From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 7 Mar 2025 16:55:50 +0000 (+0100)
Subject: eve-parity: handle arrays of scalars
X-Git-Tag: suricata-8.0.0-beta1~305
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=744f301df47fa35db3be220a69ef5be1cf179db2;p=thirdparty%2Fsuricata.git

eve-parity: handle arrays of scalars

And add an example with "client_alpns".
---

diff --git a/etc/schema.json b/etc/schema.json
index 14edb956b2..3f88e13367 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -6774,6 +6774,9 @@
                 "client_alpns": {
                     "description": "TLS client ALPN field(s)",
                     "type": "array",
+		    "suricata": {
+			"keywords": ["tls.alpn"]
+		    },
                     "items": {
                         "type": "string"
                     }
diff --git a/scripts/eve-parity.py b/scripts/eve-parity.py
index 7599f7f60d..3fbe1a03ff 100755
--- a/scripts/eve-parity.py
+++ b/scripts/eve-parity.py
@@ -118,9 +118,8 @@ def load_schema():
                             ),
                         )
                     else:
-                        # May want to warn that this array has no properties.
                         key = ".".join(path + [name])
-                        keys[key] = {}
+                        keys[key] = props.get("suricata", {})
                 else:
                     # May want to warn that this array has no items.
                     key = ".".join(path + [name])