Parsing a badly-formatted rule ends in seg fault
imbellish opened this issue · comments
Ian Bellamy commented
To reproduce:
>>> from idstools import rule
>>> rule.parse_file('snort.rules')
NOTE: the second rule is missing a semi-colon after metadata
, an obvious cause, but a typo on my part.
snort.rules
drop ( msg: "REPUTATION_EVENT_BLACKLIST"; sid: 1; gid: 136; rev: 1; metadata: rule-type preproc; classtype:bad-unknown; )
alert icmp any any -> $HOME_NET any (msg:"ICMP test detected"; gid:0; sid:10000001; rev:1; classtype: icmp-event; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop)
alert ip any any -> any any (msg: "IP Packet detected"; gid:0; sid:10000002; rev:1; classtype:icmp-event; metadata:policy balanced-ips drop, policy connectivity-ips drop, policy security-ips drop;)
alert ( msg: "REPUTATION_EVENT_WHITELIST"; sid: 2; gid: 136; rev: 1; metadata: rule-type preproc; classtype:bad-unknown; )
Version information:
I tested this out on two different python versions since seg faults are unusual. Not sure if it affects python 3 but I'd guess that it does.
- Python 2.7.6, 2.7.9
- idstools 0.6.1, 0.6.2
Jason Ish commented
Thanks. This should be fixed in master now.