ids-functions.pl: Introduce merge_sid_msg() function.

This function is used to merge the sid to message mapping files
from various providers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 359d7d4bd189a3e0a778fcc38e845cfa38bc8350..cd15b350d81ad1356e0e17c2648ea617a230993b 100644 (file)
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -83,6 +83,9 @@ our $rulespath = "/var/lib/suricata";
 # Location of the classification file.
 our $classification_file = "$rulespath/classification.config";
 
+# Location of the sid to msg mappings file.
+our $sid_msg_file = "$rulespath/sid-msg.map";
+
 # Location to store local rules. This file will not be touched.
 our $local_rules_file = "$rulespath/local.rules";
 
@@ -607,6 +610,75 @@ sub merge_classifications(@) {
        close(FILE);
 }
 
+#
+## Function to merge the "sid to message mapping" files of various given providers.
+#
+sub merge_sid_msg (@) {
+       my @providers = @_;
+
+       # Hash which contains all the sid to message mappings.
+       my %mappings = ();
+
+       # Loop through the array of given providers.
+       foreach my $provider (@providers) {
+               # Generate full path and filename.
+               my $sid_msg_file = "$tmp_directory/conf/$provider\-sid-msg.map";
+
+               # Skip provider if no sid to msg mapping file for this provider exists.
+               next unless (-f $sid_msg_file);
+
+               # Open the file.
+               open(MAPPING, $sid_msg_file) or die "Could not open $sid_msg_file. $!\n";
+
+               # Loop through the file content.
+               while (<MAPPING>) {
+                       # Remove newlines.
+                       chomp($_);
+
+                       # Skip lines which do not start with a number,
+                       next unless ($_ =~ /^\d+/);
+
+                       # Split line content and assign it to an array.
+                       my @line = split(/ \|\| /, $_);
+
+                       # Grab the first element (and remove it) from the line array.
+                       # It contains the sid.
+                       my $sid = shift(@line);
+
+                       # Store the grabbed sid and the remain array as hash value.
+                       # It still contains the messages, references etc.
+                       $mappings{$sid} = [@line];
+               }
+
+               # Close file handle.
+               close(MAPPING);
+       }
+
+       # Open mappings file for writing.
+       open(FILE, ">", $sid_msg_file) or die "Could not write $sid_msg_file. $!\n";
+
+       # Write notice about autogenerated file.
+       print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n";
+
+       # Loop through the hash of mappings.
+       foreach my $sid ( sort keys %mappings) {
+               # Grab data for the sid.
+               my @data = @{$mappings{$sid}};
+
+               # Add the sid to the data array.
+               unshift(@data, $sid);
+
+               # Generate line.
+               my $line = join(" \|\| ", @data);
+
+               print FILE "$line\n";
+
+       }
+
+       # Close file handle.
+       close(FILE);
+}
+
 #
 ## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
 #