Project

General

Profile

Actions
Copy link

Feature #6439

closed
BM JL

rules: add to_lowercase transform

Feature #6439: rules: add to_lowercase transform

Added by Brandon Murphy over 2 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
8.0.0-beta1
Effort:
Difficulty:
Label:

Description

Hoping to get a to_lowercase transformation that can be combined with others. The use case is to allow for the "normalization" of a mixed case URL to lowercase. This would allow the url to be obfuscated and account for multiple variations of casing within the field.

http.uri; to_lowercase; to_sha256; content:"<sha256 digest>";

Subtasks 1 (0 open1 closed)

Feature #6612: New Transformation: to_lowercase (7.0.x backport)ClosedJeff LucovskyActions

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #1

  • Status changed from New to Assigned
  • Assignee changed from OISF Dev to Jeff Lucovsky
  • Target version changed from TBD to 8.0.0-beta1

@zoomequipd would you see value in a "to_uppercase" as well?

@Jeff Lucovsky we can probably target 7 as well, as there should be no side effects of adding this.

BM Updated by Brandon Murphy over 2 years ago Actions
Copy link
 #2

@Brandon Murphy would you see value in a "to_uppercase" as well?

I cannot currently think of any use cases for that. If it's only a trivial amount of additional work, then why not include it? I'd much rather have it and not need it than the other way around.

JL Updated by Jeff Lucovsky over 2 years ago Actions
Copy link
 #3

  • Status changed from Assigned to In Progress

BM Updated by Brandon Murphy over 2 years ago Actions
Copy link
 #4

just wanting to mention, this transformation could be used to address case differences between HTTP/1 and HTTP/2 assuming content matches can be updated/change to reflect the transformation behavior.

JL Updated by Jeff Lucovsky over 2 years ago Actions
Copy link
 #5

@zoomequipd Here's a draft PR for early feedback: https://github.com/OISF/suricata/pull/9761

JL Updated by Jeff Lucovsky over 2 years ago Actions
Copy link
 #6

  • Status changed from In Progress to Closed

VJ Updated by Victor Julien over 2 years ago Actions
Copy link
 #7

  • Status changed from Closed to Resolved
  • Label Needs backport to 7.0 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #8

  • Subtask #6612 added

OT Updated by OISF Ticketbot over 2 years ago Actions
Copy link
 #9

  • Label deleted (Needs backport to 7.0)

JL Updated by Jeff Lucovsky over 2 years ago Actions
Copy link
 #10

  • Status changed from Resolved to Closed

VJ Updated by Victor Julien about 1 year ago Actions
Copy link
 #11

  • Subject changed from New Transformation: to_lowercase to rules: add to_lowercase transform
Actions
Copy link

Also available in: PDF Atom