IDPS: rule download, less sensitive rule parsing. for https://github.com/opnsense/core/pull/4115

2026-03-15 17:14:46 +00:00 · 2020-05-15 11:36:42 +02:00 · 2020-05-15 11:36:42 +02:00 · 38ea28d0ad
commit 38ea28d0ad
parent 7b6e7af079
2 changed files with 5 additions and 5 deletions
--- a/src/opnsense/scripts/suricata/lib/downloader.py
+++ b/src/opnsense/scripts/suricata/lib/downloader.py
@ -67,10 +67,10 @@ class Downloader(object):
                flowbits_noalert = line.replace(' ', '').find('flowbits:noalert;') > -1
                if flowbits_noalert:
                    pass
-                elif line[0:5] == 'alert':
-                    line = 'drop %s' % line[5:]
-                elif line[0:6] == '#alert':
-                    line = '#drop %s' % line[6:]
+                elif re.match("(\s?)*alert", line):
+                    line = "drop %s" % line[line.find('alert')+5:]
+                elif re.match("#(\s?)*alert", line):
+                    line = '#drop %s' % line[line.find('alert')+5:]
            output.append(line)
        return '\n'.join(output)

--- a/src/opnsense/scripts/suricata/lib/rulecache.py
+++ b/src/opnsense/scripts/suricata/lib/rulecache.py
@ -87,7 +87,7 @@ class RuleCache(object):
                    record = {'enabled': True, 'source': filename.split('/')[-1]}
                    if rule.strip()[0] == '#':
                        record['enabled'] = False
-                        record['action'] = rule.strip()[1:].split(' ')[0].replace('#', '')
+                        record['action'] = rule.replace('#', '').strip().split()[0]
                    else:
                        record['action'] = rule.strip().split(' ')[0]