def parse(self, lines):
"""
Parse the Zone lines from tzdata.
@param lines: the lines to parse.
@type lines: C{str}
"""
# Parse one line at a time
splitlines = lines.split("\n")
# First line is special
line = splitlines[0]
splits = [x for x in line.expandtabs(1).split(" ") if len(x) > 0]
self.name = splits[1]
rule = ZoneRule(self)
rule.parse(line, 0)
self.rules.append(rule)
for line in splitlines[1:]:
if len(line) == 0:
continue
rule = ZoneRule(self)
rule.parse(line, 2)
if rule.gmtoff != "#":
self.rules.append(rule)
def parse(self, lines):
"""
Parse the Zone lines from tzdata.
@param lines: the lines to parse.
@type lines: C{str}
"""
# Parse one line at a time
splitlines = lines.split("\n")
# First line is special
line = splitlines[0]
splits = [x for x in line.expandtabs(1).split(" ") if len(x) > 0]
self.name = splits[1]
rule = ZoneRule(self)
rule.parse(line, 0)
self.rules.append(rule)
for line in splitlines[1:]:
if len(line) == 0:
continue
rule = ZoneRule(self)
rule.parse(line, 2)
if rule.gmtoff != "#":
self.rules.append(rule)
def json_to_listofdicts():
'''
parse out rule, if rule doesnt have sid then assign sid.
write latest sid to config.
return list of dictionaries.
'''
out = download_vetted_json()
networklist = []
if out == None:
with open('snort_suricata_client.log', 'a') as logfile:
logfile.write(st + ": no signatures to download." + "\n")
else:
for o in out['vetted']:
sig = o['indicators']
for s in sig:
parsed_rule = rule.parse(s)
if parsed_rule != None:
posthash = None
if parsed_rule.sid == None:
parsed_rule.sid = str(config.SID_START)
rule_with_sid = rule.parse(parsed_rule.raw[:-1] +
' sid: ' + parsed_rule.sid +
';)')
with open('snort_suricata_client.log', 'a') as logfile:
logfile.write(st + ": assigned sid " +
str(config.SID_START) +
' to rule \"' + parsed_rule.msg +
'\"' + "\n")
config.SID_START = int(config.SID_START) + 1
parsed_rule.raw = rule_with_sid
posthash = o['type_hash']
# writes next sid to config file
with open('config.py', 'r+') as f:
text = f.read()
out = re.sub('SID_START = .*',
'SID_START = ' + str(config.SID_START),
text)
f.seek(0)
f.write(out)
# create dictionary with all the data needed for sid-msg.map file and return it
networkdumps = json.dumps(parsed_rule)
networkloads = json.loads(networkdumps)
networkloads['type_hash'] = o['type_hash']
networkloads['sid'] = parsed_rule.sid
networkloads['tags'] = o['tags']
networkloads['source'] = o['source']
networkloads['priority'] = o['priority']
networkloads['newsid'] = posthash
networkloads['raw'] = parsed_rule.raw
networklist.append(networkloads)
return networklist
def json_to_listofdicts():
'''
parse out rule, if rule doesnt have sid then assign sid.
write latest sid to config.
return list of dictionaries.
'''
out = download_vetted_json()
networklist = []
if out == None:
with open('snort_suricata_client.log', 'a') as logfile:
logfile.write(st + ": no signatures to download." + "\n")
else:
for o in out['vetted']:
sig = o['indicators']
for s in sig:
parsed_rule = rule.parse(s)
if parsed_rule != None:
posthash = None
if parsed_rule.sid == None:
parsed_rule.sid = str(config.SID_START)
rule_with_sid = rule.parse(parsed_rule.raw[:-1] + ' sid: ' + parsed_rule.sid + ';)')
with open('snort_suricata_client.log', 'a') as logfile:
logfile.write(st + ": assigned sid " + str(config.SID_START) + ' to rule \"' + parsed_rule.msg + '\"' + "\n")
config.SID_START = int(config.SID_START) + 1
parsed_rule.raw = rule_with_sid
posthash = o['type_hash']
# writes next sid to config file
with open('config.py', 'r+') as f:
text = f.read()
out = re.sub('SID_START = .*', 'SID_START = ' + str(config.SID_START), text)
f.seek(0)
f.write(out)
# create dictionary with all the data needed for sid-msg.map file and return it
networkdumps = json.dumps(parsed_rule)
networkloads = json.loads(networkdumps)
networkloads['type_hash'] = o['type_hash']
networkloads['sid'] = parsed_rule.sid
networkloads['tags'] = o['tags']
networkloads['source'] = o['source']
networkloads['priority'] = o['priority']
networkloads['newsid'] = posthash
networkloads['raw'] = parsed_rule.raw
networklist.append(networkloads)
return networklist
