Bug #4330
openfile hash parameter in yaml accepts non valid values
Description
/opt/suritest/bin/suricata --dump-config |grep shanani outputs.1.eve-log.types.4.files.force-hash.0 = shananigans /opt/suritest/bin/suricata -S /dev/null -l logs/ --runmode=autofp -T [2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1616) <Info> (ParseCommandLine) -- Running suricata under test mode [2744673] 16/2/2021 -- 11:33:21 - (suricata.c:1060) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (6bfc5afa2 2021-02-13) running in SYSTEM mode [2744673] 16/2/2021 -- 11:33:21 - (decode-erspan.c:55) <Warning> (DecodeERSPANConfig) -- [ERRCODE: SC_WARN_ERSPAN_CONFIG(329)] - ERSPAN Type I is no longer configurable and it is always enabled; ignoring configuration setting. [2744673] 16/2/2021 -- 11:33:21 - (suricata.c:2775) <Notice> (SuricataMain) -- Configuration provided was successfully loaded. Exiting.
Note that this is likely not an issue in the --dump-config command, but rather that the file logger force-hash configuration accepts unknown values, for example:
- files:
force-magic: no # force logging magic on all logged files
# force logging of checksums, available hash functions are md5,
# sha1 and sha256
force-hash: [shanani]
does not result in a startup error with
suricata -c /my/suricata.yaml -T.
Updated by Jeff Lucovsky over 4 years ago
There should be a call to `ConfNodeIsSequence` when a yaml sequence is expected.
Updated by Philippe Antoine over 1 year ago
- Assignee set to Community Ticket
- Target version set to TBD
- Label Beginner, C, Good First Issue added
IndeedFileForceHashParseCfg. should do else if and end with else fail on unknown value
Updated by Pooja Gadige about 1 year ago
Philippe Antoine wrote in #note-2:
Indeed
FileForceHashParseCfg. should doelse ifand end withelsefail on unknown value
May I please claim this ticket and work on it?
Updated by Shivani Bhardwaj about 1 year ago
May I please claim this ticket and work on it?
yes please. Set the Assignee to yourself and get started. :)
Updated by Pooja Gadige about 1 year ago
- Assignee changed from Community Ticket to Pooja Gadige
Updated by Pooja Gadige about 1 year ago
Shivani Bhardwaj wrote in #note-4:
May I please claim this ticket and work on it?
yes please. Set the Assignee to yourself and get started. :)
Thank you, Shivani!
Updated by Philippe Antoine 4 months ago
- Related to Bug #2091: nonexistent/misspelled custom fields accepted during parsing of suricata.yaml added
Updated by Juliana Fajardini Reichow 10 days ago
- Assignee changed from Pooja Gadige to Community Ticket
Pooja Gadige wrote in #note-6:
Shivani Bhardwaj wrote in #note-4:
May I please claim this ticket and work on it?
yes please. Set the Assignee to yourself and get started. :)
Thank you, Shivani!
Hello, considering our indications for stale tickets, I'm unclaiming this one. If you have time in the future and would like to contribute to Suricata, please check our available tasks at the time.
Updated by James Kaddu 9 days ago
- Status changed from New to In Progress
- Assignee changed from Community Ticket to James Kaddu
Hello, working on this bug currently.
Updated by James Kaddu 8 days ago ยท Edited
- Status changed from In Progress to In Review
here is the link to the PR https://github.com/OISF/suricata/pull/14132