Project

General

Profile

Actions

Optimization #7189

open

http/conf: warn or error on invalid value in custom headers logging

Added by Philippe Antoine 5 months ago. Updated 3 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
Difficulty:
Label:
Beginner, C, Good First Issue, Outreachy

Description

Like custom: [X-Powered-By] in suricata.yaml and running python3 ../suricata-verify/run.py base64-decode-5885 does not show X-Powered-By, but there is no warning in OutputHttpLogInitSub if the header is not defined

Actions #1

Updated by Juliana Fajardini Reichow 4 months ago

  • Label Outreachy added
Actions #2

Updated by Juliana Fajardini Reichow 3 months ago

  • Assignee changed from OISF Dev to Community Ticket
Actions #3

Updated by Juliana Fajardini Reichow 3 months ago

Hello, to confirm, this issue is related to a configuration option being passed in our suricata.yaml file to the http.custom section, but is not one of the allowed custom fields listed here, right? https://docs.suricata.io/en/latest/output/eve/eve-json-output.html#http

Actions #4

Updated by Philippe Antoine 3 months ago

Juliana Fajardini Reichow wrote in #note-3:

Hello, to confirm, this issue is related to a configuration option being passed in our suricata.yaml file to the http.custom section, but is not one of the allowed custom fields listed here, right? https://docs.suricata.io/en/latest/output/eve/eve-json-output.html#http

Correct

Actions

Also available in: Atom PDF