Lua xform/v21 #12425
Open
Lua xform/v21 #12425
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This commit makes the detection engine thread context available for transforms to use. The Lua transform requires this value. Issue: 2290
Issue: 2290 This commit extends the hash table logic with an alternate free function that provides the detection engine context. Users that wish to use the next functionality must use the HashListTableInitWithCtx function when initializing the hash table. Using this interface will result in the hash table "free with context" function (new) being used instead.
Issue: 2290 Defer freeing the keyword hash table until the engine context has been freed. This eliminates a double-free from occurring. For the unittests ONLY, clear the keyword_hash to prevent a double free attempt.
Adds a new lua script capability to use a script as a buffer transform keyword. It uses a `transform` lua function that returns the input buffer after modifying it. Issue: 2290
Issue: 2290
git grep -A 1 -w InspectionBufferSetup shows numbers cases of the pattern:
- InspectionBufferSetup
- InspectionBufferApplyTransforms
Refactor the implementations of those functions into
InspectionBufferSetupAndApplyTransforms to reduce function call count.
Issuer: 2290
So transforms can access them through DetectEngineThreadCtx
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #12425 +/- ##
==========================================
- Coverage 80.63% 80.62% -0.01%
==========================================
Files 918 919 +1
Lines 258696 258900 +204
==========================================
+ Hits 208598 208746 +148
- Misses 50098 50154 +56
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 24263 |
This was referenced Jan 18, 2025
victorjulien
commented
Jan 21, 2025
| int count = 0; | ||
| char *saveptr = NULL; | ||
| char *token = strtok_r(lua->copystr, ",", &saveptr); | ||
| while (token != NULL && count < LUAXFORM_MAX_ARGS) { |
There was a problem hiding this comment.
@jlucovsky is there a point in having a list of predefined keys that have a specific meaning, like bytes and offset in some of your examples? We'll have to decide now to avoid collisions with scripts that may be in use in the future.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
#12251, with following changes/updates:
SV_BRANCH=OISF/suricata-verify#2240