detect: warning on rule with pcre only on stream#11878
detect: warning on rule with pcre only on stream#11878catenacyber wants to merge 1 commit intoOISF:masterfrom
Conversation
and failure on fuzzing mode, to avoid fuzzing blocks on timeouts with a bad rule Ticket: 4858
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #11878 +/- ##
==========================================
+ Coverage 82.60% 82.63% +0.03%
==========================================
Files 912 912
Lines 249351 249366 +15
==========================================
+ Hits 205965 206068 +103
+ Misses 43386 43298 -88
Flags with carried forward coverage won't be shown. Click here to find out more. |
|
Information: QA ran without warnings. Pipeline 22994 |
| } | ||
| } | ||
| if (has_pcre && !has_other && s->init_data->sm_cnt == 1) { | ||
| SCLogWarning("signature id %d uses pcre on raw stream", s->id); |
There was a problem hiding this comment.
I would like to remove this warning, and move it to the rule analyzer instead
There was a problem hiding this comment.
What is the rule analyzer ? Is it not only run with --engine-analysis ?
I want fuzzing on rules + pcap to skip these bad rules by erroring on it, so that oss-fuzz can find other timeouts
There was a problem hiding this comment.
yes, talking only about the SCLogWarning statement. Analyzer is --engine-analysis.
There was a problem hiding this comment.
Oh, so we already have warn_pcre_no_content in --engine-analysis
|
Replaced by #11953 |
3 participants
Link to ticket: https://redmine.openinfosecfoundation.org/issues/
https://redmine.openinfosecfoundation.org/issues/4858
Describe changes:
So as to avoid oss-fuzz timing out using a known to be bad rule