Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

6.0.x: content: don't error out on incomplete hex - v2 #7887

Merged
merged 2 commits into from
Sep 27, 2022
Merged

6.0.x: content: don't error out on incomplete hex - v2 #7887

merged 2 commits into from
Sep 27, 2022

Conversation

jasonish
Copy link
Member

@jasonish jasonish commented Sep 20, 2022
edited

Before 6.0.6 if hex content was incomplete, Suricata didn't error out.
With 6.0.6 incomplete hex was detected and errored on which is a
breaking change in a release branch. Instead, only emit a warning
unless strict content checking has been requested.

To enable strict behaviour on incomplete content hex in a rule,
"--strict-rule-keywords=content" can be used on the command line.

Issue: https://redmine.openinfosecfoundation.org/issues/5546

For now there is no accompanying master commit, as the change in
behaviour for a major version is OK.

Previous PR: #7885

Changes from last PR:

  • Better error handing. In non-strict mode an error with context will
    be displayed, but not result in a test failure unless strict mode is
    requested.
  • Log error if strict mode is enabled, not a warning.
  • Add this warn/error checking to all users of content parsing.

suricata-verify-pr: 946

@jasonish
detect: allow rule errors to display error, but not be fatal
726de4e 
Add a new setup return code, -4 which will print the error, but not
error out in test mode. This is to support allowing incomplete hex, as
there is no context as to which rule had the issue.

For context:
- -3: error ok, no message
- -2: error not ok, no message
- -4: error ok, message
@jasonish
content: don't error out on incomplete hex
8174ba9 
Before 6.0.6 if hex content was incomplete, Suricata didn't error out.
With 6.0.6 incomplete hex was detected and errored on which is a
breaking change in a release branch.  Instead, only emit a warning
unless strict content checking has been requested.

To enable strict behaviour on incomplete content hex in a rule,
"--strict-rule-keywords=content" can be used on the command line.

Issue: OISF#5546
@jasonish jasonish requested a review from a team as a code owner September 20, 2022 18:17
@jasonish jasonish mentioned this pull request Sep 20, 2022
Closed
@suricata-qa
Copy link

Information: QA ran without warnings.

Pipeline 9372

@jasonish jasonish mentioned this pull request Sep 22, 2022
Closed
@victorjulien victorjulien mentioned this pull request Sep 26, 2022
Closed
@jasonish jasonish mentioned this pull request Sep 26, 2022
Closed
@victorjulien victorjulien mentioned this pull request Sep 26, 2022
Merged
@victorjulien victorjulien merged commit 8174ba9 into OISF:master-6.0.x Sep 27, 2022
@jasonish jasonish deleted the 6.0.x-5546-warning/v2 branch February 8, 2024 15:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
3 participants
@jasonish @suricata-qa @victorjulien