Project

General

Profile

Actions
Copy link

Bug #8630

closed
AS OD

Silent failure when ignore-unknown-requirements is set to an invalid value

Bug #8630: Silent failure when ignore-unknown-requirements is set to an invalid value

Added by Alexey Simakov 21 days ago. Updated 12 days ago.

Status:
Rejected
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
7.0.0
Effort:
low
Difficulty:
low
Label:

Description

In issue #7434, the ignore-unknown-requirements configuration field was introduced. It is read in detect-requires.c::DetectRequiresRegister() via ConfGetBool() .

ConfGetBool() returns 1 if the field was found and successfully parsed as a boolean, and 0 in two distinct cases:
- First, if the field is absent, which is handled gracefully since ConfGet() logs a message internally.
- Second, if the field is present but contains an invalid value, for example ignore-unknown-requirements: SOME_TRASH_VALUE .
The problem is that case 2 is currently indistinguishable from case 1 at the call site.
When an invalid value is provided, ConfGetBool() returns 0 and no warning or error is emitted to the user.
The misconfiguration is silently ignored and the field behaves as if it were absent, which may not be the intended behavior.

The expected behavior is that if ignore-unknown-requirements is present in the config but contains an unrecognized non-boolean value,
Suricata should log a warning or error to alert the user of the misconfiguration, rather than silently falling back to the default.

AS Updated by Alexey Simakov 21 days ago Actions
Copy link
 #1

  • Difficulty set to low

AS Updated by Alexey Simakov 21 days ago Actions
Copy link
 #2

I thought a littlebit more about this and seems thats no problems with that since API of ConfGetBool(...) claims that

/** * \brief Check if a value is true. * * The value is considered true if it is a string with the value of 1, * yes, true or on. The test is not case sensitive, any other value * is false. * * \param val The string to test for a true value. * * \retval 1 If the value is true, 0 if not.
*/

So probably this is not bug, just cosmetic issue.

Feel free to close this ticket, if this is not realy not problem

JI Updated by Jason Ish 12 days ago Actions
Copy link
 #3

  • Status changed from New to Rejected

Alexey Simakov wrote in #note-2:

I thought a littlebit more about this and seems thats no problems with that since API of ConfGetBool(...) claims that

/**
  • \brief Check if a value is true. *
  • The value is considered true if it is a string with the value of 1,
  • yes, true or on. The test is not case sensitive, any other value
  • is false. *
  • \param val The string to test for a true value. *
  • \retval 1 If the value is true, 0 if not.
    */

So probably this is not bug, just cosmetic issue.

Feel free to close this ticket, if this is not realy not problem

Will close, by design any non-thruthy value is false.

Actions
Copy link

Also available in: PDF Atom