8000 flowbits: add a validation callback during setup by inashivb · Pull Request #13508 · OISF/suricata · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

flowbits: add a validation callback during setup #13508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

flowbits: add a validation callback during setup #13508

wants to merge 1 commit into from
+23 −0

Conversation

inashivb
Copy link
Member

Link to ticket: https://redmine.openinfosecfoundation.org/issues/7772

SV_BRANCH=OISF/suricata-verify#2579

This is pretty trivial patch which just throws a warning for now. If acceptable, other invalid combination checks will follow in another PR.

@inashivb
flowbits: add a validation callback during setup
b575264 
This should make it possible to catch invalid combinations in the same
signature early. This patch covers checking set and isset commands on
the same flowbit in the same signature which is basically an unnecessary
operation.

Bug 7772
@inashivb inashivb requested a review from victorjulien as a code owner June 20, 2025 12:16
@codecov Codecov
Copy link
codecov bot commented Jun 20, 2025

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 83.49%. Comparing base (495a12f) to head (b575264).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master   #13508   +/-   ##
=======================================
  Coverage   83.48%   83.49%           
=======================================
  Files        1011     1011           
  Lines      274902   274919   +17     
=======================================
+ Hits       229507   229530   +23     
+ Misses      45395    45389    -6
Flag Coverage Δ
fuzzcorpus 61.77% <100.00%> (+<0.01%) ⬆️
livemode 18.94% <0.00%> (-0.01%) ⬇️
pcap 44.67% <100.00%> (-0.01%) ⬇️
suricata-verify 65.03% <100.00%> (-0.01%) ⬇️
unittests 59.14% <82.35%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline = 26579

@inashivb inashivb marked this pull request as draft June 25, 2025 07:03
catenacyber
catenacyber reviewed Jun 25, 2025
View reviewed changes
src/detect-flowbits.c
continue;
/* Check if an entry corresponding to the same idx exists in the opposite list */
DetectFlowbitsData *fd2 = (DetectFlowbitsData *)sm->ctx;
if (fd2->idx == fd->idx) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we have a more explicit check about fd2->cmd ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

indeed that'll be better. this leaves scope for bugs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@catenacyber catenacyber catenacyber left review comments

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@inashivb @suricata-qa @catenacyber
0