Bug #2091
opennonexistent/misspelled custom fields accepted during parsing of suricata.yaml
Description
This is Suricata version 4.0dev (rev 9ff8882)
If there is misspelled or nonexistent custom field in eve.json's section Suricata would not error out/warn on start - example:
- http:
custom: [accept, accept-charset, accept-encoding, accept-language,
proxy-authenticate, referrer, refresh, retry-after, server,
set-cookie, trailer, transfer-encoding, upgrade, vary, warning,
www-authenticate, mychemicalromance]
- smtp:
custom: [received, sensitivity, organization, content-md5, date, mychemicalromance]
Updated by Andreas Herz over 8 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Jason Ish about 6 years ago
Andreas Herz wrote:
But it doesn't hurt either right?
Doesn't hurt, but may improve user experience. Just in case you entered "receved" by accident and can't figure out why you are not seeing that in the output.
Updated by Peter Manev about 6 years ago
Also it may not err on a filed we don't parse or support yet and leave the user with the wrong impression that everything is ok and expecting to see those values.
Updated by Philippe Antoine 3 months ago
- Label Beginner, C, Good First Issue added
Updated by Philippe Antoine 3 months ago
- Related to Optimization #7189: http/conf: warn or error on invalid value in custom headers logging added
Updated by Philippe Antoine 3 months ago
- Related to Bug #4330: file hash parameter in yaml accepts non valid values added
Updated by Jamie Lavigne 2 months ago
Erroring explicitly would definitely be a good thing for usability - if it's an invalid input then getting that feedback to the user early and obviously helps them find and correct the mistake with much less time & effort than having to discover that their inputs are being quietly ignored.
Updated by Juliana Fajardini Reichow 15 days ago
- Assignee changed from OISF Dev to Community Ticket
- Target version changed from TBD to 9.0.0-beta1
Updated by Olusegun Fajobi about 22 hours ago ยท Edited
I would like to work on this issue, can it be assigned to me??
And I would like to be granted a developer role as well.
Updated by Juliana Fajardini Reichow about 20 hours ago
Olusegun Fajobi wrote in #note-11:
I would like to work on this issue, can it be assigned to me??
And I would like to be granted a developer role as well.
Hello! You should be able to claim the ticket, now. Thanks for your interest in our project, you can use the ticket or the discord chat to share your progress or if any questions! :)
Updated by Olusegun Fajobi about 20 hours ago
- Assignee changed from Community Ticket to Olusegun Fajobi
Updated by Olusegun Fajobi 24 minutes ago
- Assignee changed from Community Ticket to Olusegun Fajobi