Conversation
Accepts escaped quote in escaped string
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #11157 +/- ##
==========================================
- Coverage 84.28% 83.32% -0.97%
==========================================
Files 926 920 -6
Lines 243303 240222 -3081
==========================================
- Hits 205076 200172 -4904
- Misses 38227 40050 +1823
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 20820 |
|
Email input: Is logged as: "to": [
"\"XXXXX-YYYY",
" ZZZZZ\" <xyz@mydomain.zzz>"
],We match on it in SV email.to[0]: '"XXXXX-YYYY'
email.to[1]: ZZZZZ" <xyz@mydomain.zzz>Note the leading space in the ZZZZZ part of the "to" field. So couple of things:
Can't provide a pcap sadly, as it's TLP dark red, but I can test fixes. We can fix this up post merge too. |
|
Also seeing a pcap where this branch no longer tracks an attachment, where master does. Trying to see how to share or analyze. |
It appears to be a MIME email embedded in another. Sharing something offline. |
Fixing both the leading space, and also improving on the quotes
Crafted a test in OISF/suricata-verify#1869 |
|
Continued in #11188 |
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3487
Describe changes:
Follows #11130 with rebase
SV_BRANCH=OISF/suricata-verify#1851