Task #6953
Updated by Jason Ish about 1 month ago
Consider supply chain risks when downloading and managing potentially untrusted rule sources.
Possible issues:
- Very large downloads consuming tmp space of space in /var/lib. Also consider we are seeing datasets being published over 150MB in size now and likely to grow
- Zip bombs
Suricata-Update does not @exec@ anything it downloads. It does, however, execute Suricata once for @--build-info@, and then again executes Suricata in test mode with the new data.