From 537fc82ae97cb8304c1306b989678144bb5b2672 Mon Sep 17 00:00:00 2001
From: dhruvak001 <b22ai017@iitj.ac.in>
Date: Wed, 5 Feb 2025 03:33:59 +0530
Subject: [PATCH 1/3] improve TCP/UDP socket creation matching #964

---
 communication/socket/tcp/create-tcp-socket.yml      | 4 +++-
 communication/socket/udp/send/create-udp-socket.yml | 2 ++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/communication/socket/tcp/create-tcp-socket.yml b/communication/socket/tcp/create-tcp-socket.yml
index 54aa03e2..6333ae3e 100644
--- a/communication/socket/tcp/create-tcp-socket.yml
+++ b/communication/socket/tcp/create-tcp-socket.yml
@@ -17,7 +17,9 @@ rule:
   features:
     - or:
       - and:
-        - number: 6 = IPPROTO_TCP
+        - or:
+          - number: 0 = protocol (default)
+          - number: 6 = IPPROTO_TCP
         - number: 1 = SOCK_STREAM
         - number: 2 = AF_INET
         - or:
diff --git a/communication/socket/udp/send/create-udp-socket.yml b/communication/socket/udp/send/create-udp-socket.yml
index 64e00c4d..dbcbca0e 100644
--- a/communication/socket/udp/send/create-udp-socket.yml
+++ b/communication/socket/udp/send/create-udp-socket.yml
@@ -17,6 +17,8 @@ rule:
     - or:
       - and:
         - count(number(2 = AF_INET/SOCK_DGRAM)): 2 or more
+        - or:
+          - number: 0 = protocol (default)
         - or:
           - api: socket
           - api: ws2_32.socket

From 897b105fe7f1fefe4e2f9cd0341af898dfe22354 Mon Sep 17 00:00:00 2001
From: dhruvak001 <b22ai017@iitj.ac.in>
Date: Wed, 5 Feb 2025 03:44:10 +0530
Subject: [PATCH 2/3] Adding references

---
 communication/socket/tcp/create-tcp-socket.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/communication/socket/tcp/create-tcp-socket.yml b/communication/socket/tcp/create-tcp-socket.yml
index 6333ae3e..0ba683c0 100644
--- a/communication/socket/tcp/create-tcp-socket.yml
+++ b/communication/socket/tcp/create-tcp-socket.yml
@@ -12,6 +12,9 @@ rule:
       dynamic: call
     mbc:
       - Communication::Socket Communication::Create TCP Socket [C0001.011]
+    references:
+      - https://learn.microsoft.com/en-us/windows/win32/api/winsock2/nf-winsock2-socket
+      - https://man7.org/linux/man-pages/man2/socket.2.html
     examples:
       - Practical Malware Analysis Lab 01-01.dll_:0x10001010
   features:

From 1313ad3c83f91dd665e1d9b07d3f79898077a388 Mon Sep 17 00:00:00 2001
From: dhruvak001 <b22ai017@iitj.ac.in>
Date: Wed, 5 Feb 2025 04:01:03 +0530
Subject: [PATCH 3/3]  adding IPPROTO_UDP

---
 communication/socket/udp/send/create-udp-socket.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/communication/socket/udp/send/create-udp-socket.yml b/communication/socket/udp/send/create-udp-socket.yml
index dbcbca0e..c783157d 100644
--- a/communication/socket/udp/send/create-udp-socket.yml
+++ b/communication/socket/udp/send/create-udp-socket.yml
@@ -19,6 +19,7 @@ rule:
         - count(number(2 = AF_INET/SOCK_DGRAM)): 2 or more
         - or:
           - number: 0 = protocol (default)
+          - number: 17 = IPPROTO_UDP
         - or:
           - api: socket
           - api: ws2_32.socket