snort-rule 0.1.0 → 0.1.1

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in snort-rule.gemspec
+gemspec

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright (c) 2011 Chris Lee, PhD
+Copyright (c) 2013 chrislee35
+
+MIT License
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -0,0 +1,45 @@
+# Snort::Rule
+
+Constructs and parses Snort rules similar to PERL's Snort::Rule.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'snort-rule'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install snort-rule
+
+## Usage
+
+	rule = Snort::Rule.new({:action => 'pass', :proto => 'udp', :src => '192.168.0.1', :sport => 'any', :dir => '<>', :dst => 'any', :dport => 53, :opts => {'sid' => 48, 'threshold' => 'type limit,track by_src,count 1,seconds 3600' }})
+	
+	rule.to_s => "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
+
+	rule = Snort::Rule.new
+	rule.action = 'pass'
+	rule.proto = 'udp'
+	rule.src = '192.168.0.1'
+	rule.dir = '<>'
+	rule.dport = 53
+	rule.opts['sid'] = 48
+	rule.opts['threshold'] = 'type limit,track by_src,count 1,seconds 3600'
+	
+	rule.to_s => "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
+
+	rule = Snort::Rule.parse("pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )")
+	rule.to_s => "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,12 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+	t.libs << 'lib'
+	t.test_files = FileList['test/test_*.rb']
+	t.verbose = true
+end
+
+task :default => :test

data/bin/snortrule

@@ -1,12 +1,5 @@
 #!/usr/bin/env ruby
 # DESCRIPTION: generates and parses snort rules
-begin
-	require 'snort-rule'
-rescue LoadError
-	require 'rubygems'
-	require 'snort-rule'
-end
-
 require 'getoptlong'
 
 def usage

data/lib/{snort-rule/base.rb → snort/rule.rb}

@@ -1,3 +1,4 @@
+require "snort/rule/version"
 # Generates and parses snort rules
 #
 # Author::    Chris Lee  (mailto:rubygems@chrislee.dhs.org)

data/lib/snort/rule/version.rb

@@ -0,0 +1,5 @@
+module Snort
+  class Rule
+    VERSION = "0.1.1"
+  end
+end

data/snort-rule.gemspec

@@ -0,0 +1,26 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'snort/rule/version'
+
+Gem::Specification.new do |spec|
+	spec.name          = "snort-rule"
+	spec.version       = Snort::Rule::VERSION
+	spec.authors       = ["chrislee35"]
+	spec.email         = ["rubygems@chrislee.dhs.org"]
+	spec.description   = %q{Parses and generates Snort rules similar to PERL's Snort::Rule}
+	spec.summary       = %q{Class for parsing and generating Snort Rules}
+	spec.homepage      = "http://github.com/chrislee35/snort-rule"
+	spec.license       = "MIT"
+
+	spec.files         = `git ls-files`.split($/)
+	spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+	spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+	spec.require_paths = ["lib"]
+
+	spec.add_development_dependency "bundler", "~> 1.3"
+	spec.add_development_dependency "rake"
+
+	spec.signing_key   = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
+	spec.cert_chain    = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
+end

data/test/helper.rb

@@ -1,18 +1,2 @@
-require 'rubygems'
-require 'bundler'
-begin
-  Bundler.setup(:default, :development)
-rescue Bundler::BundlerError => e
-  $stderr.puts e.message
-  $stderr.puts "Run `bundle install` to install missing gems"
-  exit e.status_code
-end
 require 'test/unit'
-require 'shoulda'
-
-$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
-$LOAD_PATH.unshift(File.dirname(__FILE__))
-require 'snort-rule'
-
-class Test::Unit::TestCase
-end
+require File.expand_path('../../lib/snort/rule.rb', __FILE__)

data/test/test_snort-rule.rb

@@ -1,12 +1,20 @@
-require 'helper'
+unless Kernel.respond_to?(:require_relative)
+  module Kernel
+    def require_relative(path)
+      require File.join(File.dirname(caller[0]), path.to_str)
+    end
+  end
+end
+
+require_relative 'helper'
 
 class TestSnortRule < Test::Unit::TestCase
-	should "constructor should set all the parameters and generate the correct rule" do
+	def test_constructor_should_set_all_the_parameters_and_generate_the_correct_rule
 		rule = Snort::Rule.new({:action => 'pass', :proto => 'udp', :src => '192.168.0.1', :sport => 'any', :dir => '<>', :dst => 'any', :dport => 53, :opts => {'sid' => 48, 'threshold' => 'type limit,track by_src,count 1,seconds 3600' }})
 		assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
 	end
 
-	should "construct a default rule and update each member to generate the correct rule" do
+	def test_construct_a_default_rule_and_update_each_member_to_generate_the_correct_rule
 		rule = Snort::Rule.new
 		rule.action = 'pass'
 		rule.proto = 'udp'
@@ -18,7 +26,7 @@ class TestSnortRule < Test::Unit::TestCase
 		assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
 	end
 
