OISF · victorjulien · Jan 17, 2025 · Jan 9, 2025 · Jan 9, 2025 · Jan 16, 2025
@@ -62,7 +62,7 @@ lazy_static = "~1.4.0"
 base64 = "~0.22.1"
 bendy = { version = "~0.3.3", default-features = false }
 asn1-rs = { version = "~0.6.1" }
-ldap-parser = { version = "~0.4.0" }
+ldap-parser = { version = "~0.4.1" }
 hex = "~0.4.3"
 
 time = "~0.3.36"

@@ -60,7 +60,7 @@ pub struct DCEOpnumData {
 }
 
 fn match_backuuid(
-    tx: &mut DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
+    tx: &DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
 ) -> u8 {
     let mut ret = 0;
     if let Some(ref bindack) = state.bindack {
@@ -204,15 +204,15 @@ fn parse_opnum_data(arg: &str) -> Result<DCEOpnumData, ()> {
 
 #[no_mangle]
 pub extern "C" fn rs_dcerpc_iface_match(
-    tx: &mut DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
+    tx: &DCERPCTransaction, state: &mut DCERPCState, if_data: &mut DCEIfaceData,
 ) -> u8 {
     let first_req_seen = tx.get_first_req_seen();
     if first_req_seen == 0 {
         return 0;
     }
 
     match state.get_hdr_type() {
-        Some(DCERPC_TYPE_REQUEST | DCERPC_TYPE_RESPONSE) => {},
+        Some(DCERPC_TYPE_REQUEST | DCERPC_TYPE_RESPONSE) => {}
         _ => {
             return 0;
         }
@@ -248,7 +248,7 @@ pub unsafe extern "C" fn rs_dcerpc_iface_free(ptr: *mut c_void) {
 
 #[no_mangle]
 pub unsafe extern "C" fn rs_dcerpc_opnum_match(
-    tx: &mut DCERPCTransaction, opnum_data: &mut DCEOpnumData,
+    tx: &DCERPCTransaction, opnum_data: &mut DCEOpnumData,
 ) -> u8 {
     let first_req_seen = tx.get_first_req_seen();
     if first_req_seen == 0 {

@@ -820,7 +820,7 @@ pub extern "C" fn SCDnsLogJsonQuery(
 /// "dns" object.
 ///
 /// This logger implements V3 style DNS logging.
-fn log_json(tx: &mut DNSTransaction, flags: u64, jb: &mut JsonBuilder) -> Result<(), JsonError> {
+fn log_json(tx: &DNSTransaction, flags: u64, jb: &mut JsonBuilder) -> Result<(), JsonError> {
     jb.open_object("dns")?;
     jb.set_int("version", 3)?;
 
@@ -921,7 +921,7 @@ fn log_json(tx: &mut DNSTransaction, flags: u64, jb: &mut JsonBuilder) -> Result
 
 /// FFI wrapper around the common V3 style DNS logger.
 #[no_mangle]
-pub extern "C" fn SCDnsLogJson(tx: &mut DNSTransaction, flags: u64, jb: &mut JsonBuilder) -> bool {
+pub extern "C" fn SCDnsLogJson(tx: &DNSTransaction, flags: u64, jb: &mut JsonBuilder) -> bool {
     log_json(tx, flags, jb).is_ok()
 }
 

@@ -192,7 +192,7 @@ fn enip_cip_match_service(d: &CipData, ctx: &DetectCipServiceData) -> std::os::r
 }
 
 fn enip_tx_has_cip_service(
-    tx: &mut EnipTransaction, direction: Direction, ctx: &DetectCipServiceData,
+    tx: &EnipTransaction, direction: Direction, ctx: &DetectCipServiceData,
 ) -> std::os::raw::c_int {
     let pduo = if direction == Direction::ToServer {
         &tx.request
@@ -227,9 +227,7 @@ fn enip_cip_match_status(d: &CipData, ctx: &DetectUintData<u8>) -> std::os::raw:
     return 0;
 }
 
-fn enip_tx_has_cip_status(
-    tx: &mut EnipTransaction, ctx: &DetectUintData<u8>,
-) -> std::os::raw::c_int {
+fn enip_tx_has_cip_status(tx: &EnipTransaction, ctx: &DetectUintData<u8>) -> std::os::raw::c_int {
     if let Some(pdu) = &tx.response {
         if let EnipPayload::Cip(c) = &pdu.payload {
             for item in c.items.iter() {
@@ -262,7 +260,7 @@ fn enip_cip_match_extendedstatus(d: &CipData, ctx: &DetectUintData<u16>) -> std:
 }
 
 fn enip_tx_has_cip_extendedstatus(
-    tx: &mut EnipTransaction, ctx: &DetectUintData<u16>,
+    tx: &EnipTransaction, ctx: &DetectUintData<u16>,
 ) -> std::os::raw::c_int {
     if let Some(pdu) = &tx.response {
         if let EnipPayload::Cip(c) = &pdu.payload {
@@ -276,7 +274,7 @@ fn enip_tx_has_cip_extendedstatus(
     return 0;
 }
 
-fn enip_get_status(tx: &mut EnipTransaction, direction: Direction) -> Option<u32> {
+fn enip_get_status(tx: &EnipTransaction, direction: Direction) -> Option<u32> {
     if direction == Direction::ToServer {
         if let Some(req) = &tx.request {
             return Some(req.header.status);
@@ -308,7 +306,7 @@ fn enip_cip_match_segment(
 }
 
 fn enip_tx_has_cip_segment(
-    tx: &mut EnipTransaction, ctx: &DetectUintData<u32>, segment_type: u8,
+    tx: &EnipTransaction, ctx: &DetectUintData<u32>, segment_type: u8,
 ) -> std::os::raw::c_int {
     if let Some(pdu) = &tx.request {
         if let EnipPayload::Cip(c) = &pdu.payload {
@@ -358,7 +356,7 @@ fn enip_cip_match_attribute(d: &CipData, ctx: &DetectUintData<u32>) -> std::os::
 }
 
 fn enip_tx_has_cip_attribute(
-    tx: &mut EnipTransaction, ctx: &DetectUintData<u32>,
+    tx: &EnipTransaction, ctx: &DetectUintData<u32>,
 ) -> std::os::raw::c_int {
     if let Some(pdu) = &tx.request {
         if let EnipPayload::Cip(c) = &pdu.payload {
@@ -372,7 +370,7 @@ fn enip_tx_has_cip_attribute(
     return 0;
 }
 
-fn tx_get_protocol_version(tx: &mut EnipTransaction, direction: Direction) -> Option<u16> {
+fn tx_get_protocol_version(tx: &EnipTransaction, direction: Direction) -> Option<u16> {
     if direction == Direction::ToServer {
         if let Some(req) = &tx.request {
             if let EnipPayload::RegisterSession(rs) = &req.payload {
@@ -511,7 +509,7 @@ unsafe extern "C" fn capabilities_setup(
     return 0;
 }
 
-fn tx_get_capabilities(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_capabilities(tx: &EnipTransaction) -> Option<u16> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListServices(lsp) = &response.payload {
             if !lsp.is_empty() {
@@ -647,7 +645,7 @@ unsafe extern "C" fn vendor_id_setup(
     return 0;
 }
 
-fn tx_get_vendor_id(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_vendor_id(tx: &EnipTransaction) -> Option<u16> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListIdentity(lip) = &response.payload {
             if !lip.is_empty() {
@@ -730,7 +728,7 @@ unsafe extern "C" fn state_setup(
     return 0;
 }
 
-fn tx_get_state(tx: &mut EnipTransaction) -> Option<u8> {
+fn tx_get_state(tx: &EnipTransaction) -> Option<u8> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListIdentity(lip) = &response.payload {
             if !lip.is_empty() {
@@ -778,7 +776,7 @@ unsafe extern "C" fn serial_setup(
     return 0;
 }
 
-fn tx_get_serial(tx: &mut EnipTransaction) -> Option<u32> {
+fn tx_get_serial(tx: &EnipTransaction) -> Option<u32> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListIdentity(lip) = &response.payload {
             if !lip.is_empty() {
@@ -828,7 +826,7 @@ unsafe extern "C" fn revision_setup(
     return 0;
 }
 
-fn tx_get_revision(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_revision(tx: &EnipTransaction) -> Option<u16> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListIdentity(lip) = &response.payload {
             if !lip.is_empty() {
@@ -927,7 +925,7 @@ unsafe extern "C" fn product_code_setup(
     return 0;
 }
 
-fn tx_get_product_code(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_product_code(tx: &EnipTransaction) -> Option<u16> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListIdentity(lip) = &response.payload {
             if !lip.is_empty() {
@@ -983,7 +981,7 @@ unsafe extern "C" fn identity_status_setup(
     return 0;
 }
 
-fn tx_get_identity_status(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_identity_status(tx: &EnipTransaction) -> Option<u16> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListIdentity(lip) = &response.payload {
             if !lip.is_empty() {
@@ -1039,7 +1037,7 @@ unsafe extern "C" fn device_type_setup(
     return 0;
 }
 
