Actions
Bug #3236
openmissing keywords docs on some keywords when --list-keywords is called
Affected Versions:
Effort:
Difficulty:
Label:
Description
pevma@DonPedro:~/Work/Suricata/tests/tmp$ /opt/suritest/bin/suricata --list-keywords=http_uri = http_uri = Description: content modifier to match specifically and only on the HTTP uri-buffer Features: No option,content modifier Documentation: https://suricata.readthedocs.io/en/latest/rules/http-keywords.html#http-uri-and-http-raw-uri Replaced by: http.http_uri pevma@DonPedro:~/Work/Suricata/tests/tmp$ /opt/suritest/bin/suricata --list-keywords=http.uri = http.uri = Description: sticky buffer to match specifically and only on the normalized HTTP URI buffer Features: No option,sticky buffer Documentation: https://suricata.readthedocs.io/en/latest/rules/http-keywords.html#http-uri-and-http-raw-uri pevma@DonPedro:~/Work/Suricata/tests/tmp$ /opt/suritest/bin/suricata --list-keywords=http_header = http_header = Description: content modifier to match only on the HTTP header-buffer Features: No option,content modifier Documentation: https://suricata.readthedocs.io/en/latest/rules/http-keywords.html#http-header-and-http-raw-header Replaced by: http.header pevma@DonPedro:~/Work/Suricata/tests/tmp$ /opt/suritest/bin/suricata --list-keywords=http_accept pevma@DonPedro:~/Work/Suricata/tests/tmp$ /opt/suritest/bin/suricata --list-keywords=http_accept_lang pevma@DonPedro:~/Work/Suricata/tests/tmp$ /opt/suritest/bin/suricata --list-keywords=http_referer pevma@DonPedro:~/Work/Suricata/tests/tmp$ /opt/suritest/bin/suricata -V This is Suricata version 5.0.0-dev (412ae11ba 2019-10-12) pevma@DonPedro:~/Work/Suricata/tests/tmp$
Updated by Victor Julien over 4 years ago
- Status changed from New to Assigned
- Assignee set to Andreas Herz
- Target version set to 5.0.1
At registration the keywords register a 'name' and an optional 'alias'. In these examples the old names like 'http_uri' are aliases. So I think it would make sense to also print the alias here.
Updated by Victor Julien over 4 years ago
- Target version changed from 5.0.1 to 5.0.2
Updated by Andreas Herz about 4 years ago
Just to make sure, you want http_accept be shown as an alias in http.accept and/or just a hint for http_accept that it's replaced by http.accept?
Updated by Victor Julien about 4 years ago
- Target version changed from 5.0.2 to 5.0.3
Updated by Victor Julien about 4 years ago
Both I think. http_accept should be listed, but indicate that its been superseded by http.accept.
Updated by Victor Julien almost 4 years ago
- Target version changed from 5.0.3 to 6.0.0beta1
Updated by Victor Julien almost 4 years ago
- Target version changed from 6.0.0beta1 to 7.0.0-beta1
Updated by Andreas Herz over 3 years ago
First attempt via https://github.com/OISF/suricata/pull/5430
I found that those are missing as well, will be covered in a dedicated PR:
- http_header_names
- http_protocol
- http_start
- smb_share
- ssh_software
- ssh_proto
They don't use the stub, thus need to changed each manually.
Updated by Victor Julien about 3 years ago
- Status changed from Assigned to In Review
Updated by Andreas Herz over 1 year ago
- Status changed from In Review to In Progress
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Victor Julien about 1 year ago
- Target version changed from 7.0.0-rc1 to 8.0.0-beta1
Actions