Actions
Bug #5177
opendetect/engine-analyzer: rule analyzer warns about http buffers usage/replacement even when using new keyword
Affected Versions:
Effort:
Difficulty:
Label:
Description
Currently, a rule like:
"alert http any any -> any any (http.request_line; content:\"GET /index.html HTTP/1.0\"; sid:61;)"
Will still generate the warning that should be used only when outdated HTTP keywords are used:
"pattern looks like it inspects HTTP, use http.request_line or http.method and http.uri instead for improved performance"
Expected behavior:
The warning should only be triggered if the rule still uses the corresponding legacy content modifier.
Updated by Victor Julien about 2 years ago
- Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Updated by Juliana Fajardini Reichow about 1 year ago
- Copied to Bug #6418: detect/engine-analyzer: rule parser error uses outdated buffer added
Updated by Victor Julien 11 months ago
- Assignee changed from Juliana Fajardini Reichow to OISF Dev
Actions