suricata_check.checkers.styleguide ================================== .. py:module:: suricata_check.checkers.styleguide .. autoapi-nested-parse:: The `suricata_check.checkers.styleguide` modules contains several checkers based on the Suricata Style Guide. Reference: https://github.com/sidallocation/suricata-style-guide Submodules ---------- .. toctree:: :maxdepth: 1 /autoapi/suricata_check/checkers/styleguide/metadata/index /autoapi/suricata_check/checkers/styleguide/msg/index /autoapi/suricata_check/checkers/styleguide/order/index /autoapi/suricata_check/checkers/styleguide/overall/index /autoapi/suricata_check/checkers/styleguide/pcre/index /autoapi/suricata_check/checkers/styleguide/performance/index /autoapi/suricata_check/checkers/styleguide/reference/index /autoapi/suricata_check/checkers/styleguide/sid/index /autoapi/suricata_check/checkers/styleguide/state/index /autoapi/suricata_check/checkers/styleguide/whitespace/index Classes ------- .. autoapisummary:: suricata_check.checkers.styleguide.MetadataChecker suricata_check.checkers.styleguide.MsgChecker suricata_check.checkers.styleguide.OrderChecker suricata_check.checkers.styleguide.OverallChecker suricata_check.checkers.styleguide.PcreChecker suricata_check.checkers.styleguide.PerformanceChecker suricata_check.checkers.styleguide.ReferenceChecker suricata_check.checkers.styleguide.SidChecker suricata_check.checkers.styleguide.StateChecker suricata_check.checkers.styleguide.WhitespaceChecker Package Contents ---------------- .. py:class:: MetadataChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `MetadataChecker` contains several checks for Suricata metadata options. Codes S800-810 report on missing common `metadata` fields Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: MsgChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `MsgChecker` contains several checks based for the Msg option in Suricata rules. Codes S400-S410 report on non-standard `msg` fields. Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: OrderChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `OrderChecker` contains several checks on the ordering Suricata options. Note that the correct ordering of detection options is as follows: 1. Buffer 2. Size 3. Transformation 4. Content 5. Pointer movement 6. Fast pattern 7. Nocase 8. Other payload options Codes S200-S209 report on the non-standard ordering of common options. Codes S210-S219 report on the non-standard ordering of content matches. Codes S220-S229 report on the non-standard ordering of flow options. Codes S230-S239 report on the non-standard ordering of detection options. Codes S240-S249 report on the non-standard ordering of threshold options. Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: OverallChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `OverallChecker` contains several the most basic checks for Suricata rules. Codes S000-S009 report on issues with the direction of the rule. Codes S010-S019 report on issues pertaining to the usage of non-standard options. Codes S020-S029 report on issues pertaining to the non-usage of recommended options. Codes S020-S029 report on issues pertaining to the non-usage of recommended options. Codes S031-S039 report on issues pertaining to the inappropriate usage of options. Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: PcreChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `PcreChecker` contains several checks for Suricata PCRE options. Codes S600-610 report on unrecommended usages of `pcre` Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: PerformanceChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `PerformanceChecker` contains several checks for Suricata performance issues. Codes S900-910 report on usage of options that can slow the detection engine. Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: ReferenceChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `ReferenceChecker` contains several checks for Suricata reference option. Codes S700-710 report on non-standard usages of `reference` Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: SidChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `SidChecker` contains several checks based on the Suricata SID allocation. Specifically, the `SidChecker` checks for the following: S300: Allocation to reserved SID range, whereas no range is reserved for the rule. S301: Allocation to unallocated SID range, whereas local range should be used. S302: Allocation to wrong reserved SID range, whereas another reserved range should be used. S303: Allocation to unallocated SID range, whereas a reserved range should be used. Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: StateChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `StateChecker` contains several checks for Suricata options relating to the connection or detection state. Codes S500-S510 report on non-standard usages of `flow` Codes S510-S520 report on non-standard usages of `flowbits` Codes S520-S530 report on non-standard usages of `xbits` Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module .. py:class:: WhitespaceChecker(include: Optional[collections.abc.Iterable[str]] = None) Bases: :py:obj:`suricata_check.checkers.interface.CheckerInterface` The `WhitespaceChecker` contains several checks based on the Suricata Style guide relating to formatting rules. Codes S100-S109 report on unneccessary whitespace that should be removed. Codes S110-S119 report on missing whitespace that should be added. Codes S120-S129 report on non-standard escaping of special characters. Initializes the checker given a list of issue codes to emit. .. py:attribute:: codes A Mapping of issue codes emitted by the checker to metadata for those issue types. The metadata is structured in the form of a Mapping from attribute name to attribute value. The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module