From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 13 Mar 2022 19:27:25 +0000 (+0100)
Subject: ids-functions.pl: Do not longer extract all rulefiles in archive.
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f349c960e46876253e4bc9ea9aaf0f7b72b99ef0;p=people%2Fms%2Fipfire-2.x.git

ids-functions.pl: Do not longer extract all rulefiles in archive.

Only extract rulefiles which are located in a rules directory and/or in the archive
root.

This prevents us from extracting experimental or binary rules etc. which
often are located in corresponding sub-directories.

Reference: #12794.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 468efc668f..c4edd968d0 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -544,6 +544,9 @@ sub extractruleset ($) {
 
 			# Handle rules files.
 			} elsif ($file =~ m/\.rules$/) {
+				# Skip rule files which are not located in the rules directory or archive root.
+				next unless(($packed_file =~ /^rules\//) || ($packed_file !~ /\//));
+
 				my $rulesfilename;
 
 				# Splitt the filename into chunks.