Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect: requires keyword (7.0.x backport) #10206

Closed
wants to merge 5 commits into from
Closed

detect: requires keyword (7.0.x backport) #10206

wants to merge 5 commits into from

Conversation

jasonish
Copy link
Member

@jasonish
feature: provide a Rust binding to the feature API
7014348 
As the feature module is not available for Rust unit tests, a mock
version is also provided.

(cherry picked from commit 15ed51f)
@jasonish
requires: add requires keyword
c1c36a4 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: OISF#5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
(cherry picked from commit 5d5b050)
@jasonish
requires: pre-scan rule for requires expressions
516f22a 
Add a "pre-scan" rule parse that will check for requires statement. It
will return a special error code (-4) if the requires fails due to
missing requirements.

Syntactic errors will also abort parsing here.

Feature: OISF#5972
(cherry picked from commit 435c031)
@jasonish
detect-parse: parse sid in pre-scan
f6c82a0 
During the pre-scan for "requires", also parse the SID if possible. If
the rule fails high level parsing (syntax), the SID will not be
parsed.

But every keyword other than "sid" and "requires" should expect to be
provided with a parsed sid.

(cherry picked from commit 71bbba9)
@jasonish
stats: add rules skipped
9e9a260 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: OISF#6637
(cherry picked from commit b453eea)
@codecov Codecov
Copy link

codecov bot commented Jan 20, 2024

Codecov Report

Attention: 40 lines in your changes are missing coverage. Please review.

Comparison is base (98e72a7) 82.37% compared to head (9e9a260) 82.10%.

Additional details and impacted files 
@@              Coverage Diff               @@
##           main-7.0.x   #10206      +/-   ##
==============================================
- Coverage       82.37%   82.10%   -0.27%     
==============================================
  Files             971      974       +3     
  Lines          274054   274579     +525     
==============================================
- Hits           225747   225447     -300     
- Misses          48307    49132     +825
Flag Coverage Δ
fuzzcorpus 63.03% <84.14%> (-1.11%) ⬇️
suricata-verify 61.17% <77.99%> (+0.04%) ⬆️
unittests 62.92% <69.11%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

@victorjulien
Copy link
Member

This is missing d321838.

victorjulien
victorjulien approved these changes Jan 20, 2024
View reviewed changes
Copy link
Member

@victorjulien victorjulien left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm ok with already merging this, but we'll need that additional commit as well.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 17659

@victorjulien victorjulien mentioned this pull request Jan 20, 2024
Merged
@victorjulien
Copy link
Member

Merged in #10211, thanks!

@jasonish
Copy link
Member Author

This is missing d321838.

#10221

@jasonish jasonish deleted the 7.0.x-requires/v1 branch January 24, 2024 16:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@jasonish @victorjulien @suricata-qa