Bug #92408 for Parse-Snort: Does not work with preprocessor rules

Thu Jan 23 10:12:59 2014 frederriffic [...] yahoo.ca - Ticket created

Subject:	Does not work with preprocessor rules
Date:	Thu, 23 Jan 2014 07:10:03 -0800 (PST)
To:	"bug-Parse-Snort [...] rt.cpan.org" <bug-Parse-Snort [...] rt.cpan.org>
From:	Fred Maillou <frederriffic [...] yahoo.ca>

Since regular rules and pre-procesor (and decoder) rules shares a similar structure, it can be expected that the module works also with these. Which would be useful. Unfortunately, it does not seem so. It cannot read the sid and gid of those rules (maybe it cannot read more, I haven't checked it out fully). Test code: # standard rules from snort VRT update pack open (FH, "< preprocessor.rules"); my @rules = <FH>; close FH; # Only take into account the enabled rules my @enabledRules = grep(!/^#/, @rules); foreach my $rule (@enabledRules) { my $tmprule = Parse::Snort->new(); $tmprule->parse($rule); my $sid = $tmprule->sid(); my $gid = $tmprule->gid(); if (not defined $gid) { $gid = 1; } say "$gid"; say "$sid"; } Output is like: 1 Use of uninitialized value $sid in string at ./srp1 line 27. 1 Use of uninitialized value $sid in string at ./srp1 line 27.

Thu Jan 23 11:37:56 2014 perl-cpan [...] richardharman.com - Correspondence added

Thanks for the bug report! On Thu Jan 23 10:12:59 2014, frederriffic@yahoo.ca wrote: Show quoted text

> Since regular rules and pre-procesor (and decoder) rules shares a > similar structure, it can be expected that the module works also with > these.

Can you paste an example pre-processor rule that isn't parsing correctly?

Thu Jan 23 11:37:56 2014 The RT System itself - Status changed from 'new' to 'open'

Wed May 09 08:37:17 2018 WATERKIP [...] cpan.org - Correspondence added

Hi, sorry for the long wait. But I think we fixed this in version 0.8.

Wed May 09 08:37:18 2018 WATERKIP [...] cpan.org - Fixed in 0.8 added