1"""`ReferenceChecker`."""
2
3import logging
4from types import MappingProxyType
5
6from suricata_check.checkers.interface import CheckerInterface
7from suricata_check.utils.checker import (
8 is_rule_option_equal_to_regex,
9)
10from suricata_check.utils.checker_typing import ISSUES_TYPE, Issue
11from suricata_check.utils.regex_provider import get_regex_provider
12from suricata_check.utils.rule import Rule
13
14_regex_provider = get_regex_provider()
15
16_S700_REGEX = _regex_provider.compile(
17 r"^(?!url).*[A-Z]+.*$",
18)
19_S701_REGEX = _regex_provider.compile(
20 r"^url,\s*https?.*$",
21 _regex_provider.IGNORECASE,
22)
23
24
[docs]
25class ReferenceChecker(CheckerInterface):
26 """The `ReferenceChecker` contains several checks for Suricata reference option.
27
28 Codes S700-710 report on non-standard usages of `reference`
29 """
30
31 codes = MappingProxyType(
32 {
33 "S700": {"severity": logging.INFO},
34 "S701": {"severity": logging.INFO},
35 },
36 )
37
38 def _check_rule(
39 self: "ReferenceChecker",
40 rule: Rule,
41 ) -> ISSUES_TYPE:
42 issues: ISSUES_TYPE = []
43
44 if is_rule_option_equal_to_regex(rule, "reference", _S700_REGEX):
45 issues.append(
46 Issue(
47 code="S700",
48 message="""\
49The rule uses uppercase characters in the `reference` option.
50Consider using only lowercase characters.\
51""",
52 ),
53 )
54
55 if is_rule_option_equal_to_regex(rule, "reference", _S701_REGEX):
56 issues.append(
57 Issue(
58 code="S701",
59 message="""\
60The rule specifies the web protocol in the `reference` option.
61Consider removing the protocol.\
62""",
63 ),
64 )
65
66 return issues