Marcel Gebhardt

> A memory dump could be helpful in this case, if you can get one it may be useful. I recompiled YARA with the following two additional flags: ``` --enable-debug...

I was able to find a rule that causes that assertion failure: ``` yara APT_APT41_RevokedCert_Aug19_1.yar c57cb8bb5996c484a4001625217e02ec Assertion failed: __EX, file object.c, line 410 IOT/Abort trap (Speicherabzug geschrieben) ``` `APT_APT41_RevokedCert_Aug19_1.yar`: ```...

> Can you navigate to stack frame #6 and dump the value of the ip and identifiers variables? ``` (gdb) p ip $1 = (const uint8_t *) 0x11002e293 "\021\r" (gdb)...

Lets try: http://codehardt.de/core.gz

Ofc, your right: http://codehardt.de/yara.gz

> My first recommendation is start editing the rule and reduce it to the bare minimum that reproduces the issue. For example start by removing the uint16(0) == 0x5a4d and...

``` yr_object_lookup_field = 11004ed70 ``` ``` yr_object_array_get_item = 11005e630 ``` Seems like they are not addressing the same object 😕

Same here. I am using the most-strict CSP `default-src 'self'; frame-ancestors 'none';` that works for my whole application except for the API documentation page based on Swagger UI.

If you decide to improve CSP compatibility, I would suggest doing it right, which would include avoiding `data:`.

Same issue here, properties like font-family are blocked by CSP in newest version 5.2.1. I would be fine if I can pass a server-generated nonce to the Terminal constructor. Kind...