From: Jason Ish Date: Tue, 27 Feb 2018 17:11:13 +0000 (-0600) Subject: notes: output notes at end of run X-Git-Tag: 1.0.0rc1~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f0613f1a262dab1c8ba986486757f1e83effd762;p=thirdparty%2Fsuricata-update.git notes: output notes at end of run Currently notes are printed if a rule was disabled due to unknown address or port group variables. --- diff --git a/suricata/update/main.py b/suricata/update/main.py index 57ea47a..b74a27e 100644 --- a/suricata/update/main.py +++ b/suricata/update/main.py @@ -61,6 +61,7 @@ from suricata.update import util from suricata.update import sources from suricata.update import commands from suricata.update import exceptions +from suricata.update import notes from suricata.update.version import version try: @@ -802,6 +803,7 @@ def check_vars(suriconf, rulemap): logger.warning( "Rule has unknown source address var and will be disabled: %s: %s" % ( var, rule.brief())) + notes.address_group_vars.add(var) disable = True for var in suricata.update.rule.parse_var_names( rule["dest_addr"]): @@ -809,6 +811,7 @@ def check_vars(suriconf, rulemap): logger.warning( "Rule has unknown dest address var and will be disabled: %s: %s" % ( var, rule.brief())) + notes.address_group_vars.add(var) disable = True for var in suricata.update.rule.parse_var_names( rule["source_port"]): @@ -816,6 +819,7 @@ def check_vars(suriconf, rulemap): logger.warning( "Rule has unknown source port var and will be disabled: %s: %s" % ( var, rule.brief())) + notes.port_group_vars.add(var) disable = True for var in suricata.update.rule.parse_var_names( rule["dest_port"]): @@ -823,6 +827,7 @@ def check_vars(suriconf, rulemap): logger.warning( "Rule has unknown dest port var and will be disabled: %s: %s" % ( var, rule.brief())) + notes.port_group_vars.add(var) disable = True if disable: @@ -1387,6 +1392,7 @@ def _main(): if not args.force and not file_tracker.any_modified(): logger.info("No changes detected, exiting.") + notes.dump_notes() return 0 if not test_suricata(suricata_path): @@ -1404,6 +1410,8 @@ def _main(): logger.info("Done.") + notes.dump_notes() + return 0 def main(): diff --git a/suricata/update/notes.py b/suricata/update/notes.py new file mode 100644 index 0000000..6288781 --- /dev/null +++ b/suricata/update/notes.py @@ -0,0 +1,60 @@ +# Copyright (C) 2018 Open Information Security Foundation +# +# You can copy, redistribute or modify this Program under the terms of +# the GNU General Public License version 2 as published by the Free +# Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# version 2 along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +from __future__ import print_function + +import textwrap + +# Address group notes. +address_group_vars = set() + +# Port group notes. +port_group_vars = set() + +# Template for missing address-group variable. +missing_address_group_var_template = """ +A rule has been disabled due to the unknown address-group variable +%(var)s being used. You may want to add this variable to your Suricata +configuration file. +""" + +# Template for missing port-group variable. +missing_port_group_var_template = """ +A rule has been disabled due to the unknown port-group variable +%(var)s being used. You may want to add this variable to your Suricata +configuration file. +""" + +def render_note(note): + lines = textwrap.wrap(note.strip().replace("\n", " ")) + print("* %s" % (lines[0])) + for line in lines[1:]: + print(" %s" % (line)) + +def dump_notes(): + notes = [] + + for var in address_group_vars: + notes.append(missing_address_group_var_template % {"var": var}) + + for var in port_group_vars: + notes.append(missing_port_group_var_template % {"var": var}) + + if notes: + print("\nNotes:\n") + for note in notes: + render_note(note) + print("")