Added CI/CD output options

Koen1999 · Jan 18, 2025 · f3e4909 · f3e4909
1 parent 5468b60
commit f3e4909
Show file tree

Hide file tree

Showing 24 changed files with 661 additions and 245 deletions.
diff --git a/.vscode/launch.json b/.vscode/launch.json
@@ -51,22 +51,6 @@
                 "CUDA_VISIBLE_DEVICES": ""
             },
         },
-        {
-            "name": "Pytest",
-            "type": "debugpy",
-            "request": "launch",
-            "module": "pytest",
-            "args": [
-
-            ],
-            "console": "integratedTerminal",
-            "justMyCode": false,
-            "subProcess": true,
-            "stopOnEntry": false,
-            "autoReload": {
-                "enable": false
-            },
-        },
         {
             "name": "Profile/Coverage Pytest",
             "type": "debugpy",

diff --git a/suricata_check/checkers/community/best.py b/suricata_check/checkers/community/best.py
@@ -1,5 +1,7 @@
 """`BestChecker`."""
 
+import logging
+
 import idstools.rule
 
 from suricata_check.checkers.interface import CheckerInterface
@@ -17,11 +19,11 @@ class BestChecker(CheckerInterface):
     Codes C100-C110 report on missing fields that should be set.
     """
 
-    codes = (
-        "C100",
-        "C101",
-        "C102",
-    )
+    codes = {
+        "C100": {"severity": logging.INFO},
+        "C101": {"severity": logging.INFO},
+        "C102": {"severity": logging.INFO},
+    }
 
     def _check_rule(
         self: "BestChecker",

diff --git a/suricata_check/checkers/community/unexpected.py b/suricata_check/checkers/community/unexpected.py
@@ -1,5 +1,7 @@
 """`UnexpectedChecker`."""
 
+import logging
+
 import idstools.rule
 
 from suricata_check.checkers.interface import CheckerInterface
@@ -16,7 +18,9 @@ class UnexpectedChecker(CheckerInterface):
     Codes C000-C010 report on unexpected behavior.
     """
 
-    codes = ("C000",)
+    codes = {
+        "C000": {"severity": logging.WARNING},
+    }
 
     def _check_rule(
         self: "UnexpectedChecker",

diff --git a/suricata_check/checkers/interface/checker.py b/suricata_check/checkers/interface/checker.py
@@ -5,7 +5,7 @@
 
 import abc
 import logging
-from collections.abc import Iterable
+from collections.abc import Iterable, Mapping
 from typing import Optional
 
 import idstools.rule
@@ -29,8 +29,10 @@ class CheckerInterface:
 
     """
 
-    codes: Iterable[str]
-    """A list of issue codes emitted by the checker."""
+    codes: Mapping[str, Mapping[str, int]]
+    """A Mapping of issue codes emitted by the checker to metadata for those issue types.
+    The metadata is structured in the form of a Mapping from attribute name to attribute value.
+    The one mandatory metadata attribute is severity, which must be one of the levels provided by the `logging` module"""
 
     enabled_by_default: bool = True
     """A boolean indicating if the checker is enabled by default when discovered automatically."""
@@ -51,7 +53,9 @@ def check_rule(
     ) -> ISSUES_TYPE:
         """Checks a rule and returns a list of issues found."""
         self.__log_rule_processing(rule)
-        return self.__add_checker_metadata(self.__filter_issues(self._check_rule(rule)))
+        return self.__add_checker_metadata(
+            self.__add_issue_metadata(self.__filter_issues(self._check_rule(rule)))
+        )
 
     @abc.abstractmethod
     def _check_rule(
@@ -72,6 +76,18 @@ def __log_rule_processing(
 
         _logger.debug("Running %s on rule %s", self.__class__.__name__, sid)
 
+    def __add_issue_metadata(
+        self: "CheckerInterface",
+        issues: ISSUES_TYPE,
+    ) -> ISSUES_TYPE:
+        """Given a list of issues, return the same list with metadata from the issue types."""
+        for issue in issues:
+            metadata = self.codes[issue.code]
+            if "severity" in metadata:
+                issue.severity = metadata["severity"]
+
+        return issues
+
     def __add_checker_metadata(
         self: "CheckerInterface",
         issues: ISSUES_TYPE,

diff --git a/suricata_check/checkers/interface/dummy.py b/suricata_check/checkers/interface/dummy.py
@@ -12,7 +12,7 @@
 class DummyChecker(CheckerInterface):
     """Dummy class to prevent runtime errors on import."""
 
