Open JessieQX opened 2 years ago
@JessieQX Unfortunately, I'm not going to have time to debug this and update the code for a while, this project has had to take a bit of a back seat to other things at the moment. I may be able to review a pull request if you can provide it, however.
I also suspect that what you've provided here is insufficient to accurately debug your issue. To the best of my knowledge
rpc error: code =
bit comes from your own code (this library has no RPC related components)Unknown desc
probably referring to the rule Description is not found in our code base so I suspect that's also in your client code.The error invalid special character escaping
message is in our code however it refers to validation of a Content
The text with special characters that you've provided here looks like a PCRE
and not a Content
Without the full rule, it'll be hard to diagnose further, it's also worth noting that if you're using any newer Snort
features those won't be supported here. We support most of the old Snort 2 language, and Suricata up through 5.x (and probably newer but I haven't tested).
If you can provide a complete rule that triggers this error, that could be helpful.
I use the version github.com/google/gonids v0.0.0-20211022205232-4d00a2956aaa, and when using function gonids.ParseRule(resp.Snort) to parse our Snort rule, it returns error "rpc error: code = Unknown desc = invalid special characters escaping". The Snort rule has some special characters such as "/(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=|[A-Za-z0-9+/]{4})$/P". Could you help with it? Thanks.