From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 29 Dec 2021 16:33:42 +0000 (-0600)
Subject: Fix multiple modifications not having an affect.
X-Git-Tag: 1.3.0rc1~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a4694f76d85c8a08c3878650a1f0ed71b272ad1e;p=thirdparty%2Fsuricata-update.git

Fix multiple modifications not having an affect.

In the case where multiple modifications changed a rule (drop included),
only the last modification took affect.

This is due to the modifications each being done on a clean version of
the rule, rather than the previously modified version of the rule.

Ticket #4259
---

diff --git a/suricata/update/main.py b/suricata/update/main.py
index 7d3b366..4962786 100644
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -1193,15 +1193,15 @@ def _main():
 
         for fltr in drop_filters:
             if fltr.match(rule):
-                rulemap[rule.id] = fltr.run(rule)
+                rule = fltr.run(rule)
                 drop_count += 1
 
         for fltr in modify_filters:
             if fltr.match(rule):
-                new_rule = fltr.run(rule)
-                if new_rule:
-                    rulemap[rule.id] = new_rule
-                    modify_count += 1
+                rule = fltr.run(rule)
+                modify_count += 1
+
+        rulemap[key] = rule
 
     # Check if we should disable ja3 rules.
     try: