New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
detect: requires keyword (7.0.x backport) #10206
Conversation
As the feature module is not available for Rust unit tests, a mock version is also provided. (cherry picked from commit 15ed51f)
Add a new rule keyword "requires" that allows a rule to require specific Suricata versions and/or Suricata features to be enabled. Example: requires: feature geoip, version >= 7.0.0, version < 8; requires: version >= 7.0.3 < 8 requires: version >= 7.0.3 < 8 | >= 8.0.3 Feature: OISF#5972 Co-authored-by: Philippe Antoine <pantoine@oisf.net> (cherry picked from commit 5d5b050)
During the pre-scan for "requires", also parse the SID if possible. If the rule fails high level parsing (syntax), the SID will not be parsed. But every keyword other than "sid" and "requires" should expect to be provided with a parsed sid. (cherry picked from commit 71bbba9)
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main-7.0.x #10206 +/- ##
==============================================
- Coverage 82.37% 82.10% -0.27%
==============================================
Files 971 974 +3
Lines 274054 274579 +525
==============================================
- Hits 225747 225447 -300
- Misses 48307 49132 +825
Flags with carried forward coverage won't be shown. Click here to find out more. |
This is missing d321838. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm ok with already merging this, but we'll need that additional commit as well.
Information: QA ran without warnings. Pipeline 17659 |
Merged in #10211, thanks! |
Backport of the requires keyword: https://redmine.openinfosecfoundation.org/issues/5972
Backport ticket: https://redmine.openinfosecfoundation.org/issues/6524
SV_BRANCH=OISF/suricata-verify#1595