Bug #4330
closedfile hash parameter in yaml accepts non valid values
Description
/opt/suritest/bin/suricata --dump-config |grep shanani outputs.1.eve-log.types.4.files.force-hash.0 = shananigans /opt/suritest/bin/suricata -S /dev/null -l logs/ --runmode=autofp -T [2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1616) <Info> (ParseCommandLine) -- Running suricata under test mode [2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1060) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (6bfc5afa2 2021-02-13) running in SYSTEM mode [2744673] 16/2/2021 -- 11:33:21 - (decode-erspan.c:55) <Warning> (DecodeERSPANConfig) -- [ERRCODE: SC_WARN_ERSPAN_CONFIG(329)] - ERSPAN Type I is no longer configurable and it is always enabled; ignoring configuration setting. [2744673] 16/2/2021 -- 11:33:21 - (suricata.c:2775) <Notice> (SuricataMain) -- Configuration provided was successfully loaded. Exiting.
Note that this is likely not an issue in the --dump-config command, but rather that the file logger force-hash configuration accepts unknown values, for example:
- files:
force-magic: no # force logging magic on all logged files
# force logging of checksums, available hash functions are md5,
# sha1 and sha256
force-hash: [shanani]
does not result in a startup error with
suricata -c /my/suricata.yaml -T.
JL Updated by Jeff Lucovsky about 5 years ago
There should be a call to `ConfNodeIsSequence` when a yaml sequence is expected.
PA Updated by Philippe Antoine almost 2 years ago
- Assignee set to Community Ticket
- Target version set to TBD
- Label Beginner, C, Good First Issue added
IndeedFileForceHashParseCfg. should do else if and end with else fail on unknown value
PG Updated by Pooja Gadige over 1 year ago
Philippe Antoine wrote in #note-2:
Indeed
FileForceHashParseCfg. should doelse ifand end withelsefail on unknown value
May I please claim this ticket and work on it?
SB Updated by Shivani Bhardwaj over 1 year ago
May I please claim this ticket and work on it?
yes please. Set the Assignee to yourself and get started. :)
PG Updated by Pooja Gadige over 1 year ago
- Assignee changed from Community Ticket to Pooja Gadige
PG Updated by Pooja Gadige over 1 year ago
Shivani Bhardwaj wrote in #note-4:
May I please claim this ticket and work on it?
yes please. Set the Assignee to yourself and get started. :)
Thank you, Shivani!
PA Updated by Philippe Antoine 9 months ago
- Related to Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yaml added
PA Updated by Philippe Antoine 9 months ago
- Affected Versions 8.0.0 added
PA Updated by Philippe Antoine 9 months ago
- Affected Versions deleted (
git main)
JF Updated by Juliana Fajardini Reichow 6 months ago
- Assignee changed from Pooja Gadige to Community Ticket
Pooja Gadige wrote in #note-6:
Shivani Bhardwaj wrote in #note-4:
May I please claim this ticket and work on it?
yes please. Set the Assignee to yourself and get started. :)
Thank you, Shivani!
Hello, considering our indications for stale tickets, I'm unclaiming this one. If you have time in the future and would like to contribute to Suricata, please check our available tasks at the time.
JK Updated by James Kaddu 6 months ago
- Status changed from New to In Progress
- Assignee changed from Community Ticket to James Kaddu
Hello, working on this bug currently.
JK Updated by James Kaddu 5 months ago ยท Edited
- Status changed from In Progress to In Review
here is the link to the PR https://github.com/OISF/suricata/pull/14223
PA Updated by Philippe Antoine 5 months ago
- Target version changed from TBD to 9.0.0-beta1
PA Updated by Philippe Antoine 4 months ago
- Status changed from In Review to Closed