Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug/Empty line in rdns_whitelists lead to misbehavior #630

Closed
buixor opened this issue Feb 19, 2021 · 1 comment · Fixed by #631
Closed

Bug/Empty line in rdns_whitelists lead to misbehavior #630

buixor opened this issue Feb 19, 2021 · 1 comment · Fixed by #631
Labels
good first issue Good for newcomers kind/bug Something isn't working

Comments

@buixor
Copy link
Contributor

buixor commented Feb 19, 2021

Describe the bug
If an empty line is added to rdns_seo_bots.txt (or similar whitelists), it will lead to any event being whitelisted, as the crowdsecurity/seo-bots-whitelist has :

"any(File('rdns_seo_bots.txt'), { evt.Enriched.reverse_dns endsWith #})"

so, if the line is '', any reverse dns will end with it.
@buixor buixor added the kind/bug Something isn't working label Feb 19, 2021
buixor added a commit to crowdsecurity/hub that referenced this issue Feb 19, 2021
@buixor
only match non empty lines to avoid crowdsecurity/crowdsec#630
11e6e84
@buixor buixor mentioned this issue Feb 19, 2021
Merged
@erenJag
Copy link
Contributor

erenJag commented Feb 19, 2021

To avoid this behavior, we need to improve the expr helper File, so the empty lines will not be loaded.

buixor added a commit to crowdsecurity/hub that referenced this issue Feb 19, 2021
@buixor @actions-user
Fix seo bots whitelist : deal with empty lines (#155)
29ca852 
* only match non empty lines to avoid crowdsecurity/crowdsec#630

* Update index

Co-authored-by: GitHub Action <action@github.com>
@buixor buixor added the good first issue Good for newcomers label Feb 19, 2021
buixor added a commit that referenced this issue Feb 19, 2021
@buixor
skip empty lines to avoid issue of #630
c59b871
@buixor buixor mentioned this issue Feb 25, 2021
Merged
buixor added a commit that referenced this issue Feb 25, 2021
@buixor
skip empty lines to avoid issue of #630 (#631)
a3d00fe 
* skip empty lines to avoid issue of #630

* add tests on empty lines and comms
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers kind/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

skip empty lines to avoid issue of #630 crowdsecurity/crowdsec
2 participants
@buixor @erenJag