From 566fcf72a3805547d0d2af560df16c65f67d9429 Mon Sep 17 00:00:00 2001 From: Chris Bassey Date: Fri, 27 Jun 2025 16:22:02 +0200 Subject: [PATCH 1/3] refactoring to identify conflict files --- check_rule_ids.py | 38 +++++++++++++++++++++++++++++-------- rules/conflicting_rules.xml | 26 +++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 8 deletions(-) create mode 100644 rules/conflicting_rules.xml diff --git a/check_rule_ids.py b/check_rule_ids.py index f435e7d..685ab18 100644 --- a/check_rule_ids.py +++ b/check_rule_ids.py @@ -73,17 +73,39 @@ def main(): print("āœ… No rule files were changed in this PR.") return - print(f"šŸ” Checking these files for conflicts: {[f.name for f in changed_files]}") + # print(f"šŸ” Checking these files for conflicts: {[f.name for f in changed_files]}") + + # changed_ids = get_rule_ids_in_files(changed_files) + # main_ids = get_all_main_rule_ids() + # conflicts = changed_ids & main_ids + + # if conflicts: + # print(f"āŒ Conflicting rule IDs: {sorted(conflicts)}") + # sys.exit(1) + # else: + # print("āœ… No rule ID conflicts.") - changed_ids = get_rule_ids_in_files(changed_files) + print(f"šŸ” Checking these files for conflicts: {[f.name for f in changed_files]}") main_ids = get_all_main_rule_ids() - conflicts = changed_ids & main_ids - if conflicts: - print(f"āŒ Conflicting rule IDs: {sorted(conflicts)}") - sys.exit(1) - else: - print("āœ… No rule ID conflicts.") + # Loop through each changed file and check for ID conflicts + for path in changed_files: + print(f"\nšŸ”Ž Checking file: {path.name}") + try: + content = path.read_text() + file_ids = extract_rule_ids_from_xml(content) + except Exception as e: + print(f"āš ļø Could not read {path.name}: {e}") + continue + conflicts = file_ids & main_ids + if conflicts: + print(f"āŒ Conflicting rule IDs in {path.name}: {sorted(conflicts)}") + sys.exit(1) + else: + print(f"āœ… No rule ID conflicts in {path.name}.") + + print("\nāœ… All checked files are conflict-free.") + if __name__ == "__main__": main() diff --git a/rules/conflicting_rules.xml b/rules/conflicting_rules.xml new file mode 100644 index 0000000..d0d07b3 --- /dev/null +++ b/rules/conflicting_rules.xml @@ -0,0 +1,26 @@ + + + + + + + + + + + 5716 + 1.1.1.1 + sshd: authentication failed from IP 1.1.1.1. + authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5, + + + + 5716 + 1.1.1.1 + sshd: authentication failed from IP 1.1.1.1. + authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5, + + + From 68dce2e0adaa21c72976d05c5ca9ff1f36ffda6c Mon Sep 17 00:00:00 2001 From: Chris Bassey Date: Sat, 28 Jun 2025 13:32:59 +0200 Subject: [PATCH 2/3] testing rule conflicts --- check_rule_ids.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check_rule_ids.py b/check_rule_ids.py index 685ab18..08824b1 100644 --- a/check_rule_ids.py +++ b/check_rule_ids.py @@ -99,7 +99,7 @@ def main(): continue conflicts = file_ids & main_ids if conflicts: - print(f"āŒ Conflicting rule IDs in {path.name}: {sorted(conflicts)}") + print(f"āŒ Conflicting rule IDs in {path.name} file. Rule IDs: {sorted(conflicts)}") sys.exit(1) else: print(f"āœ… No rule ID conflicts in {path.name}.") From e4d11a5e9839f298a11b65a7da383ec1c3353383 Mon Sep 17 00:00:00 2001 From: Chris Bassey Date: Sat, 28 Jun 2025 13:54:14 +0200 Subject: [PATCH 3/3] testing rule conflicts --- rules/conflicting_rules.xml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/rules/conflicting_rules.xml b/rules/conflicting_rules.xml index d0d07b3..3cb307e 100644 --- a/rules/conflicting_rules.xml +++ b/rules/conflicting_rules.xml @@ -6,15 +6,6 @@ - - - 5716 - 1.1.1.1 - sshd: authentication failed from IP 1.1.1.1. - authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5, - 5716