3020 Commits

Author SHA1 Message Date
Felipe Zimmerle
50fc347ed4
Fix rules dump
The unique pointer for file name was being used multiple times
on SecMarker.
2021-02-04 11:07:22 -03:00
martinhsv
6ca028b6f5
Fix memory leak in rx operator when pattern includes macro 2021-01-25 19:39:10 -03:00
Felipe Zimmerle
9764b1fb3b
CHANGES: Fix entry for ARGS_NAMES 2021-01-25 14:59:17 -03:00
Felipe Zimmerle
53d36ab63a
Updates libInjection
* Updates libInjection repository to libinjection.github.io
 * Update libInjection to version 3.9.2, plus:
   - Pass the correct pointer to memmem()
     In parse_money(), if there is a "$foobar$", it calls memmem() to
     find it again. Wrong pointer can cause itself to backtrack in a
     dead loop and hang the entire process.
   - Addresses some issues reported by cppcheck, including an overflow
     on parse_slash.
2021-01-25 14:16:22 -03:00
Dmitri Toubelis
102f4bdd91
Make the configure step more reliable
Iyt appears that in cross compile environments the location of the
"current" directory cannot be assumed. This fix makes it explicit.
2021-01-25 09:26:51 -03:00
martinhsv
fbea73120c
Fix: FILES variable does not use multipart part name for key 2021-01-24 15:06:30 -03:00
Felipe Zimmerle
f1f2527c03
Using setenv instead of putenv on SetEnv action 2021-01-24 14:59:59 -03:00
Felipe Zimmerle
03b3e472d4
cosmetics: Please static check 2021-01-24 11:53:52 -03:00
Felipe Zimmerle
e8bd2151f2
Having _NAMES, variables proxied
Some variables share content with others; that is the case
for ARGS and ARGS_NAMES. Those are different in value, as
ARGS_NAMES holds the key name as value.

Instead of duplicating the strings for the different
collections, this patch unifies the collection in radix,
avoiding memory fragmentation. It is currently doing some
fragmentation while resolving the variable, but to be
mitigated by shared_ptr is VariableValues, a different
change.

TODO: place others variables such as COOKIE*NAMES to use
the same proxy.
2021-01-24 11:30:22 -03:00
Felipe Zimmerle
dd458dedb8
github workflow: having bison from brew 2021-01-22 20:52:49 -03:00
Felipe Zimmerle
3748d62f19
Changes copyright dates on the code 2021-01-19 09:24:37 -03:00
Felipe Zimmerle
33f7b46bcc
Using GitHub Workflow instead of Travis
Changes QA badge to GitHub
2021-01-19 09:17:25 -03:00
Felipe Zimmerle
b3cfd88819
Having Travis working again 2021-01-18 08:59:26 -03:00
Felipe Zimmerle
f948d637f2
Having the QA on GitHub workflow 2021-01-14 09:15:18 -03:00
Felipe Zimmerle
e6bdadeb69
tests: Prints test number on segfault 2021-01-13 13:38:38 -03:00
Felipe Zimmerle
9b40a045bb
Cosmetics: fix some cppcheck complains to please QA 2021-01-13 13:30:04 -03:00
LEI BAO
310cbf899b Fix the typo 2021-01-06 08:44:42 -03:00
Felipe Zimmerle
f18595f428
Makes regular expression selection on collections key case insensitive
This issue was initially reported by @michaelgranzow-avi on #2296.

@airween made an initial attempt to provide a fixed at #2107; As a
consequence of the pull request review - provided by @victorhora,
@zimmerle, and @michaelgranzow-avi - @airween made a second attempt
at #2297. After reviewing by @martinhsv, @zimmerle, I have absorbed
the essential pieces from @airween patch into this one.

This patch differs from @airween's because @airween's patches were
partially working: Key exclusions with regex weren't covered, same
for anchored variables (e.g. ARGS). During the review, I have
highlighted the importance of having elementary test cases. A simple
test case on ARGS could spot the issue. Since that is an important
fix, I don't want to hold this for one more review cycle; therefore,
I am committing the fix myself.

