From 789353bc1e1aa23d075f16af25df84df00c68682 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Tue, 11 Jul 2023 14:42:05 +0530 Subject: [PATCH 1/7] util/mime: skip over any invalid char For certain edge case handling for spaces, spaces were handled particularly in the remainder processing functions. Make sure that now that as per RFC 2045, util-base64 would skip over any invalid char, the edge cases in MIME processor also be handled the same way. This completes the work done in e46b033. Ticket 6135 Ticket 6207 --- src/util-base64.c | 15 +++++++++++++++ src/util-base64.h | 1 + src/util-decode-mime.c | 7 ++++--- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/util-base64.c b/src/util-base64.c index 2fc560a0f06c..4a4a5d122c41 100644 --- a/src/util-base64.c +++ b/src/util-base64.c @@ -63,6 +63,21 @@ static inline int GetBase64Value(uint8_t c) return val; } +/** + * \brief Checks if the given char in a byte array is Base64 alphabet + * + * \param Char that needs to be checked + * + * \return True if the char was Base64 alphabet, False otherwise + */ +bool IsBase64Alphabet(uint8_t encoded_byte) +{ + if (GetBase64Value(encoded_byte) < 0 && encoded_byte != '=') { + return false; + } + return true; +} + /** * \brief Decodes a 4-byte base64-encoded block into a 3-byte ascii-encoded block * diff --git a/src/util-base64.h b/src/util-base64.h index 66e847a1bdc2..53cc14c9c4e0 100644 --- a/src/util-base64.h +++ b/src/util-base64.h @@ -78,6 +78,7 @@ typedef enum { /* Function prototypes */ Base64Ecode DecodeBase64(uint8_t *dest, uint32_t dest_size, const uint8_t *src, uint32_t len, uint32_t *consumed_bytes, uint32_t *decoded_bytes, Base64Mode mode); +bool IsBase64Alphabet(uint8_t encoded_byte); #endif diff --git a/src/util-decode-mime.c b/src/util-decode-mime.c index 141325b56ea3..e13216118a0b 100644 --- a/src/util-decode-mime.c +++ b/src/util-decode-mime.c @@ -1184,7 +1184,7 @@ static uint32_t ProcessBase64Remainder( /* Strip spaces in remainder */ for (uint8_t i = 0; i < state->bvr_len; i++) { - if (state->bvremain[i] != ' ') { + if (IsBase64Alphabet(state->bvremain[i])) { block[cnt++] = state->bvremain[i]; } } @@ -1192,7 +1192,7 @@ static uint32_t ProcessBase64Remainder( /* if we don't have 4 bytes see if we can fill it from `buf` */ if (buf && len > 0 && cnt != B64_BLOCK) { for (uint32_t i = 0; i < len && cnt < B64_BLOCK; i++) { - if (buf[i] != ' ') { + if (IsBase64Alphabet(buf[i])) { block[cnt++] = buf[i]; } buf_consumed++; @@ -1273,7 +1273,8 @@ static inline MimeDecRetCode ProcessBase64BodyLineCopyRemainder( return MIME_DEC_ERR_DATA; for (uint32_t i = offset; i < buf_len; i++) { - if (buf[i] != ' ') { + // Skip any characters outside of the base64 alphabet as per RFC 2045 + if (IsBase64Alphabet(buf[i])) { DEBUG_VALIDATE_BUG_ON(state->bvr_len >= B64_BLOCK); if (state->bvr_len >= B64_BLOCK) return MIME_DEC_ERR_DATA; From d9c430d73d563fb21fcfb3125260e105d599f9e3 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Thu, 5 Jan 2023 18:24:40 -0300 Subject: [PATCH 2/7] misc: fix typos & update copyright years --- src/decode.c | 2 +- src/output-json-alert.c | 2 +- src/output-json-alert.h | 2 +- src/output-json-drop.c | 6 +++--- src/output-json.c | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/decode.c b/src/decode.c index 2e4c448eb7b7..a91ea2606694 100644 --- a/src/decode.c +++ b/src/decode.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2022 Open Information Security Foundation +/* Copyright (C) 2007-2023 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free diff --git a/src/output-json-alert.c b/src/output-json-alert.c index e0ea7545ab97..b494d4d19568 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2013-2022 Open Information Security Foundation +/* Copyright (C) 2013-2023 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free diff --git a/src/output-json-alert.h b/src/output-json-alert.h index 0a5af4268a09..5aaa034953f1 100644 --- a/src/output-json-alert.h +++ b/src/output-json-alert.h @@ -1,4 +1,4 @@ -/* Copyright (C) 2013-2014 Open Information Security Foundation +/* Copyright (C) 2013-2023 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free diff --git a/src/output-json-drop.c b/src/output-json-drop.c index 4e6048b53336..725b27a14ca9 100644 --- a/src/output-json-drop.c +++ b/src/output-json-drop.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2021 Open Information Security Foundation +/* Copyright (C) 2007-2023 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free @@ -82,7 +82,7 @@ static int g_droplog_flows_start = 1; * \param tv Pointer the current thread variables * \param p Pointer the packet which is being logged * - * \return return TM_EODE_OK on success + * \return return TM_ECODE_OK on success */ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p) { @@ -306,7 +306,7 @@ static OutputInitResult JsonDropLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ * \param data Pointer to the droplog struct * \param p Pointer the packet which is being logged * - * \retval 0 on succes + * \retval 0 on success */ static int JsonDropLogger(ThreadVars *tv, void *thread_data, const Packet *p) { diff --git a/src/output-json.c b/src/output-json.c index 95a6e5ef4c25..de176e632313 100644 --- a/src/output-json.c +++ b/src/output-json.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2007-2021 Open Information Security Foundation +/* Copyright (C) 2007-2023 Open Information Security Foundation * * You can copy, redistribute or modify this Program under the terms of * the GNU General Public License version 2 as published by the Free From 53b8defd793f0f8fe2ca5459822d0e11f3d69929 Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Wed, 5 Jul 2023 12:52:53 -0300 Subject: [PATCH 3/7] output/alert: add verdict field Related to Bug #5464 --- etc/schema.json | 37 ++++++++++++++++++++++++++ src/output-json-alert.c | 57 +++++++++++++++++++++++++++++++++++++++++ src/output-json-alert.h | 1 + suricata.yaml.in | 4 +++ 4 files changed, 99 insertions(+) diff --git a/etc/schema.json b/etc/schema.json index 32510a6198fa..3464a3151931 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -94,6 +94,9 @@ "type": "string", "pattern": "^\\d{4}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}\\.\\d+[+\\-]\\d+$" }, + "verdict": { + "$ref": "#/$defs/verdict_type" + }, "direction": { "type": "string" }, @@ -5393,6 +5396,40 @@ "$comment": "Definition for TLS date formats", "type": "string", "pattern": "^[1-2]\\d{3}-\\d{2}-\\d{2}T\\d{2}:\\d{2}:\\d{2}$" + }, + "verdict_type": { + "type": "object", + "properties": { + "action": { + "type": "string" + }, + "reject": { + "type": "array", + "items": { + "type": "string", + "oneOf": [ + { + "enum": [ + "icmp-prohib", + "tcp-reset" + ] + } + ] + } + }, + "reject-target": { + "type": "string", + "oneOf": [ + { + "enum": [ + "to_client", + "to_server", + "both" + ] + } + ] + } + } } } } diff --git a/src/output-json-alert.c b/src/output-json-alert.c index b494d4d19568..c9b5c6a0e022 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -101,6 +101,7 @@ #define LOG_JSON_HTTP_BODY_BASE64 BIT_U16(7) #define LOG_JSON_RULE_METADATA BIT_U16(8) #define LOG_JSON_RULE BIT_U16(9) +#define LOG_JSON_VERDICT BIT_U16(10) #define METADATA_DEFAULTS ( LOG_JSON_FLOW | \ LOG_JSON_APP_LAYER | \ @@ -665,6 +666,57 @@ static void AlertAddFrame(const Packet *p, JsonBuilder *jb, const int64_t frame_ } } +/** + * \brief Build verdict object + * + * \param p Pointer to Packet current being logged + * + */ +void EveAddVerdict(JsonBuilder *jb, const Packet *p) +{ + jb_open_object(jb, "verdict"); + + /* add verdict info */ + if (PacketCheckAction(p, ACTION_REJECT_ANY)) { + // check rule to define type of reject packet sent + if (EngineModeIsIPS()) { + JB_SET_STRING(jb, "action", "drop"); + } else { + JB_SET_STRING(jb, "action", "alert"); + } + if (PacketCheckAction(p, ACTION_REJECT)) { + JB_SET_STRING(jb, "reject-target", "to_client"); + } else if (PacketCheckAction(p, ACTION_REJECT_DST)) { + JB_SET_STRING(jb, "reject-target", "to_server"); + } else if (PacketCheckAction(p, ACTION_REJECT_BOTH)) { + JB_SET_STRING(jb, "reject-target", "both"); + } + jb_open_array(jb, "reject"); + switch (p->proto) { + case IPPROTO_UDP: + case IPPROTO_ICMP: + case IPPROTO_ICMPV6: + jb_append_string(jb, "icmp-prohib"); + break; + case IPPROTO_TCP: + jb_append_string(jb, "tcp-reset"); + break; + } + jb_close(jb); + + } else if (PacketCheckAction(p, ACTION_DROP) && EngineModeIsIPS()) { + JB_SET_STRING(jb, "action", "drop"); + } else if (p->alerts.alerts[p->alerts.cnt].action & ACTION_PASS) { + JB_SET_STRING(jb, "action", "pass"); + } else { + // TODO make sure we don't have a situation where this wouldn't work + JB_SET_STRING(jb, "action", "alert"); + } + + /* Close verdict */ + jb_close(jb); +} + static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) { MemBuffer *payload = aft->payload_buffer; @@ -828,6 +880,10 @@ static int AlertJson(ThreadVars *tv, JsonAlertLogThread *aft, const Packet *p) jb_set_string(jb, "capture_file", pcap_filename); } + if (json_output_ctx->flags & LOG_JSON_VERDICT) { + EveAddVerdict(jb, p); + } + OutputJsonBuilderBuffer(jb, aft->ctx); jb_free(jb); } @@ -1016,6 +1072,7 @@ static void JsonAlertLogSetupMetadata(AlertJsonOutputCtx *json_output_ctx, SetFlag(conf, "payload-printable", LOG_JSON_PAYLOAD, &flags); SetFlag(conf, "http-body-printable", LOG_JSON_HTTP_BODY, &flags); SetFlag(conf, "http-body", LOG_JSON_HTTP_BODY_BASE64, &flags); + SetFlag(conf, "verdict", LOG_JSON_VERDICT, &flags); /* Check for obsolete flags and warn that they have no effect. */ static const char *deprecated_flags[] = { "http", "tls", "ssh", "smtp", "dnp3", "app-layer", diff --git a/src/output-json-alert.h b/src/output-json-alert.h index 5aaa034953f1..6a65cc3d2730 100644 --- a/src/output-json-alert.h +++ b/src/output-json-alert.h @@ -30,6 +30,7 @@ void JsonAlertLogRegister(void); void AlertJsonHeader(void *ctx, const Packet *p, const PacketAlert *pa, JsonBuilder *js, uint16_t flags, JsonAddrInfo *addr, char *xff_buffer); +void EveAddVerdict(JsonBuilder *jb, const Packet *p); #endif /* __OUTPUT_JSON_ALERT_H__ */ diff --git a/suricata.yaml.in b/suricata.yaml.in index af7ad5344b72..6f78fa8fe9d1 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -168,6 +168,10 @@ outputs: # Enable the logging of tagged packets for rules using the # "tag" keyword. tagged-packets: yes + # Enable logging the final action taken on a packet by the engine + # (e.g: the alert may have action 'allowed' but the verdict be + # 'drop' due to another alert. That's the engine's verdict) + # verdict: yes # app layer frames - frame: # disabled by default as this is very verbose. From 0437173848d98812f74a28f283c327178bf500dd Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Tue, 4 Jul 2023 21:37:27 -0300 Subject: [PATCH 4/7] output/drop: add verdict field Related to Bug #5464 --- doc/userguide/output/eve/eve-json-output.rst | 16 ++++++++++++++++ etc/schema.json | 3 +++ src/output-json-drop.c | 15 +++++++++++++-- suricata.yaml.in | 3 +++ 4 files changed, 35 insertions(+), 2 deletions(-) diff --git a/doc/userguide/output/eve/eve-json-output.rst b/doc/userguide/output/eve/eve-json-output.rst index c6d7ec395166..512672f87d94 100644 --- a/doc/userguide/output/eve/eve-json-output.rst +++ b/doc/userguide/output/eve/eve-json-output.rst @@ -264,6 +264,22 @@ enabled, then the log gets more verbose. By using ``custom`` it is possible to select which TLS fields to log. +Drops +~~~~~ + +Drops are event types logged when the engine drops a packet. + +Config:: + + - drop: + alerts: yes # log alerts that caused drops + flows: all # start or all: 'start' logs only a single drop + # per flow direction. All logs each dropped pkt. + # Enable logging the final action taken on a packet by the engine + # (will show more information in case of a drop caused by 'reject') + verdict: yes + + Date modifiers in filename ~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/etc/schema.json b/etc/schema.json index 3464a3151931..f1936fb195be 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -1292,6 +1292,9 @@ }, "reason": { "type": "string" + }, + "verdict": { + "$ref": "#/$defs/verdict_type" } }, "additionalProperties": false diff --git a/src/output-json-drop.c b/src/output-json-drop.c index 725b27a14ca9..56484c36d43b 100644 --- a/src/output-json-drop.c +++ b/src/output-json-drop.c @@ -60,7 +60,8 @@ #define MODULE_NAME "JsonDropLog" -#define LOG_DROP_ALERTS 1 +#define LOG_DROP_ALERTS BIT_U8(1) +#define LOG_DROP_VERDICT BIT_U8(2) typedef struct JsonDropOutputCtx_ { uint8_t flags; @@ -158,6 +159,10 @@ static int DropLogJSON (JsonDropLogThread *aft, const Packet *p) /* Close drop. */ jb_close(js); + if (aft->drop_ctx->flags & LOG_DROP_VERDICT) { + EveAddVerdict(js, p); + } + if (aft->drop_ctx->flags & LOG_DROP_ALERTS) { int logged = 0; int i; @@ -273,7 +278,7 @@ static OutputInitResult JsonDropLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ const char *extended = ConfNodeLookupChildValue(conf, "alerts"); if (extended != NULL) { if (ConfValIsTrue(extended)) { - drop_ctx->flags = LOG_DROP_ALERTS; + drop_ctx->flags |= LOG_DROP_ALERTS; } } extended = ConfNodeLookupChildValue(conf, "flows"); @@ -287,6 +292,12 @@ static OutputInitResult JsonDropLogInitCtxSub(ConfNode *conf, OutputCtx *parent_ "'flow' are 'start' and 'all'"); } } + extended = ConfNodeLookupChildValue(conf, "verdict"); + if (extended != NULL) { + if (ConfValIsTrue(extended)) { + drop_ctx->flags |= LOG_DROP_VERDICT; + } + } } drop_ctx->eve_ctx = ajt; diff --git a/suricata.yaml.in b/suricata.yaml.in index 6f78fa8fe9d1..630399126dbe 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -262,6 +262,9 @@ outputs: # alerts: yes # log alerts that caused drops # flows: all # start or all: 'start' logs only a single drop # # per flow direction. All logs each dropped pkt. + # Enable logging the final action taken on a packet by the engine + # (will show more information in case of a drop caused by 'reject') + # verdict: yes - smtp: #extended: yes # enable this for extended logging information # this includes: bcc, message-id, subject, x_mailer, user-agent From 9900bdc162cc876151e680ea088f89b54edb038f Mon Sep 17 00:00:00 2001 From: Juliana Fajardini Date: Thu, 22 Dec 2022 20:47:24 -0300 Subject: [PATCH 5/7] userguide/eve: format and reorganize alert section The `field action` portion seemed to be comprised of a more generic section that followed it. Also formatted the section for lines to be within the character limit. --- doc/userguide/output/eve/eve-json-format.rst | 67 +++++++++++++++----- 1 file changed, 52 insertions(+), 15 deletions(-) diff --git a/doc/userguide/output/eve/eve-json-format.rst b/doc/userguide/output/eve/eve-json-format.rst index 978d5cbfa24d..a253e046cf7f 100644 --- a/doc/userguide/output/eve/eve-json-format.rst +++ b/doc/userguide/output/eve/eve-json-format.rst @@ -89,23 +89,17 @@ generated the event. Event type: Alert ----------------- -Field action -~~~~~~~~~~~~ - -Possible values: "allowed" and "blocked" - -Example: - -:: - - - "action":"allowed" +This field contains data about a signature that matched, such as +``signature_id`` (``sid`` in the rule) and the ``signature`` (``msg`` in the +rule). -Action is set to "allowed" unless a rule used the "drop" action and Suricata is in IPS mode, or when the rule used the "reject" action. - -It can also contain information about Source and Target of the attack in the alert.source and alert.target field if target keyword is used in +It can also contain information about Source and Target of the attack in the +``alert.source`` and ``alert.target`` field if target keyword is used in the signature. +This event will also have the ``pcap_cnt`` field, when running in pcap mode, to +indicate which packet triggered the signature. + :: "alert": { @@ -147,6 +141,49 @@ the signature. } }, +Action field +~~~~~~~~~~~~ + +Possible values: "allowed" and "blocked". + +Example: + +:: + + "action":"allowed" + +Action is set to "allowed" unless a rule used the "drop" action and Suricata is +in IPS mode, or when the rule used the "reject" action. It is important to note +that this does not necessarily indicate the final verdict for a given packet or +flow, since one packet may match on several rules. + +.. _verdict-alert: + +Verdict +~~~~~~~ + +An object containning info on the final action that will be applied to a given +packet, based on all the signatures triggered by it and other possible events +(e.g., a flow drop). For that reason, it is possible for an alert with +an action ``allowed`` to have a verdict ``drop``, in IPS mode, for instance, if +that packet was dropped due to a different alert. + +* Action: ``alert``, ``pass``, ``drop`` (this latter only occurs in IPS mode) +* Reject-target: ``to_server``, ``to_client``, ``both`` (only occurs for 'reject' rules) +* Reject: an array of strings with possible reject types: ``tcp-reset``, + ``icmp-prohib`` (only occurs for 'reject' rules) + +Example: + +:: + + "verdict": { + "action": "drop", + "reject-target": "to_client", + "reject": "[icmp-prohib]" + } + + Pcap