Project

General

Profile

Actions
Copy link

Feature #7672

closed
PA JL

detect/transforms: subslice transform

Feature #7672: detect/transforms: subslice transform

Added by Philippe Antoine about 1 year ago. Updated 3 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Jeff Lucovsky
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

Many keyword use offset and bytes

We could make it more generic with a subslice transform that would take a subslice of a sticky buffer

like http.uri; subslice: [2: -2]; content: "toto";

Need to think about all the expressivity we want (negative indexing, relative ? etc...)

Related issues 1 (1 open0 closed)

Related to Suricata - Feature #7847: rules: extend byte_extract named variables for use in other keywords/transformations such as xorIn ReviewJeff LucovskyActions

PA Updated by Philippe Antoine about 1 year ago Actions
Copy link
 #1

  • Tracker changed from Bug to Feature

JL Updated by Jeff Lucovsky 11 months ago ยท Edited Actions
Copy link
 #2

I'd prefer to support: 
  • bytes
    Number of bytes to slice
  • offset
    Where to begin the slice

PA Updated by Philippe Antoine 11 months ago Actions
Copy link
 #3

Jeff Lucovsky wrote in #note-2:

I'd prefer to support:
  • [...] Number of bytes to slice
  • [...] Where to begin the slice

Fine for me

I do not care so much about the syntax than about the expressivity (like negative indexing to start from the end)

JL Updated by Jeff Lucovsky 5 months ago Actions
Copy link
 #4

  • Status changed from New to In Review

PA Updated by Philippe Antoine 25 days ago Actions
Copy link
 #5

  • Related to Feature #7847: rules: extend byte_extract named variables for use in other keywords/transformations such as xor added

JL Updated by Jeff Lucovsky 3 days ago Actions
Copy link
 #6

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: PDF Atom