On Mon, 07 Mar 2011 11:19:04 +0000 "Benjamin M. A'Lee" <bma-deb...@bma.cx> wrote:
> Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4 > address, e.g., a connection to rsyncd. However, this does not match > IPv6 addresses, causing spurious reports. > > A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39}) This but has been open since 2011, it's a bit too vague to really action. - making rules cover IPv6 is definitely what we want - I can see that [0-9.]{7,15} appears in several files, but it's not clear that these also support IPv6, or even that they are for $IPs. - (none are in things im familiar with - maintaining such rules is difficult as you dont know what can/can't be safely changed - obviously this is a bit of a cop-out as widening a match like this should be safe, but it;s too easy to make a typo and break things. im working on 'macros', so we can define write $IP in rules and define this to be [0-9.]+ (or [0-9a-f:.]+ etc), this definitely helps make writing and updating rules nicer. it doesnt really address this issue , but might make it easier to review patches - I'll be proposing various rules-related things, but not sure it covers this - Updating rules for software you dont use is a bit of a pain. but, (and reluctantly), i propose to close this particular bug due to lack of specific enough examples - but will review any patches if anyone is watching! (ideally, we would track which bits of code produce each message -- someone did this for the sudo rules and it really helps keep it up-to-date)