detect/ftp.command: Add sticky buffer #12428
Conversation
src/detect-engine-register.h
Outdated
| @@ -333,6 +333,8 @@ enum DetectKeywordId { | |||
|
|
|||
| DETECT_AL_JA4_HASH, | |||
|
|
|||
| DETECT_AL_FTP_COMMAND, | |||
There was a problem hiding this comment.
lets drop the AL_ here, I don't like it in other keywords either
There was a problem hiding this comment.
What do you think about using dynamic IDs for new keywords?
There was a problem hiding this comment.
Think I'm indifferent about it.
There was a problem hiding this comment.
Would you like a separate commit with s/DETECT_AL_/DETECT_/? everywhere?
There was a problem hiding this comment.
There were so many occurrences I decided to make a single PR with the changes: #12433
|
Looks good to me wrt code. |
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #12428 +/- ##
==========================================
- Coverage 80.63% 80.62% -0.01%
==========================================
Files 918 921 +3
Lines 258696 258733 +37
==========================================
+ Hits 208598 208616 +18
- Misses 50098 50117 +19
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 24270 |
Issue: 7502 Add a sticky buffer for "ftp.command" for matching on FTP command names.
|
Information: QA ran without warnings. Pipeline 24271 |
Issue: 7502 This commit documents the new FTP sticky buffer "ftp.command".
| @@ -82,6 +82,8 @@ Major changes | |||
| - Unknown requirements in the ``requires`` keyword will now be treated | |||
| as unmet requirements, causing the rule to not be loaded. See | |||
| :ref:`keyword_requires`. | |||
| - The following sticky buffers for matching FTP headers have been implemented: | |||
There was a problem hiding this comment.
I don't think we need this here. Did you mix up PRs? #12432 (comment)
There was a problem hiding this comment.
This change was intentional in introducing the FTP-related sticky buffers.
We've done this for past releases as well, e.g., the 7 to 8 section mentions the newly added sip related keywords.
There was a problem hiding this comment.
I don't think either should be there. It's not meant to list new features, just keep note of things that may affect upgrades
|
Information: QA ran without warnings. Pipeline 24281 |
|
Continued in #12439 |
Issue: 7502
Add a sticky buffer for "ftp.command" for matching on FTP command names.
Link to ticket: https://redmine.openinfosecfoundation.org/issues/7502
Describe changes:
Provide values to any of the below to override the defaults.
link to the pull request in the respective
_BRANCHvariable.SV_REPO=
SV_BRANCH=OISF/suricata-verify#2242
SU_REPO=
SU_BRANCH=
LIBHTP_REPO=
LIBHTP_BRANCH=