-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
detect/lua: don't treat a crashed script as no match - v3 #11045
Conversation
If a rule script crashed, the return value was treated as a no match. This would make a negation of the rule match and alert. Instead cleanup and exit early if the rule script crashed and don't run negation logic. A stat, detect.lua_errors has been added to count how many times a script crashes. Also consolidates the running of the Lua script and return value handling to a common function. Bug: OISF#6940
- remove unused headers - cleanup/rename flags
11b6254
to
9e5339d
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #11045 +/- ##
==========================================
+ Coverage 80.63% 80.66% +0.02%
==========================================
Files 922 922
Lines 250137 250138 +1
==========================================
+ Hits 201699 201767 +68
+ Misses 48438 48371 -67
Flags with carried forward coverage won't be shown. Click here to find out more. |
Information: ERROR: QA failed on SURI_TLPW2_autofp_suri_time.
Pipeline 20546 |
Information: ERROR: QA failed on SURI_TLPR1_suri_time.
Pipeline 20547 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Such a nice clean up and reorg work <3
Git message still talks about |
Looks good otherwise. |
@@ -1227,6 +1227,9 @@ typedef struct DetectEngineThreadCtx_ { | |||
AppLayerDecoderEvents *decoder_events; | |||
uint16_t events; | |||
|
|||
/** stats id for lua rule errors */ | |||
uint16_t lua_rule_errors; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is u16 enough ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is the count id
side thought: we should probably use a dedicated type for it
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is the count id
Thanks Victor :-)
Why is CI so red ? |
Continued at #11083. |
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.
Instead cleanup and exit early if the rule script crashed and don't
run negation logic.
A stat, detect.lua_errors has been added to count how many times a
script crashes.
Also consolidates the running of the Lua script and return value
handling to a common function.
Bug: https://redmine.openinfosecfoundation.org/issues/6940
SV_BRANCH=OISF/suricata-verify#1826