Project

General

Profile

Actions

Bug #4369

closed

Configuration test mode succeeds when threshold.config file contains invalid content

Added by Jeff Lucovsky 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Affected Versions:
Effort:
Difficulty:
Label:

Description

When testing configuration settings (-T), invalid content in threshold.config doesn't result in the "test" failing.

If threshold.config contains

this is not correct

then
$ src/suricata  -c suricata.yaml -S ../suricata/thresh.rule -r ~/pcap/ -l /tmp/ll -T --set threshold-file=/tmp/threshold.config
[2114305] 28/2/2021 -- 08:38:33 - (suricata.c:1616) <Info> (ParseCommandLine) -- Running suricata under test mode
[2114305] 28/2/2021 -- 08:38:34 - (suricata.c:1060) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev running in SYSTEM mode
[2114305] 28/2/2021 -- 08:38:34 - (util-threshold-config.c:677) <Error> (ParseThresholdRule) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string this is not correct

[2114305] 28/2/2021 -- 08:38:34 - (suricata.c:2777) <Notice> (SuricataMain) -- Configuration provided was successfully loaded. Exiting.
 $ echo $?
0

Expected behavior:

 $ src/suricata  -c suricata.yaml -S ../suricata/thresh.rule -r ~/pcap/ -l /tmp/ll -T --set threshold-file=/tmp/threshold.config
[2114697] 28/2/2021 -- 08:39:15 - (suricata.c:1616) <Info> (ParseCommandLine) -- Running suricata under test mode
[2114697] 28/2/2021 -- 08:39:15 - (suricata.c:1060) <Notice> (LogVersion) -- This is Suricata version 7.0.0-dev (d708744f2 2021-02-26) running in SYSTEM mode
[2114697] 28/2/2021 -- 08:39:15 - (util-threshold-config.c:681) <Error> (ParseThresholdRule) -- [ERRCODE: SC_ERR_PCRE_MATCH(2)] - pcre_exec parse error, ret -1, string this is not correct

[2114697] 28/2/2021 -- 08:39:15 - (util-threshold-config.c:257) <Warning> (SCThresholdConfInitContext) -- [ERRCODE: SC_WARN_THRESH_CONFIG(338)] - Error loading threshold configuration from /tmp/threshold.config
[2114697] 28/2/2021 -- 08:39:15 - (suricata.c:2187) <Error> (LoadSignatures) -- [ERRCODE: SC_ERR_NO_RULES_LOADED(43)] - Loading signatures failed
 $ echo $?
1


Related issues

Related to Bug #4553: Configuration test mode succeeds when reference.config file contains invalid contentNewActions
Related to Bug #4554: Configuration test mode succeeds when classification.config file contains invalid contentNewActions
Copied to Bug #4659: Configuration test mode succeeds when reference.config file contains invalid contentNewOISF DevActions
Actions #1

Updated by Jeff Lucovsky 7 months ago

  • Status changed from In Progress to In Review
Actions #2

Updated by Jeff Lucovsky 6 months ago

  • Status changed from In Review to Closed
Actions #3

Updated by Jeff Lucovsky 3 months ago

  • Related to Bug #4553: Configuration test mode succeeds when reference.config file contains invalid content added
Actions #4

Updated by Jeff Lucovsky 3 months ago

  • Related to Bug #4554: Configuration test mode succeeds when classification.config file contains invalid content added
Actions #5

Updated by Jeff Lucovsky 15 days ago

  • Copied to Bug #4659: Configuration test mode succeeds when reference.config file contains invalid content added
Actions

Also available in: Atom PDF