Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: absent keyword to test absence of sticky buffer #11423

Closed
wants to merge 3 commits into from
Closed

detect: absent keyword to test absence of sticky buffer #11423

wants to merge 3 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/2224

Describe changes:

  • detect: adds absent keyword to match on absent buffer

SV_BRANCH=OISF/suricata-verify#1957

#11375 with newer tests, some engine analysis, and ability to express "if there is no user agent, or if it exists and is XYZ, then match"

@catenacyber catenacyber mentioned this pull request Jul 4, 2024
Closed
@inashivb inashivb self-requested a review July 4, 2024 10:00
@catenacyber
util/thash: decrease memuse if array was allocated
e4c20d0 
THashInitConfig may not allocate array and increase memuse.
Such a failure leads to THashShutdown which should not decrease
the memuse.

Ticket: 7135
@codecov Codecov
Copy link

codecov bot commented Jul 4, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 90.44586% with 15 lines in your changes missing coverage. Please review.

Project coverage is 82.45%. Comparing base (a7af371) to head (08038bd).

Additional details and impacted files 
@@           Coverage Diff            @@
##           master   #11423    +/-   ##
========================================
  Coverage   82.44%   82.45%            
========================================
  Files         938      938            
  Lines      248086   248230   +144     
========================================
+ Hits       204534   204669   +135     
- Misses      43552    43561     +9
Flag Coverage Δ
fuzzcorpus 60.08% <42.06%> (-0.02%) ⬇️
livemode 18.72% <16.66%> (-0.01%) ⬇️
pcap 43.67% <34.92%> (-0.11%) ⬇️
suricata-verify 61.43% <80.15%> (+0.01%) ⬆️
unittests 59.44% <68.78%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@catenacyber catenacyber marked this pull request as draft July 4, 2024 12:52
@catenacyber
Copy link
Contributor Author

Draft to check CI with fixup commit

@catenacyber
detect: absent keyword to test absence of sticky buffer
dd02c41 
Ticket: 2224

It takes an argument to match only if the buffer is absent,
or it can still match if the buffer is present, but we test
the absence of some content
@catenacyber
fixup! detect: absent keyword to test absence of sticky buffer
08038bd
@catenacyber catenacyber force-pushed the detect-negated-content-absent-buffer-2224-v20 branch from 2becf58 to 08038bd Compare July 4, 2024 14:36
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 21385

@inashivb
Copy link
Member

inashivb commented Jul 8, 2024

Draft to check CI with fixup commit

I think there's a new different failure w the fuzz job. Your PR seems to be doing well.
Do you want to rebase and check the fuzz build issue?

@catenacyber catenacyber mentioned this pull request Jul 9, 2024
Closed
@catenacyber
Copy link
Contributor Author

Rebased in #11459

@catenacyber catenacyber closed this Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

@inashivb inashivb Awaiting requested review from inashivb

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@catenacyber @suricata-qa @inashivb