Project

General

Profile

Actions
Copy link

Feature #4775

open

lua: overhaul lua support

Added by Victor Julien over 3 years ago. Updated about 2 months ago.

Status:
In Progress
Priority:
Normal
Assignee:
Jason Ish
Target version:
TBD
Effort:
Difficulty:
Label:

Description

Implement https://redmine.openinfosecfoundation.org/issues/3307#note-12:

  • vendor a specific version in
  • disallow modules by default (or at all)
  • do proper sandboxing, both for security and performance
  • enable it by default so rule vendors can rely on it to be there

Subtasks 7 (0 open7 closed)

Feature #1971: lua: make mandatoryClosedOISF DevActions
Feature #2290: lua: use script as transformClosedJeff LucovskyActions
Feature #4776: lua: vendor latest lua stableClosedJason IshActions
Task #6961: lua: use a rust crate to vendor luaClosedJason IshActions
Feature #4777: lua: implement sandboxingClosedJason IshActions
Feature #6939: lua: incremement stat when a lua rule exhausts its instruction countClosedJason IshActions
Bug #6940: lua: handle errors in lua rulesClosedJason IshActions

Related issues 7 (3 open4 closed)

Related to Suricata - Task #3307: Research: evaluate future of lua support in SuricataClosedOISF DevActions
Related to Suricata - Feature #1504: lua: better notification in verbose mode on script errorsNewOISF DevActions
Related to Suricata - Feature #1505: lua: show lua scripts during rule (re)loadingNewOISF DevActions
Related to Suricata - Feature #2871: lua: Exposing byte extract to scriptClosedJeff LucovskyActions
Related to Suricata - Task #6443: Suricon 2023 brainstormAssignedVictor JulienActions
Related to Suricata - Feature #7073: lua: expose hashing functions (md5/sha1/sha256)ClosedJason IshActions
Related to Suricata - Feature #7074: lua: expose base64 functionsClosedJason IshActions
Actions
Copy link
 #1

Updated by Victor Julien over 3 years ago

  • Related to Task #3307: Research: evaluate future of lua support in Suricata added
Actions
Copy link
 #2

Updated by Victor Julien over 3 years ago

  • Related to Feature #1504: lua: better notification in verbose mode on script errors added
Actions
Copy link
 #3

Updated by Victor Julien over 3 years ago

  • Related to Feature #1505: lua: show lua scripts during rule (re)loading added
Actions
Copy link
 #4

Updated by Victor Julien over 3 years ago

  • Related to Feature #2871: lua: Exposing byte extract to script added
Actions
Copy link
 #5

Updated by Jason Ish over 2 years ago

Neovim has some discussion on why they use Lua 5.1 vs other versions:

https://github.com/neovim/neovim/wiki/FAQ#why-lua-51-instead-of-lua-53

Also, rlua, the previously most popular Lua bindings for Rust started with Lua 5.3 I think. 5.1 came after due to popular demand. mlua, a fork of rlua that seems to be more popular now, and also supports luajit 5.1.

By using one of these crates we can get Lua vendored for free.

Actions
Copy link
 #6

Updated by Jason Ish over 1 year ago

  • Assignee set to OISF Dev
Actions
Copy link
 #7

Updated by Jason Ish over 1 year ago

  • Related to Task #6443: Suricon 2023 brainstorm added
Actions
Copy link
 #8

Updated by Victor Julien over 1 year ago

  • Assignee changed from OISF Dev to Jo Johnson
Actions
Copy link
 #9

Updated by Jason Ish about 1 year ago

  • Subtask #6939 added
Actions
Copy link
 #10

Updated by Jason Ish about 1 year ago

  • Subtask #6940 added
Actions
Copy link
 #11

Updated by Victor Julien about 1 year ago

  • Assignee changed from Jo Johnson to Jason Ish
Actions
Copy link
 #12

Updated by Philippe Antoine about 1 year ago

  • Target version set to TBD
Actions
Copy link
 #13

Updated by Victor Julien about 1 year ago

  • Status changed from New to In Progress
Actions
Copy link
 #14

Updated by Victor Julien about 1 year ago

  • Related to Feature #7073: lua: expose hashing functions (md5/sha1/sha256) added
Actions
Copy link
 #15

Updated by Victor Julien about 1 year ago

Actions
Copy link

Also available in: Atom PDF