Fix examples in architecture.xml, ftp_banners.xml, and ssh_banners.xml #406
Conversation
| <description>Axis Video encoders/servers</description> | ||
| <example hw.product="Q7406" hw.version="Blade">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example> | ||
| <example hw.product="Q7406" hw.version="5.01">AXIS Q7406 Video Encoder Blade 5.01 (Aug 01 2008) ready.</example> |
There was a problem hiding this comment.
There was a problem hiding this comment.
Oh, unexpected capture due to optional string ordering. That's an interesting catch, thanks!
| @@ -241,19 +243,6 @@ example.com FTP server (Version: Mac OS X Server) ready.</example> | |||
| <param pos="1" name="host.name"/> | |||
| </fingerprint> | |||
|
|
|||
| <fingerprint pattern="^ProFTPD (\d+\.[^\s]+) Server \(Linksys(.*)\) \[(.+)\]$"> | |||
There was a problem hiding this comment.
This looks like a duplicate of what's above. All the examples I've found start with W (WRTxxx). Also, it fails if I keep it since the example in this one was matching the earlier fingerprint and causing bundle exec rake tests to fail.
There was a problem hiding this comment.
The regex in both of the fingerprints remains unchanged since the initial commit 8 years ago. As you mentioned the only real difference is the W in the regex.
I've checked some of our datasets (all ports, going back years) and I do NOT see any matches for this fingerprint in them.
I DO see matches for the W variant.
++ to seeing this FP removed.
| @@ -211,6 +211,8 @@ example.com FTP server (Version: Mac OS X Server) ready.</example> | |||
| <param pos="0" name="os.vendor" value="Linksys"/> | |||
| <param pos="0" name="os.device" value="WAP"/> | |||
There was a problem hiding this comment.
Is os.device a thing? I thought this was hw.device, but I see os.device everywhere.
There was a problem hiding this comment.
It is a thing but it is used incorrectly more often than not. Also, in almost every case it should be paired with hw.device
There was a problem hiding this comment.
any suggestions on what to do with this? You marked a few hw.device etc. in #400 that need to be corrected. We probably just need to audit the file specifically for all of those.
There was a problem hiding this comment.
I'd add hw.device to this FP but honestly we need to perform an audit and fix them so either way is fine.
|
Added one fix for ssh_servers.xml as well, but this file still has warnings to address. |
dabdine
changed the title
|
I went ahead and remediated all remaining SSH examples in ssh_banners.xml. This PR now closes out all issues on the three mentioned files. |
|
Thank you for the contribution @dabdine! |
Description
Fixes fingerprint examples & regular expression issues in
ftp_banners.xml,architecture.xml, andssh_banners.xml. These files no longer yield any warnings whatsoever.Motivation and Context
Eliminate more warnings & fix bad regular expressions in some fingerprints.
How Has This Been Tested?
bundle exec rake testsTypes of changes
Checklist: