Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/625/20241105/v1 #12088

Merged
merged 12 commits into from
Nov 5, 2024
Merged

next/625/20241105/v1 #12088

merged 12 commits into from
Nov 5, 2024

Conversation

victorjulien
Copy link
Member

satta and others added 12 commits November 5, 2024 11:39
@satta @victorjulien
mqtt: add reason code support for SUBACK
377d470 
Ticket: OISF#7323
@satta @victorjulien
mqtt: double-check detection directions
5d82521 
Ticket: OISF#7323
@Nancyenos @victorjulien
detect/analyzer: add more details for the tcp window keyword
98cd241 
Ticket: 6352
@Nancyenos @victorjulien
misc: Remove duplicate function declarations
56e10fd 
Ticket: OISF#7297
@catenacyber @victorjulien
detect/http: fix progress for headers keywords
cca59cd 
Ticket: 7326

Having a lower progress than one where we actually can get
occurences of the multibuffer made prefilter
bail out too early, not having found a buffer in the multi-buffer
that matiched the prefilter.

For example, we registered http_request_header with progress 0
instad of progress HTP_REQUEST_HEADERS==2, and if the first
packet had only the request line, we would consider
that signatures with http_request_header as prefilter/fast_pattern
could not match for this transaction, even if they in fact
could have a later packet with matching headers.

Hence, we got false negatives, if http.request_header or
http.response_header was used as fast pattern, and if the request
or response came in multiple packets, and the first of these packets
did not have enough data (like only http request line),
and the next packets did have the matching data.
@dependabot @victorjulien
github-actions: bump actions/checkout from 4.2.1 to 4.2.2
1c9ca6c 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@eef6144...11bd719)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @victorjulien
github-actions: bump github/codeql-action from 3.26.13 to 3.27.0
11d9fef 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](github/codeql-action@v3.26.13...v3.27.0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@jasonish @victorjulien
rules/dns: fix dns event names that have changed
833c7c6 
- not_a_request to not_request
- not_a_response to not_reponse

Ticket: OISF#7361
@jasonish @victorjulien
rules/ike: fix ike event names that have changed
b44ba32 
- weak_crypto_nodh -> weak_crypto_no_dh
- weak_crypto_noauth -> weak_crypto_no_auth

Ticket: OISF#7361
@jasonish @victorjulien
rules/modbus: remove rule for event that not longer exists
a55960e 
The event "modbus.invalid_unit_identifier" no longer exists.

Ticket: OISF#7361
@jasonish @victorjulien
http2: rename event variant to match rule
b1c26dc 
Rename InvalidHTTP1Settings to InvalidHttp1Settings so it gets the
expected name transformation of "invalid_http1_settings".

Ticket: OISF#7361
@catenacyber @victorjulien
suricata/bpf: fix -Wshorten-64-to-32 warning
dd71ef0 
Ticket: 7366
Ticket: 6186
@victorjulien victorjulien requested review from catenacyber, jasonish and a team as code owners November 5, 2024 13:17
@codecov Codecov
Copy link

codecov bot commented Nov 5, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 90.00000% with 4 lines in your changes missing coverage. Please review.

Project coverage is 83.25%. Comparing base (b1e7917) to head (dd71ef0).
Report is 12 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12088      +/-   ##
==========================================
- Coverage   83.37%   83.25%   -0.13%     
==========================================
  Files         910      910              
  Lines      257556   257571      +15     
==========================================
- Hits       214748   214450     -298     
- Misses      42808    43121     +313
Flag Coverage Δ
fuzzcorpus 61.16% <72.50%> (-0.38%) ⬇️
livemode 19.41% <37.50%> (-0.01%) ⬇️
pcap 44.47% <37.50%> (-0.04%) ⬇️
suricata-verify 62.78% <87.50%> (+0.02%) ⬆️
unittests 59.34% <37.50%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 23252

@victorjulien victorjulien merged commit dd71ef0 into OISF:master Nov 5, 2024
61 checks passed
This was referenced Nov 5, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/625/20241105/v1 branch November 5, 2024 18:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish jasonish approved these changes

@catenacyber catenacyber Awaiting requested review from catenacyber catenacyber is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@victorjulien @suricata-qa @jasonish @satta @Nancyenos @catenacyber