more baphomet cleanups
This commit is contained in:
parent
5e73d1aaf2
commit
a1ed015dcf
|
@ -52,8 +52,6 @@ sub load{
|
|||
lines=>$conf->{lines},
|
||||
);
|
||||
|
||||
$object->{vars}=$conf->{vars};
|
||||
|
||||
return $object;
|
||||
}
|
||||
|
||||
|
@ -182,7 +180,7 @@ sub parse {
|
|||
}
|
||||
|
||||
if ( defined( $confs->{$conf}{start_pattern} ) ) {
|
||||
$start_chomp = $confs->{$conf}{start_pattern};
|
||||
$start_pattern = $confs->{$conf}{start_pattern};
|
||||
}
|
||||
|
||||
if ( defined( $confs->{$conf}{lines} ) ) {
|
||||
|
@ -261,6 +259,18 @@ sub parse {
|
|||
$count++;
|
||||
}
|
||||
|
||||
# process the start_pattern
|
||||
if (defined($start_pattern)) {
|
||||
$count = 0;
|
||||
while ( $count <= 1 ) {
|
||||
foreach my $var (@var_keys) {
|
||||
my $val = $vars{$var};
|
||||
$start_pattern =~ s/\[\=\= *$var *\=\=\]/$val/g;
|
||||
}
|
||||
$count++;
|
||||
}
|
||||
}
|
||||
|
||||
return {
|
||||
regexp => \@regexp,
|
||||
pre_regexp => \@pre_regexp,
|
||||
|
|
|
@ -83,19 +83,43 @@ ok( $worked eq '0', 'all undef check' ) or diag("Created a object when all requi
|
|||
$worked = 0;
|
||||
$tests_ran++;
|
||||
eval {
|
||||
my $object = Regexp::F2B::Baphomet_YAML->load(file=>'t/baphomet/common.yaml');
|
||||
my $object = Regexp::F2B::Baphomet_YAML->load( file => 't/baphomet/common.yaml' );
|
||||
$worked = 1;
|
||||
};
|
||||
ok( $worked eq '0', 'load common' ) or diag( "Loaded common.yaml, which a include and not a full rule file..." );
|
||||
ok( $worked eq '0', 'load common' ) or diag("Loaded common.yaml, which a include and not a full rule file...");
|
||||
|
||||
# make sure it works with a known good file
|
||||
$worked = 0;
|
||||
$tests_ran++;
|
||||
eval {
|
||||
my $object = Regexp::F2B::Baphomet_YAML->load(file=>'t/baphomet/fastlog_NetScan.yaml');
|
||||
if (ref($object) ne 'Regexp::F2B') {
|
||||
die('ref($object) is "'.ref($object).'" and not Regexp::F2B... '.Dumper($object));
|
||||
my $object = Regexp::F2B::Baphomet_YAML->load( file => 't/baphomet/fastlog_NetScan.yaml' );
|
||||
if ( ref($object) ne 'Regexp::F2B' ) {
|
||||
die( 'ref($object) is "' . ref($object) . '" and not Regexp::F2B... ' . Dumper($object) );
|
||||
}
|
||||
|
||||
if ( $object->{lines} ne 1 ) {
|
||||
die( '$object->{lines} ne 1... ' . Dumper($object) );
|
||||
}
|
||||
|
||||
if ( $object->{start_chomp} ne 1 ) {
|
||||
die( '$object->{start_chomp} ne 1... ' . Dumper($object) );
|
||||
}
|
||||
|
||||
if (
|
||||
$object->{start_pattern} ne '^\\d\\d\\/\\d\\d\\/\\d\\d\\d\\d\\-\\d\\d\\:\\d\\d\\:\\d\\d\\.\\d+ \\[\\*\\*\\] ' )
|
||||
{
|
||||
die(
|
||||
'$object->{start_pattern} ne \'^\\d\\d\\/\\d\\d\\/\\d\\d\\d\\d\\-\\d\\d\\:\\d\\d\\:\\d\\d\\.\\d+ \\[\\*\\*\\] \'... '
|
||||
. Dumper($object) );
|
||||
}
|
||||
|
||||
if ( $object->{regexp}[0] ne
|
||||
'^.*\\[\\(?<group>d+)\\:\\(?<rule>d+)\\:\\(?<rev>d+)\\] [a-zA-Z0-9\\ \\-\\(\\)\\:] \\[\\*\\*\\] \\[Classification\\: (?<class>Detection of a Network Scan) \\] \\[Priority\\: (?(<pri>)\\d+)\\] \\-\\-\\> \\{(?<proto>[a-zA-Z0-9]+)\\} <SRC>\\:(?<src_port>\\d+) <DEST>\\:(?<dst_port>\\d+).*$'
|
||||
)
|
||||
{
|
||||
die( '$object->{regexp}[0] is not the expected ressults... ' . Dumper($object) );
|
||||
}
|
||||
|
||||
$worked = 1;
|
||||
};
|
||||
ok( $worked eq '1', 'load all' ) or diag( "Failed to load a known good files... " . $@ );
|
||||
|
|
Loading…
Reference in New Issue