-	should "parse an existing rule and generate the same rule" do
+	def test_parse_an_existing_rule_and_generate_the_same_rule
 		rule = Snort::Rule.parse("pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )")
 		assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
 	end

metadata

@@ -1,156 +1,127 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: snort-rule
-version: !ruby/object:Gem::Version 
-  hash: 27
+version: !ruby/object:Gem::Version
+  version: 0.1.1
   prerelease: 
-  segments: 
-  - 0
-  - 1
-  - 0
-  version: 0.1.0
 platform: ruby
-authors: 
-- Chris Lee
+authors:
+- chrislee35
 autorequire: 
 bindir: bin
-cert_chain: 
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDYjCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQUFADBXMREwDwYDVQQDDAhydWJ5
-  Z2VtczEYMBYGCgmSJomT8ixkARkWCGNocmlzbGVlMRMwEQYKCZImiZPyLGQBGRYD
-  ZGhzMRMwEQYKCZImiZPyLGQBGRYDb3JnMB4XDTExMDIyNzE1MzAxOVoXDTEyMDIy
-  NzE1MzAxOVowVzERMA8GA1UEAwwIcnVieWdlbXMxGDAWBgoJkiaJk/IsZAEZFghj
-  aHJpc2xlZTETMBEGCgmSJomT8ixkARkWA2RoczETMBEGCgmSJomT8ixkARkWA29y
-  ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNM1Hjs6q58sf7Jp64A
-  vEY2cnRWDdFpD8UWpwaJK5kgSHOVgs+0mtszn+YlYjmx8kpmuYpyU4g9mNMImMQe
-  ow8pVsL4QBBK/1Ozgdxrsptk3IiTozMYA+g2I/+WvZSEDu9uHkKe8pvMBEMrg7RJ
-  IN7+jWaPnSzg3DbFwxwOdi+QRw33DjK7oFWcOaaBqWTUpI4epdi/c/FE1I6UWULJ
-  ZF/Uso0Sc2Pp/YuVhuMHGrUbn7zrWWo76nnK4DTLfXFDbZF5lIXT1w6BtIiN6Ho9
-  Rdr/W6663hYUo3WMsUSa3I5+PJXEBKmGHIZ2TNFnoFIRHha2fmm1HC9+BTaKwcO9
-  PLcCAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQURzsNkZo2rv86Ftc+hVww
-  RNICMrwwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQBRRw/iNA/PdnvW
-  OBoNCSr/IiHOGZqMHgPJwyWs68FhThnLc2EyIkuLTQf98ms1/D3p0XX9JsxazvKT
-  W/in8Mm/R2fkVziSdzqChtw/4Z4bW3c+RF7TgX6SP5cKxNAfKmAPuItcs2Y+7bdS
-  hr/FktVtT2iAmISRnlEbdaTpfl6N2ZWNT83khV6iOs5xRkX/+0e+GgAv9mE6nqr1
-  AkuDXMhposxcnFZUrZ3UtMPEe/JnyP7Vv6pvr3qtZm8FidFZU91+rX/fwdyBU8RP
-  /5l8uLWXXNt1wEbtu4N1I66LwTK2iRrQZE8XtlgZGbxYDFUkiurq3OafF2YwRs6W
-  6yhklP75
-  -----END CERTIFICATE-----
-
-date: 2011-03-07 00:00:00 -05:00
-default_executable: snortrule
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  version_requirements: &id001 !ruby/object:Gem::Requirement 
-    none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  requirement: *id001
-  prerelease: false
-  name: shoulda
-  type: :development
-- !ruby/object:Gem::Dependency 
-  version_requirements: &id002 !ruby/object:Gem::Requirement 
+cert_chain:
+- !binary |-
+  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZakNDQWtxZ0F3SUJB
+  Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREJYTVJFd0R3WURWUVFEREFoeWRX
+  SjUKWjJWdGN6RVlNQllHQ2dtU0pvbVQ4aXhrQVJrV0NHTm9jbWx6YkdWbE1S
+  TXdFUVlLQ1pJbWlaUHlMR1FCR1JZRApaR2h6TVJNd0VRWUtDWkltaVpQeUxH
+  UUJHUllEYjNKbk1CNFhEVEV6TURVeU1qRXlOVGswTjFvWERURTBNRFV5Ck1q
+  RXlOVGswTjFvd1Z6RVJNQThHQTFVRUF3d0ljblZpZVdkbGJYTXhHREFXQmdv
+  SmtpYUprL0lzWkFFWkZnaGoKYUhKcGMyeGxaVEVUTUJFR0NnbVNKb21UOGl4
+  a0FSa1dBMlJvY3pFVE1CRUdDZ21TSm9tVDhpeGtBUmtXQTI5eQpaekNDQVNJ
+  d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOY1ByeDhC
+  WmlXSVI5eFdXRzhJCnRxUjUzOHRTMXQrVUo0RlpGbCsxdnJ0VTlUaXVXWDNW
+  ajM3VHdVcGEyZkZremlLMG41S3VwVlRoeUVoY2VtNW0KT0dSanZnclJGYldR
+  SlNTc2NJS09wd3FVUkhWS1JwVjlnVnovSG56azhTK3hvdFVSMUJ1bzNVZ3Ir
+  STFqSGV3RApDZ3IreSt6Z1pidGp0SHNKdHN1dWprT2NQaEVqalVpbmo2OEw5
+  Rno5QmRlSlF0K0lhY2p3QXpVTGl4NmpXQ2h0ClVjK2crMHo4RXNyeWNhMkc2
+  STFHc3JnWDZXSHc4ZHlreVFEVDlkQ3RTMmZsQ093U0MxUjBLNVQveEhXNTRm
+  KzUKd2N3OG1tNTNLTE5lK3RtZ1ZDNlpIeU1FK3FKc0JuUDZ1eEYwYVRFbkdB
