suricata_check.utils.checker ============================ .. py:module:: suricata_check.utils.checker .. autoapi-nested-parse:: The `suricata_check.utils.checker` module contains several utilities for developing rule checkers. Functions --------- .. autoapisummary:: suricata_check.utils.checker.are_rule_options_always_put_before suricata_check.utils.checker.are_rule_options_equal_to_regex suricata_check.utils.checker.are_rule_options_put_before suricata_check.utils.checker.check_rule_option_recognition suricata_check.utils.checker.count_rule_options suricata_check.utils.checker.get_all_variable_groups suricata_check.utils.checker.get_rule_keyword_sequences suricata_check.utils.checker.get_rule_option suricata_check.utils.checker.get_rule_option_position suricata_check.utils.checker.get_rule_option_positions suricata_check.utils.checker.get_rule_options suricata_check.utils.checker.get_rule_options_positions suricata_check.utils.checker.get_rule_sticky_buffer_naming suricata_check.utils.checker.get_rule_suboption suricata_check.utils.checker.get_rule_suboptions suricata_check.utils.checker.is_rule_option_always_equal_to_regex suricata_check.utils.checker.is_rule_option_always_put_before suricata_check.utils.checker.is_rule_option_equal_to suricata_check.utils.checker.is_rule_option_equal_to_regex suricata_check.utils.checker.is_rule_option_first suricata_check.utils.checker.is_rule_option_last suricata_check.utils.checker.is_rule_option_one_of suricata_check.utils.checker.is_rule_option_put_before suricata_check.utils.checker.is_rule_option_set suricata_check.utils.checker.is_rule_suboption_always_equal_to_regex suricata_check.utils.checker.is_rule_suboption_equal_to suricata_check.utils.checker.is_rule_suboption_equal_to_regex suricata_check.utils.checker.is_rule_suboption_set suricata_check.utils.checker.select_rule_options_by_regex Module Contents --------------- .. py:function:: are_rule_options_always_put_before(rule: idstools.rule.Rule, names: collections.abc.Iterable[str], other_names: collections.abc.Sequence[str], sequence: Optional[collections.abc.Iterable[str]] = None) -> Optional[bool] Checks whether rule options are placed before one or more other options. .. py:function:: are_rule_options_equal_to_regex(rule: idstools.rule.Rule, names: collections.abc.Iterable[str], regex) -> bool Checks whether a rule has certain options set to match a certain regex. If multiple options are set, it will return True if atleast one option matches the regex. Args: rule (idstools.rule.Rule): rule to be inspected names (Iterable[str]): names of the options regex (Union[re.Pattern, regex.Pattern]): regex to check for Returns: bool: True iff the rule has atleast one option matching the regex .. py:function:: are_rule_options_put_before(rule: idstools.rule.Rule, names: Union[collections.abc.Sequence[str], set[str]], other_names: Union[collections.abc.Sequence[str], set[str]], sequence: Optional[collections.abc.Iterable[str]] = None) -> Optional[bool] Checks whether rule options are placed before one or more other options. .. py:function:: check_rule_option_recognition(rule: idstools.rule.Rule) -> None Checks whether all rule options and metadata options are recognized. Unrecognized options will be logged as a warning in `suricata-check.log` .. py:function:: count_rule_options(rule: idstools.rule.Rule, name: Union[str, collections.abc.Iterable[str]]) -> int Counts how often an option is set in a rule. Args: rule (idstools.rule.Rule): rule to be inspected name (Union[str, Iterable[str]]): name or names of the option Returns: int: The number of times an option is set .. py:function:: get_all_variable_groups(rule: idstools.rule.Rule) -> list[str] Returns a list of variable groups such as $HTTP_SERVERS in a rule. .. py:function:: get_rule_keyword_sequences(rule: idstools.rule.Rule, seperator_keywords: collections.abc.Iterable[str] = BUFFER_KEYWORDS, included_keywords: collections.abc.Iterable[str] = ALL_DETECTION_KEYWORDS) -> collections.abc.Sequence[tuple[str, Ellipsis]] Returns a sequence of sequences of detection options in a rule. .. py:function:: get_rule_option(rule: idstools.rule.Rule, name: str) -> Optional[str] Retrieves one option of a rule with a certain name. If an option is set multiple times, it returns only one indeterminately. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option Returns: Optional[str]: The value of the option or None if it was not set. .. py:function:: get_rule_option_position(rule: idstools.rule.Rule, name: str) -> Optional[int] Finds the position of an option in the rule body. Return None if the option is not set or set multiple times. .. py:function:: get_rule_option_positions(rule: idstools.rule.Rule, name: str, sequence: Optional[tuple[str, Ellipsis]] = None) -> collections.abc.Sequence[int] Finds the positions of an option in the rule body. Optionally takes a sequence of options to use instead of `rule['options']`. .. py:function:: get_rule_options(rule: idstools.rule.Rule, name: Union[str, collections.abc.Iterable[str]]) -> collections.abc.Sequence[Optional[str]] Retrieves all options of a rule with a certain name. Args: rule (idstools.rule.Rule): rule to be inspected name (Union[str, Iterable[str]]): name or names of the option Returns: Sequence[str]: The values of the option. .. py:function:: get_rule_options_positions(rule: idstools.rule.Rule, names: collections.abc.Iterable[str], sequence: Optional[collections.abc.Iterable[str]] = None) -> collections.abc.Iterable[int] Finds the positions of several options in