IDPS: extent rule search with metadata fields (pivot property/value store) and show results on rule info.

2026-03-16 01:24:38 +00:00 · 2020-06-04 16:16:56 +02:00 · 2020-06-04 16:16:56 +02:00 · e08000afbd
commit e08000afbd
parent d007d909ce
4 changed files with 51 additions and 18 deletions
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/Api/SettingsController.php
@ -211,6 +211,7 @@ class SettingsController extends ApiMutableModelControllerBase
                    $row['reference_html'] .= $item_html . '<br/>';
                }
            }
+            ksort($row);
            return $row;
        } else {
            return array();
--- a/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogRule.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/IDS/forms/dialogRule.xml
@ -9,25 +9,17 @@
        <label>Revision</label>
        <type>info</type>
    </field>
-    <field>
-        <id>gid</id>
-        <label>Group Id</label>
-        <type>info</type>
-    </field>
-    <field>
-        <id>classtype</id>
-        <label>Classtype</label>
-        <type>info</type>
-    </field>
    <field>
        <id>msg</id>
        <label>Message</label>
        <type>info</type>
    </field>
+    <!-- template field, copied for every metadata record on dialog show -->
    <field>
-        <id>reference_html</id>
-        <label>Reference</label>
-        <type>info</type>
+      <id>__template__</id>
+      <label>__template__label__</label>
+      <type>info</type>
+      <style>rule_template</style>
    </field>
    <field>
        <id>action</id>
--- a/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
+++ b/src/opnsense/mvc/app/views/OPNsense/IDS/index.volt
@ -342,6 +342,33 @@ POSSIBILITY OF SUCH DAMAGE.
                                        }
                                        return toggle;
                                    }
+                                },
+                                onBeforeRenderDialog: function(payload) {
+                                    // update form with dynamic fields
+                                    let template_tr = $("#row___template__");
+                                    $(".__rule__metadata_record").remove();
+                                    template_tr.hide();
+                                    if (payload.frm_DialogRule) {
+                                        $.each(payload.frm_DialogRule, function(key, value){
+                                            // ignore fixed fields and empty values
+                                            if (['sid', 'rev', 'action', 'action_default', 'installed_action',
+                                                 'enabled', 'enabled_default', 'msg', 'reference'].includes(key)
+                                                 || value === null) {
+                                                return;
+                                            }
+                                            let new_tr = template_tr.clone();
+                                            new_tr.prop("id", "row_" + key);
+                                            new_tr.addClass("__rule__metadata_record");
+                                            new_tr.html(new_tr.html().replace('__template__label__', key));
+                                            if (key === 'reference_html') {
+                                                value = $("<textarea/>").html(value).text();
+                                            }
+                                            new_tr.find("#__template__").prop("id", key).html(value);
+                                            new_tr.show();
+                                            new_tr.insertBefore(template_tr);
+                                        });
+                                    }
+                                    return (new $.Deferred()).resolve();
                                }
                            },
                            toggle:'/api/ids/settings/toggleRule/'
--- a/src/opnsense/scripts/suricata/lib/rulecache.py
+++ b/src/opnsense/scripts/suricata/lib/rulecache.py
@ -329,16 +329,29 @@ class RuleCache(object):

            # fetch results
            cur.execute(sql, sql_parameters)
-            while True:
-                row = cur.fetchone()
-                if row is None:
-                    break
-
+            all_sids = []
+            for row in cur.fetchall():
                record = {}
                for fieldNum in range(len(cur.description)):
                    record[cur.description[fieldNum][0]] = row[fieldNum]
                result['rows'].append(record)
+                if record['sid']:
+                    all_sids.append("%d" % record['sid'])

+            # extend with collected metadata attributes
+            cur.execute("select * from rule_properties where sid in (%s) order by sid" %
+                ",".join(all_sids)
+            )
+            rule_props = dict()
+            for row in cur.fetchall():
+                if row[0] not in rule_props:
+                    rule_props[row[0]] = dict()
+                rule_props[row[0]][row[1]] = row[2]
+
+            for record in result['rows']:
+                if record['sid'] in rule_props:
+                    for fieldname in rule_props[record['sid']]:
+                        record[fieldname] = rule_props[record['sid']][fieldname]
        return result

    def list_metadata(self):