From 41fda6cd14ef9c0a72910d296fc7399298125fa3 Mon Sep 17 00:00:00 2001
From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Sun, 13 Mar 2022 20:27:25 +0100
Subject: [PATCH] ids-functions.pl: Do not longer extract all rulefiles in
 archive.

Only extract rulefiles which are located in a rules directory and/or in the archive
root.

This prevents us from extracting experimental or binary rules etc. which
often are located in corresponding sub-directories.

Reference: #12794.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 config/cfgroot/ids-functions.pl | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 468efc668f..c4edd968d0 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -544,6 +544,9 @@ sub extractruleset ($) {
 
 			# Handle rules files.
 			} elsif ($file =~ m/\.rules$/) {
+				# Skip rule files which are not located in the rules directory or archive root.
+				next unless(($packed_file =~ /^rules\//) || ($packed_file !~ /\//));
+
 				my $rulesfilename;
 
 				# Splitt the filename into chunks.
-- 
2.39.5