Field ~~~~~~~~~~ @@ -2532,4 +2569,4 @@ Example of DHCP log entry (extended logging enabled): "rebinding_time":43200, "client_id":"54:ee:75:51:e0:66", "dns_servers":["192.168.1.50","192.168.1.49"] - } \ No newline at end of file + } From 0068b81269cd596af104de9dd8575288a5cecf7f Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Thu, 13 Jul 2023 15:18:54 +0200 Subject: [PATCH 6/7] rust: update cargo.lock --- rust/Cargo.lock.in | 222 ++++++++++++++++++--------------------------- 1 file changed, 86 insertions(+), 136 deletions(-) diff --git a/rust/Cargo.lock.in b/rust/Cargo.lock.in index 669bac41180e..db657cf70ec7 100644 --- a/rust/Cargo.lock.in +++ b/rust/Cargo.lock.in @@ -67,12 +67,6 @@ dependencies = [ "alloc-no-stdlib", ] -[[package]] -name = "arrayvec" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23b62fc65de8e4e7f52534fb52b0f3ed04746ae267519eef2a83941e8085068b" - [[package]] name = "asn1-rs" version = "0.5.2" @@ -82,7 +76,7 @@ dependencies = [ "asn1-rs-derive", "asn1-rs-impl", "displaydoc", - "nom 7.1.3", + "nom", "num-traits 0.2.15", "rusticata-macros", "thiserror", @@ -95,8 +89,8 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "726535892e8eae7e70657b4c8ea93d26b8553afb1ce617caee529ef96d7dee6c" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", "synstructure", ] @@ -107,8 +101,8 @@ version = "0.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2777730b2039ac0f95f093556e61b6d26cebed5393ca6f152717777cec3a42ed" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", ] @@ -198,9 +192,9 @@ dependencies = [ [[package]] name = "cpufeatures" -version = "0.2.7" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3e4c1eaa2012c47becbbad2ab175484c2a84d1185b566fb2cc5b8707343dfe58" +checksum = "a17b76ff3a4162b0b27f354a0c87015ddad39d35f9c0c36607a3bdd175dde1f1" dependencies = [ "libc", ] @@ -244,9 +238,9 @@ dependencies = [ [[package]] name = "data-encoding" -version = "2.3.3" +version = "2.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d8666cb01533c39dde32bcbab8e227b4ed6679b2c925eba05feabea39508fb" +checksum = "c2e66c9d817f1720209181c316d28635c050fa304f9c79e47a520882661b7308" [[package]] name = "der-oid-macro" @@ -266,7 +260,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cddf120f700b411b2b02ebeb7f04dc0b7c8835909a6c2f52bf72ed0dd3433b2" dependencies = [ "der-oid-macro", - "nom 7.1.3", + "nom", "num-traits 0.2.15", "rusticata-macros", ] @@ -279,7 +273,7 @@ checksum = "dbd676fbbab537128ef0278adb5576cf363cff6aa22a7b24effe97347cfab61e" dependencies = [ "asn1-rs", "displaydoc", - "nom 7.1.3", + "nom", "num-bigint 0.4.3", "num-traits 0.2.15", "rusticata-macros", @@ -287,9 +281,9 @@ dependencies = [ [[package]] name = "digest" -version = "0.10.6" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer", "crypto-common", @@ -298,13 +292,13 @@ dependencies = [ [[package]] name = "displaydoc" -version = "0.2.3" +version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3bf95dc3f046b9da4f2d51833c0d3547d8564ef6910f5c1ed130306a75b92886" +checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", - "syn 1.0.109", + "proc-macro2 1.0.64", + "quote 1.0.29", + "syn 2.0.25", ] [[package]] @@ -331,8 +325,8 @@ version = "0.1.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aa4da3c766cd7a0db8242e326e9e4e081edd567072893ed320008189715366a4" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", "synstructure", ] @@ -359,9 +353,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.9" +version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4" +checksum = "be4136b2a15dd319360be1c07d9933517ccf0be8f16bf62a3bee4f0d618df427" dependencies = [ "cfg-if", "libc", @@ -378,12 +372,6 @@ dependencies = [ "polyval", ] -[[package]] -name = "half" -version = "1.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62aca2aba2d62b4a7f5b33f3712cb1b0692779a56fb510499d5c0aa594daeaf3" - [[package]] name = "hex" version = "0.4.3" @@ -414,15 +402,15 @@ version = "0.7.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2cf8413e5de78bcbc51880ff71f4b64105719abe6efb8b4b877d3c7dc494ddd1" dependencies = [ - "nom 7.1.3", + "nom", "rusticata-macros", ] [[package]] name = "itoa" -version = "1.0.6" +version = "1.0.