Rules marked as bad were still executed. These results were used in the file risk calculation even if we later hid the matching rule result (see "ls.mdiff" test result)
Rules with warnings were still executed, with the warning hidden unless -verbose was passed.
New behavior:
Rules marked as bad are disabled
Rules with warnings are:
Disabled unless there is an exception
If an unexpected rule has a warning, log an error
Other notes:
I've removed the e-mail rule, as it had a warning and wasn't useful
I brought JSON tests back from the dead to prove the "ls" data. We had purged these tests a while back when the JSON output wasn't yet stable.
This PR does not provide a performance improvement or regression, but it does fix a bug!
Old behavior:
-verbose
was passed.New behavior:
Other notes: