detect/engine-analyzer: rule analyzer warns about http buffers usage/replacement even when using new keyword
Currently, a rule like:
"alert http any any -> any any (http.request_line; content:\"GET /index.html HTTP/1.0\"; sid:61;)"
Will still generate the warning that should be used only when outdated HTTP keywords are used:
"pattern looks like it inspects HTTP, use http.request_line or http.method and http.uri instead for improved performance"
The warning should only be triggered if the rule still uses the corresponding legacy content modifier.
Updated by Victor Julien 8 months ago
- Target version changed from 7.0.0-beta1 to 8.0.0-beta1