suricata_check.utils.rule
=========================

.. py:module:: suricata_check.utils.rule

.. autoapi-nested-parse::

   Module replacing idstools.rule and providing limited but similar functionality.

   This module is inspired by and mostly uses the same interface Python idstools package. (https://github.com/jasonish/py-idstools)



Exceptions
----------

.. autoapisummary::

   suricata_check.utils.rule.ParsingError


Classes
-------

.. autoapisummary::

   suricata_check.utils.rule.Rule
   suricata_check.utils.rule.RuleOption


Functions
---------

.. autoapisummary::

   suricata_check.utils.rule.parse


Module Contents
---------------

.. py:exception:: ParsingError(message: str)

   Bases: :py:obj:`RuntimeError`


   Raised when a rule cannot be parsed by suricata-check.

   Most likely, such a rule is also an invalid Suricata rule.

   Initializes the `ParsingError` with the raw rule as message.


.. py:class:: Rule(*args: tuple, **kwargs: dict)

   Class representing a rule.

   Private Init function.

   Use suricata_check.utils.rule.parse() instead to create Rule instances.


   .. py:method:: __hash__() -> int

      Returns a unique hash that can be used as a fingerprint for the rule.



   .. py:method:: add_flowbits_option(value: str) -> None

      Adds a flowbits option in the rule's flowbits list.



   .. py:method:: add_metadata_options(values: collections.abc.Sequence[str]) -> None

      Adds metadata options in the rule's metadata list.



   .. py:method:: add_option(name: str, value: Optional[str]) -> None

      Adds an option in the rule's options list.



   .. py:method:: add_reference_option(value: str) -> None

      Adds a reference option in the rule's references list.



.. py:class:: RuleOption

   Class representing a rule option.


   .. py:method:: __hash__() -> int

      Returns a unique hash that can be used as a fingerprint for the rule option.



.. py:function:: parse(buffer: str) -> Optional[Rule]

   Parse a rule stringand return a wrapped `Rule` instance.

   Returns None when the text could not be parsed as a rule.

   :param buffer: A string containing a single Suricata-like rule

   :returns: An instance of of `Rule` representing the parsed rule