Suricata

The from_base64 transform should use default values for bytes, offset, and mode when no arguments are used with the keyword.

However, the rule is not loaded

alert http any any -> any any (msg:"from_base64 -- no args"; http.request_body; from_base64; content:"Suricata";  sid:5; )

results in

$ src/suricata -c suricata.yaml -T -S one.rule -l /tmp/ll
Notice: suricata: This is Suricata version 8.0.1-dev (b93a27722c 2025-08-07) running in SYSTEM mode [LogVersion:suricata.c:1209]
Error: detect: error parsing signature "alert http any any -> any any (msg:"from_base64 -- no args"; http.request_body; from_base64; content:"Suricata";  sid:5; )" from file one.rule at line 3 [DetectLoadSigFile:detect-engine-loader.c:199]
Warning: detect: 1 rule files specified, but no rules were loaded! [SigLoadSignatures:detect-engine-loader.c:459]
Error: suricata: Loading signatures failed. [LoadSignatures:suricata.c:2501]

Adding an option:

alert http any any -> any any (msg:"from_base64 -- no args"; http.request_body; from_base64: offset 0; content:"Suricata";  sid:5; )

results in

$ src/suricata -c suricata.yaml -T -S one.rule -l /tmp/ll
Notice: suricata: This is Suricata version 8.0.1-dev (b93a27722c 2025-08-07) running in SYSTEM mode [LogVersion:suricata.c:1209]
Notice: suricata: Configuration provided was successfully loaded. Exiting. [SuricataInit:suricata.c:3077]