You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@spamassassin.apache.org on 2020/04/08 08:23:02 UTC
[Bug 7804] zoom: able to use 390/391 'body_0' compiled rules
(99.744%)
https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7804
Henrik Krohns <ap...@hege.li> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |apache@hege.li
--- Comment #3 from Henrik Krohns <ap...@hege.li> ---
The "bug" is in BodyRuleBaseExtractor.pm / fixup_re() function which doesn't
handle multiple backslashes properly. Regex strings should not be tried to
parse with regexes and eval functions, just look at all the past
vulnerabilities.
Then again, there is nothing broken here. It simply skips the mismatched rule,
which will be used in normal way. So this does not mean that GB_WP_FILELINK
rule is not working - there is no reason to comment it out from stock rules.
Even the "able to use" message is a normal debug line that noone sees unless
debug is enabled.
I'm inclined to close this, but might as well leave it open if someone has
stamina to tackle the code without breaking something. Personally I would just
ditch the whole sa-compile ecosystem in 4.0 as unmaintenable mess.
--
You are receiving this mail because:
You are the assignee for the bug.