"Typo" un/label_script in config.toml?

[n9]

Is the config.toml example correct?

https://github.com/threathunters-io/laurel/blob/7ade44e0cc050d89916e623d85968efad4211d89/etc/laurel/config.toml#L117-L127

If I am reading the source code correctly, the both un/label_exe and un/label_script are using the same LabelMatcher:

https://github.com/threathunters-io/laurel/blob/7ade44e0cc050d89916e623d85968efad4211d89/src/config.rs#L119-L126

It seems to me that according to sources the regexes are keys:

https://github.com/threathunters-io/laurel/blob/7ade44e0cc050d89916e623d85968efad4211d89/src/label_matcher.rs#L19-L22

https://github.com/threathunters-io/laurel/blob/7ade44e0cc050d89916e623d85968efad4211d89/src/label_matcher.rs#L40-L41

[n9]

@hillu This is a different issue. It is not fixed by the PR you referenced.

[hillu]

ah, ,now I see. Yes, the example is backwards. It should be

 label-script."^/root/maint-.*[.]sh$"  = "maint"