From 38ea28d0ad24ce82ac3106e2ee9dc35088fbdb92 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Fri, 15 May 2020 11:36:42 +0200 Subject: [PATCH] IDPS: rule download, less sensitive rule parsing. for https://github.com/opnsense/core/pull/4115 --- src/opnsense/scripts/suricata/lib/downloader.py | 8 ++++---- src/opnsense/scripts/suricata/lib/rulecache.py | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/opnsense/scripts/suricata/lib/downloader.py b/src/opnsense/scripts/suricata/lib/downloader.py index 307b7f660..38ae80cc3 100755 --- a/src/opnsense/scripts/suricata/lib/downloader.py +++ b/src/opnsense/scripts/suricata/lib/downloader.py @@ -67,10 +67,10 @@ class Downloader(object): flowbits_noalert = line.replace(' ', '').find('flowbits:noalert;') > -1 if flowbits_noalert: pass - elif line[0:5] == 'alert': - line = 'drop %s' % line[5:] - elif line[0:6] == '#alert': - line = '#drop %s' % line[6:] + elif re.match("(\s?)*alert", line): + line = "drop %s" % line[line.find('alert')+5:] + elif re.match("#(\s?)*alert", line): + line = '#drop %s' % line[line.find('alert')+5:] output.append(line) return '\n'.join(output) diff --git a/src/opnsense/scripts/suricata/lib/rulecache.py b/src/opnsense/scripts/suricata/lib/rulecache.py index cbf3b52e6..951d0e32b 100755 --- a/src/opnsense/scripts/suricata/lib/rulecache.py +++ b/src/opnsense/scripts/suricata/lib/rulecache.py @@ -87,7 +87,7 @@ class RuleCache(object): record = {'enabled': True, 'source': filename.split('/')[-1]} if rule.strip()[0] == '#': record['enabled'] = False - record['action'] = rule.strip()[1:].split(' ')[0].replace('#', '') + record['action'] = rule.replace('#', '').strip().split()[0] else: record['action'] = rule.strip().split(' ')[0]