search

theY4Kman / parsuricata

Parse Suricata rules
https://pypi.org/project/parsuricata/
MIT License
13 stars 3 forks source link

feat: add support for negated settings #2

Closed theY4Kman closed 3 years ago

theY4Kman commented 4 years ago

Add basic support for negated option settings, e.g.

alert ip any any -> any any (content: !"heymum";)

Here's a test to demonstrate usage:

def test_negated_content():
    rules = parse_rules('''
        alert ip any any -> any any (content: !"heymum";)
    ''')

    assert len(rules) == 1

    rule = rules[0]
    assert len(rule.options) == 1

    option = rule.options[0]
    assert option.settings == 'heymum'
    assert option.settings.is_negated
    assert repr(option.settings) == "!'heymum'"
theY4Kman commented 3 years ago

merging this to resolve #5