-fn tx_get_device_type(tx: &mut EnipTransaction) -> Option<u16> {
+fn tx_get_device_type(tx: &EnipTransaction) -> Option<u16> {
     if let Some(ref response) = tx.response {
         if let EnipPayload::ListIdentity(lip) = &response.payload {
             if !lip.is_empty() {
@@ -1088,7 +1086,7 @@ unsafe extern "C" fn command_setup(
     return 0;
 }
 
-fn tx_get_command(tx: &mut EnipTransaction, direction: u8) -> Option<u16> {
+fn tx_get_command(tx: &EnipTransaction, direction: u8) -> Option<u16> {
     let direction: Direction = direction.into();
     if direction == Direction::ToServer {
         if let Some(req) = &tx.request {

@@ -27,7 +27,7 @@ use std::rc::Rc;
 use base64::{Engine, engine::general_purpose::STANDARD};
 
 fn http2_tx_has_frametype(
-    tx: &mut HTTP2Transaction, direction: Direction, value: u8,
+    tx: &HTTP2Transaction, direction: Direction, value: u8,
 ) -> std::os::raw::c_int {
     if direction == Direction::ToServer {
         for i in 0..tx.frames_ts.len() {
@@ -67,7 +67,7 @@ pub unsafe extern "C" fn rs_http2_parse_frametype(
 }
 
 fn http2_tx_has_errorcode(
-    tx: &mut HTTP2Transaction, direction: Direction, code: u32,
+    tx: &HTTP2Transaction, direction: Direction, code: u32,
 ) -> std::os::raw::c_int {
     if direction == Direction::ToServer {
         for i in 0..tx.frames_ts.len() {
@@ -127,7 +127,7 @@ pub unsafe extern "C" fn rs_http2_parse_errorcode(
 }
 
 fn http2_tx_get_next_priority(
-    tx: &mut HTTP2Transaction, direction: Direction, nb: u32,
+    tx: &HTTP2Transaction, direction: Direction, nb: u32,
 ) -> std::os::raw::c_int {
     let mut pos = 0_u32;
     if direction == Direction::ToServer {
@@ -187,7 +187,7 @@ pub unsafe extern "C" fn rs_http2_tx_get_next_priority(
 }
 
 fn http2_tx_get_next_window(
-    tx: &mut HTTP2Transaction, direction: Direction, nb: u32,
+    tx: &HTTP2Transaction, direction: Direction, nb: u32,
 ) -> std::os::raw::c_int {
     let mut pos = 0_u32;
     if direction == Direction::ToServer {
@@ -263,7 +263,7 @@ fn http2_detect_settings_match(
 }
 
 fn http2_detect_settingsctx_match(
-    ctx: &mut parser::DetectHTTP2settingsSigCtx, tx: &mut HTTP2Transaction, direction: Direction,
+    ctx: &parser::DetectHTTP2settingsSigCtx, tx: &HTTP2Transaction, direction: Direction,
 ) -> std::os::raw::c_int {
     if direction == Direction::ToServer {
         for i in 0..tx.frames_ts.len() {
@@ -324,7 +324,7 @@ fn http2_header_blocks(frame: &HTTP2Frame) -> Option<&[parser::HTTP2FrameHeaderB
 }
 
 fn http2_detect_sizeupdatectx_match(
-    ctx: &mut DetectUintData<u64>, tx: &mut HTTP2Transaction, direction: Direction,
+    ctx: &DetectUintData<u64>, tx: &HTTP2Transaction, direction: Direction,
 ) -> std::os::raw::c_int {
     if direction == Direction::ToServer {
         for i in 0..tx.frames_ts.len() {
@@ -359,7 +359,7 @@ pub unsafe extern "C" fn rs_http2_detect_sizeupdatectx_match(
 // and rs_http2_detect_sizeupdatectx_match explicitly casting
 #[no_mangle]
 pub unsafe extern "C" fn rs_http2_tx_get_header_name(
-    tx: &mut HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32,
+    tx: &HTTP2Transaction, direction: u8, nb: u32, buffer: *mut *const u8, buffer_len: *mut u32,
 ) -> bool {
     let mut pos = 0_u32;
     match direction.into() {
@@ -498,6 +498,7 @@ fn http2_frames_get_header_value<'a>(
     }
 }
 
+// we mutate the tx to cache req_line
 fn http2_tx_get_req_line(tx: &mut HTTP2Transaction) {
     if !tx.req_line.is_empty() {
         return;