You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 6, 2023. It is now read-only.
Unlike the platform attribute, there is not any grammatical requirement on the default_offattribute, This make the process of performing automated check to re-activate disable ruleset difficult.
To illustrate the situation, we have mismatch, mismatches, mismatched and their capitalization variants for the mismatched error. These variants make it hard for contributors to perform audit. See #9582, #9842
A particularly bad example could be BufferedIO.xml. It should be a platform=cacert ruleset, but the message is given in default_off. (It is a mismatch now)
Goal
The goal is to standardize the default_off attributes and to enforce the grammar with relaxng.xml such that automated audit can be done easier.
Each keyword should be separated by a comma and a space
(keyword1|keyword2)(, (keyword1|keyword2))*
Note
Some rule use ' (single quote) instead of " (double quote), it will be great if you can do a replacement as wel; :)
Keywords
List of keywords (feel free to suggest new ones)
regional
refused
timeout
cert-algo
cert-chain // curl: (60) SSL certificate problem: unable to get local issuer certificate
expired
self-signed
mismatched
ssl-error // reset, or any other ssl error not stated above
status-unexpected // 200 Error pages
status-others // other than 200, i.e. 4xx/5xx
loops // secure connection redirects to plaintext
content-different // visual/ contextual difference, also for different status code
breaks-site // in a board sense.
breaks-third-parties
cors // CORS issues
ruleset-test-failed // failed ruleset test (avoid space within keywords)
request-owner
request-user
others // details should be stated in the ruleset comment
Reason
Unlike the
platformattribute, there is not any grammatical requirement on thedefault_offattribute, This make the process of performing automated check to re-activatedisable rulesetdifficult.To illustrate the situation, we have
mismatch,mismatches,mismatchedand their capitalization variants for themismatchederror. These variants make it hard for contributors to perform audit. See #9582, #9842A particularly bad example could be
BufferedIO.xml. It should be aplatform=cacertruleset, but the message is given indefault_off. (It is amismatchnow)Goal
The goal is to standardize the
default_offattributes and to enforce the grammar withrelaxng.xmlsuch that automated audit can be done easier.Steps
Modify
default_offattributes in the existingrulesetto an agreed set ofkeyword, add therulesettoruleset-coverage-whitelist.txtif necessary. See Update default_off="mismatched" rulesets #9884.Update
CONTRIBUTING.mdto explain thekeywordwe use.Enforce the grammar with
relaxng.xml.Resource
Patterns
Each keyword should be separated by a comma and a space
Note
Some rule use
'(single quote) instead of"(double quote), it will be great if you can do a replacement as wel; :)Keywords
Existing Variants (200+ Variants)
Updated 2017.06.28 Please refer to
default-off-attributes.txt