-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfastsnap.py
executable file
·83 lines (72 loc) · 3.35 KB
/
fastsnap.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/env python
##
# @file fastsnap.py
# @brief Driver script for converting Snort rules.
# @author Ankit Srivastava <asrivast@gatech.edu>
#
# Copyright 2018 Georgia Institute of Technology
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
from argparse import ArgumentParser, ArgumentTypeError
import os
import time
import sys
from rulesconverter import RulesConverter
if __name__ == '__main__':
def RulesPath(path):
allFiles = []
if os.path.isdir(path):
for subdirs, dirs, files in os.walk(path):
allFiles.extend(os.path.join(path, name) for name in files if name.endswith('.rules'))
elif os.path.isfile(path):
allFiles.append(path)
else:
raise ArgumentTypeError, 'The provided path is neither a file nor a directory!'
return allFiles
parser = ArgumentParser(description = 'Generate ANML-NFA/AP-FSM from Snort rules.')
parser.add_argument('rules', help = 'the directory/file from which the Snort rules are to be read',
type = RulesPath)
parser.add_argument('-o', '--out', help = 'directory to which all the files should be written',
default = os.getcwd(), metavar = 'DIR')
parser.add_argument('-m', '--maxstes', help = 'maximum number of STEs per rule in a bucket',
type = int, default = 0, metavar = 'S')
parser.add_argument('-r', '--maxrepeats', help = 'maximum number of bounded repetitions',
type = int, default = 0, metavar = 'R')
parser.add_argument('-i', '--independent', help = 'handle independent patterns in a rule',
action = 'store_true')
parser.add_argument('-n', '--negations', help = 'handle negated patterns',
action = 'store_true')
parser.add_argument('-b', '--backreferences', help = 'handle back references in patterns',
action = 'store_true')
parser.add_argument('-c', '--compile', help = 'compile the generated ANML-NFAs to get AP-FSMs',
action = 'store_true')
parser.add_argument('-l', '--logging', help = 'enable error logging',
action = 'store_true')
args = parser.parse_args()
if not os.path.exists(args.out):
os.makedirs(args.out)
if args.logging:
sys.stderr = open(os.path.join(args.out, 'error.log'), 'wb')
t1 = time.time()
converter = RulesConverter(args.out, args.maxstes, args.maxrepeats, args.independent, args.negations, args.backreferences, args.compile)
# convert the rules
converter.convert(args.rules)
t1 = time.time() - t1
print '\nTotal time taken in converting the rules:', t1
# export them as ANML
t2 = time.time()
converter.export()
t2 = time.time() - t2
print 'Total time taken in exporting:', t2
if args.logging:
sys.stderr = sys.__stderr__