suricata

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Eric Leblond f46f895e8d rust/smb: import NT status code for Microsoft doc This patch updates the NT status code definition to use the status definition used on Microsoft documentation website. A first python script is building JSON object with code definition. ``` import json from bs4 import BeautifulSoup import requests ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55') ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser') ntstatus_parsed = ntstatus_parsed.find('tbody') ntstatus_dict = {} for item in ntstatus_parsed.find_all('tr'): cell = item.find_all('td') if len(cell) == 0: continue code = cell[0].find_all('p') description_ps = cell[1].find_all('p') description_list = [] if len(description_ps): for desc in description_ps: if not desc.string is None: description_list.append(desc.string.replace('\n ', '')) else: description_list = ['Description not available'] if not code[0].string.lower() in ntstatus_dict: ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)} print(json.dumps(ntstatus_dict)) ``` The second one is generating the code that is ready to be inserted into the source file: ``` import json ntstatus_file = open('ntstatus.json', 'r') ntstatus = json.loads(ntstatus_file.read()) declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n' resolution_format = ' SMB_NT%s%s=> "%s",\n' declaration = "" resolution = "" text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len)) for code in ntstatus.keys(): text = ntstatus[code]['text'] text_spaces = ' ' * (4 + text_max - len(text)) declaration += declaration_format % (text, text_spaces, code) resolution += resolution_format % (text, text_spaces, text) print(declaration) print('\n') print(''' pub fn smb_ntstatus_string(c: u32) -> String { match c { ''') print(resolution) print(''' _ => { return (c).to_string(); }, }.to_string() } ''') ``` Bug #5412.		3 years ago
..
dns-keywords	doc: rename from "sphinx" to "userguide"	9 years ago
fast-pattern	doc: rename from "sphinx" to "userguide"	9 years ago
flow-keywords	doc: fix spelling in flowbits image	5 years ago
header-keywords	doc: Replace images of tables and rules with text in rules docs	8 years ago
http-keywords	doc/userguide: update http keywords	5 years ago
intro	doc: Replace images of tables and rules with text in rules docs	8 years ago
normalized-buffers	doc: rename from "sphinx" to "userguide"	9 years ago
payload-keywords	doc: Replace images of tables and rules with text in rules docs	8 years ago
pcre	doc: Move pcre entirely to Payload Keywords section	8 years ago
app-layer.rst	doc: initial app-layer keywords	9 years ago
base64-keywords.rst	doc/userguide: fix typo	6 years ago
bypass-keyword.rst	userguide: update references to Suricata website	4 years ago
config.rst	doc/rules: document config rule option	5 years ago
datasets.rst	doc: Fix typos	3 years ago
dcerpc-keywords.rst	doc/dcerpc: add proto keywords	4 years ago
dhcp-keywords.rst	dhcp: adds renewal-time keyword	3 years ago
differences-from-snort.rst	doc/byte_math: Add byte_math differences with snort	3 years ago
dnp3-keywords.rst	doc: fix typo on example	6 years ago
dns-keywords.rst	doc: document dns.opcode keyword	6 years ago
enip-keyword.rst	doc: spelling mistakes in various sections of the user guide	7 years ago
fast-pattern-explained.rst	doc: spelling mistakes in various sections of the user guide	7 years ago
file-keywords.rst	stream: remove fix stream.depth references	6 years ago
flow-keywords.rst	detect: adds flow.age keyword	3 years ago
ftp-keywords.rst	doc: update following ftp-data changes	8 years ago
header-keywords.rst	doc: New sticky buffer icmpv4.hdr	5 years ago
http-keywords.rst	doc: Fix broken link	3 years ago
http2-keywords.rst	http2: adds documentation	5 years ago
ike-keywords.rst	ike: set event for multiple server proposals	4 years ago
index.rst	rust/smb: import NT status code for Microsoft doc	3 years ago
intro.rst	userguide: add section about exception policies	3 years ago
ip-reputation-rules.rst	doc: Move IP reputation keyword to rules section	8 years ago
ja3-keywords.rst	doc/ja3: libnss support no longer required	5 years ago
kerberos-keywords.rst	krb: detection for ticket encryption	3 years ago
lua-detection.rst	userguide: rename pg Lua Scripting->Lua Detection	4 years ago
meta.rst	userguide/rules/meta: minor formatting adjustments	3 years ago
modbus-keyword.rst	doc: spelling mistakes in various sections of the user guide	7 years ago
mqtt-keywords.rst	rust/mqtt: add MQTT parser	5 years ago
payload-keywords.rst	doc: Fixup byte* entries to display tables properly	3 years ago
prefilter-keywords.rst	doc: convert fancy quotes to straight quotes	6 years ago
quic-keywords.rst	doc/quic: update for new quic.version logic	4 years ago
rfb-keywords.rst	add RFB parser	5 years ago
sip-keywords.rst	doc: add SIP keywords	6 years ago
smb-keywords.rst	rust/smb: import NT status code for Microsoft doc	3 years ago
snmp-keywords.rst	snmp: adds usm keyword	3 years ago
ssh-keywords.rst	doc: Add missing ")" in example	3 years ago
thresholding.rst	doc: Update documentation for by_rule and by_both thresholds.	5 years ago
tls-keywords.rst	doc: add description for tls.random	3 years ago
transforms.rst	detect: xor transform	4 years ago
xbits.rst	doc: Grammar Correction	4 years ago