suricata_check.utils.rule

Module replacing idstools.rule and providing limited but similar functionality.

This module is inspired by and mostly uses the same interface Python idstools package. (https://github.com/jasonish/py-idstools)

Exceptions

Raised when a rule cannot be parsed by suricata-check.

`Rule`	Class representing a rule.
`RuleOption`	Class representing a rule option.

parse(→ Optional[Rule])

Parse a rule stringand return a wrapped Rule instance.

exception suricata_check.utils.rule.ParsingError(message: str)[source]

Raised when a rule cannot be parsed by suricata-check.

Most likely, such a rule is also an invalid Suricata rule.

Initializes the ParsingError with the raw rule as message.

class suricata_check.utils.rule.Rule(*args: tuple, **kwargs: dict)[source]

Class representing a rule.

Private Init function.

Use suricata_check.utils.rule.parse() instead to create Rule instances.

__hash__() → int[source]: Returns a unique hash that can be used as a fingerprint for the rule.

add_flowbits_option(value: str) → None[source]: Adds a flowbits option in the rule’s flowbits list.

add_metadata_options(values: collections.abc.Sequence[str]) → None[source]: Adds metadata options in the rule’s metadata list.

add_option(name: str, value: str | None) → None[source]: Adds an option in the rule’s options list.

add_reference_option(value: str) → None[source]: Adds a reference option in the rule’s references list.

class suricata_check.utils.rule.RuleOption[source]

Class representing a rule option.

__hash__() → int[source]: Returns a unique hash that can be used as a fingerprint for the rule option.

suricata_check.utils.rule.parse(buffer: str) → Rule | None[source]

Parse a rule stringand return a wrapped Rule instance.

Returns None when the text could not be parsed as a rule.