New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PCRE2 regex for SCA policies #17124
Merged
Merged
PCRE2 regex for SCA policies #17124
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ex_numeric_comparison to work with PCRE2 Signed-off-by: Rivero, Franco <francorivero2012@gmail.com>
… when it is passed
…hat takes priority the regex engine of the check
…remove nonull comparison warning
mjcr99
approved these changes
May 25, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Hello team, this PR aims to add the possibility in SCA to use the PCRE2 regex engine to test the policies.
In this first step we have added a new tag inside the SCA ruleset to have the possibility to test the rules in PCRE2 adding the
regex_type
tag that takes as default valueos_regex
.We have two possibilities to configure the engine, the first one is to configure a global engine by adding in the policy section the configuration
regex_type: "<engine>"
by default the regex_type will beos_regex
. We can also configure a particular check with a different engine than the global engine by adding in the checkregex_type: "<engine>"
.So we can have the following combination of policies and controls with different or the same engines:
Configuration options
This is a fragment of the cis_ubuntu20.04.yml policy in the rule adding a change in the 19045 check's regex.
Logs/Alerts example
This is an example of SCA operation using the OS_regex engine:
This is an example of SCA operation using the PCRE2 engine:
Tests