From b465a418a0f9e17b7f73cc9dafb1cb4571cd6fb7 Mon Sep 17 00:00:00 2001 From: Ad Schellevis Date: Thu, 11 Feb 2021 11:25:17 +0100 Subject: [PATCH] IDS policies not mnatching categories. since categories isn't a metadata field, our parser seems to miss the field content. In this case it should be safe to assume if a metadata field isn't found we can look in the rule properties if it's there. there likely aren't overlapping properties in this case. closes https://github.com/opnsense/core/issues/4695 --- src/opnsense/scripts/suricata/lib/rulecache.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/opnsense/scripts/suricata/lib/rulecache.py b/src/opnsense/scripts/suricata/lib/rulecache.py index 85e02739e..7bd3754ac 100755 --- a/src/opnsense/scripts/suricata/lib/rulecache.py +++ b/src/opnsense/scripts/suricata/lib/rulecache.py @@ -82,7 +82,14 @@ class RuleCache(object): # step into metadata src_pointer = src_pointer['metadata'] src_section = section_name.split('metadata_', 1)[1] - rule_data = src_pointer[src_section] if src_section in src_pointer else None + + if src_section in src_pointer: + rule_data = src_pointer[src_section] + elif src_section in rule['metadata']: + # metadata field is actually a rule field (category) + rule_data = rule['metadata'][src_section] + else: + rule_data = None if rule_data not in configured_policies[policy_id][section_name]: is_matched = False if is_matched: