Skip to content

ldap: set invalid_data event#14913

Closed
glongo wants to merge 1 commit intoOISF:mainfrom
glongo:dev-ldap-8258-v2
Closed

ldap: set invalid_data event#14913
glongo wants to merge 1 commit intoOISF:mainfrom
glongo:dev-ldap-8258-v2

Conversation

@glongo
Copy link
Contributor

@glongo glongo commented Feb 27, 2026

Currently in parse_request function LdapEvent::InvalidData is not set when a request is not parsed correctly.

Previous PR: #14723

Link to ticket: https://redmine.openinfosecfoundation.org/issues/8258

@glongo
ldap: set invalid_data event
7542b71 
Currently in parse_request function LdapEvent::InvalidData is not set when a
request is not parsed correctly.

Ticket OISF#8258
@glongo glongo requested a review from jasonish as a code owner February 27, 2026 12:39
@glongo glongo mentioned this pull request Feb 27, 2026
Closed
@github-actions
Copy link

github-actions bot commented Feb 27, 2026

NOTE: This PR may contain new authors.

@victorjulien
Copy link
Member

victorjulien commented Feb 27, 2026

What is the conclusion on the SV test?

@suricata-qa
Copy link

suricata-qa commented Feb 27, 2026

Information: QA ran without warnings.

Pipeline = 29925

@codecov
Copy link

codecov bot commented Feb 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 81.91%. Comparing base (569ba3d) to head (7542b71).
⚠️ Report is 27 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #14913      +/-   ##
==========================================
- Coverage   81.93%   81.91%   -0.03%     
==========================================
  Files         986      986              
  Lines      271105   271102       -3     
  Branches    31005    31005              
==========================================
- Hits       222139   222081      -58     
- Misses      46822    46875      +53     
- Partials     2144     2146       +2
Flag Coverage Δ
fuzzcorpus 60.99% <100.00%> (-0.01%) ⬇️
livemode 18.26% <0.00%> (-0.01%) ⬇️
netns 18.36% <0.00%> (-0.04%) ⬇️
pcap 45.20% <66.66%> (-0.02%) ⬇️
suricata-verify 58.49% <66.66%> (-0.04%) ⬇️
unittests 58.84% <0.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@glongo
Copy link
Contributor Author

glongo commented Mar 2, 2026

What is the conclusion on the SV test?

I think what @catenacyber meant is that when only a response is sent (which is the case in the test), tx_old.tx_data.updated_tc = true; is set in new_tx(), although the condition if self.transactions.len() > unsafe { LDAP_MAX_TX } must be true. I’m not 100% sure.

@catenacyber
Copy link
Contributor

catenacyber commented Mar 2, 2026

I think the code is good now.

The rustfmt part could be its own commit

And it would be nice to have a SV test that exercices this code path (maybe crafting/corrupting an existing SV ldap pcap) to see the anomaly event

@victorjulien victorjulien added this to the 9.0 milestone Mar 2, 2026
@victorjulien victorjulien mentioned this pull request Mar 3, 2026
Merged
@victorjulien
Copy link
Member

victorjulien commented Mar 3, 2026

Merged in #14931, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@victorjulien victorjulien victorjulien approved these changes

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

9.0

Development

Successfully merging this pull request may close these issues.

4 participants

@glongo @victorjulien @suricata-qa @catenacyber