suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

mqtt: enable limiting of logged message length - v4

Open satta opened this issue 1 month ago • 1 comments

Previous PR: #11194

Changes to previous PR:

  • Handle splitting at all byte boundaries in a UTF-8 string in a way that avoids panics. Rust already has a function to deliver the longest string consisting of complete code points up to a given index (https://doc.rust-lang.org/std/primitive.str.html#method.floor_char_boundary) but it is only available in the nightly API. I implemented a similar approach to ensure that we only try to slice strings at suitable boundaries before returning a truncated prefix, avoiding panics while still providing sensible output.
  • Widen limiting functionality to strings in MQTT events in general.
  • Reword the comment/documentation to refer to strings instead of messages to reflect the fact we limit more than just message payloads.
  • Implement truncating arrays of topic names if the concatenation of the individual strings exceeds the log limit, even if each of the strings is shorter than the limit.

Ticket

Redmine ticket: https://redmine.openinfosecfoundation.org/issues/6984

SV_BRANCH=https://github.com/OISF/suricata-verify/pull/1880

satta avatar Jun 02 '24 22:06 satta