Fixed get_checkers()

Koen1999 · Jan 19, 2025 · a2f4807 · a2f4807
1 parent 536e223
commit a2f4807
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 9 deletions.
diff --git a/suricata_check/suricata_check.py b/suricata_check/suricata_check.py
@@ -733,19 +733,30 @@ def __get_checker_enabled(
 ) -> tuple[bool, set[str]]:
     enabled = checker.enabled_by_default
 
-    relevant_codes = set(checker.codes.keys())
+    # If no include regexes are provided, include all by default
+    if len(include) == 0:
+        relevant_codes = set(checker.codes.keys())
+    else:
+        # If include regexes are provided, include all codes that match any of these regexes
+        relevant_codes = set()
 
-    if len(include) > 0:
         for regex in include:
-            relevant_codes = set(
-                filter(
-                    lambda code: _regex_provider.compile("^" + regex + "$").match(code)
-                    is not None,
-                    relevant_codes,
+            relevant_codes.update(
+                set(
+                    filter(
+                        lambda code: _regex_provider.compile("^" + regex + "$").match(
+                            code
+                        )
+                        is not None,
+                        checker.codes.keys(),
+                    )
                 )
             )
-            if len(relevant_codes) > 0:
-                enabled = True
+
+        if len(relevant_codes) > 0:
+            enabled = True
+
+    # Now remove the codes that are excluded according to any of the provided exclude regexes
     for regex in exclude:
         relevant_codes = set(
             filter(
@@ -754,6 +765,8 @@ def __get_checker_enabled(
                 relevant_codes,
             )
         )
+
+    # Now filter out irrelevant codes based on severity
     relevant_codes = set(
         filter(
             lambda code: checker.codes[code]["severity"] >= issue_severity,

diff --git a/tests/test_suricata_check.py b/tests/test_suricata_check.py
@@ -357,6 +357,11 @@ def test_get_checkers():
     suricata_check.get_checkers()
 
 
+def test_get_checkers_multiple_include():
+    logging.basicConfig(level=logging.DEBUG)
+    assert len(suricata_check.get_checkers(include=("M.*", "S.*"))) > 0
+
+
 def test_get_checkers_include():
     logging.basicConfig(level=logging.DEBUG)
     assert len(suricata_check.get_checkers(include=("M.*",))) == 1