Suricata

In issue #7434, the ignore-unknown-requirements configuration field was introduced. It is read in detect-requires.c::DetectRequiresRegister() via ConfGetBool() .

ConfGetBool() returns 1 if the field was found and successfully parsed as a boolean, and 0 in two distinct cases:
- First, if the field is absent, which is handled gracefully since ConfGet() logs a message internally.
- Second, if the field is present but contains an invalid value, for example ignore-unknown-requirements: SOME_TRASH_VALUE .
The problem is that case 2 is currently indistinguishable from case 1 at the call site.
When an invalid value is provided, ConfGetBool() returns 0 and no warning or error is emitted to the user.
The misconfiguration is silently ignored and the field behaves as if it were absent, which may not be the intended behavior.

The expected behavior is that if ignore-unknown-requirements is present in the config but contains an unrecognized non-boolean value,
Suricata should log a warning or error to alert the user of the misconfiguration, rather than silently falling back to the default.