Actions
Bug #3182
openwarn user on wildcard usage without quotes
Affected Versions:
Effort:
Difficulty:
Label:
Description
It would be helpful if Suricata warns on wildcard use without quotation marks for command line parameter override.
Example.
It seems that when wildcard rules are passed on the command line without being surrounded with quotes Suricata does not complain and it only loads the first rulefile available.
:~/Work/Suricata/tests/tmp$ sudo /opt/suritest/bin/suricata -c /opt/suritest/etc/suricata/suricata.yaml -S rules/*.rules -T [19161] 19/9/2019 -- 14:33:15 - (suricata.c:1884) <Info> (ParseCommandLine) -- Running suricata under test mode [19161] 19/9/2019 -- 14:33:15 - (suricata.c:1075) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (d4bc46038 2019-09-17) running in SYSTEM mode [19161] 19/9/2019 -- 14:33:17 - (suricata.c:3023) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.
loads only activex.rules from the ETOpen/Pro ruleset in the rules folder.
In the case where the wildcard is passed the full set is loaded.
:~/Work/Suricata/tests/tmp$ sudo /opt/suritest/bin/suricata -c /opt/suritest/etc/suricata/suricata.yaml -S "rules/*.rules" -T [19169] 19/9/2019 -- 14:33:19 - (suricata.c:1884) <Info> (ParseCommandLine) -- Running suricata under test mode [19169] 19/9/2019 -- 14:33:19 - (suricata.c:1075) <Notice> (LogVersion) -- This is Suricata version 5.0.0-dev (d4bc46038 2019-09-17) running in SYSTEM mode [19169] 19/9/2019 -- 14:36:50 - (suricata.c:3023) <Notice> (main) -- Configuration provided was successfully loaded. Exiting.
Without passing the quotes it does not load all rules but does not complain either.
Updated by Andreas Herz over 5 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Juliana Fajardini Reichow about 1 year ago
- Target version changed from TBD to 8.0.0-beta1
Actions