Thank you all involved in the solution of this very own issue.
2020-12-10 10:05:07 -03:00
David Carlier
560f81200f Adding DragonFlyBSD support. 2020-12-10 09:51:03 -03:00
Aleks
afefda53c6 Fix Path to projekt logo 2020-11-16 09:15:26 -03:00
martinhsv
d72be1c470
Fix: Only delete Multipart tmp files after rules have run 2020-11-04 13:50:07 -03:00
Michael Granzow
1b7aa42c77
Issue-2423: Meta-actions like 'msg' should be applied at end of chain 2020-10-29 10:33:02 -03:00
martinhsv
2672db103e
Add support for new operator rxGlobal 2020-10-26 08:55:07 -03:00
Felipe Zimmerle
785958f9b5
Fix maxminddb link on FreeBSD
Issue #2131
2020-10-23 14:44:54 -03:00
Felipe Zimmerle
4b425850cf
Cosmetics: fix cppcheck warnings 2020-10-23 08:29:07 -03:00
martinhsv
8da787a390
Merge pull request #2424 from martinhsv/v3/master
Fix IP address logging in Section A
2020-10-19 09:09:05 -04:00
martinhsv
8436c78993
Fix IP address logging in Section A 2020-10-16 13:14:42 -07:00
Felipe Zimmerle
995f22b3ce
Having Bison 3.7.2 2020-10-14 13:58:37 -03:00
Felipe Zimmerle
377fb723ca
Makes lua 5.1 workable again
Issue #2389
2020-09-21 10:04:40 -03:00
Felipe Zimmerle
e9dce44f6a
build: Minor fixies on Lua detection 2020-08-18 09:19:51 -03:00
Felipe Zimmerle
9e6d8b7bbc
CHANGES: Adds support to lua 5.4 2020-08-17 11:35:51 -03:00
Felipe Zimmerle
8c85b78361
Adds support to lua 5.4 2020-08-17 11:08:03 -03:00
Felipe Zimmerle
ae3ad5eaa7
cosmetics: Address some cppcheck complains 2020-08-06 19:02:00 -03:00
Felipe Zimmerle
51d06d7a8e
CHANGES: Adds info about #2378 2020-07-30 13:51:33 -03:00
Andrei Belov
fe12385148 GeoIP: switch to GEOIP_MEMORY_CACHE from GEOIP_INDEX_CACHE
Using GEOIP_INDEX_CACHE on some older versions of libGeoIP (e.g. 1.5.0
which is the default version on CentOS 7) leads to "Error reading file"
error while opening completely valid GeoIP.dat:

    # cat test.c
    #include <stdio.h>
    #include "GeoIP.h"

    int main(void) {
      GeoIP *g;

      g = GeoIP_open("/tmp/GeoIP.dat", GEOIP_INDEX_CACHE);

      if (g == NULL) {
        printf("error!\n");
      }

      GeoIP_delete(g);

      exit(0);
    }
    # cc -lGeoIP -o test test.c
    # ./test
    Error reading file /tmp/GeoIP.dat
    error!
    # sed -i -e 's,GEOIP_INDEX_CACHE,GEOIP_MEMORY_CACHE,' test.c
    # cc -lGeoIP -o test test.c
    # ./test
    # geoiplookup -f /tmp/GeoIP.dat -v 8.8.8.8
    GeoIP Country Edition: GEO-106FREE 20180327 Build 1 Copyright (c) 2018 MaxMind Inc All Rights Reserved

Also tested with recent GeoLite databases converted from new format
into legacy format, distributed here:

    https://mailfud.org/geoip-legacy/
2020-07-30 13:48:40 -03:00
martinhsv
0eb3c123f4
Merge pull request #2348 from martinhsv/v3/master
rx:exit after full match; fix TX population after unused group
2020-07-06 07:54:44 -04:00
martinhsv
b9620c26a0
rx:exit after full match; fix TX population after unused group 2020-06-29 06:13:45 -07:00
martinhsv
a1a8c0fda7
Merge pull request #2342 from martinhsv/v3/master
Correct CHANGES file entry for #2234
2020-06-18 10:27:52 -04:00
martinhsv
07ce43cceb
Correct CHANGES file entry for #2234 2020-06-18 07:12:25 -07:00
Rajesh Rajendran
a2be19d8e5 Fixing Typo 2020-05-21 14:34:10 -03:00
Felipe Zimmerle
f0f1c2b1a1
Merge pull request #2317 from nikolas/patch-3
Fix typo in readme: GtiHub -> GitHub
2020-05-21 14:30:38 -03:00
Felipe Zimmerle
feda5b758b
Merge pull request #2321 from nikolas/patch-4
readme update: Packing -> Packaging
2020-05-21 14:29:37 -03:00
nikolas
45dec2068c
readme update: Packing -> Packaging 2020-05-21 10:02:15 -04:00
nikolas
ba1ae16fc9
Fix typo in readme: GtiHub -> GitHub 2020-05-20 20:51:47 -04:00
Felipe Zimmerle
3b1de9567a
Merge pull request #2315 from nikolas/patch-1
fix typo in readme: rearchitechted -> rearchitected
2020-05-20 18:46:00 -03:00
nikolas
7330739989
fix typo in readme: rearchitechted -> rearchitected 2020-05-20 14:43:13 -04:00
Felipe Zimmerle
7e0bc26917
Using performLogging function 2020-03-31 15:20:15 -03:00
martinhsv
a1547eaa32
Regression tests: audit log compare support and test cases 2020-03-31 15:01:26 -03:00
Felipe Zimmerle
7a48245aed
Creates RuleUnconditional
Makes RuleScript child of RuleWithActions instead of Operator
2020-03-31 14:44:19 -03:00
Felipe Zimmerle
f63bd1a45d
Moves Rule[WithActions|WithOperator] to their own files 2020-03-31 13:33:38 -03:00