def _is_snort_rule_invalid(rule):
'''Check if the snort rule given is invalid by trying to compile it.
rule -- Snort rule to test.
'''
filepath = '/tmp/tmp_' + ''.join(random.choice(string.lowercase) for i in range(8))
f = open(filepath, "w")
f.write(rule)
f.close()
if not rule.startswith('alert'):
return 'Snort rule does not start with "alert"'
if "threshold" in rule:
return 'threshold in snort rule is deprecated'
dp = dumbpig.RuleChecker()
dp.set_rule_file(filepath)
dp.test_rule_file()
os.remove(filepath)
result = json.dumps(dp.json_output()).encode('utf8').decode('string_escape')
if (result == '"{}"'):
return None
else:
return result
############################################
######## Attribute Check Functions #########
############################################
评论列表
文章目录
