[
https://issues.apache.org/jira/browse/METRON-488?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15565451#comment-15565451
]
ASF GitHub Bot commented on METRON-488:
---------------------------------------
Github user cestella commented on the issue:
https://github.com/apache/incubator-metron/pull/297
@james-sirota it depends on the parser. It applies to the CSVParser, for
sure, but this isn't a generic fix (not sure how you'd go about making a
generic fix here, in fact).
> Snort should use a proper CSV implementation
> --------------------------------------------
>
> Key: METRON-488
> URL: https://issues.apache.org/jira/browse/METRON-488
> Project: Metron
> Issue Type: Bug
> Reporter: Casey Stella
> Assignee: Casey Stella
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> Right now if you have a custom snort rule (e.g. alert tcp any any -> any any
> (msg:'snort alert message having a ,(comma) to check csv parsing';
> sid:999158; ) ) the snort parser will fail to parse because it's splitting on
> the comma naively.
> It should use the existing CSV parsing infrastructure that we have and that
> is used in the CSVParser.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
