Project

General

Profile

Actions
Copy link

Task #7627

open

events/rules: prevent ruleset loading blocks from name fixes

Added by Juliana Fajardini Reichow 12 months ago. Updated 1 day ago.

Status:
New
Priority:
Normal
Assignee:
Jason Ish
Target version:
9.0.0-beta1
Effort:
Difficulty:
Label:

Description

#7361 had an unexpected effect of blocking the load of rule sets that used rules that previously would just silently fail if they used unknown events.

For dot releases, we want to avoid that. We also want to fix the rule set blocking outcome, for 7.

Subtasks 1 (0 open1 closed)

Task #7660: events/rules: prevent ruleset loading blocks from name fixes (7.0.x backport)RejectedJason IshActions

Related issues 1 (1 open0 closed)

Related to Suricata - Task #7626: tests: test rules shipped w/ Suricata for each releaseNewOISF DevActions
Actions
Copy link
 #1

Updated by Juliana Fajardini Reichow 12 months ago

  • Related to Task #7626: tests: test rules shipped w/ Suricata for each release added
Actions
Copy link
 #2

Updated by Juliana Fajardini Reichow 12 months ago

  • Label Needs backport to 7.0 added
Actions
Copy link
 #3

Updated by OISF Ticketbot 11 months ago

  • Subtask #7660 added
Actions
Copy link
 #4

Updated by OISF Ticketbot 11 months ago

  • Label deleted (Needs backport to 7.0)
Actions
Copy link
 #5

Updated by Victor Julien 9 months ago

  • Target version changed from 8.0.0-rc1 to 9.0.0-beta1
Actions
Copy link
 #6

Updated by Victor Julien 4 months ago

It's unclear if there is anything we want to change here. Invalid rules should be flagged, and we have strict mode to handle the subtleties.

Actions
Copy link
 #7

Updated by Jason Ish 1 day ago

I've rejected this for 7.0, I think we work as designed. We have no 8.0 backport ticket. But I think we still work as designed, and we should probably reject this as well.

Actions
Copy link

Also available in: Atom PDF