Source code for suricata_check.checkers.styleguide.reference

 1"""`ReferenceChecker`."""
 2
 3import logging
 4
 5import idstools.rule
 6
 7from suricata_check.checkers.interface import CheckerInterface
 8from suricata_check.utils.checker import (
 9    is_rule_option_equal_to_regex,
10)
11from suricata_check.utils.checker_typing import ISSUES_TYPE, Issue
12from suricata_check.utils.regex import get_regex_provider
13
14_regex_provider = get_regex_provider()
15
16_S700_REGEX = _regex_provider.compile(
17    r"^(?!url).*[A-Z]+.*$",
18)
19_S701_REGEX = _regex_provider.compile(
20    r"^url,\s*https?.*$",
21    _regex_provider.IGNORECASE,
22)
23
24
[docs] 25class ReferenceChecker(CheckerInterface): 26 """The `ReferenceChecker` contains several checks for Suricata reference option. 27 28 Codes S700-710 report on non-standard usages of `reference` 29 """ 30 31 codes = { 32 "S700": {"severity": logging.INFO}, 33 "S701": {"severity": logging.INFO}, 34 } 35 36 def _check_rule( 37 self: "ReferenceChecker", 38 rule: idstools.rule.Rule, 39 ) -> ISSUES_TYPE: 40 issues: ISSUES_TYPE = [] 41 42 if is_rule_option_equal_to_regex(rule, "reference", _S700_REGEX): 43 issues.append( 44 Issue( 45 code="S700", 46 message="""\ 47The rule uses uppercase characters in the `reference` option. 48Consider using only lowercase characters.\ 49""", 50 ), 51 ) 52 53 if is_rule_option_equal_to_regex(rule, "reference", _S701_REGEX): 54 issues.append( 55 Issue( 56 code="S701", 57 message="""\ 58The rule specifies the web protocol in the `reference` option. 59Consider removing the protocol.\ 60""", 61 ), 62 ) 63 64 return issues