Merge pull request #1094 in SNORT/snort3 from snort2lua_process_comment_rules to...

Squashed commit of the following:

commit b308d23efc41e03cbc1070bd3e1e8a75da554e5a
Author: davis mcpherson <davmcphe.cisco.com>
Date:   Tue Jan 16 08:51:49 2018 -0500

    snort2lua: detect commented 'alert' rules and convert them from snort to snort3 format. Leave the rules commented out in the snort3 rules file

diff --git a/tools/snort2lua/data/data_types/dt_rule.cc b/tools/snort2lua/data/data_types/dt_rule.cc
index 1cff2f9bff931578e5aa4b6dd099f1bff5a7c3b2..7e8c2f5989e195e64e21d0cdb8f3db64cb378ca8 100644 (file)
--- a/tools/snort2lua/data/data_types/dt_rule.cc
+++ b/tools/snort2lua/data/data_types/dt_rule.cc
@@ -109,7 +109,7 @@ std::ostream& operator<<(std::ostream& out, const Rule& rule)
     }
 
     if (rule.is_bad_rule || rule.is_comment)
-        out << "#";
+        out << "# ";
 
     for (std::size_t i = 0; i < rule.num_hdr_data; i++)
     {

diff --git a/tools/snort2lua/helpers/converter.cc b/tools/snort2lua/helpers/converter.cc
index 6d6a0ce5928e9da0f6a5bb423364713829732099..51d0bbd57037ecc43c4c052b4f11458db159715e 100644 (file)
--- a/tools/snort2lua/helpers/converter.cc
+++ b/tools/snort2lua/helpers/converter.cc
@@ -200,9 +200,12 @@ int Converter::parse_file(const std::string& input_file, bool reset)
         data_api.set_current_line(++line_num);
 
         std::size_t first_non_white_char = tmp.find_first_not_of(' ');
-        if ((first_non_white_char == std::string::npos) ||
+        bool commented_rule = false;
+        if ( tmp.length() > first_non_white_char + 7 )
+            commented_rule = tmp.compare(first_non_white_char, 7, "# alert") == 0;
+        if ( !commented_rule && ((first_non_white_char == std::string::npos) ||
             (tmp[first_non_white_char] == '#') ||
-            (tmp[first_non_white_char] == ';'))      // no, i did not know that semicolons made a
+            (tmp[first_non_white_char] == ';')))     // no, i did not know that semicolons made a
                                                      // line a comment
         {
             util::trim(tmp);
@@ -227,6 +230,12 @@ int Converter::parse_file(const std::string& input_file, bool reset)
             orig_text += tmp;
             std::istringstream data_stream(orig_text);
 
+            if (commented_rule)
+            {
+                std::string hash_char;
+                data_stream >> hash_char;
+            }
+
             try
             {
                 while (data_stream.peek() != EOF)
@@ -237,6 +246,8 @@ int Converter::parse_file(const std::string& input_file, bool reset)
                         break;
                     }
                 }
+                if (commented_rule)
+                    get_rule_api().make_rule_a_comment();
                 if(empty_args)
                 {
                     set_empty_args(false);

diff --git a/tools/snort2lua/keyword_states/kws_rule.cc b/tools/snort2lua/keyword_states/kws_rule.cc
index cf93f8f55725fe442a3c94c4cc8211de368ce6c2..a043e2c3600dbe164f7bca37b418f50949ec13b3 100644 (file)
--- a/tools/snort2lua/keyword_states/kws_rule.cc
+++ b/tools/snort2lua/keyword_states/kws_rule.cc
@@ -98,6 +98,7 @@ static ConversionState* drop_rule_ctor(Converter& c)
 }
 
 static const std::string alert = "alert";
+static const std::string c_alert = "# alert";
 static const std::string block = "block";
 static const std::string log = "log";
 static const std::string pass = "pass";
@@ -111,6 +112,7 @@ static const std::string activate = "activate";
 static const std::string dynamic = "dynamic";
 
 static const ConvertMap alert_api = { alert, rule_ctor<& alert>};
+static const ConvertMap c_alert_api = { c_alert, rule_ctor<& c_alert>};
 static const ConvertMap block_api = { block, rule_ctor<& block>};
 static const ConvertMap log_api = { log, rule_ctor<& log>};
 static const ConvertMap pass_api = { pass, rule_ctor<& pass>};
@@ -124,6 +126,7 @@ static const ConvertMap activate_api = { activate, dep_rule_ctor<& activate>};
 static const ConvertMap dynamic_api = { dynamic, dep_rule_ctor<& dynamic>};
 
 const ConvertMap* alert_map = &alert_api;
+const ConvertMap* c_alert_map = &c_alert_api;
 const ConvertMap* block_map = &block_api;
 const ConvertMap* log_map = &log_api;
 const ConvertMap* pass_map = &pass_api;