New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Detect prefilter setupu8 4335 v6 #5937
Detect prefilter setupu8 4335 v6 #5937
Conversation
Such as >255 for an uint8 field
instead of erroring cf DetectICodeMatchTest01
Codecov Report
@@ Coverage Diff @@
## master #5937 +/- ##
==========================================
+ Coverage 76.67% 76.68% +0.01%
==========================================
Files 604 604
Lines 187828 187821 -7
==========================================
+ Hits 144008 144036 +28
+ Misses 43820 43785 -35
Flags with carried forward coverage won't be shown. Click here to find out more. |
@@ -373,6 +454,10 @@ DetectU8Data *DetectU8Parse (const char *u8str) | |||
return NULL; | |||
} | |||
} | |||
if (DetectU8Validate(&u8da)) { | |||
SCLogError(SC_ERR_INVALID_VALUE, "Impossible value for uint8 condition"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we provide a more helpful error here? Something that includes the keyword name and perhaps also the original value?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok for the original value.
For the keyword name, should it be the caller of DetectU32Parse
(such as DetectHTTP2windowSetup
) which should print another message or should it transmit the keyword name to DetectU32Parse
just for this debugging purpose ?
Replaced by #5966 |
Link to redmine ticket:
https://redmine.openinfosecfoundation.org/issues/4112
https://redmine.openinfosecfoundation.org/issues/4335
Describe changes:
Modifies #5923 by formatting and rewording commit