-
-
Notifications
You must be signed in to change notification settings - Fork 344
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Linter should check that all rules have the correct CRS tag and version #3573
Comments
This is a valid request, I can add more step to check the rule has a tag Eg. |
Let's discuss this on Monday. It's already in the agenda. |
Did we add something to the linter then? Can this one be closed? |
No, as I remember we haven't made any decision. My question above is still relevant. |
As far as I remember there was no hard opposition against tagging and versioning everything and instead of creating a complicated set of checks and exclusions, I suggest we tag and version everything. We can look into plugins separately if it need be. |
I agree with @dune73: tag all rules. I don't see the benefit of not tagging a subset of rules. |
The new functions which check the existence of I need a reference value which describe the current An additional note: the script in our workflow has a method which removes the comment signs before the So I can grab the current version from the first rule from there, namely 900000, or from the specified rule, eg. 900990. What do you think about, which would be the preferred way? Store the version in a specific file (eg. Or is there a |
You can get the version by looking at the latest tag, e.g., Or you can read it from the setup file, that works too. |
I was thinking about
and
so I skipped that.
This is the other problem: I don't like these implicit things. What if we use a patch level in a release (eg.
Okay, then - if there is no idea - I'm going to introduce a new file with name |
Please don't add a a file to hold the version, we've worked hard to base versions on Git tags.
The next version will always be |
Ah, this makes sense - thanks. This works for me as you described.
Right,
So I can hard code this scheme:
right? |
Here we have two scenarios:
|
I think we could just skip running the check for LTS. Such commits will usually be backports anyway. |
I am not 100% sure there is agreement and if yes, I have not understood it yet. It may take a few more words to make it clear for everybody. |
The linter currently doesn't check that all rules have the
OWASP_CRS
and the version action.As discussed in #3571, maybe not all rules need the tag (or should have it), but detection rules definitely should.
@airween?
The text was updated successfully, but these errors were encountered: