Merge pull request #1208 from stratosphereips/develop

Slips v1.1.6

.github/pull_request_template.md

@@ -22,7 +22,7 @@
 ## Steps you followed to test the changes purposed in this PR:
 
 
-* 
+*
 *
 
 
@@ -35,6 +35,7 @@
 - [ ] All new and existing tests passed.
 - [ ] This PR does not contain plagiarized content.
 - [ ] The title of my pull request is a short description of the requested changes.
+- [ ] My PR is based on develop branch. (mandatory)
 
 ## Screenshots
 

.github/workflows/integration-tests.yml

@@ -18,12 +18,19 @@ jobs:
     # make this job depend on the first job
     needs: install-dependencies-using-reusable-workflow
 
+    # suppress tensorflow warnings
+    env:
+      TF_CPP_MIN_LOG_LEVEL: 3
+      TF_ENABLE_ONEDNN_OPTS: 0
+
     strategy:
       matrix:
         test_file:
           - test_config_files.py
           - test_portscans.py
           - test_dataset.py
+          - test_pcap_dataset.py
+          - test_zeek_dataset.py
 
     steps:
     - uses: actions/checkout@v4
@@ -70,13 +77,17 @@ jobs:
     - name: Start redis server
       run: redis-server --daemonize yes
 
+    - name: Print zeek version
+      run: (command -v zeek && zeek --version) || (command -v bro && bro --version)
+
+
     - name: Run Integration Tests for ${{ matrix.test_file }}
       run: |
-        python3 -m pytest tests/integration_tests/${{ matrix.test_file }} -p no:warnings -vv -s -n 5
+        python3 -m pytest tests/integration_tests/${{ matrix.test_file }} -p no:warnings -vv -s -n 3
 
     - name: Upload Artifacts
       if: success() || failure()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: test_slips_locally-integration-tests-output
         path: |

.github/workflows/unit-tests.yml

@@ -18,6 +18,11 @@ jobs:
     # make this job depend on the first job
     needs: install-dependencies-using-reusable-workflow
 
+    # suppress tensorflow warnings
+    env:
+      TF_CPP_MIN_LOG_LEVEL: 3
+      TF_ENABLE_ONEDNN_OPTS: 0
+
     strategy:
       matrix:
         test_file:
@@ -72,6 +77,12 @@ jobs:
           - test_database.py
           - test_symbols_handler.py
           - test_profile_handler.py
+          - test_process_manager.py
+          - test_metadata_manager.py
+          - test_host_ip_manager.py
+          - test_host_ip_manager.py
+          - test_rnn_cc_detection.py
+          - test_idea_format.py
 
     steps:
     - uses: actions/checkout@v4
@@ -114,7 +125,7 @@ jobs:
 
     - name: Upload Artifacts
       if: success() || failure()
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: test_slips_locally-integration-tests-output
         path: |

.pre-commit-config.yaml

@@ -20,14 +20,13 @@ repos:
           exclude: '.*dataset/.*|^config/local_ti_files/own_malicious_JA3.csv$|.*test.*|.*\.md$'
 
 -     repo: https://github.com/astral-sh/ruff-pre-commit
-      # Ruff version.
       rev: v0.3.4
       hooks:
         # Run the linter.
         - id: ruff
           args: [ --fix ]
           # excludes formatting slips_files/common/imports.py
-          exclude: (imports|sqlite_db.*)
+          exclude: (imports|sqlite_db.*|conftest.py)
 
 -     repo: https://github.com/psf/black-pre-commit-mirror
       rev: 24.4.2
@@ -36,7 +35,7 @@ repos:
           args: ['--line-length' , '79']
           language_version: python3.12.3
           # excludes formatting slips_files/common/imports.py
-          exclude: imports
+          exclude: (imports|conftest.py)
 
 -     repo: https://github.com/adrienverge/yamllint.git
       rev: v1.31.0

CHANGELOG.md

@@ -1,3 +1,16 @@
+1.1.6 (Jan 31st, 2025)
+* 3x speedup of the profiler process responsible for analyzing the given flows.
+* Fix false positive "connection without DNS" detection.
+* Fix false positive "DNS without connection" detection.
+* Fix problem parsing Suricata DNS flows.
+* Fix problem using threat intelligence feeds from cache even if they are not present in the given config file.
+* Fix regex warning when starting Slips. Special thanks to @Sekhar-Kumar-Dash.
+* Fix Tranco whitelists.
+* Improve "Incompatible CN" detection.
+* Improve "Invalid DNS answer" detection.
+* Improve unit tests. Special thanks to @Sekhar-Kumar-Dash.
+* Improve whitelisting by checking if the SNI of each evidence is whitelisted or not.
+* Update the license used.
 
 1.1.5 (Jan 3rd, 2025)
 - 200x times speedup of domain lookups in the threat intelligence module.