13
edits
Security/CrashSignatures: Difference between revisions
Added StackFramesSymptom and simple PCRE form for StringMatch
(Added testcase symptom to spec) |
(Added StackFramesSymptom and simple PCRE form for StringMatch) |
||
| Line 60: | Line 60: | ||
**** Type: NumberMatch (see below) | **** Type: NumberMatch (see below) | ||
**** Specifies the frame to match (defaults to 0, which is the crash location) | **** Specifies the frame to match (defaults to 0, which is the crash location) | ||
* stackFrames | |||
** ''New in version 1.2'' | |||
** Match function names in the crashing stack | |||
** Additional fields: | |||
*** functionNames (mandatory) | |||
**** Type: Array of StringMatch (see below) | |||
**** Frames are matched in the order of the array | |||
**** Values '?' and '???' have special meanings | |||
***** '?' means zero or one additional frame can be matched at that position | |||
***** '???' means zero or multiple additional frames can be matched at that position | |||
* stackSize | * stackSize | ||
** Match the size of the call stack (number of frames) | ** Match the size of the call stack (number of frames) | ||
| Line 105: | Line 115: | ||
NOTE: Instead of a StringMatch with default matchType ("contains"), a String can be used for simplicity and readability. | NOTE: Instead of a StringMatch with default matchType ("contains"), a String can be used for simplicity and readability. | ||
NOTE: ''New in version 1.2'': Instead of matchType ("pcre"), a String enclosed in forward slashes can be used for simplicity and readability, e.g. "/some regular expression/". | |||
* NumberMatch | * NumberMatch | ||
** A special string containing an operator and the number, | ** A special string containing an operator and the number, separated by whitespace | ||
** Valid operators: >, >=, <, <=, == | ** Valid operators: >, >=, <, <=, == | ||
*** e.g. > means the number matched must be greater than "value" | *** e.g. > means the number matched must be greater than "value" | ||