eve-parity: handle arrays of scalars

author Jason Ish <jason.ish@oisf.net>

Fri, 7 Mar 2025 16:55:50 +0000 (17:55 +0100)

committer Victor Julien <victor@inliniac.net>

Sun, 9 Mar 2025 06:29:34 +0000 (07:29 +0100)
author Jason Ish <jason.ish@oisf.net>
Fri, 7 Mar 2025 16:55:50 +0000 (17:55 +0100)
committer Victor Julien <victor@inliniac.net>
Sun, 9 Mar 2025 06:29:34 +0000 (07:29 +0100)
diff --git a/etc/schema.json b/etc/schema.json

index 14edb956b2ee466ea9f986d489b6c9037e7dc9ae..3f88e133675f8f1987852aea89a8e75401063f17 100644 (file)
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -6774,6 +6774,9 @@
                  "client_alpns": {
                      "description": "TLS client ALPN field(s)",
                      "type": "array",
+                   "suricata": {
+                       "keywords": ["tls.alpn"]
+                   },
                      "items": {
                          "type": "string"
                      }
diff --git a/scripts/eve-parity.py b/scripts/eve-parity.py

index 7599f7f60d427edb565eb7ee1e7524208fce8e19..3fbe1a03ff24102c5d70c8f5be4daf07a613126d 100755 (executable)
--- a/scripts/eve-parity.py
+++ b/scripts/eve-parity.py
@@ -118,9 +118,8 @@ def load_schema():
                              ),
                          )
                      else:
-                        # May want to warn that this array has no properties.
                          key = ".".join(path + [name])
-                        keys[key] = {}
+                        keys[key] = props.get("suricata", {})
                  else:
                      # May want to warn that this array has no items.
                      key = ".".join(path + [name])
author	Jason Ish <jason.ish@oisf.net>
	Fri, 7 Mar 2025 16:55:50 +0000 (17:55 +0100)
committer	Victor Julien <victor@inliniac.net>
	Sun, 9 Mar 2025 06:29:34 +0000 (07:29 +0100)
etc/schema.json		patch \| blob \| blame \| history
scripts/eve-parity.py		patch \| blob \| blame \| history