]> git.ipfire.org Git - thirdparty/suricata.git/commitdiff
projects / thirdparty / suricata.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a67c31d)
doc: document that that ;, \, " need to be escaped in rules
authorJason Ish <ish@unx.ca>
Wed, 23 Nov 2016 21:59:28 +0000 (15:59 -0600)
committerVictor Julien <victor@inliniac.net>
Mon, 28 Nov 2016 08:02:39 +0000 (09:02 +0100)
doc/userguide/rules/intro.rst patch | blob | blame | history
doc/userguide/rules/meta.rst patch | blob | blame | history
doc/userguide/rules/payload-keywords.rst patch | blob | blame | history
doc/userguide/rules/pcre.rst patch | blob | blame | history

diff --git a/doc/userguide/rules/intro.rst b/doc/userguide/rules/intro.rst
index 9e1e6ce56d10a5f3e6734f51b31be7bdf67e0947..fb20a1c7ec7ff4cb7ad6a297604f914459f3b3db 100644 (file)
--- a/doc/userguide/rules/intro.rst
+++ b/doc/userguide/rules/intro.rst
@@ -172,6 +172,12 @@ There are specific settings for:
 * payloads
 * flows
 
+.. note:: The characters ``;`` and ``"`` have special meaning in the
+          Suricata rule language and must be escaped when used in a
+          rule option value. For example::
+
+           msg:"Message with semicolon\;";
+
 For more information about these settings, you can click on the
 following headlines:
 
diff --git a/doc/userguide/rules/meta.rst b/doc/userguide/rules/meta.rst
index 048152c746c789d24db9096820a03b9e9c73cc73..7132f2dff6a32f8a46cd189c37e16dd7e6cf3878 100644 (file)
--- a/doc/userguide/rules/meta.rst
+++ b/doc/userguide/rules/meta.rst
@@ -26,10 +26,11 @@ It is a convention that msg is always the first keyword of a signature.
 
 Another example of msg in a signature:
 
-.. image:: meta/msg.png
-
 In this example the red, bold-faced part is the msg.
 
+.. note:: The following characters must be escaped inside the msg:
+             ``;`` ``\`` ``"``
+
 Sid (signature id)
 ------------------
 
diff --git a/doc/userguide/rules/payload-keywords.rst b/doc/userguide/rules/payload-keywords.rst
index 6104c5ba7973f41274e8b140726dd58c99911705..2e0f4db0cafcc82126d47b49b6485634e03105eb 100644 (file)
--- a/doc/userguide/rules/payload-keywords.rst
+++ b/doc/userguide/rules/payload-keywords.rst
@@ -93,6 +93,9 @@ For example::
 You see ``content:!”Firefox/3.6.13”;``. This means an alert will be
 generated if the the used version of Firefox is not 3.6.13.
 
+.. note:: The following characters must be escaped inside the content:
+             ``;`` ``\`` ``"``
+
 Nocase
 ------
 
diff --git a/doc/userguide/rules/pcre.rst b/doc/userguide/rules/pcre.rst
index 784b56681c9709a94f613db81ad09bdfbbf349ff..9c0f4035c8639c64e40d64504985296c4b1d045c 100644 (file)
--- a/doc/userguide/rules/pcre.rst
+++ b/doc/userguide/rules/pcre.rst
@@ -54,6 +54,9 @@ qualities of pcre as well.  These are:
 * ``E``: Ignores newline characters at the end of the buffer/payload.
 * ``G``: Inverts the greediness.
 
+.. note:: The following characters must be escaped inside the content:
+             ``;`` ``\`` ``"``
+
 Suricata's modifiers
 ~~~~~~~~~~~~~~~~~~~~
 
Mirror of https://github.com/OISF/suricata.git