Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Previously Recognized Commandline Not Recognized? #102

Open
metal450 opened this issue Dec 10, 2020 · 7 comments
Open

Previously Recognized Commandline Not Recognized? #102

metal450 opened this issue Dec 10, 2020 · 7 comments

Comments

@metal450
Copy link

Hi,

I (finally) just updated from 1.0.1 to 1.3.0-rc2. I had an existing rule, with a command-line regex like:

.*\/opt\/portfolio\/PortfolioPerformance.*\/opt\/portfolio\/\/plugins\/org\.eclipse\.equinox\.launcher\.gtk\.linux.*

Immediately after updating, it started showing a notification for this application - the full commandline is as follows, which I believe should still be matched by the rule above...?

/usr/bin/java -XX:+IgnoreUnrecognizedVMOptions --add-modules=ALL-SYSTEM --illegal-access=permit -XX:+UseG1GC -XX:+UseStringDeduplication -Xms256m -Xmx768m -Djdk.gtk.version=3 -jar /opt/portfolio//plugins/org.eclipse.equinox.launcher_1.5.700.v20200207-2156.jar -os linux -ws gtk -arch x86_64 -showsplash -launcher /opt/portfolio/PortfolioPerformance -name PortfolioPerformance --launcher.library /opt/portfolio//plugins/org.eclipse.equinox.launcher.gtk.linux.x86_64_1.1.1200.v20200508-1552/eclipse_1801.so -startup /opt/portfolio//plugins/org.eclipse.equinox.launcher_1.5.700.v20200207-2156.jar --launcher.overrideVmargs -exitdata 20021 -vm /usr/bin/java -vmargs -XX:+IgnoreUnrecognizedVMOptions --add-modules=ALL-SYSTEM --illegal-access=permit -XX:+UseG1GC -XX:+UseStringDeduplication -Xms256m -Xmx768m -Djdk.gtk.version=3 -jar /opt/portfolio//plugins/org.eclipse.equinox.launcher_1.5.700.v20200207-2156.jar

Thanks in advance :)
@gustavo-iniguez-goya
Copy link
Owner

Hi ! let me reproduce it, there has been a lot of changes since 1.0.1. If you've compiled it from latest sources, the rules of type "list" are broken at the moment.

I'll commit a fix in a few hours.

@metal450
Copy link
Author

Thanks for the quick reply - I didn't compile, installed from the debs.

@gustavo-iniguez-goya
Copy link
Owner

Can you post the content of the rule?

Also open the rule and save it. There're new configuration items that your rule won't have for sure and maybe it's causing problems.

@metal450
Copy link
Author

Here's the content of the json:

{
  "created": "2020-07-08T13:54:22.133427891-07:00",
  "updated": "2020-07-08T13:54:22.13345013-07:00",
  "name": "_App - Portfolio Performance - Allow All",
  "enabled": true,
  "action": "allow",
  "duration": "always",
  "operator": {
    "type": "regexp",
    "operand": "process.command",
    "data": ".*\\/opt\\/portfolio\\/PortfolioPerformance.*\\/opt\\/portfolio\\/\\/plugins\\/org\\.eclipse\\.equinox\\.launcher\\.gtk\\.linux.*",
    "list": []
  }
}

I opened & re-saved; it appears that it might be working now.

@gustavo-iniguez-goya
Copy link
Owner

great! probably you have to do the same for the rest of the rules (sorry for that..). If it works close the issue please.

@metal450
Copy link
Author

Sorry, actually I stand corrected - I just got the notification again. I guess previously when I thought it was fixed, the application just hadn't tried the type of connection that triggered it. So it looks like the issue remains.

@gustavo-iniguez-goya
Copy link
Owner

Okk.... reproduced... the problem is the case-insensitive/sensitive check. If you mark the rule as [x] case sensitive it'll work.
Fixed.

I'll test it and commit it ASAP. Thank you very much @metal450 !! as always :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@metal450 @gustavo-iniguez-goya