Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/632/70x/20241108/v1 #12106

Merged
merged 7 commits into from
Nov 8, 2024
Merged

next/632/70x/20241108/v1 #12106

merged 7 commits into from
Nov 8, 2024

Conversation

victorjulien
Copy link
Member

catenacyber and others added 7 commits November 7, 2024 16:04
@catenacyber
suricata/bpf: fix -Wshorten-64-to-32 warning
470795e 
Ticket: 7366
Ticket: 6186
(cherry picked from commit dd71ef0)
@catenacyber @victorjulien
detect/http: fix progress for headers keywords
4bb19f7 
Ticket: 7326

Having a lower progress than one where we actually can get
occurences of the multibuffer made prefilter
bail out too early, not having found a buffer in the multi-buffer
that matiched the prefilter.

For example, we registered http_request_header with progress 0
instad of progress HTP_REQUEST_HEADERS==2, and if the first
packet had only the request line, we would consider
that signatures with http_request_header as prefilter/fast_pattern
could not match for this transaction, even if they in fact
could have a later packet with matching headers.

Hence, we got false negatives, if http.request_header or
http.response_header was used as fast pattern, and if the request
or response came in multiple packets, and the first of these packets
did not have enough data (like only http request line),
and the next packets did have the matching data.

(cherry picked from commit cca59cd)
@jasonish @victorjulien
rust/applayer: return -1 if event info was not found
bcd3523 
The returned event_id was being set to -1, but the function wasn't
returning -1 to indicate error.

Ticket: OISF#7361
@jasonish @victorjulien
rules/dns: fix dns event names that have changed
bffd289 
- not_a_request to not_request
- not_a_response to not_reponse

Ticket: OISF#7361
(cherry picked from commit 833c7c6)
@jasonish @victorjulien
rules/ike: fix ike event names that have changed
553fd1d 
- weak_crypto_nodh -> weak_crypto_no_dh
- weak_crypto_noauth -> weak_crypto_no_auth

Ticket: OISF#7361
(cherry picked from commit b44ba32)
@jasonish @victorjulien
rules/modbus: remove rule for event that not longer exists
1f8682c 
The event "modbus.invalid_unit_identifier" no longer exists.

Ticket: OISF#7361
(cherry picked from commit a55960e)
@jasonish @victorjulien
http2: rename event variant to match rule
c3aa3ae 
Rename InvalidHTTP1Settings to InvalidHttp1Settings so it gets the
expected name transformation of "invalid_http1_settings".

Ticket: OISF#7361
(cherry picked from commit b1c26dc)
@codecov Codecov
Copy link

codecov bot commented Nov 8, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 66.66667% with 4 lines in your changes missing coverage. Please review.

Project coverage is 83.27%. Comparing base (3000e96) to head (c3aa3ae).
Report is 7 commits behind head on main-7.0.x.

Additional details and impacted files 
@@              Coverage Diff               @@
##           main-7.0.x   #12106      +/-   ##
==============================================
- Coverage       83.42%   83.27%   -0.15%     
==============================================
  Files             922      922              
  Lines          260795   260794       -1     
==============================================
- Hits           217558   217177     -381     
- Misses          43237    43617     +380
Flag Coverage Δ
fuzzcorpus 64.38% <66.66%> (-0.41%) ⬇️
suricata-verify 63.32% <58.33%> (-0.02%) ⬇️
unittests 62.38% <50.00%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information:

ERROR: QA failed on SURI_TLPW2_autofp_suri_time.

ERROR: QA failed on SURI_TLPR1_suri_time.

field baseline test %
SURI_TLPR1_stats_chk
.uptime 650 699 107.54%

Pipeline 23295

catenacyber
catenacyber approved these changes Nov 8, 2024
View reviewed changes
Copy link
Contributor

@catenacyber catenacyber left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks consistent with the approved PRs

jufajardini
jufajardini approved these changes Nov 8, 2024
View reviewed changes
Copy link
Contributor

@jufajardini jufajardini left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • All CI checks passed
  • Has all commits from original PRs
  • Line changes match
  • All original PRs approved

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23297

@victorjulien victorjulien merged commit c3aa3ae into OISF:main-7.0.x Nov 8, 2024
45 checks passed
This was referenced Nov 8, 2024
Merged
Closed
Closed
@victorjulien victorjulien deleted the next/632/70x/20241108/v1 branch November 8, 2024 20:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber approved these changes

@jufajardini jufajardini jufajardini approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@victorjulien @suricata-qa @jufajardini @catenacyber @jasonish