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "453ad9f582a441959e5f0d088b02ce04cfe8d51a8eaf077f12ac6d3e94164ca6" +checksum = "62b02a5381cc465bd3041d84623d0fa3b66738b52b8e2fc3bab8ad63ab032f4a" [[package]] name = "kerberos-parser" @@ -431,7 +419,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c10e7cfd4759cbce37ea65e2f48caebd695c246196a38e97ba4f731da48996da" dependencies = [ "der-parser 6.0.1", - "nom 7.1.3", + "nom", "rusticata-macros", ] @@ -441,24 +429,11 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" -[[package]] -name = "lexical-core" -version = "0.7.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6607c62aa161d23d17a9072cc5da0be67cdfc89d3afb1e8d9c842bebc2525ffe" -dependencies = [ - "arrayvec", - "bitflags", - "cfg-if", - "ryu", - "static_assertions", -] - [[package]] name = "libc" -version = "0.2.142" +version = "0.2.147" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317" +checksum = "b4668fb0ea861c1df094127ac5f1da3409a82116a4ba74fca2e58ef927159bb3" [[package]] name = "lzma-rs" @@ -500,17 +475,6 @@ dependencies = [ "adler", ] -[[package]] -name = "nom" -version = "5.1.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "08959a387a676302eebf4ddbcbc611da04285579f76f88ee0506c63b1a61dd4b" -dependencies = [ - "lexical-core", - "memchr", - "version_check", -] - [[package]] name = "nom" version = "7.1.3" @@ -527,7 +491,7 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ff943d68b88d0b87a6e0d58615e8fa07f9fd5a1319fa0a72efc1f62275c79a7" dependencies = [ - "nom 7.1.3", + "nom", "nom-derive-impl", "rustversion", ] @@ -538,8 +502,8 @@ version = "0.10.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cd0b9a93a84b0d3ec3e70e02d332dc33ac6dfac9cde63e17fcb77172dededa62" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", ] @@ -549,7 +513,7 @@ version = "0.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "76084be9bf432d487336dd4e39b31ad93f94aecb14b81f08724f4a37b9abb7a5" dependencies = [ - "nom 7.1.3", + "nom", "nom-derive", ] @@ -677,8 +641,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dcbff9bc912032c62bf65ef1d5aea88983b420f4f839db1e9b0c281a25c9c799" dependencies = [ "proc-macro-crate", - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", ] @@ -783,9 +747,9 @@ dependencies = [ [[package]] name = "proc-macro2" -version = "1.0.56" +version = "1.0.64" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b63bdb0cd06f1f4dedf69b254734f9b45af66e4a031e42a7480257d9898b435" +checksum = "78803b62cbf1f46fde80d7c0e803111524b9877184cfe7c3033659490ac7a7da" dependencies = [ "unicode-ident", ] @@ -801,11 +765,11 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.26" +version = "1.0.29" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" +checksum = "573015e8ab27661678357f27dc26460738fd2b6c86e46f386fde94cb5d913105" dependencies = [ - "proc-macro2 1.0.56", + "proc-macro2 1.0.64", ] [[package]] @@ -861,59 +825,52 @@ version = "4.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632" dependencies = [ - "nom 7.1.3", + "nom", ] [[package]] name = "rustversion" -version = "1.0.12" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4f3208ce4d8448b3f3e7d168a73f5e0c43a61e32930de3bceeccedb388b6bf06" - -[[package]] -name = "ryu" version = "1.0.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f91339c0467de62360649f8d3e185ca8de4224ff281f66000de5eb2a77a79041" +checksum = "dc31bd9b61a32c31f9650d18add92aa83a49ba979c143eefd27fe7177b05bd5f" [[package]] name = "sawp" -version = "0.11.1" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d6632d7ca7b724b68321985fa10070adc57799de8297e9191334f7b88df39a0c" +checksum = "7e74f84d736420afcba72f689a494d275c97cf4775c3fe248f937e9d3bf83e30" dependencies = [ - "half", - "nom 5.1.3", + "nom", ] [[package]] name = "sawp-flags" -version = "0.11.1" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f34734eb1e49fd87b2ee9d2fe6f946e54cc9bb3d3711260558c0898a81468d5" +checksum = "1f2b22023d224b5314d51e53bfb2dbca53dc2cf90a4435aa4feb78172799dad0" dependencies = [ "sawp-flags-derive", ] [[package]] name = "sawp-flags-derive" -version = "0.11.1" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "770d921f325c749e0b9099b97edda6b2914e22339b37569d8eb5a90d55e47bcf" +checksum = "49a585d3c22887d23bb06dd602b8ce96c2a716e1fa89beec8bfb49e466f2d643" dependencies = [ "proc-macro-crate", - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", ] [[package]] name = "sawp-modbus" -version = "0.11.1" +version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "05a718c2a270c39da5ec0b51cdce4f0af7a644d80cf5a6447040000c4b72bfaa" +checksum = "2cbad9b003999a0f3016fb3603da113ff86f06279ccf6aacb577058168c0568d" dependencies = [ - "nom 5.1.3", + "nom", "num_enum", "sawp", "sawp-flags", @@ -921,9 +878,9 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.160" +version = "1.0.171" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bb2f3770c8bce3bcda7e149193a069a0f4365bda1fa5cd88e03bca26afc1216c" +checksum = "30e27d1e4fd7659406c492fd6cfaf2066ba8773de45ca75e855590f856dc34a9" [[package]] name = "sha1" @@ -938,9 +895,9 @@ dependencies = [ [[package]] name = "sha2" -version = "0.10.6" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" +checksum = "479fb9d862239e610720565ca91403019f2f00410f1864c5aa7479b950a76ed8" dependencies = [ "cfg-if", "cpufeatures", @@ -960,17 +917,11 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "773a26ad6742636f4259e7cc32262efb31feabd56bc34f0b2f28de9801aa24b3" dependencies = [ "asn1-rs", - "nom 7.1.3", + "nom", "rusticata-macros", "thiserror", ] -[[package]] -name = "static_assertions" -version = "1.1.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f" - [[package]] name = "subtle" version = "2.4.1" @@ -979,7 +930,7 @@ checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" [[package]] name = "suricata" -version = "7.0.0-rc2-dev" +version = "7.0.0-rc3-dev" dependencies = [ "aes", "aes-gcm", @@ -1003,7 +954,7 @@ dependencies = [ "lzma-rs", "md-5", "memchr", - "nom 7.1.3", + "nom", "ntp-parser", "num", "num-derive", @@ -1025,11 +976,11 @@ dependencies = [ [[package]] name = "suricata-derive" -version = "7.0.0-rc2-dev" +version = "7.0.0-rc3-dev" dependencies = [ "proc-macro-crate", - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", ] @@ -1050,19 +1001,19 @@ version = "1.0.109" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "unicode-ident", ] [[package]] name = "syn" -version = "2.0.15" +version = "2.0.25" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822" +checksum = "15e3fc8c0c74267e2df136e5e5fb656a464158aa57624053375eb9c8c6e25ae2" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "unicode-ident", ] @@ -1072,8 +1023,8 @@ version = "0.12.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f36bdaa60a83aca3921b5259d5400cbf5e90fc51931376a9bd4a0eb79aa7210f" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", "unicode-xid 0.2.4", ] @@ -1085,30 +1036,30 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "956044ef122917dde830c19dec5f76d0670329fde4104836d62ebcb14f4865f1" dependencies = [ "cfg-if", - "proc-macro2 1.0.56", - "quote 1.0.26", + "proc-macro2 1.0.64", + "quote 1.0.29", "syn 1.0.109", "version_check", ] [[package]] name = "thiserror" -version = "1.0.40" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "978c9a314bd8dc99be594bc3c175faaa9794be04a5a5e153caba6915336cebac" +checksum = "a35fc5b8971143ca348fa6df4f024d4d55264f3468c71ad1c2f365b0a4d58c42" dependencies = [ "thiserror-impl", ] [[package]] name = "thiserror-impl" -version = "1.0.40" +version = "1.0.43" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f9456a42c5b0d803c8cd86e73dd7cc9edd429499f37a3550d286d5e86720569f" +checksum = "463fe12d7993d3b327787537ce8dd4dfa058de32fc2b195ef3cde03dc4771e8f" dependencies = [ - "proc-macro2 1.0.56", - "quote 1.0.26", - "syn 2.0.15", + "proc-macro2 1.0.64", + "quote 1.0.29", + "syn 2.0.25", ] [[package]] @@ -1136,7 +1087,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "409206e2de64edbf7ea99a44ac31680daf9ef1a57895fb3c5bd738a903691be0" dependencies = [ "enum_primitive", - "nom 7.1.3", + "nom", "nom-derive", "phf", "phf_codegen", @@ -1160,9 +1111,9 @@ checksum = "497961ef93d974e23eb6f433eb5fe1b7930b659f06d12dec6fc44a8f554c0bba" [[package]] name = "unicode-ident" -version = "1.0.8" +version = "1.0.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4" +checksum = "22049a19f4a68748a168c0fc439f9516686aa045927ff767eca0a85101fb6e73" [[package]] name = "unicode-xid" @@ -1212,16 +1163,15 @@ checksum = "c168940144dd21fd8046987c16a46a33d5fc84eec29ef9dcddc2ac9e31526b7c" [[package]] name = "x509-parser" -version = "0.14.0" +version = "0.15.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e0ecbeb7b67ce215e40e3cc7f2ff902f94a223acf44995934763467e7b1febc8" +checksum = "bab0c2f54ae1d92f4fcb99c0b7ccf0b1e3451cbd395e5f115ccbdbcb18d4f634" dependencies = [ "asn1-rs", - "base64", "data-encoding", "der-parser 8.2.0", "lazy_static", - "nom 7.1.3", + "nom", "oid-registry", "rusticata-macros", "thiserror", From d4e674b390d2e945d9d27f8d170e8d11fe7998f3 Mon Sep 17 00:00:00 2001 From: Shivani Bhardwaj Date: Thu, 13 Jul 2023 21:39:47 +0530 Subject: [PATCH 7/7] rust: fix clippy warnings --- rust/src/dcerpc/dcerpc.rs | 2 +- rust/src/http2/http2.rs | 2 +- rust/src/ike/ikev2.rs | 2 +- rust/src/krb/detect.rs | 5 +---- rust/src/smb/smb.rs | 4 ++-- rust/src/ssh/ssh.rs | 4 ++-- 6 files changed, 8 insertions(+), 11 deletions(-) diff --git a/rust/src/dcerpc/dcerpc.rs b/rust/src/dcerpc/dcerpc.rs index bd6488ad3fa9..57f3d41f0f91 100644 --- a/rust/src/dcerpc/dcerpc.rs +++ b/rust/src/dcerpc/dcerpc.rs @@ -723,7 +723,7 @@ impl DCERPCState { Ok((leftover_bytes, mut back)) => { if let Some(ref mut bind) = self.bind { for (uuid_internal_id, r) in back.ctxitems.iter().enumerate() { - for mut uuid in bind.uuid_list.iter_mut() { + for uuid in bind.uuid_list.iter_mut() { if uuid.internal_id == uuid_internal_id as u16 { uuid.result = r.ack_result; if uuid.result != 0 { diff --git a/rust/src/http2/http2.rs b/rust/src/http2/http2.rs index 011000b5432b..5939c97210fa 100644 --- a/rust/src/http2/http2.rs +++ b/rust/src/http2/http2.rs @@ -969,7 +969,7 @@ impl HTTP2State { //borrow checker forbids to reuse directly tx let index = self.find_tx_index(sid); if index > 0 { - let mut tx_same = &mut self.transactions[index - 1]; + let tx_same = &mut self.transactions[index - 1]; if dir == Direction::ToServer { tx_same.ft_tc.tx_id = tx_same.tx_id - 1; } else { diff --git a/rust/src/ike/ikev2.rs b/rust/src/ike/ikev2.rs index ecb54613da06..a1be25ffb4a2 100644 --- a/rust/src/ike/ikev2.rs +++ b/rust/src/ike/ikev2.rs @@ -96,7 +96,7 @@ impl Default for Ikev2Container { } pub fn handle_ikev2( - mut state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: Direction, + state: &mut IKEState, current: &[u8], isakmp_header: IsakmpHeader, direction: Direction, ) -> AppLayerResult { let hdr = IkeV2Header { init_spi: isakmp_header.init_spi, diff --git a/rust/src/krb/detect.rs b/rust/src/krb/detect.rs index ab003629b58c..25cce9bcf826 100644 --- a/rust/src/krb/detect.rs +++ b/rust/src/krb/detect.rs @@ -116,10 +116,7 @@ pub enum DetectKrb5TicketEncryptionData { pub fn detect_parse_encryption_weak(i: &str) -> IResult<&str, DetectKrb5TicketEncryptionData> { let (i, neg) = opt(char('!'))(i)?; let (i, _) = tag("weak")(i)?; - let value = match neg { - Some(_) => false, - _ => true, - }; + let value = neg.is_none(); return Ok((i, DetectKrb5TicketEncryptionData::WEAK(value))); } diff --git a/rust/src/smb/smb.rs b/rust/src/smb/smb.rs index 909925972902..d6b0a565c060 100644 --- a/rust/src/smb/smb.rs +++ b/rust/src/smb/smb.rs @@ -1951,7 +1951,7 @@ pub unsafe extern "C" fn rs_smb_parse_request_tcp(flow: *const Flow, ) -> AppLayerResult { - let mut state = cast_pointer!(state, SMBState); + let state = cast_pointer!(state, SMBState); let flow = cast_pointer!(flow, Flow); if stream_slice.is_gap() { @@ -1988,7 +1988,7 @@ pub unsafe extern "C" fn rs_smb_parse_response_tcp(flow: *const Flow, ) -> AppLayerResult { - let mut state = cast_pointer!(state, SMBState); + let state = cast_pointer!(state, SMBState); let flow = cast_pointer!(flow, Flow); if stream_slice.is_gap() { diff --git a/rust/src/ssh/ssh.rs b/rust/src/ssh/ssh.rs index 3e2a15b9f1b7..6280e0b6ace9 100644 --- a/rust/src/ssh/ssh.rs +++ b/rust/src/ssh/ssh.rs @@ -110,7 +110,7 @@ impl SSHState { fn parse_record( &mut self, mut input: &[u8], resp: bool, pstate: *mut std::os::raw::c_void, ) -> AppLayerResult { - let (mut hdr, ohdr) = if !resp { + let (hdr, ohdr) = if !resp { (&mut self.transaction.cli_hdr, &self.transaction.srv_hdr) } else { (&mut self.transaction.srv_hdr, &self.transaction.cli_hdr) @@ -240,7 +240,7 @@ impl SSHState { fn parse_banner( &mut self, input: &[u8], resp: bool, pstate: *mut std::os::raw::c_void, ) -> AppLayerResult { - let mut hdr = if !resp { + let hdr = if !resp { &mut self.transaction.cli_hdr } else { &mut self.transaction.srv_hdr