Bug #8396: --yaml-fragment seems to be broken on 1.3.7 - Suricata-Update - Open Information Security Foundation

Actions

Copy link

Bug #8396

open

--yaml-fragment seems to be broken on 1.3.7

Bug #8396: --yaml-fragment seems to be broken on 1.3.7

Added by Joshua Bigler about 1 month ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

Affected Versions:

1.3.7

Effort:

low

Difficulty:

Label:

Beginner

Description

The --yaml-fragment flag seems to consistently break at least with version 1.3.7 (have not tried any other version yet)

# suricata-update --yaml-fragment /tmp/test.yaml
19/3/2026 -- 17:18:03 - <Info> -- Using data-directory /var/lib/suricata.
19/3/2026 -- 17:18:03 - <Info> -- Using Suricata configuration /etc/suricata/suricata.yaml
19/3/2026 -- 17:18:03 - <Info> -- Using /usr/share/suricata/rules for Suricata provided rules.
19/3/2026 -- 17:18:03 - <Info> -- Found Suricata version 8.0.3 at /usr/sbin/suricata.
19/3/2026 -- 17:18:03 - <Info> -- Loading /etc/suricata/disable.conf.
19/3/2026 -- 17:18:03 - <Info> -- Loading /etc/suricata/enable.conf.
19/3/2026 -- 17:18:03 - <Info> -- Loading /etc/suricata/modify.conf.
19/3/2026 -- 17:18:03 - <Info> -- Loading /etc/suricata/drop.conf.
19/3/2026 -- 17:18:03 - <Info> -- Loading /etc/suricata/suricata.yaml
19/3/2026 -- 17:18:03 - <Info> -- No sources configured, will use Emerging Threats Open
19/3/2026 -- 17:18:03 - <Info> -- Last download less than 15 minutes ago. Not downloading https://rules.emergingthreats.net/open/suricata-8.0.3/emerging.rules.tar.gz.
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/app-layer-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/decoder-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dhcp-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dnp3-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/dns-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/files.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http2-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/http-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ipsec-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/kerberos-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/modbus-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/mqtt-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/nfs-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ntp-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/quic-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/rfb-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smb-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/smtp-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/ssh-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/stream-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Loading distribution rule file /usr/share/suricata/rules/tls-events.rules
19/3/2026 -- 17:18:03 - <Info> -- Ignoring file fa10d0a1bbba0bcad0c5fd9af3e6fc01/rules/emerging-deleted.rules
19/3/2026 -- 17:18:08 - <Info> -- Loaded 65038 rules.
19/3/2026 -- 17:18:17 - <Info> -- Disabled 71 rules.
19/3/2026 -- 17:18:17 - <Info> -- Enabled 0 rules.
19/3/2026 -- 17:18:17 - <Info> -- Modified 0 rules.
19/3/2026 -- 17:18:17 - <Info> -- Dropped 0 rules.
19/3/2026 -- 17:18:17 - <Info> -- Enabled 136 rules for flowbit dependencies.
19/3/2026 -- 17:18:17 - <Info> -- Backing up current rules.
19/3/2026 -- 17:18:28 - <Info> -- Writing rules to /var/lib/suricata/rules/suricata.rules: total: 65038; enabled: 49125; added: 0; removed 0; modified: 0
19/3/2026 -- 17:18:28 - <Info> -- Writing /var/lib/suricata/rules/classification.config
19/3/2026 -- 17:18:28 - <Info> -- Writing YAML configuration fragment: /tmp/test.yaml
Traceback (most recent call last):
  File "/usr/bin/suricata-update", line 36, in <module>
    sys.exit(main.main())
  File "/usr/lib/suricata/python/suricata/update/main.py", line 1430, in main
    sys.exit(_main())
  File "/usr/lib/suricata/python/suricata/update/main.py", line 1370, in _main
    write_yaml_fragment(args.yaml_fragment, files)
  File "/usr/lib/suricata/python/suricata/update/main.py", line 654, in write_yaml_fragment
    if fn.endswith(".rules"):
AttributeError: 'SourceFile' object has no attribute 'endswith'

# suricata-update --version
suricata-update version 1.3.7

Seems like the python function writing the yaml fragment is expecting a list of strings but is getting something else

No data to display

Actions

Copy link

Also available in: PDF Atom

Project

General

Profile

Suricata » Suricata-Update

Bug #8396

--yaml-fragment seems to be broken on 1.3.7