Actions
Bug #2080
closedRules with bad port group var do not error
Affected Versions:
Effort:
Difficulty:
Label:
Description
This does not error in Suricata 3.2.1 and 4.0dev (rev 3726fd6) (latest as of now) or any other version of Suricata I tested:
alert tcp $HOME_NET any -> $EXTERNAL_NET non_existent_var (msg:"bad portvar test"; content:"31d7c3e829be03400641f80b821ef728"; sid:3032; rev:1;)
Updated by Peter Manev over 7 years ago
also - for info - it errs like that:
[3902] 30/3/2017 -- 09:06:44 - (util-rule-vars.c:102) <Error> (SCRuleVarsGetConfVar) -- [ERRCODE: SC_ERR_UNDEFINED_VAR(101)] - Variable "non_existent_var" is not defined in configuration file [3902] 30/3/2017 -- 09:06:44 - (detect.c:365) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET $non_existent_var (msg:"bad portvar test"; content:"31d7c3e829be03400641f80b821ef728"; sid:3033; rev:1;)" from file badportvar.rules at line 3
when the rule uses the "$" in front of the variable ( $non_existent_var ) -
alert tcp $HOME_NET any -> $EXTERNAL_NET $non_existent_var (msg:"bad portvar test"; content:"31d7c3e829be03400641f80b821ef728"; sid:3033; rev:1;)
Updated by Francis Trudeau over 7 years ago
I worded this wrong due to getting my wires crossed during testing.
It probably should read "Rules with illegal port parameter does not error"
Updated by Andreas Herz over 7 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Philippe Antoine over 5 years ago
- Assignee changed from OISF Dev to Philippe Antoine
Updated by Victor Julien over 5 years ago
- Status changed from New to Closed
- Target version changed from TBD to 5.0rc1
Updated by Philippe Antoine over 5 years ago
- Related to Bug #3053: Replace atoi with StringParse* for better error handling added
Actions