Closed theY4Kman closed 3 years ago
The current parser only allows escaped newlines after each option, but not before the first option. This means it can handle rules like these:
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"Stuff!"; \\ content:"abc"; ) alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"Stuff!"; \\ content:"abc"; \\ ) alert tcp $HOME_NET any -> $EXTERNAL_NET any ( msg:"Stuff!"; \\ \\ \\ content:"abc"; \\ )
But not this:
alert tcp $HOME_NET any -> $EXTERNAL_NET any ( \\ msg:"Stuff!"; \\ content:"abc"; \\ )
This PR allows newlines to be written before the first option.
Additionally, this PR allows newlines at the end of the file, which apparently have never worked, or #2 broke it.
The current parser only allows escaped newlines after each option, but not before the first option. This means it can handle rules like these:
But not this:
This PR allows newlines to be written before the first option.
Additionally, this PR allows newlines at the end of the file, which apparently have never worked, or #2 broke it.