more work and begin work on the bin bit

2022-12-17 14:10:07 -06:00 · 2022-12-17 14:10:07 -06:00 · 3bd1b1c936
parent 3bc667aa7f
commit 3bd1b1c936
5 changed files with 51 additions and 7 deletions
--- a/7
+++ b/7
@ -4,16 +4,19 @@ lib/Regexp/F2B/INI.pm
 Makefile.PL
 MANIFEST			This list of files
 README.md
+src_bin/regexp-f2b
+bin/.exists
 t/00-load.t
 t/01-load.t
-t/creation_from_file.t
 t/creation.t
-t/filter.d
+t/creation_from_file.t
 t/filter.d/common.conf
 t/filter.d/fast-log-attack-src.conf
 t/filter.d/sshd.conf
+t/ini.t
 t/manifest.t
 t/pod-coverage.t
 t/pod.t
 t/proc_lines.t
 t/regexp.t
+
--- a/bin/.exists
+++ b/bin/.exists
--- a/lib/Regexp/F2B.pm
+++ b/lib/Regexp/F2B.pm
@ -169,11 +169,11 @@ sub new {
 		}

 		# process any /F-[A-Za-z0-9\_\-]+/ items
-		if ( $self->{regexp}[$int] =~ /\<F\-[A-Za-z0-9\_\-]+\>/ ) {
-			$self->{regexp}[$int] =~ s/\<F\-([A-Za-z0-9\_\-]+)\>/(?<F$1>/g;
+		if ( $self->{regexp}[$int] =~ /\<F\-[A-Za-z0-9\_]+\>/ ) {
+			$self->{regexp}[$int] =~ s/\<F\-([A-Za-z0-9\_]+)\>/(?<F$1>/g;
 		}
-		if ( $self->{regexp}[$int] =~ /\<F\-[A-Za-z0-9\_\-]+\>/ ) {
-			$self->{regexp}[$int] =~ s/\<\/F\-[A-Za-z0-9\_\-]+\>/)/g;
+		if ( $self->{regexp}[$int] =~ /\<\/F\-[A-Za-z0-9\_]+\>/ ) {
+			$self->{regexp}[$int] =~ s/\<\/F\-[A-Za-z0-9\_]+\>/)/g;
 		}

 		# add ^ and $ bits as needed
@ -590,8 +590,15 @@ sub proc_line {
 		my $regexp = $self->{regexp}[$int];
 		if ( $joined =~ /$regexp/ ) {
 			foreach my $key ( keys(%+) ) {
+				my $val=$+{$key};
 				$not_found = 0;
-				$found->{$key} = $+{$key};
+				if ($key=~/^F/) {
+					my $new_key=$key;
+					$new_key=~s/^F/F-/;
+					$found->{$new_key} = $val;
+				}else {
+					$found->{$key} = $val;
+				}
 			}
 			$not_found = 0;
 			$found->{found} = 1;
--- a/src_bin/regexp-f2b
+++ b/src_bin/regexp-f2b
@ -0,0 +1,2 @@
+#!perl
+
--- a/t/regexp.t
+++ b/t/regexp.t
@ -275,4 +275,36 @@ eval {
 };
 ok( $worked eq '1', 'pre_regex test' ) or diag( "matching with pre_regexp failed in some manner... " . $@ );

+# make sure it will match F- items
+$worked = 0;
+$tests_ran++;
+eval {
+	$object = Regexp::F2B->new(
+		pre_regexp =>
+			['^\d\d\d\d\-\d\d\-\d\dT\d\d\:\d\d:\d\d\ <F-MLFID>\w\w*\[\d\d*\]</F-MLFID>\: <F-CONTENT>.*</F-CONTENT>$'],
+		regexp => ['auth failed src: <HOST>, dst:<F-DEST>..*</F-DEST>$']
+	);
+	my $line = '2022-09-11T05:03:11 sshd[1234]: auth failed src: ::1, dst:5.6.7.8';
+	my $matched;
+	eval { $matched = $object->proc_line($line); };
+	if ($@) {
+		die(
+			'$object->proc_line($line) died... line=' . Dumper($line) . "\nobject=" . Dumper($object) . "\n\$@=" . $@ );
+	}
+	if ( $matched->{HOST} ne '::1' ) {
+		die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
+	}
+	if ( $matched->{'F-MLFID'} ne 'sshd[1234]' ) {
+		die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
+	}
+	if ( $matched->{'F-CONTENT'} ne 'auth failed src: ::1, dst:5.6.7.8' ) {
+		die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
+	}
+	if ( $matched->{'F-DEST'} ne '5.6.7.8' ) {
+		die( "returned '" . Dumper($matched) . "'\n\n" . Dumper( $line, $object ) );
+	}
+	$worked = 1;
+};
+ok( $worked eq '1', 'regex F test' ) or diag( "matching with some F- items failed in some manner... " . $@ );
+
 done_testing($tests_ran);