suricata icon indicating copy to clipboard operation
suricata copied to clipboard

Published 20 hours ago verified publisher icon OISF

lua: Expose byte_extract to lua match scripts

Open jlucovsky opened this issue 1 year ago • 3 comments

Continuation of #7660

Link to redmine ticket: #2871

Describe changes:

  • Allow lua match scripts to access variables defined in rule by byte_extract or byte_math

Updates

  • Rebase.

suricata-verify-pr: 899 #suricata-verify-repo: #suricata-verify-branch: #suricata-update-pr: #suricata-update-repo: #suricata-update-branch: #libhtp-pr: #libhtp-repo: #libhtp-branch:

jlucovsky avatar Jul 31 '22 12:07 jlucovsky

Codecov Report

Merging #7663 (1ccdb11) into master (e566563) will increase coverage by 0.04%. The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #7663      +/-   ##
==========================================
+ Coverage   75.83%   75.88%   +0.04%     
==========================================
  Files         659      659              
  Lines      185641   185641              
==========================================
+ Hits       140786   140872      +86     
+ Misses      44855    44769      -86
Flag Coverage Δ
fuzzcorpus 60.52% <ø> (+0.23%) :arrow_up:
suricata-verify 52.54% <ø> (-0.01%) :arrow_down:
unittests 60.72% <ø> (-0.01%) :arrow_down:

Flags with carried forward coverage won't be shown. Click here to find out more.

codecov[bot] avatar Jul 31 '22 12:07 codecov[bot]

ERROR:

ERROR: QA failed on tlpw2_single_alerts_cmp.

ERROR: QA failed on tlpw2_autofp_alerts_cmp.

ERROR: QA failed on tlpr1_alerts_cmp.

Pipeline 8420

suricata-qa avatar Jul 31 '22 15:07 suricata-qa

You can ignore the QA failures. Didn't properly rebase the alert counts. Don't use lua for those tests so should be a non-issue.

ct0br0 avatar Jul 31 '22 15:07 ct0br0

Merged in #7713, thanks!

victorjulien avatar Aug 10 '22 08:08 victorjulien