Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Detect negated content absent buffer 2224 v5 #9988

Closed
wants to merge 2 commits into from
Closed

Detect negated content absent buffer 2224 v5 #9988

wants to merge 2 commits into from

Conversation

catenacyber
Copy link
Contributor

Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/2224

Describe changes:

  • detect: negated content matches on absent buffer
  • doc: fix byte_testexamples
SV_BRANCH=pr/1518

OISF/suricata-verify#1518

#9983 with additional commit to fix doc about byte_test keyword cc @jufajardini

@catenacyber
detect: negated content matches on absent buffer
9e25466 
Ticket: 2224

For example, `http.referer; content:!"example";` will match on a
request without any referer.

This is true for all payload keywords handling negation :
pcre, isdataat and byte_test
@catenacyber
doc: fix byte_test examples
c00ed28 
As this keyword has 4 mandatory arguments, and some examples
had only three...
@catenacyber catenacyber mentioned this pull request Dec 6, 2023
Closed
@codecov Codecov
Copy link

codecov bot commented Dec 6, 2023

Codecov Report

Merging #9988 (c00ed28) into master (64d12aa) will decrease coverage by 0.02%.
The diff coverage is 59.52%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #9988      +/-   ##
==========================================
- Coverage   82.45%   82.44%   -0.02%     
==========================================
  Files         970      970              
  Lines      271356   271398      +42     
==========================================
- Hits       223746   223744       -2     
- Misses      47610    47654      +44
Flag Coverage Δ
fuzzcorpus 64.51% <40.47%> (-0.02%) ⬇️
suricata-verify 61.32% <52.38%> (-0.02%) ⬇️
unittests 62.87% <2.38%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 16908

@catenacyber catenacyber mentioned this pull request Dec 7, 2023
Closed
@catenacyber
Copy link
Contributor Author

Replaced by #10002

@catenacyber catenacyber closed this Dec 7, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@catenacyber @suricata-qa