vvelox
/
Regexp-F2B
mirror of https://github.com/LilithSec/Regexp-F2B.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

more baphomet cleanups

This commit is contained in:
Zane C. B-H 2023-01-17 08:28:12 -06:00
parent 5e73d1aaf2
commit a1ed015dcf
2 changed files with 42 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
lib/Regexp/F2B/Baphomet_YAML.pm
View File

@ -52,8 +52,6 @@ sub load{
lines=>$conf->{lines},
);
$object->{vars}=$conf->{vars};
return $object;
}
@ -182,7 +180,7 @@ sub parse {
}
if ( defined( $confs->{$conf}{start_pattern} ) ) {
$start_chomp = $confs->{$conf}{start_pattern};
$start_pattern = $confs->{$conf}{start_pattern};
}
if ( defined( $confs->{$conf}{lines} ) ) {
@ -261,6 +259,18 @@ sub parse {
$count++;
}
# process the start_pattern
if (defined($start_pattern)) {
$count = 0;
while ( $count <= 1 ) {
foreach my $var (@var_keys) {
my $val = $vars{$var};
$start_pattern =~ s/\[\=\= *$var *\=\=\]/$val/g;
}
$count++;
}
}
return {
regexp => \@regexp,
pre_regexp => \@pre_regexp,

34
t/baphomet_load.t
View File

@ -83,19 +83,43 @@ ok( $worked eq '0', 'all undef check' ) or diag("Created a object when all requi
$worked = 0;
$tests_ran++;
eval {
my $object = Regexp::F2B::Baphomet_YAML->load(file=>'t/baphomet/common.yaml');
my $object = Regexp::F2B::Baphomet_YAML->load( file => 't/baphomet/common.yaml' );
$worked = 1;
};
ok( $worked eq '0', 'load common' ) or diag( "Loaded common.yaml, which a include and not a full rule file..." );
ok( $worked eq '0', 'load common' ) or diag("Loaded common.yaml, which a include and not a full rule file...");
# make sure it works with a known good file
$worked = 0;
$tests_ran++;
eval {
my $object = Regexp::F2B::Baphomet_YAML->load(file=>'t/baphomet/fastlog_NetScan.yaml');
if (ref($object) ne 'Regexp::F2B') {
die('ref($object) is "'.ref($object).'" and not Regexp::F2B... '.Dumper($object));
my $object = Regexp::F2B::Baphomet_YAML->load( file => 't/baphomet/fastlog_NetScan.yaml' );
if ( ref($object) ne 'Regexp::F2B' ) {
die( 'ref($object) is "' . ref($object) . '" and not Regexp::F2B... ' . Dumper($object) );
}
if ( $object->{lines} ne 1 ) {
die( '$object->{lines} ne 1... ' . Dumper($object) );
}
if ( $object->{start_chomp} ne 1 ) {
die( '$object->{start_chomp} ne 1... ' . Dumper($object) );
}
if (
$object->{start_pattern} ne '^\\d\\d\\/\\d\\d\\/\\d\\d\\d\\d\\-\\d\\d\\:\\d\\d\\:\\d\\d\\.\\d+ \\[\\*\\*\\] ' )
{
die(
'$object->{start_pattern} ne \'^\\d\\d\\/\\d\\d\\/\\d\\d\\d\\d\\-\\d\\d\\:\\d\\d\\:\\d\\d\\.\\d+ \\[\\*\\*\\] \'... '
. Dumper($object) );
}
if ( $object->{regexp}[0] ne
'^.*\\[\\(?<group>d+)\\:\\(?<rule>d+)\\:\\(?<rev>d+)\\] [a-zA-Z0-9\\ \\-\\(\\)\\:] \\[\\*\\*\\] \\[Classification\\: (?<class>Detection of a Network Scan) \\] \\[Priority\\: (?(<pri>)\\d+)\\] \\-\\-\\> \\{(?<proto>[a-zA-Z0-9]+)\\} <SRC>\\:(?<src_port>\\d+) <DEST>\\:(?<dst_port>\\d+).*$'
)
{
die( '$object->{regexp}[0] is not the expected ressults... ' . Dumper($object) );
}
$worked = 1;
};
ok( $worked eq '1', 'load all' ) or diag( "Failed to load a known good files... " . $@ );