the rule body. .. py:function:: get_rule_sticky_buffer_naming(rule: idstools.rule.Rule) -> list[tuple[str, str]] Returns a list of tuples containing the name of a sticky buffer, and the modifier alternative. .. py:function:: get_rule_suboption(rule: idstools.rule.Rule, name: str, sub_name: str) -> Optional[str] Returns a suboption within an option is set. .. py:function:: get_rule_suboptions(rule: idstools.rule.Rule, name: str, warn: bool = True) -> collections.abc.Sequence[tuple[str, Optional[str]]] Returns a list of suboptions set in a rule. .. py:function:: is_rule_option_always_equal_to_regex(rule: idstools.rule.Rule, name: str, regex) -> Optional[bool] Checks whether a rule has a certain option set to match a certain regex. If the option is set multiple times, it will return True if all options match the regex. Returns none if the rule option is not set. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option regex (Union[re.Pattern, regex.Pattern]): regex to check for Returns: bool: True iff the rule has all options matching the regex .. py:function:: is_rule_option_always_put_before(rule: idstools.rule.Rule, name: str, other_names: Union[collections.abc.Sequence[str], set[str]], sequence: Optional[collections.abc.Iterable[str]] = None) -> Optional[bool] Checks whether a rule option is placed before one or more other options. .. py:function:: is_rule_option_equal_to(rule: idstools.rule.Rule, name: str, value: str) -> bool Checks whether a rule has a certain option set to a certain value. If the option is set multiple times, it will return True if atleast one option matches the value. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option value (str): value to check for Returns: bool: True iff the rule has the option set to the value atleast once .. py:function:: is_rule_option_equal_to_regex(rule: idstools.rule.Rule, name: str, regex) -> bool Checks whether a rule has a certain option set to match a certain regex. If the option is set multiple times, it will return True if atleast one option matches the regex. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option regex (Union[re.Pattern, regex.Pattern]): regex to check for Returns: bool: True iff the rule has atleast one option matching the regex .. py:function:: is_rule_option_first(rule: idstools.rule.Rule, name: str) -> Optional[int] Checks if a rule option is positioned at the beginning of the body. .. py:function:: is_rule_option_last(rule: idstools.rule.Rule, name: str) -> Optional[bool] Checks if a rule option is positioned at the end of the body. .. py:function:: is_rule_option_one_of(rule: idstools.rule.Rule, name: str, possible_values: Union[collections.abc.Sequence[str], set[str]]) -> bool Checks whether a rule has a certain option set to a one of certain values. If the option is set multiple times, it will return True if atleast one option matches a value. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option possible_values (Iterable[str]): values to check for Returns: bool: True iff the rule has the option set to one of the values atleast once .. py:function:: is_rule_option_put_before(rule: idstools.rule.Rule, name: str, other_names: Union[collections.abc.Sequence[str], set[str]], sequence: Optional[collections.abc.Iterable[str]] = None) -> Optional[bool] Checks whether a rule option is placed before one or more other options. .. py:function:: is_rule_option_set(rule: idstools.rule.Rule, name: str) -> bool Checks whether a rule has a certain option set. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option Returns: bool: True iff the option is set atleast once .. py:function:: is_rule_suboption_always_equal_to_regex(rule: idstools.rule.Rule, name: str, sub_name: str, regex) -> Optional[bool] Checks whether a rule has a certain option set to match a certain regex. If the option is set multiple times, it will return True if all options match the regex. Returns none if the rule option is not set. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option sub_name (str): name of the suboption regex (Union[re.Pattern, regex.Pattern]): regex to check for Returns: bool: True iff the rule has all options matching the regex .. py:function:: is_rule_suboption_equal_to(rule: idstools.rule.Rule, name: str, sub_name: str, value: str) -> bool Checks whether a rule has a certain suboption set to a certain value. If the suboption is set multiple times, it will return True if atleast one option matches the value. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option sub_name (str): name of the suboption value (str): value to check for Returns: bool: True iff the rule has the option set to the value atleast once .. py:function:: is_rule_suboption_equal_to_regex(rule: idstools.rule.Rule, name: str, sub_name: str, regex) -> bool Checks whether a rule has a certain option set to match a certain regex. If the option is set multiple times, it will return True if atleast one option matches the regex. Args: rule (idstools.rule.Rule): rule to be inspected name (str): name of the option sub_name (str): name of the suboption regex (Union[re.Pattern, regex.Pattern]): regex to check for Returns: bool: True iff the rule has atleast one option matching the regex .. py:function:: is_rule_suboption_set(rule: idstools.rule.Rule, name: str, sub_name: str) -> bool Checks if a suboption within an option is set. .. py:function:: select_rule_options_by_regex(rule: idstools.rule.Rule, regex) -> collections.abc.Iterable[str] Selects rule options present in rule matching a regular expression.