datasets: disable rule if file not found

If a dataset file is not found for load, print a warning and disable the
rule. This will allow Suricata to pass the -T test so the working rules
are updated instead of rolling back.

diff --git a/suricata/update/main.py b/suricata/update/main.py
index bc3df765ce673cf10e1d433d12d642084bdb755d..29203fc308b35c1d6cf4683f260fd747da17fddc 100644 (file)
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -1,4 +1,4 @@
-# Copyright (C) 2017 Open Information Security Foundation
+# Copyright (C) 2017-2022 Open Information Security Foundation
 # Copyright (c) 2015-2017 Jason Ish
 #
 # You can copy, redistribute or modify this Program under the terms of
@@ -452,7 +452,8 @@ def handle_dataset_files(rule, dep_files):
             fp.write(dep_files[source_filename].decode("utf-8"))
         return new_rule
     else:
-        logger.error("Dataset file '{}' was not found".format(dataset_filename))
+        logger.warn("Dataset file '{}' was not found for rule {}, rule will be disabled".format(dataset_filename, rule.idstr))
+        rule.enabled = False
 
 def handle_filehash_files(rule, dep_files, fhash):
     if not rule.enabled: