Bug #6859
closedBug #5220: fast_pattern specification in base64_data shouldn't be allowed
fast_pattern specification in base64_data shouldn't be allowed (7.0.x backport)
Updated by Shivani Bhardwaj 9 months ago
- Target version changed from 7.0.4 to 7.0.5
Updated by Victor Julien 9 months ago
I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.
Updated by Shivani Bhardwaj 9 months ago
Victor Julien wrote in #note-2:
I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.
Leave a warning that using fast_pattern
w base64_data
has no effect so is useless and will be rejected in 8..?
Updated by Victor Julien 9 months ago
Shivani Bhardwaj wrote in #note-3:
Victor Julien wrote in #note-2:
I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.
Leave a warning that using
fast_pattern
wbase64_data
has no effect so is useless and will be rejected in 8..?
We've seen that new warnings are often seen as too "severe" by integrators. So perhaps we should just give an info/notice message and accept the rule. Could also add a note or warning to the rule analyzer perhaps.
Updated by Shivani Bhardwaj 9 months ago
> We've seen that new warnings are often seen as too "severe" by integrators. So perhaps we should just give an info/notice message and accept the rule. Could also add a note or warning to the rule analyzer perhaps.
I see. Ok. Do you mean that we should accept it with info message even on 8? So, I should change the behavior in the PR https://github.com/OISF/suricata/pull/10641?
Updated by Victor Julien 9 months ago
No, in 8 we can be strict. Just don't want to introduce errors/warnings for otherwise fairly harmless issues in a patch release.
Updated by Shivani Bhardwaj 9 months ago
Victor Julien wrote in #note-6:
No, in 8 we can be strict. Just don't want to introduce errors/warnings for otherwise fairly harmless issues in a patch release.
Got it. Will implement solution for 7.0.5 as discussed. Thank you!
Updated by Shivani Bhardwaj 9 months ago
- Status changed from Assigned to In Review
Closed by: https://github.com/OISF/suricata/pull/10751
Updated by Shivani Bhardwaj 8 months ago
- Status changed from In Review to Closed