From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 2 Jul 2025 16:32:12 +0000 (-0600)
Subject: lua: support lua rules
X-Git-Tag: 1.3.6~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d9170d80233c821fa9f52b7fab1eb39619b5fcb;p=thirdparty%2Fsuricata-update.git

lua: support lua rules

Add lua to the list of keywords that reference files and copy in place.

Makes use of the filehash function, so make that function more generic
for embedded files.

Ticket: #6395
---

diff --git a/suricata/update/main.py b/suricata/update/main.py
index f94d7c2..f03611f 100644
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -97,7 +97,7 @@ DEFAULT_OUTPUT_RULE_FILENAME = "suricata.rules"
 INDEX_EXPIRATION_TIME = 60 * 60 * 24 * 14
 
 # Rule keywords that come with files
-file_kw = ["filemd5", "filesha1", "filesha256", "dataset"]
+file_kw = ["filemd5", "filesha1", "filesha256", "dataset", "lua"]
 
 def strict_error(msg):
     logger.error(msg)
@@ -501,22 +501,22 @@ def handle_dataset_files(rule, dep_files):
         fp.write(dataset_contents.decode("utf-8"))
     return new_rule
 
-def handle_filehash_files(rule, dep_files, fhash):
+def handle_embedded_file(rule, dep_files, kw):
     if not rule.enabled:
         return
-    filehash_fname = rule.get(fhash)
+    embedded_filename = rule.get(kw)
 
     # Get the directory name the rule is from.
     prefix = os.path.dirname(rule.group)
 
-    source_filename = os.path.join(prefix, filehash_fname)
+    source_filename = os.path.join(prefix, embedded_filename)
     dest_filename = source_filename[len(prefix) + len(os.path.sep):]
     logger.debug("dest_filename={}".format(dest_filename))
 
     if source_filename not in dep_files:
-        logger.error("{} file {} was not found".format(fhash, filehash_fname))
+        logger.error("{} file {} was not found".format(kw, embedded_filename))
     else:
-        logger.debug("Copying %s file %s to output directory" % (fhash, filehash_fname))
+        logger.debug("Copying %s file %s to output directory" % (kw, embedded_filename))
         filepath = os.path.join(config.get_output_dir(), os.path.dirname(dest_filename))
         logger.debug("filepath: %s" % filepath)
         try:
@@ -525,7 +525,7 @@ def handle_filehash_files(rule, dep_files, fhash):
             if oserr.errno != errno.EEXIST:
                 logger.error(oserr)
                 sys.exit(1)
-        output_filename = os.path.join(filepath, os.path.basename(filehash_fname))
+        output_filename = os.path.join(filepath, os.path.basename(embedded_filename))
         logger.debug("output fname: %s" % output_filename)
         with open(output_filename, "w") as fp:
             fp.write(dep_files[source_filename].decode("utf-8"))
@@ -572,7 +572,7 @@ def write_merged(filename, rulemap, dep_files):
                     if "dataset" == kw:
                         reformatted = handle_dataset_files(rule, dep_files)
                     else:
-                        handle_filehash_files(rule, dep_files, kw)
+                        handle_embedded_file(rule, dep_files, kw)
             if reformatted:
                 print(reformatted, file=fileobj)
             else:
@@ -633,7 +633,7 @@ def write_to_directory(directory, files, rulemap, dep_files):
                             if "dataset" == kw:
                                 reformatted = handle_dataset_files(rulemap[rule.id], dep_files)
                             else:
-                                handle_filehash_files(rulemap[rule.id], dep_files, kw)
+                                handle_embedded_file(rulemap[rule.id], dep_files, kw)
                     if reformatted:
                         content.append(reformatted)
                     else: