>>> parsuricata.parse_rules('''alert ip any any -> any any (msg:"Test rule"; tls.cert_subject; content:"CN=*.googleusercontent.com"; sid:12345678; rev:1;)''')[0].__str__()
Traceback (most recent call last):
File "/usr/local/lib/python3.8/site-packages/lark/lexer.py", line 373, in lex
for x in l.lex(stream, self.root_lexer.newline_types, self.root_lexer.ignore_types):
File "/usr/local/lib/python3.8/site-packages/lark/lexer.py", line 174, in lex
raise UnexpectedCharacters(stream, line_ctr.char_pos, line_ctr.line, line_ctr.column, allowed=allowed, state=self.state, token_history=last_token and [last_token])
lark.exceptions.UnexpectedCharacters: No terminal defined for '.' at line 1 col 50
any any -> any any (msg:"Test rule"; tls.cert_subject; content:"CN=*.googleuserc
^
Expecting: {'SEMICOLON', 'COLON'}
Should be a simple fix of adding a period in the KEYWORD variable in grammar. Will include a fix for this in a pull request.
Reference: https://suricata.readthedocs.io/en/suricata-6.0.0/rules/tls-keywords.html
Should be a simple fix of adding a period in the
KEYWORDvariable in grammar. Will include a fix for this in a pull request.