lucaspalomodevelop/core
1
0
Fork 0
mirror of https://github.com/lucaspalomodevelop/core.git synced 2026-03-19 19:15:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

IDS policies not mnatching categories. since categories isn't a metadata field, our parser seems to miss the field content. In this case it should be safe to assume if a metadata field isn't found we can look in the rule properties if it's there. there likely aren't overlapping properties in this case. closes https://github.com/opnsense/core/issues/4695

Browse Source
This commit is contained in:
Ad Schellevis 2021-02-11 11:25:17 +01:00
parent a9d00046ff
commit b465a418a0
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/opnsense/scripts/suricata/lib/rulecache.py
View File

@ -82,7 +82,14 @@ class RuleCache(object):
# step into metadata
src_pointer = src_pointer['metadata']
src_section = section_name.split('metadata_', 1)[1]
rule_data = src_pointer[src_section] if src_section in src_pointer else None
if src_section in src_pointer:
rule_data = src_pointer[src_section]
elif src_section in rule['metadata']:
# metadata field is actually a rule field (category)
rule_data = rule['metadata'][src_section]
else:
rule_data = None
if rule_data not in configured_policies[policy_id][section_name]:
is_matched = False
if is_matched: