From: Vagisha Gupta <vagishagupta23@gmail.com>
Date: Mon, 3 Jun 2019 08:53:24 +0000 (+0530)
Subject: Log a warning on duplicate SID
X-Git-Tag: 1.1.0rc1~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c87a153bc1b011acdb16dbc17bd1fea07948220;p=thirdparty%2Fsuricata-update.git

Log a warning on duplicate SID

Currently when suricata-update encounters a rule with duplicate SIDs,
it silently uses the one with the higher revision without logging the
warnings.
On duplicate SID, warnings are logged for equal as well as different
revisions.
---

diff --git a/suricata/update/main.py b/suricata/update/main.py
index c6218ed..2aa61bf 100644
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -692,7 +692,14 @@ def build_rule_map(rules):
         if rule.id not in rulemap:
             rulemap[rule.id] = rule
         else:
+            if rule["rev"] == rulemap[rule.id]["rev"]:
+                logger.warning(
+                    "Found duplicate rule SID {} with same revision, "
+                    "keeping the first rule seen.".format(rule.sid))
             if rule["rev"] > rulemap[rule.id]["rev"]:
+                logger.warning(
+                    "Found duplicate rule SID {}, "
+                    "keeping the rule with greater revision.".format(rule.sid))
                 rulemap[rule.id] = rule
 
     return rulemap