From: Jason Ish <ish@unx.ca>
Date: Wed, 29 Nov 2017 22:38:24 +0000 (-0600)
Subject: update.yaml: sources is now just a URL list
X-Git-Tag: 1.0.0a1~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=330a993c5f47aa0a1eb2e8232582515993859fa8;p=thirdparty%2Fsuricata-update.git

update.yaml: sources is now just a URL list
---

diff --git a/suricata/update/configs/update.yaml b/suricata/update/configs/update.yaml
index 1448012..ad6e5a7 100644
--- a/suricata/update/configs/update.yaml
+++ b/suricata/update/configs/update.yaml
@@ -35,16 +35,12 @@ ignore:
 # May be overrided by the --reload-command command line option.
 #reload-command: sudo systemctl reload suricata
 
-# Remote rule sources.
+# Remote rule sources. Simply a list of URLs.
 sources:
-  # Emerging Threats Open
-  - source: etopen
-  # Emerging Threats Pro
-  - source: etpro
-    code: xxxxx
-  # A URL
-  - source: url
-    url: https://sslbl.abuse.ch/blacklist/sslblacklist.rules
+  # Emerging Threats Open with the Suricata version dynamically replaced.
+  - https://rules.emergingthreats.net/open/suricata-%(__version__)s/emerging.rules.tar.gz
+  # The SSL blacklist, which is just a standalone rule file.
+  - https://sslbl.abuse.ch/blacklist/sslblacklist.rules
 
 # A list of local rule sources. Each entry can be a rule file, a
 # directory or a wild card specification.
diff --git a/suricata/update/main.py b/suricata/update/main.py
index 2905f66..a324aa5 100644
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -961,31 +961,16 @@ def load_sources(config, suricata_version):
             urls.append(url)
 
     if config.get("sources"):
-        for source in config.get("sources"):
-            source_name = None
-            if "source" in source :
-                source_name = source["source"]
-            else:
-                logger.error("Source is missing the \"source\" field.")
-                continue
-
-            if source_name == "url":
-                urls.append(source["url"])
-            elif source_name == "etopen":
-                urls.append(resolve_etopen_url(suricata_version))
-            else:
-                logger.error(
-                    "Unknown source: %s; "
-                    "try running suricata-update update-sources",
-                    source["source"])
-
-    # If no URLs, default to ET/Open.
-    if not urls:
-        logger.info("No sources configured, will use Emerging Threats Open")
-        urls.append(resolve_etopen_url(suricata_version))
+        for url in config.get("sources"):
+            url = url % internal_params
+            logger.debug("Adding source %s.", url)
+            urls.append(url)
 
-    # If --etopen is on the command line, make sure its added.
-    if config.get("etopen"):
+    # If --etopen is on the command line, make sure its added. Or if
+    # there are no URLs, default to ET/Open.
+    if config.get("etopen") or not urls:
+        if not urls:
+            logger.info("No sources configured, will use Emerging Threats Open")
         urls.append(resolve_etopen_url(suricata_version))
 
     # Converting the URLs to a set removed dupes.