-    codes = ()
+    codes = {}
     enabled_by_default = False
 
     def __init__(self: "DummyChecker", include: Optional[Iterable[str]] = None) -> None:

diff --git a/suricata_check/checkers/mandatory.py b/suricata_check/checkers/mandatory.py
@@ -1,5 +1,7 @@
 """`MandatoryChecker`."""
 
+import logging
+
 import idstools.rule
 
 from suricata_check.checkers.interface import CheckerInterface
@@ -13,10 +15,10 @@ class MandatoryChecker(CheckerInterface):
     Codes M000-M009 report on missing mandatory rule options.
     """
 
-    codes = (
-        "M000",
-        "M001",
-    )
+    codes = {
+        "M000": {"severity": logging.ERROR},
+        "M001": {"severity": logging.ERROR},
+    }
 
     def _check_rule(
         self: "MandatoryChecker",

diff --git a/suricata_check/checkers/principle/ml.py b/suricata_check/checkers/principle/ml.py
@@ -135,14 +135,14 @@ class PrincipleMLChecker(CheckerInterface):
     ip_keywords = IP_KEYWORDS
     ip_columns = IP_COLUMNS
 
-    codes = (
-        "Q000",
-        "Q001",
-        "Q002",
-        "Q003",
-        "Q004",
-        "Q005",
-    )
+    codes = {
+        "Q000": {"severity": logging.INFO},
+        "Q001": {"severity": logging.INFO},
+        "Q002": {"severity": logging.INFO},
+        "Q003": {"severity": logging.INFO},
+        "Q004": {"severity": logging.INFO},
+        "Q005": {"severity": logging.INFO},
+    }
 
     enabled_by_default = (
         False  # Since the checker is relatively slow, it is disabled by default

diff --git a/suricata_check/checkers/principle/principle.py b/suricata_check/checkers/principle/principle.py
@@ -1,5 +1,6 @@
 """`PrincipleChecker`."""
 
+import logging
 from typing import Optional
 
 import idstools.rule
@@ -72,14 +73,14 @@ class PrincipleChecker(CheckerInterface):
         that and is unlikely to generalize as a result.
     """
 
-    codes = (
-        "P000",
-        "P001",
-        "P002",
-        "P003",
-        "P004",
-        "P005",
-    )
+    codes = {
+        "P000": {"severity": logging.INFO},
+        "P001": {"severity": logging.INFO},
+        "P002": {"severity": logging.INFO},
+        "P003": {"severity": logging.INFO},
+        "P004": {"severity": logging.INFO},
+        "P005": {"severity": logging.INFO},
+    }
 
     def _check_rule(
         self: "PrincipleChecker",

diff --git a/suricata_check/checkers/styleguide/metadata.py b/suricata_check/checkers/styleguide/metadata.py
@@ -1,5 +1,7 @@
 """`MetadataChecker`."""
 
+import logging
+
 import idstools.rule
 
 from suricata_check.checkers.interface import CheckerInterface
@@ -16,12 +18,12 @@ class MetadataChecker(CheckerInterface):
     Codes S800-810 report on missing common `metadata` fields
     """
 
-    codes = (
-        "S800",
-        "S801",
-        "S802",
-        "S803",
-    )
+    codes = {
+        "S800": {"severity": logging.INFO},
+        "S801": {"severity": logging.INFO},
+        "S802": {"severity": logging.INFO},
+        "S803": {"severity": logging.INFO},
+    }
 
     def _check_rule(
         self: "MetadataChecker",

diff --git a/suricata_check/checkers/styleguide/msg.py b/suricata_check/checkers/styleguide/msg.py
@@ -56,18 +56,18 @@ class MsgChecker(CheckerInterface):
     Codes S400-S410 report on non-standard `msg` fields.
     """
 
-    codes = (
-        "S400",
-        "S401",
-        "S402",
-        "S403",
-        "S404",
-        "S405",
-        "S406",
-        "S407",
-        "S408",
-        "S409",
-    )
+    codes = {
+        "S400": {"severity": logging.INFO},
+        "S401": {"severity": logging.INFO},
+        "S402": {"severity": logging.INFO},
+        "S403": {"severity": logging.INFO},
+        "S404": {"severity": logging.INFO},
+        "S405": {"severity": logging.INFO},
+        "S406": {"severity": logging.WARNING},
+        "S407": {"severity": logging.INFO},
+        "S408": {"severity": logging.INFO},
+        "S409": {"severity": logging.INFO},
+    }
 
     def _check_rule(  # noqa: C901
         self: "MsgChecker",

diff --git a/suricata_check/checkers/styleguide/order.py b/suricata_check/checkers/styleguide/order.py
@@ -1,5 +1,7 @@
 """`OrderChecker`."""
 
