-
Notifications
You must be signed in to change notification settings - Fork 471
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Appsec rule deduplication breaks multilines seclang rules #3343
Comments
@blotus: Thanks for opening an issue, it is currently awaiting triage. In the meantime, you can:
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
@blotus: There are no 'kind' label on this issue. You need a 'kind' label to start the triage process.
DetailsI am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the BirthdayResearch/oss-governance-bot repository. |
Hello, will this be patched in 1.6.4 asap or will it be fixed in a future version? Currently a blocker for us to upgrade. |
Hello, This will be fixed in a future update. In the meantime, you can transform your rules into "single line" rules, and crowdsec will be able to load them (if you encounter an error with the |
When deduplication is performed on the loaded appsec rules, we do not handle properly multilines seclang rules, for example (from the CRS):
The parser will consider
SecAction \
to be its own rule and will remove all duplicated instances, which breaks CRS support.The text was updated successfully, but these errors were encountered: