Project

General

Profile

Actions
Copy link

Task #7703

open

lua: add detection support to the suricata.file lua lib

Added by Jason Ish 10 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Effort:
Difficulty:
Label:

Description

The Lua file API only supports logging at this time. Detect support should be added.

See: https://github.com/OISF/suricata-verify/pull/2499

Related issues 1 (0 open1 closed)

Related to Suricata - Task #7491: lua: turn file into lua libClosedJason IshActions
Actions
Copy link
 #1

Updated by Jason Ish 10 months ago

  • Related to Task #7491: lua: turn file into lua lib added
Actions
Copy link
 #2

Updated by Jason Ish 10 months ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Victor Julien 3 months ago ยท Edited

One complexity is that depending on how a rule is constructed, we might get called with a single file (e.g. file.name; lua: ...). In other cases, we might get no file pointer (e.g. http.response_body; lua:...). In this case we'd have to support a way to get an array of files and then somehow select one for use.

E.g. something like

    local files = filelib.get_files()
    for i = 1,#files,1
    do
        local file = filelib.get_file_from_idx(i)
        ... regular file methods ...
    end

Actions
Copy link

Also available in: Atom PDF