+  L2pEQlFEaFFOVEYwWlAvYWJ6eVRzTAp6alVDQXdFQUFhTTVNRGN3Q1FZRFZS
+  MFRCQUl3QURBTEJnTlZIUThFQkFNQ0JMQXdIUVlEVlIwT0JCWUVGTzh3Cith
+  ZVA3VDZrVkpibENnNmV1c09JSTlEZk1BMEdDU3FHU0liM0RRRUJCUVVBQTRJ
+  QkFRQkNReVJKTFhzQm8yRnkKOFc2ZS9XNFJlbVFScmxBdzlESzVPNlU3MUp0
+  ZWRWb2Iyb3ErT2Irem1TK1BpZkUyK0wrM1JpSjJINlZUbE96aQp4K0EwNjFN
+  VVhoR3JhcVZxNEoyRkM4a3Q0RVF5d0FEMFAwVGE1R1UyNENHU0YwOFkzR2tK
+  eTFTYTRYcVRDMllDCm81MXM3SlArdGtDQ3RwVllTZHpKaFRsbGllUkFXQnBH
+  VjFkdGFvZVVLRTZ0WVBNQmtvc3hTUmNWR2N6ay9TYzMKN2VRQ3BleFl5OUps
+  VUJJOXUzQnFJWTlFK2wrTVNuOGloWFNQbXlLMERncmhhQ3Urdm9hU0ZWT1g2
+  WStCNXFibwpqTFhNUXUyWmdJU1l3WE5qTmJHVkhlaHV0ODJVN1U5b2lIb1dj
+  ck9HYXphUlVtR085VFhQK2FKTEgwZ3cyZGNLCkFmTWdsWFBpCi0tLS0tRU5E
+  IENFUlRJRklDQVRFLS0tLS0K
+date: 2013-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 0
-        - 0
-        version: 1.0.0
-  requirement: *id002
-  prerelease: false
-  name: bundler
+      - !ruby/object:Gem::Version
+        version: '1.3'
   type: :development
-- !ruby/object:Gem::Dependency 
-  version_requirements: &id003 !ruby/object:Gem::Requirement 
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 1
-        - 5
-        - 2
-        version: 1.5.2
-  requirement: *id003
-  prerelease: false
-  name: jeweler
-  type: :development
-- !ruby/object:Gem::Dependency 
-  version_requirements: &id004 !ruby/object:Gem::Requirement 
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        hash: 3
-        segments: 
-        - 0
-        version: "0"
-  requirement: *id004
-  prerelease: false
-  name: rcov
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-description: arses and generates Snort rules similar to PERL's Snort::Rule
-email: rubygems@chrislee.dhs.org
-executables: 
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Parses and generates Snort rules similar to PERL's Snort::Rule
+email:
+- rubygems@chrislee.dhs.org
+executables:
 - snortrule
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
 - LICENSE.txt
-- README.rdoc
-files: 
+- README.md
+- Rakefile
 - bin/snortrule
-- lib/snort-rule.rb
-- lib/snort-rule/base.rb
-- LICENSE.txt
-- README.rdoc
+- lib/snort/rule.rb
+- lib/snort/rule/version.rb
+- snort-rule.gemspec
 - test/helper.rb
 - test/test_snort-rule.rb
-has_rdoc: true
-homepage: https://rubygems.org/gems/snort-rule
-licenses: 
+homepage: http://github.com/chrislee35/snort-rule
+licenses:
 - MIT
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
       - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+      hash: 845204443714955193
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+      segments:
       - 0
-      version: "0"
+      hash: 845204443714955193
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.6.1
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: Class for parsing and generating Snort Rules
-test_files: 
+test_files:
 - test/helper.rb
 - test/test_snort-rule.rb

data/README.rdoc

@@ -1,19 +0,0 @@
-= snort-rule
-
-Description goes here.
-
-== Contributing to snort-rule
- 
-* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
-* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
-* Fork the project
-* Start a feature/bugfix branch
-* Commit and push until you are happy with your contribution
-* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
-* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
-
-== Copyright
-
-Copyright (c) 2011 Chris Lee, PhD. See LICENSE.txt for
-further details.
-

data/lib/snort-rule.rb

@@ -1 +0,0 @@
-require 'snort-rule/base'