Project

General

Profile

Actions

Feature #3200

closed

pcre: allow operation as transform

Added by Victor Julien over 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

The idea is that pcre could be used to capture a substring (just 1 I suppose) to pass for inspection or further transformation.

Artificial example:

http.request_line; pcrexform:"/[A-z]+\s+(.*)\s+HTTP/"; content:"/index.html";

Here the requestline would be passed in, pcrexform would capture the URI in substring and replace the buffer with its value. Then the content would match on that.


Related issues 1 (0 open1 closed)

Blocked by Suricata - Feature #3199: transformation should be able to take optionsClosedJeff LucovskyActions
Actions #1

Updated by Victor Julien over 4 years ago

  • Blocked by Feature #3199: transformation should be able to take options added
Actions #2

Updated by Victor Julien over 4 years ago

  • Status changed from New to Feedback

I've set this to 'community' until we've reached some feedback about whether this would be useful.

Actions #3

Updated by Victor Julien over 4 years ago

  • Subject changed from pcre: allow operation at transform to pcre: allow operation as transform
Actions #4

Updated by Jeff Lucovsky about 4 years ago

  • Status changed from Feedback to Assigned
  • Assignee changed from Community Ticket to Jeff Lucovsky
Actions #5

Updated by Victor Julien about 4 years ago

  • Target version changed from TBD to 6.0.0beta1
Actions #6

Updated by Jeff Lucovsky about 4 years ago

  • Status changed from Assigned to In Review
Actions #7

Updated by Victor Julien almost 4 years ago

  • Status changed from In Review to Closed
Actions

Also available in: Atom PDF