From 744f301df47fa35db3be220a69ef5be1cf179db2 Mon Sep 17 00:00:00 2001
From: Jason Ish <jason.ish@oisf.net>
Date: Fri, 7 Mar 2025 17:55:50 +0100
Subject: [PATCH] eve-parity: handle arrays of scalars

And add an example with "client_alpns".
---
 etc/schema.json       | 3 +++
 scripts/eve-parity.py | 3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/etc/schema.json b/etc/schema.json
index 14edb956b2..3f88e13367 100644
--- a/etc/schema.json
+++ b/etc/schema.json
@@ -6774,6 +6774,9 @@
                 "client_alpns": {
                     "description": "TLS client ALPN field(s)",
                     "type": "array",
+		    "suricata": {
+			"keywords": ["tls.alpn"]
+		    },
                     "items": {
                         "type": "string"
                     }
diff --git a/scripts/eve-parity.py b/scripts/eve-parity.py
index 7599f7f60d..3fbe1a03ff 100755
--- a/scripts/eve-parity.py
+++ b/scripts/eve-parity.py
@@ -118,9 +118,8 @@ def load_schema():
                             ),
                         )
                     else:
-                        # May want to warn that this array has no properties.
                         key = ".".join(path + [name])
-                        keys[key] = {}
+                        keys[key] = props.get("suricata", {})
                 else:
                     # May want to warn that this array has no items.
                     key = ".".join(path + [name])
-- 
2.47.3