Actions
Task #7703
openlua: add detection support to the suricata.file lua lib
Description
The Lua file API only supports logging at this time. Detect support should be added.
Actions
Added by Jason Ish 10 months ago. Updated 3 months ago.
Description
The Lua file API only supports logging at this time. Detect support should be added.
One complexity is that depending on how a rule is constructed, we might get called with a single file (e.g. file.name; lua: ...). In other cases, we might get no file pointer (e.g. http.response_body; lua:...). In this case we'd have to support a way to get an array of files and then somehow select one for use.
E.g. something like
local files = filelib.get_files()
for i = 1,#files,1
do
local file = filelib.get_file_from_idx(i)
... regular file methods ...
end