idstools-rulecat: argument to set suricata version

The Suricata version can be forced with --suricata-version. Github issue: #38
jasonish · Mar 7, 2017 · 02db0c6 · 02db0c6
1 parent 71cd9a8
commit 02db0c6
Show file tree

Hide file tree

Showing 4 changed files with 46 additions and 4 deletions.
diff --git a/README.rst b/README.rst
@@ -83,9 +83,10 @@ Changelog
 
 unreleased
 ~~~~~~~~~~
-
 - idstools-rulecat: fix issue parsing Suricata version on Python 3
 - idstools-rulecat: don't convert rules with noalert to drop
+- idstools-rulecat: allow suricata version to be set on the command
+  line (https://github.com/jasonish/py-idstools/issues/38)
 - `Commit log <https://github.com/jasonish/py-idstools/compare/0.5.5...HEAD>`_
 
 0.5.5

diff --git a/idstools/scripts/rulecat.py b/idstools/scripts/rulecat.py
@@ -610,6 +610,8 @@ def main():
                         metavar="<path>",
                         help="Path to Suricata program (default: %s)" %
                         suricata_path)
+    parser.add_argument("--suricata-version", metavar="<version>",
+                        help="Override Suricata version")
     parser.add_argument("-f", "--force", action="store_true", default=False,
                         help="Force operations that might otherwise be skipped")
     parser.add_argument("--rules-dir", metavar="<directory>",
@@ -668,7 +670,14 @@ def main():
     if args.dump_sample_configs:
         return dump_sample_configs()
 
-    if args.suricata and os.path.exists(args.suricata):
+    if args.suricata_version:
+        suricata_version = idstools.suricata.parse_version(args.suricata_version)
+        if not suricata_version:
+            logger.error("Failed to parse provided Suricata version: %s" % (
+                suricata_version))
+            return 1
+        logger.info("Forcing Suricata version to %s." % (suricata_version.full))
+    elif args.suricata and os.path.exists(args.suricata):
         suricata_version = idstools.suricata.get_version(args.suricata)
         if suricata_version:
             logger.info("Found Suricata version %s at %s." % (

diff --git a/idstools/suricata.py b/idstools/suricata.py
@@ -48,12 +48,15 @@ def get_path(program="suricata"):
     return None
 
 def parse_version(buf):
-    m = re.search("version ((\d+)\.(\d+)\.?(\d+|\w+)?)", str(buf).strip())
+    m = re.search("((\d+)\.(\d+)\.?(\d+|\w+)?)", str(buf).strip())
     if m:
         full = m.group(1)
         major = int(m.group(2))
         minor = int(m.group(3))
-        patch = int(m.group(4))
+        if not m.group(4):
+            patch = 0
+        else:
+            patch = int(m.group(4))
         short = "%s.%s" % (major, minor)
         return SuricataVersion(
             major=major, minor=minor, patch=patch, short=short, full=full,

diff --git a/tests/test_suricata.py b/tests/test_suricata.py
@@ -54,6 +54,8 @@ def test_parse_version_string(self):
         self.assertEqual(version.major, 3)
         self.assertEqual(version.minor, 1)
         self.assertEqual(version.patch, 3)
+        self.assertEqual(version.full, "3.1.3")
+        self.assertEqual(version.raw, buf)
 
     def test_parse_version_bytes(self):
         """Test parsing the version from a string buffer, as returned from
@@ -65,3 +67,30 @@ def test_parse_version_bytes(self):
         self.assertEqual(version.major, 3)
         self.assertEqual(version.minor, 1)
         self.assertEqual(version.patch, 3)
+        self.assertEqual(version.full, "3.1.3")
+        self.assertEqual(version.raw, buf)
+
+    def test_parse_version_3_part(self):
+        """Test parsing of a short version like "3.2.1" as may be provided by
+        the user on the command line. """
+        buf = "3.2.1"
+        version = suricata.parse_version(buf)
+        self.assertIsNotNone(version)
+        self.assertEqual(version.major, 3)
+        self.assertEqual(version.minor, 2)
+        self.assertEqual(version.patch, 1)
+        self.assertEqual(version.full, "3.2.1")
+        self.assertEqual(version.raw, "3.2.1")
+
+    def test_parse_version_2_part(self):
+        """Test parsing of a short version like "3.2" as may be provided by
+        the user on the command line. """
+        buf = "3.2"
+        version = suricata.parse_version(buf)
+        self.assertIsNotNone(version)
+        self.assertEqual(version.major, 3)
+        self.assertEqual(version.minor, 2)
+        self.assertEqual(version.patch, 0)
+        self.assertEqual(version.full, "3.2")
+        self.assertEqual(version.raw, "3.2")
+