bhardwaj aeb408dd9d doc: fix typo encryption-handling 2 years ago
Shivani Bhardwaj 6b3dbaa2f2 suricatasc: Don't process empty cmds 2 years ago
Shivani Bhardwaj 84ffe92873 suricatasc: exit successfully on keyboardinterrupt 2 years ago
Shivani Bhardwaj a512338afd suricatasc: add line numbers in error messages 2 years ago
Shivani Bhardwaj 46ce371d9c suricatasc: handle exceptions in caller 2 years ago
Shivani Bhardwaj b42a584f4d suricatasc: handle exceptions interactive mode 2 years ago