Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[draft]: dns for coverage report - v5 #12642

Closed
wants to merge 12 commits into from
Closed

[draft]: dns for coverage report - v5 #12642

wants to merge 12 commits into from

Conversation

jasonish
Copy link
Member

scrivs86 and others added 12 commits February 20, 2025 15:53
@scrivs86 @jasonish
dns: add dns.response sticky buffer
24dcc54 
Feature: 7012
Add dns.response sticky buffer to match on dns response fields.
Add rust functions to return dns response packet data.
Unit tests verifying signature matching.
@scrivs86 @jasonish
doc/userguide: document dns.response
de9c9c6 
Feature: 7012
@jasonish
dns: rename dns.response keyword to dns.response.rrname
fc9ac2c 
This is a better name as the keyword is looking at all rrname type
fields in the response.
@jasonish
detect-dns-response: disable clang-format around byte arrays
4f1e884 
These arrays are manually formatted for readability.
@jasonish
dns: refactor function to get rrname to be safe
9049408 
Make the function safe by returning a reference to the DNSName object,
the unsafe C wrapper can do the conversion to pointers.
@jasonish
detect: split new keyword id from registration
e743ede 
Split DetectHelperKeywordRegister into 2 functions, one for acquiring
a new keyword ID, and another to perform the registration.

This makes it easier to do the traditional C keyword initialization
with a dynamic ID.
@jasonish
dns: add keywords for additionals and authorities rrnames
b59c27e 
Add keywords dns.additionals.rrname and dns.authorities.rrname. Along
the way, consolidate dns.query.name and dns.answer.name into a single file
and register them altogether since there is a lot of common code.
@jasonish
schema: add an object for mapping fields to keywords
0389e9b 
To some EVE fields and a "suricata" object that contains an array of
keywords. These are the keywords that map directly to this field, or
somehow cover this field.

This is an attempt at tooling to help with EVE and keyword parity.

Related to tickets: OISF#5642, OISF#6463, OISF#4772
@jasonish
script/eve-parity: add script for checking eve/keyword parity
3628682 
Currently this script has two commands: "missing" and "having".

"missing" will show eve fields that do not map to any keywords.

"having" will sohw eve fields along with their keyword mappsings,
while also validating that those keywords really exist.

Related to tickets: OISF#6463, OISF#4772
@jasonish
wip: disable tests for coverage check
70aa5b7
@jasonish
schema: mark "stats" and "drop" as having no keywords
5ca7718
@jasonish
schema: mark dns.version and dns.grouped as having no keywords
8431b5f
@codecov Codecov
Copy link

codecov bot commented Feb 20, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 18.20359% with 1366 lines in your changes missing coverage. Please review.

Project coverage is 80.37%. Comparing base (d61f36c) to head (8431b5f).

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #12642      +/-   ##
==========================================
- Coverage   80.76%   80.37%   -0.40%     
==========================================
  Files         932      932              
  Lines      259381   260955    +1574     
==========================================
+ Hits       209484   209736     +252     
- Misses      49897    51219    +1322
Flag Coverage Δ
fuzzcorpus 56.92% <19.58%> (-0.09%) ⬇️
livemode 19.34% <19.58%> (-0.02%) ⬇️
pcap 44.14% <19.58%> (-0.01%) ⬇️
suricata-verify 63.52% <89.02%> (+0.04%) ⬆️
unittests 57.98% <4.19%> (-0.36%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 24829

@victorjulien
Copy link
Member

Thats not a lot of coverage :)

@jasonish
Copy link
Member Author

Thats not a lot of coverage :)

Ah, thats cause I only disabled the unit tests in favor of S-V tests, they need to be removed for the coverage report.

@jasonish jasonish closed this Feb 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jufajardini jufajardini Awaiting requested review from jufajardini jufajardini will be requested when the pull request is marked ready for review jufajardini is a code owner

@victorjulien victorjulien Awaiting requested review from victorjulien victorjulien will be requested when the pull request is marked ready for review victorjulien is a code owner

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jasonish @suricata-qa @victorjulien @scrivs86