[Oisf-users] suricata-update - TypeError: int() argument must be a string, etc....
Shivani Bhardwaj
shivanib134 at gmail.com
Thu Mar 7 02:46:54 UTC 2019
On Wed, Mar 6, 2019 at 10:33 PM Davide Setti <d.setti at certego.net> wrote:
>
>
> Hi John,
>
>> Could the dropped semicolon before the sid: field have messed that up?
>
>
> I think that you are right, actually the parser in suricata-update uses the semicolon as field separator (see https://github.com/OISF/suricata-update/blob/master/suricata/update/rule.py#L151) so if its missing between reference and sid the latter will be swallowed by the first one. This is also a bad scenario because the swallowed field is the sid.
>
> Regarding the code it could be nice to have a try-except block arount the parse function call which could print out on which file and which line generated the error.
>
Thanks, Davide. We shall implement better exception handling in the code.
> Regards,
> Davide
> --
> Davide Setti
> R&D and Incident Response Team, Certego
>
> Use of the information within this document constitutes acceptance for use in an "as is" condition. There are no warranties with regard to this information; Certego has verified the data as thoroughly as possible. Any use of this information lies within the user's responsibility. In no event shall Certego be liable for any consequences or damages, including direct, indirect, incidental, consequential, loss of business profits or special damages, arising out of or in connection with the use or spread of this information.
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
> Conference: https://suricon.net
> Trainings: https://suricata-ids.org/training/
--
Shivani
https://about.me/shivani.bhardwaj
More information about the Oisf-users
mailing list