IMAP protocol parser, logger and sticky buffers v6#15400
Conversation
This introduces a parser for IMAP protocol. Ticket OISF#8276
This introduces a logger for IMAP protocol. Ticket OISF#8276
This implements the following sticky buffers for IMAP protocol: - imap.request - imap.response The following frames have been added: - imap.body - imap.headers - imap.pdu The following email sticky buffers have been updated to work with IMAP: - email.from - email.subject - email.to - email.cc - email.date - email.message_id - email.x_mailer The following email sticky buffers have been added and are supported only for IMAP: - email.command - email.body - email.header - email.header.name - email.header.value Ticket OISF#8276
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #15400 +/- ##
==========================================
- Coverage 82.65% 82.61% -0.04%
==========================================
Files 996 999 +3
Lines 271109 273624 +2515
==========================================
+ Hits 224076 226057 +1981
- Misses 47033 47567 +534
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
|
Information: QA ran without warnings. Pipeline = 31514 |
|
Needs a rebase now |
catenacyber
left a comment
There was a problem hiding this comment.
Thanks for the work, needs a rebase
CI/QA : ✅
Git ID set : looks fine for me
CLA : you already contributed
Doc update : nice :-)
Redmine ticket : ok, should https://redmine.openinfosecfoundation.org/issues/3244 be closed as duplicate ?
Rustfmt : 🟡 please add the check in CI see .github/workflows/builds.yml: - run: rustfmt --check rust/src/dns/*.rs
Tests : some unanswered questions on SV PR like OISF/suricata-verify#2908 (comment)
Dependencies added: none
Code : looking
Commits segmentation : I would squash parser and logger but ok
Commit messages : cool
|
In the new PR, please add a explanation of the transaction state machine(s) and life cycle, including how transactions and other data structures are bounded. |
|
Replaced by #15617 |
Changes:
emailobject insideimapevent is no longer logged. Existingemailcode will be refactored after this PR is merged in order to introduce a dedicatedemailevent.Link to ticket: https://redmine.openinfosecfoundation.org/issues/8276
Previous PR: #15209
SV_BRANCH=OISF/suricata-verify#2908