RubyGems - snort-rule - Versions diffs - 0.1.1 → 1.0.1 - Mend

snort-rule 0.1.1 → 1.0.1

Files changed (14) hide show

checksums.yaml +7 -0
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/Guardfile +9 -0
data/bin/snortrule +3 -2
data/lib/snort/rule.rb +57 -46
data/lib/snort/rule/option.rb +32 -0
data/lib/snort/rule/version.rb +1 -1
data/snort-rule.gemspec +18 -16
data/test/helper.rb +2 -1
data/test/test_snort-rule.rb +46 -20
data/test/test_snort_rule_option.rb +40 -0
metadata +63 -50
metadata.gz.sig +0 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 78415e3a59ccbfc9efbc8842aedcdceba1b1c1c6
+  data.tar.gz: 9481ea830bdabe99d1efd9f31655912223bb3f9c
+SHA512:
+  metadata.gz: d03580284050bbf59106a2d38528a19600d956e73752d8d0e93c10edead9502fc2774e9d3e8437993fc83964cfa980ef677b8bcb1fc6b49a71acd0fff4005532
+  data.tar.gz: edce06d8bcbe9649b04a588a5b2790b893b48421501792c18f4156f4d4d4137c463859602c00c8014ead122df87406bea29db3bd6260f1cfa5199f1df8dc58a5

checksums.yaml.gz.sig ADDED Viewed

Binary file

data.tar.gz.sig CHANGED Viewed

Binary file

data/Guardfile ADDED Viewed

@@ -0,0 +1,9 @@
+# A sample Guardfile
+# More info at https://github.com/guard/guard#readme
+guard :minitest do
+  # with Minitest::Unit
+  watch(%r{^test/(.*)\/?test_(.*)\.rb$})
+  watch(%r{^lib/(.*/)?([^/]+)\.rb$})     { |m| "test/#{m[1]}test_#{m[2]}.rb" }
+  watch(%r{^test/test_helper\.rb$})      { 'test' }
+end

data/bin/snortrule CHANGED Viewed

@@ -1,6 +1,7 @@
 #!/usr/bin/env ruby
 # DESCRIPTION: generates and parses snort rules
 require 'getoptlong'
+require 'snort/rule'
 def usage
 	puts "Usage: #{$0} [-h] [-a <action>] [-p <protocol>] [-s <srcip>] [-x <srcport>] [-w <direction>] [-d <dstip>] [-c <dstport>] [-o <key:value>] [-o <key:value> ...]"
@@ -49,9 +50,9 @@ opts.each do |opt, arg|
 		rule.dport = arg.to_i
 	when '--opts'
 		if arg =~ /(.+?)\s*[=:]\s*(.+)/
-			rule.opts[$1] = $2
+			rule.options << Snort::RuleOption($1,$2)
 		else
-			rule.opts[arg] = true
+			rule.options << Snort::RuleOption(arg)
 		end
 	else
 		usage

