mirror of https://github.com/OISF/suricata
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
f46f895e8d
This patch updates the NT status code definition to use the status
definition used on Microsoft documentation website. A first python
script is building JSON object with code definition.
```
import json
from bs4 import BeautifulSoup
import requests
ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55')
ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser')
ntstatus_parsed = ntstatus_parsed.find('tbody')
ntstatus_dict = {}
for item in ntstatus_parsed.find_all('tr'):
cell = item.find_all('td')
if len(cell) == 0:
continue
code = cell[0].find_all('p')
description_ps = cell[1].find_all('p')
description_list = []
if len(description_ps):
for desc in description_ps:
if not desc.string is None:
description_list.append(desc.string.replace('\n ', ''))
else:
description_list = ['Description not available']
if not code[0].string.lower() in ntstatus_dict:
ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)}
print(json.dumps(ntstatus_dict))
```
The second one is generating the code that is ready to be inserted into the
source file:
```
import json
ntstatus_file = open('ntstatus.json', 'r')
ntstatus = json.loads(ntstatus_file.read())
declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n'
resolution_format = ' SMB_NT%s%s=> "%s",\n'
declaration = ""
resolution = ""
text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len))
for code in ntstatus.keys():
text = ntstatus[code]['text']
text_spaces = ' ' * (4 + text_max - len(text))
declaration += declaration_format % (text, text_spaces, code)
resolution += resolution_format % (text, text_spaces, text)
print(declaration)
print('\n')
print('''
pub fn smb_ntstatus_string(c: u32) -> String {
match c {
''')
print(resolution)
print('''
_ => { return (c).to_string(); },
}.to_string()
}
''')
```
Bug #5412.
|
3 years ago | |
|---|---|---|
| .. | ||
| dns-keywords | ||
| fast-pattern | ||
| flow-keywords | ||
| header-keywords | ||
| http-keywords | ||
| intro | ||
| normalized-buffers | ||
| payload-keywords | ||
| pcre | ||
| app-layer.rst | ||
| base64-keywords.rst | ||
| bypass-keyword.rst | 4 years ago | |
| config.rst | ||
| datasets.rst | 4 years ago | |
| dcerpc-keywords.rst | 5 years ago | |
| dhcp-keywords.rst | 3 years ago | |
| differences-from-snort.rst | 3 years ago | |
| dnp3-keywords.rst | ||
| dns-keywords.rst | ||
| enip-keyword.rst | ||
| fast-pattern-explained.rst | ||
| file-keywords.rst | ||
| flow-keywords.rst | 3 years ago | |
| ftp-keywords.rst | ||
| header-keywords.rst | ||
| http-keywords.rst | 4 years ago | |
| http2-keywords.rst | ||
| ike-keywords.rst | 5 years ago | |
| index.rst | 3 years ago | |
| intro.rst | 3 years ago | |
| ip-reputation-rules.rst | ||
| ja3-keywords.rst | ||
| kerberos-keywords.rst | 3 years ago | |
| lua-detection.rst | 4 years ago | |
| meta.rst | 3 years ago | |
| modbus-keyword.rst | ||
| mqtt-keywords.rst | ||
| payload-keywords.rst | 3 years ago | |
| prefilter-keywords.rst | ||
| quic-keywords.rst | 4 years ago | |
| rfb-keywords.rst | ||
| sip-keywords.rst | ||
| smb-keywords.rst | 3 years ago | |
| snmp-keywords.rst | 4 years ago | |
| ssh-keywords.rst | 4 years ago | |
| thresholding.rst | ||
| tls-keywords.rst | 3 years ago | |
| transforms.rst | 4 years ago | |
| xbits.rst | 5 years ago | |