+import logging
+
 import idstools.rule
 
 from suricata_check.checkers.interface import CheckerInterface
@@ -64,34 +66,34 @@ class OrderChecker(CheckerInterface):
     Codes S240-S249 report on the non-standard ordering of threshold options.
     """
 
-    codes = (
-        "S200",
-        "S201",
-        "S202",
-        "S203",
-        "S204",
-        "S205",
-        "S206",
-        "S207",
-        "S208",
-        "S210",
-        "S211",
-        "S212",
-        "S220",
-        "S221",
-        "S222",
-        "S223",
-        "S224",
-        "S230",
-        "S231",
-        "S232",
-        "S233",
-        "S234",
-        "S235",
-        "S236",
-        "S240",
-        "S241",
-    )
+    codes = {
+        "S200": {"severity": logging.INFO},
+        "S201": {"severity": logging.INFO},
+        "S202": {"severity": logging.INFO},
+        "S203": {"severity": logging.INFO},
+        "S204": {"severity": logging.INFO},
+        "S205": {"severity": logging.INFO},
+        "S206": {"severity": logging.INFO},
+        "S207": {"severity": logging.INFO},
+        "S208": {"severity": logging.INFO},
+        "S210": {"severity": logging.INFO},
+        "S211": {"severity": logging.INFO},
+        "S212": {"severity": logging.INFO},
+        "S220": {"severity": logging.INFO},
+        "S221": {"severity": logging.INFO},
+        "S222": {"severity": logging.INFO},
+        "S223": {"severity": logging.INFO},
+        "S224": {"severity": logging.INFO},
+        "S230": {"severity": logging.INFO},
+        "S231": {"severity": logging.INFO},
+        "S232": {"severity": logging.INFO},
+        "S233": {"severity": logging.INFO},
+        "S234": {"severity": logging.INFO},
+        "S235": {"severity": logging.INFO},
+        "S236": {"severity": logging.INFO},
+        "S240": {"severity": logging.INFO},
+        "S241": {"severity": logging.INFO},
+    }
 
     def _check_rule(  # noqa: C901, PLR0912, PLR0915
         self: "OrderChecker",

diff --git a/suricata_check/checkers/styleguide/overall.py b/suricata_check/checkers/styleguide/overall.py
@@ -1,5 +1,7 @@
 """`OverallChecker`."""
 
+import logging
+
 import idstools.rule
 
 from suricata_check.checkers.interface import CheckerInterface
@@ -51,20 +53,20 @@ class OverallChecker(CheckerInterface):
     Codes S031-S039 report on issues pertaining to the inappropriate usage of options.
     """
 
-    codes = (
-        "S000",
-        "S001",
-        "S002",
-        "S010",
-        "S011",
-        "S012",
-        "S013",
-        "S014",
-        "S020",
-        "S021",
-        "S030",
-        "S031",
-    )
+    codes = {
+        "S000": {"severity": logging.INFO},
+        "S001": {"severity": logging.INFO},
+        "S002": {"severity": logging.INFO},
+        "S010": {"severity": logging.INFO},
+        "S011": {"severity": logging.INFO},
+        "S012": {"severity": logging.INFO},
+        "S013": {"severity": logging.INFO},
+        "S014": {"severity": logging.INFO},
+        "S020": {"severity": logging.INFO},
+        "S021": {"severity": logging.INFO},
+        "S030": {"severity": logging.INFO},
+        "S031": {"severity": logging.INFO},
+    }
 
     def _check_rule(  # noqa: C901
         self: "OverallChecker",

diff --git a/suricata_check/checkers/styleguide/pcre.py b/suricata_check/checkers/styleguide/pcre.py
@@ -1,5 +1,7 @@
 """`PcreChecker`."""
 
+import logging
+
 import idstools.rule
 
 from suricata_check.checkers.interface import CheckerInterface
@@ -24,7 +26,7 @@ class PcreChecker(CheckerInterface):
     Codes S600-610 report on unrecommended usages of `pcre`
     """
 
-    codes = ("S600", "S601")
+    codes = {"S600": {"severity": logging.INFO}, "S601": {"severity": logging.INFO}}
 
     def _check_rule(
         self: "PcreChecker",