[METRON-488] Snort should use a proper CSV implementation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Done
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 0.3.0
Labels:
None

Description

Right now if you have a custom snort rule (e.g. alert tcp any any -> any any (msg:'snort alert message having a ,(comma) to check csv parsing'; sid:999158; ) ) the snort parser will fail to parse because it's splitting on the comma naively.

It should use the existing CSV parsing infrastructure that we have and that is used in the CSVParser.

Attachments

Issue Links

links to

GitHub Pull Request #297

Activity

People

Assignee:: Casey Stella

Reporter:: Casey Stella

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 06/Oct/16 18:13

Updated:: 11/Nov/16 15:03

Resolved:: 11/Oct/16 18:00

Time Tracking

Estimated:

Remaining:

Logged:

Not Specified