Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: add ldap operation keywords - v3 #12435

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

detect: add ldap operation keywords - v3 #12435

wants to merge 4 commits into from
+542 −2

Conversation

AkakiAlice
Copy link
Contributor

Ticket: #7453

Contribution style:

Our Contribution agreements:

Changes (if applicable):

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7453

Description:

  • Implement ldap.request.operation , ldap.responses.operation and ldap.responses.count keywords.

Changes:

  • Add support for negative indexing
  • Implement ldap.responses.count
  • Separate commit messages

SV_BRANCH=OISF/suricata-verify#2243
Previous PR= #12343

@AkakiAlice
detect: add ldap.request.operation
cbbf648 
ldap.request.operation matches on Lightweight Directory Access Protocol request operations
It is an unsigned 8-bit integer
Doesn't support prefiltering

Ticket: OISF#7453
@AkakiAlice
detect: add ldap.responses.operation
353f1a2 
ldap.responses.operation matches on Lightweight Directory Access Protocol response operations
It is an unsigned 8-bit integer
Doesn't support prefiltering

Ticket: OISF#7453
@AkakiAlice
detect: add ldap.responses.count
4e5f231 
ldap.responses.count matches on the number of LDAP responses
It is an unsigned 32-bit integer
Doesn't support prefiltering

Ticket: OISF#7453
@AkakiAlice
rustfmt: rust/src/ldap/types.rs
793e6b1
AkakiAlice
AkakiAlice commented Jan 20, 2025
View reviewed changes
rust/src/ldap/detect.rs
let tx = cast_pointer!(tx, LdapTransaction);
let ctx = cast_pointer!(ctx, DetectUintData<u8>);
if let Some(request) = &tx.request {
let option = request.protocol_op.to_u8();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I went back to to_u8 because responses.protocol_op as u8 was giving the error:

an as expression can be used to convert enum types to numeric types only if the enum type is unit-only or field-less

This was referenced Jan 20, 2025
Open
Closed
@codecov Codecov
Copy link

codecov bot commented Jan 20, 2025

Codecov Report

Attention: Patch coverage is 83.11111% with 38 lines in your changes missing coverage. Please review.

Project coverage is 80.63%. Comparing base (c207cfc) to head (793e6b1).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12435      +/-   ##
==========================================
+ Coverage   80.62%   80.63%   +0.01%     
==========================================
  Files         920      921       +1     
  Lines      258697   258921     +224     
==========================================
+ Hits       208566   208793     +227     
+ Misses      50131    50128       -3
Flag Coverage Δ
fuzzcorpus 56.76% <22.66%> (-0.05%) ⬇️
livemode 19.40% <22.66%> (+<0.01%) ⬆️
pcap 44.23% <23.11%> (-0.02%) ⬇️
suricata-verify 63.29% <83.85%> (+0.04%) ⬆️
unittests 58.47% <22.66%> (-0.05%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AkakiAlice