Documentation #5088
closedDocumentation #5182: userguide: better document rule keywords
detect/file.name: keyword is not documented
Description
The file.name sticky buffer is not documented. It should be documented in /rules/file-keywords.html#filename as the code in detect-filename.c points, but only the keyword filename is documented.
Moreover, there should be references to this sticky buffer in all related protocols documentation where is used, in order to be easier a user to find it. The related protocols are:
- HTTP
- SMTP
- FTP
- NFS
- SMB
- HTTP2
Updated by Jason Taylor over 1 year ago
This might be completed under the PRs below?
https://github.com/OISF/suricata/pull/9327 (master)
https://github.com/OISF/suricata/pull/9361 (backport)
Updated by Juliana Fajardini Reichow over 1 year ago
Jason Taylor wrote in #note-2:
This might be completed under the PRs below?
https://github.com/OISF/suricata/pull/9327 (master)
https://github.com/OISF/suricata/pull/9361 (backport)
I think the main part, yes. As a user, how do you feel about the request that this is referenced in the related protocols' sections, too, though?
Updated by Jason Taylor over 1 year ago
Juliana Fajardini Reichow wrote in #note-3:
Jason Taylor wrote in #note-2:
This might be completed under the PRs below?
https://github.com/OISF/suricata/pull/9327 (master)
https://github.com/OISF/suricata/pull/9361 (backport)
I think the main part, yes. As a user, how do you feel about the request that this is referenced in the related protocols' sections, too, though?
Ah yes, good point. That would be nice to have, let me know if this is something I could submit and I can put something together (as it's currently assigned to oisf dev, I don't want to steal anyones fun :) )
JT
Updated by Juliana Fajardini Reichow over 1 year ago
- Assignee changed from OISF Dev to Jason Taylor
- Target version changed from TBD to 7.0.2
Jason Taylor wrote in #note-4:
Juliana Fajardini Reichow wrote in #note-3:
Jason Taylor wrote in #note-2:
This might be completed under the PRs below?
https://github.com/OISF/suricata/pull/9327 (master)
https://github.com/OISF/suricata/pull/9361 (backport)
I think the main part, yes. As a user, how do you feel about the request that this is referenced in the related protocols' sections, too, though?
Ah yes, good point. That would be nice to have, let me know if this is something I could submit and I can put something together (as it's currently assigned to oisf dev, I don't want to steal anyones fun :) )
JT
Haha, thanks for asking, but if I recall correctly, this is the new default, to ensure tickets are not left without an assignee...
Your contributions are very welcome! I'll assign this to you, then :) :)
Updated by Juliana Fajardini Reichow over 1 year ago
- Status changed from New to In Review
PR for review: https://github.com/OISF/suricata/pull/9509
Updated by Juliana Fajardini Reichow over 1 year ago
- Related to Bug #5754: I use the file-extraction to store the files transferred by HTTP2, but fileinfo does not have the filename field. added
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.2 to 7.0.3
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.3 to 8.0.0-beta1
Updated by Jason Taylor about 1 year ago
- Status changed from Resolved to Closed
Updated by Victor Julien 16 days ago
- Subject changed from file.name sticky buffer is not documented to detect/file.name: keyword is not documented