Project

General

Profile

Actions

Bug #5177

open

detect/engine-analyzer: rule analyzer warns about http buffers usage/replacement even when using new keyword

Added by Juliana Fajardini Reichow about 1 year ago. Updated 8 months ago.

Status:
New
Priority:
Normal
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

Currently, a rule like:

"alert http any any -> any any (http.request_line; content:\"GET /index.html HTTP/1.0\"; sid:61;)" 

Will still generate the warning that should be used only when outdated HTTP keywords are used:
"pattern looks like it inspects HTTP, use http.request_line or http.method and http.uri instead for improved performance" 

Expected behavior:
The warning should only be triggered if the rule still uses the corresponding legacy content modifier.

Actions #1

Updated by Victor Julien 8 months ago

  • Target version changed from 7.0.0-beta1 to 8.0.0-beta1
Actions

Also available in: Atom PDF