Bug #7773: flowbits: no-op unset + isnotset combinations are accepted - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #7773

open

Bug #7638: detect: incorrect rule ordering with more complex flowbit chains

flowbits: no-op unset + isnotset combinations are accepted

Added by Shivani Bhardwaj about 1 month ago. Updated 12 days ago.

Status:

In Review

Priority:

High

Assignee:

Shivani Bhardwaj

Target version:

9.0.0-beta1

Affected Versions:

8.0.0

Effort:

Difficulty:

low

Label:

Description

For example, a rule like:

alert tcp any any -> any any (msg:"unset + isnotset"; flowbits:isnotset,abc; http.method; content:"GET"; flowbits:unset,abc; sid:111)

Actions

Copy link

Updated by Shivani Bhardwaj about 1 month ago

Description updated (diff)
Priority changed from Normal to High

Actions

Copy link

Updated by Shivani Bhardwaj about 1 month ago

Difficulty set to low

Actions

Copy link

Updated by Shivani Bhardwaj about 1 month ago

Target version changed from 8.0.0 to 9.0.0-beta1

Actions

Copy link

Updated by Philippe Antoine 18 days ago

Affected Versions 8.0.0 added

Actions

Copy link

Updated by Shivani Bhardwaj 12 days ago

In Review PR: https://github.com/OISF/suricata/pull/13613

Actions

Copy link

Updated by Shivani Bhardwaj 12 days ago

Status changed from Assigned to In Review

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #7773

flowbits: no-op unset + isnotset combinations are accepted

Updated by Shivani Bhardwaj about 1 month ago

Updated by Shivani Bhardwaj about 1 month ago

Updated by Shivani Bhardwaj about 1 month ago

Updated by Philippe Antoine 18 days ago

Updated by Shivani Bhardwaj 12 days ago

Updated by Shivani Bhardwaj 12 days ago