From: Stefan Schantl <stefan.schantl@ipfire.org>
Date: Mon, 29 Mar 2021 13:27:42 +0000 (+0200)
Subject: ids-functions.pl: Introduce merge_sid_msg() function.
X-Git-Url: http://git.ipfire.org/?p=people%2Fstevee%2Fipfire-2.x.git;a=commitdiff_plain;h=8bd74e12a9433f0f79e9eeca1028192799c98cc7

ids-functions.pl: Introduce merge_sid_msg() function.

This function is used to merge the sid to message mapping files
from various providers.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---

diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl
index 359d7d4bd1..cd15b350d8 100644
--- a/config/cfgroot/ids-functions.pl
+++ b/config/cfgroot/ids-functions.pl
@@ -83,6 +83,9 @@ our $rulespath = "/var/lib/suricata";
 # Location of the classification file.
 our $classification_file = "$rulespath/classification.config";
 
+# Location of the sid to msg mappings file.
+our $sid_msg_file = "$rulespath/sid-msg.map";
+
 # Location to store local rules. This file will not be touched.
 our $local_rules_file = "$rulespath/local.rules";
 
@@ -607,6 +610,75 @@ sub merge_classifications(@) {
 	close(FILE);
 }
 
+#
+## Function to merge the "sid to message mapping" files of various given providers.
+#
+sub merge_sid_msg (@) {
+	my @providers = @_;
+
+	# Hash which contains all the sid to message mappings.
+	my %mappings = ();
+
+	# Loop through the array of given providers.
+	foreach my $provider (@providers) {
+		# Generate full path and filename.
+		my $sid_msg_file = "$tmp_directory/conf/$provider\-sid-msg.map";
+
+		# Skip provider if no sid to msg mapping file for this provider exists.
+		next unless (-f $sid_msg_file);
+
+		# Open the file.
+		open(MAPPING, $sid_msg_file) or die "Could not open $sid_msg_file. $!\n";
+
+		# Loop through the file content.
+		while (<MAPPING>) {
+			# Remove newlines.
+			chomp($_);
+
+			# Skip lines which do not start with a number,
+			next unless ($_ =~ /^\d+/);
+
+			# Split line content and assign it to an array.
+			my @line = split(/ \|\| /, $_);
+
+			# Grab the first element (and remove it) from the line array.
+			# It contains the sid.
+			my $sid = shift(@line);
+
+			# Store the grabbed sid and the remain array as hash value.
+			# It still contains the messages, references etc.
+			$mappings{$sid} = [@line];
+		}
+
+		# Close file handle.
+		close(MAPPING);
+	}
+
+	# Open mappings file for writing.
+	open(FILE, ">", $sid_msg_file) or die "Could not write $sid_msg_file. $!\n";
+
+	# Write notice about autogenerated file.
+	print FILE "#Autogenerated file. Any custom changes will be overwritten!\n\n";
+
+	# Loop through the hash of mappings.
+	foreach my $sid ( sort keys %mappings) {
+		# Grab data for the sid.
+		my @data = @{$mappings{$sid}};
+
+		# Add the sid to the data array.
+		unshift(@data, $sid);
+
+		# Generate line.
+		my $line = join(" \|\| ", @data);
+
+		print FILE "$line\n";
+
+	}
+
+	# Close file handle.
+	close(FILE);
+}
+
 #
 ## Function to do all the logging stuff if the downloading or updating of the ruleset fails.
 #