From: Jason Ish Date: Fri, 8 Dec 2017 22:37:51 +0000 (-0600) Subject: user agent: moving suricata version check up X-Git-Tag: 1.0.0b1~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a99f16bc3e55c2946bf5c10b9c89bd3a5697cebe;p=thirdparty%2Fsuricata-update.git user agent: moving suricata version check up before sub-commands, so the Suricata version can be provided in "update-sources". Also make --suricata and --suricata-path global options, so sub-commands can depend on them. --- diff --git a/doc/common-options.rst b/doc/common-options.rst index f2c1d96..da1bff7 100644 --- a/doc/common-options.rst +++ b/doc/common-options.rst @@ -22,6 +22,19 @@ Provide more verbose output. +.. option:: --suricata + + The path to the Suricata program. If not provided + ``suricata-update`` will attempt to find Suricata on your path. + + The Suricata program is used to determine the version of Suricata + as well as providing information about the Suricata configuration. + +.. option:: --suricata-version + + Set the Suricata version to a specific version instead of checking + the version of Suricata on the path. + .. option:: --user-agent Set a custom user agent string for HTTP requests. diff --git a/doc/update.rst b/doc/update.rst index 56905cd..01b225b 100644 --- a/doc/update.rst +++ b/doc/update.rst @@ -24,17 +24,6 @@ Options Default: */var/lib/suricata/rules* -.. option:: --suricata= - - The path to the Suricata program used to determine which version of - the ET pro rules to download if not explicitly set in a ``--url`` - argument. - -.. option:: --suricata-version - - Set the Suricata version to a specific version instead of checking - the version of Suricata on the path. - .. option:: --force Force remote rule files to be downloaded if they otherwise wouldn't diff --git a/suricata/update/main.py b/suricata/update/main.py index 44e1922..62a68ef 100644 --- a/suricata/update/main.py +++ b/suricata/update/main.py @@ -937,6 +937,12 @@ def _main(): global_parser.add_argument( "-c", "--config", metavar="", help="configuration file (default: /etc/suricata/update.yaml)") + global_parser.add_argument( + "--suricata", metavar="", + help="Path to Suricata program") + global_parser.add_argument( + "--suricata-version", metavar="", + help="Override Suricata version") global_parser.add_argument( "--user-agent", metavar="", help="Set custom user-agent string") @@ -956,10 +962,6 @@ def _main(): update_parser.add_argument( "-o", "--output", metavar="", dest="output", help="Directory to write rules to") - update_parser.add_argument("--suricata", metavar="", - help="Path to Suricata program") - update_parser.add_argument("--suricata-version", metavar="", - help="Override Suricata version") update_parser.add_argument("-f", "--force", action="store_true", default=False, help="Force operations that might otherwise be skipped") @@ -1085,6 +1087,47 @@ def _main(): logger.debug("This is suricata-update version %s (rev: %s); Python: %s" % ( version, revision, sys.version.replace("\n", "- "))) + # Check for Suricata binary... + if args.suricata: + if not os.path.exists(args.suricata): + logger.error("Specified path to suricata does not exist: %s", + args.suricata) + return 1 + suricata_path = args.suricata + else: + suricata_path = suricata.update.engine.get_path() + if not suricata_path: + logger.warning("No suricata application binary found on path.") + + # Now parse the Suricata version. If provided on the command line, + # use that, otherwise attempt to get it from Suricata. + if args.suricata_version: + # The Suricata version was passed on the command line, parse it. + suricata_version = suricata.update.engine.parse_version( + args.suricata_version) + if not suricata_version: + logger.error("Failed to parse provided Suricata version: %s" % ( + args.suricata_version)) + return 1 + logger.info("Forcing Suricata version to %s." % (suricata_version.full)) + elif suricata_path: + suricata_version = suricata.update.engine.get_version(args.suricata) + if suricata_version: + logger.info("Found Suricata version %s at %s." % ( + str(suricata_version.full), suricata_path)) + else: + logger.error("Failed to get Suricata version.") + return 1 + else: + logger.info( + "Using default Suricata version of %s", DEFAULT_SURICATA_VERSION) + suricata_version = suricata.update.engine.parse_version( + DEFAULT_SURICATA_VERSION) + + # Provide the Suricata version to the net module to add to the + # User-Agent. + suricata.update.net.set_user_agent_suricata_version(suricata_version.full) + # Load custom user-agent-string. user_agent = config.get("user-agent") if user_agent: @@ -1123,43 +1166,6 @@ def _main(): if args.no_ignore: config.set(config.IGNORE_KEY, []) - # Check for Suricata binary... - if args.suricata: - if not os.path.exists(args.suricata): - logger.error("Specified path to suricata does not exist: %s", - args.suricata) - return 1 - suricata_path = args.suricata - else: - suricata_path = suricata.update.engine.get_path() - if not suricata_path: - logger.warning("No suricata application binary found on path.") - - if args.suricata_version: - # The Suricata version was passed on the command line, parse it. - suricata_version = suricata.update.engine.parse_version( - args.suricata_version) - if not suricata_version: - logger.error("Failed to parse provided Suricata version: %s" % ( - args.suricata_version)) - return 1 - logger.info("Forcing Suricata version to %s." % (suricata_version.full)) - elif suricata_path: - suricata_version = suricata.update.engine.get_version(args.suricata) - if suricata_version: - logger.info("Found Suricata version %s at %s." % ( - str(suricata_version.full), suricata_path)) - else: - logger.error("Failed to get Suricata version.") - return 1 - else: - logger.info( - "Using default Suricata version of %s", DEFAULT_SURICATA_VERSION) - suricata_version = suricata.update.engine.parse_version( - DEFAULT_SURICATA_VERSION) - - suricata.update.net.set_user_agent_suricata_version(suricata_version.full) - file_tracker = FileTracker() disable_matchers = []