> I suppose mkrules could be changed to "cat" all the files parsed so far,
> so that a sandbox file can refer to a core file's rule by name (since
> sandbox will be compiled after core); but I quite like the side-effect of
> restricting sandbox files to only being able to affect rules in their own
> file.
>
> Thoughts?
1. I consider your current implementation workable, so no particular
effort to change it would be *required*.
2. It would be extra effort, but the pie-in-the-sky ideal would be for
the sandbox lint-er to know about the Standard Rules for the SA version
being tested against. If it finds an unresolved reference to one such in
the sandbox, it would warn that it is pulling in the necessary part from the
standard rules, and then do so. Of course this could be recursive as the
extracted rule might be a meta with dependencies.
The second method would definitely be preferable, but I suppose it might be
a lot of work. It would have helped in a recent case where I was testing a
rule in the SARE system that was a meta with several dependencies. The rule
simply refused to hit anything, and it took me a while to realize that it
was missing its dependencies, since lint doesn't seem to mention that. Then
it took me half an hour to track down three dependencies, two of which were
metas, and had 4 more dependencies between them. Of course virtually every
one of these rules was in a different rules file!
Loren
