Bug #7421: parser: -s/--show-advanced option is broken - Suricata-Update - Open Information Security Foundation

Actions

Copy link

Bug #7421

open

parser: -s/--show-advanced option is broken

Added by Shivani Bhardwaj 8 months ago. Updated 17 days ago.

Status:

Assigned

Priority:

Normal

Assignee:

OISF Dev

Target version:

TBD

Affected Versions:

Effort:

Difficulty:

Label:

Description

suricata-update should ideally show the advanced options available that are not directly a part of the main parser.

History
Notes
Property changes

Actions

Copy link

Updated by Philippe Antoine 18 days ago

Assignee set to OISF Dev

Actions

Copy link

Updated by Jason Ish 18 days ago

Target version set to TBD

Do we have an example here? I won't really understand the issue.

Actions

Copy link

Updated by Shivani Bhardwaj 17 days ago

Jason Ish wrote in #note-2:

Do we have an example here? I won't really understand the issue.

I think the problem is that we hide a lot of useful options like --local , --url behind --show-advanced option but this option is actually only useful when used alongwith -h so it's a bit misleading. See the output below.

 ❯ python3 ./bin/suricata-update -h
usage: suricata-update update [-h] [-v] [-q] [-D <directory>] [-c <filename>] [--suricata-conf <filename>]
                              [--suricata <path>] [--suricata-version <version>] [-V] [-s] [-o <directory>] [-f]
                              [--disable-conf <filename>] [--enable-conf <filename>] [--modify-conf <filename>]
                              [--drop-conf <filename>] [--no-reload] [--no-test] [--offline] [--fail]

options:
  -h, --help            show this help message and exit
  -v, --verbose         Be more verbose
  -q, --quiet           Be quiet, warning and error messages only
  -D <directory>, --data-dir <directory>
                        Data directory (default: /var/lib/suricata)
  -c <filename>, --config <filename>
                        configuration file (default: /etc/suricata/update.yaml)
  --suricata-conf <filename>
                        configuration file (default: /etc/suricata/suricata.yaml)
  --suricata <path>     Path to Suricata program
  --suricata-version <version>
                        Override Suricata version
  -V, --version         Display version
  -s, --show-advanced   Show advanced options
  -o <directory>, --output <directory>
                        Directory to write rules to
  -f, --force           Force operations that might otherwise be skipped
  --disable-conf <filename>
                        Filename of rule disable filters
  --enable-conf <filename>
                        Filename of rule enable filters
  --modify-conf <filename>
                        Filename of rule modification filters
  --drop-conf <filename>
                        Filename of drop rule filters
  --no-reload           Disable reload
  --no-test             Disable testing rules with Suricata
  --offline             Run offline using most recent cached rules
  --fail                Strictly fail and exit in case of an error

other commands:

If you do python3 ./bin/suricata-update --show-advanced, suricata-update ignores the option altogether and runs as if no option was provided.

It works correctly when used as: python3 ./bin/suricata-update -h --show-advanced

So, either we should clarify in the help section how --show-advanced should be used or make it an independent option.
wdyt?

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata » Suricata-Update

Bug #7421

parser: -s/--show-advanced option is broken

Updated by Philippe Antoine 18 days ago

Updated by Jason Ish 18 days ago

Updated by Shivani Bhardwaj 17 days ago