Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yaml - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #2091

open

nonexistent/misspelled custom fields accepted during parsing of suricata.yaml

Added by Peter Manev over 8 years ago. Updated 2 days ago.

Status:

New

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

8.0.0

Effort:

Difficulty:

Label:

Beginner, C, Good First Issue

Description

This is Suricata version 4.0dev (rev 9ff8882)

If there is misspelled or nonexistent custom field in eve.json's section Suricata would not error out/warn on start - example:


        - http:
            custom: [accept, accept-charset, accept-encoding, accept-language,
            proxy-authenticate, referrer, refresh, retry-after, server,
            set-cookie, trailer, transfer-encoding, upgrade, vary, warning,
            www-authenticate, mychemicalromance]
        - smtp:
            custom: [received, sensitivity, organization, content-md5, date, mychemicalromance]

Related issues 2 (1 open — 1 closed)

History
Notes
Property changes

Actions

Copy link

Also available in: Atom PDF

	Related to Suricata - Optimization #7189: http/conf: warn or error on invalid value in custom headers logging	Rejected	Community Ticket				Actions
	Related to Suricata - Bug #4330: file hash parameter in yaml accepts non valid values	New	Pooja Gadige				Actions

Project

General

Profile

Suricata

Custom queries

Bug #2091

nonexistent/misspelled custom fields accepted during parsing of suricata.yaml

Updated by Andreas Herz about 8 years ago

Updated by Andreas Herz about 6 years ago

Updated by Jason Ish about 6 years ago

Updated by Peter Manev about 6 years ago

Updated by Philippe Antoine 8 days ago

Updated by Philippe Antoine 8 days ago

Updated by Philippe Antoine 6 days ago

Updated by Philippe Antoine 2 days ago