Bug #6859
closed
Bug #5220: fast_pattern specification in base64_data shouldn't be allowed
fast_pattern specification in base64_data shouldn't be allowed (7.0.x backport)
Added by OISF Ticketbot 9 months ago.
Updated 8 months ago.
- Target version changed from 7.0.4 to 7.0.5
I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.
Victor Julien wrote in #note-2:
I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.
Leave a warning that using fast_pattern w base64_data has no effect so is useless and will be rejected in 8..?
Shivani Bhardwaj wrote in #note-3:
Victor Julien wrote in #note-2:
I wonder how we should handle the backport. We can't starting rejecting these rules, as they still work fine.
Leave a warning that using fast_pattern w base64_data has no effect so is useless and will be rejected in 8..?
We've seen that new warnings are often seen as too "severe" by integrators. So perhaps we should just give an info/notice message and accept the rule. Could also add a note or warning to the rule analyzer perhaps.
> We've seen that new warnings are often seen as too "severe" by integrators. So perhaps we should just give an info/notice message and accept the rule. Could also add a note or warning to the rule analyzer perhaps.
I see. Ok. Do you mean that we should accept it with info message even on 8? So, I should change the behavior in the PR https://github.com/OISF/suricata/pull/10641?
No, in 8 we can be strict. Just don't want to introduce errors/warnings for otherwise fairly harmless issues in a patch release.
Victor Julien wrote in #note-6:
No, in 8 we can be strict. Just don't want to introduce errors/warnings for otherwise fairly harmless issues in a patch release.
Got it. Will implement solution for 7.0.5 as discussed. Thank you!
- Status changed from Assigned to In Review
- Status changed from In Review to Closed
Also available in: Atom
PDF