data/lib/snort/rule.rb CHANGED Viewed

@@ -1,53 +1,64 @@
 require "snort/rule/version"
+require "snort/rule/option"
 # Generates and parses snort rules
 #
-# Author::    Chris Lee  (mailto:rubygems@chrislee.dhs.org)
+# Authors::   Chris Lee  (mailto:rubygems@chrislee.dhs.org), Will Green (will[ at ]hotgazpacho[ dot ]org)
 # Copyright:: Copyright (c) 2011 Chris Lee
 # License::   Distributes under the same terms as Ruby
 module Snort
-	# This class stores and generates the features of a snort rule
-	class Rule
-		attr_accessor :action, :proto, :src, :sport, :dir, :dst, :dport, :opts
-		def initialize(kwargs={})
-			@action = kwargs[:action] || 'alert'
-			@proto = kwargs[:proto] || 'IP'
-			@src = kwargs[:src] || 'any'
-			@sport = kwargs[:sport] || 'any'
-			@dir = kwargs[:dir] || '->'
-			@dst = kwargs[:dst] || 'any'
-			@dport = kwargs[:dport] || 'any'
-			@opts = kwargs[:opts] || {}
-		end
-		# Output the current object into a snort rule
-		def to_s(options_only=false)
-			rule = ""
-			rule = [@action, @proto, @src, @sport, @dir, @dst, @dport, '( '].join(" ") unless options_only
-			opts.keys.sort.each do |k|
-				rule += k if opts[k];
-				unless opts[k] == true
-					rule += ":#{opts[k]}"
-				end
-				rule += "; "
-			end
-			rule += ")" unless options_only
-			rule
-		end
-		# Parse a snort rule to generate an object
-		def Rule::parse(string)
-			rule = Snort::Rule.new
-			rulepart, optspart = string.split(/\s*\(\s*/,2)
-			rule.action, rule.proto, rule.src, rule.sport, rule.dir, rule.dst, rule.dport = rulepart.split(/\s+/)
-			rule.opts = Hash[optspart.gsub(/;\s*\).*$/,'').split(/\s*;\s*/).map { |x|
-				if x =~ /(.*?):(.*)/
-					x.split(/:/,2)
-				else
-					[x,true]
-				end
-			}]
-			rule
-		end
-	end
+  # This class stores and generates the features of a snort rule
+  class Rule
+    attr_accessor :action, :proto, :src, :sport, :dir, :dst, :dport
+    attr_reader :options
+    # Initializes the Rule
+    # @param [Hash] kwargs The options to initialize the Rule with
+    # @option kwargs [String] :action The action
+    # @option kwargs [String] :proto The protocol
+    # @option kwargs [String] :src The source IP
+    # @option kwargs [String] :sport The source Port
+    # @option kwargs [String] :dir The direction of traffic flow
+    # @option kwargs [String] :dst The destination IP
+    # @option kwargs [String] :dport The destination Port
+    # @option kwargs[Array<Snort::RuleOption>] :options The better way of passing in options, using
+    #   option objects that know how to represent themselves as a string properly
+    def initialize(kwargs={})
+      @action = kwargs[:action] || 'alert'
+      @proto = kwargs[:proto] || 'IP'
+      @src = kwargs[:src] || 'any'
+      @sport = kwargs[:sport] || 'any'
+      @dir = kwargs[:dir] || '->'
+      @dst = kwargs[:dst] || 'any'
+      @dport = kwargs[:dport] || 'any'
+      @options = kwargs[:options] || []
+    end
+    # Output the current object into a snort rule
+    def to_s(options_only=false)
+      rule = ""
+      rule = [@action, @proto, @src, @sport, @dir, @dst, @dport].join(" ") unless options_only
+      if options.any?
+        rule += " (" unless options_only
+        rule += options.join(' ')
+        rule += ")" unless options_only
+      end
+      rule
+    end
+    # Parse a snort rule to generate an object
+    def Rule::parse(string)
+      rule = Snort::Rule.new
+      rulepart, optspart = string.split(/\s*\(\s*/,2)
+      rule.action, rule.proto, rule.src, rule.sport, rule.dir, rule.dst, rule.dport = rulepart.split(/\s+/)
+      optspart.gsub(/;\s*\).*$/,'').split(/\s*;\s*/).each do |x|
+        if x =~ /(.*?):(.*)/
+          rule.options << Snort::RuleOption.new(*x.split(/:/,2))
+        else
+          rule.options << Snort::RuleOption.new(x)
+        end
+      end if optspart
+      rule
+    end
+  end
 end

data/lib/snort/rule/option.rb ADDED Viewed

@@ -0,0 +1,32 @@
+module Snort
+  class RuleOption
+    attr_reader :keyword, :arguments
+    # @param [String] keyword
+    # @param [String] arguments
+    def initialize(keyword, arguments=nil)
+      @keyword = keyword.to_s
+      @arguments = arguments.to_s
+    end
+    def to_s
+      output = @keyword
+      output << ":#{@arguments}" unless @arguments.empty?
+      output << ';'
+      output
+    end
+    def ==(other)
+      @keyword == other.keyword && @arguments == other.arguments
+    end
+    def eql?(other)
+      self == other
+    end
+    def hash
+      [@keyword, @arguments].hash
+    end
+  end
+end

data/lib/snort/rule/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Snort
   class Rule
-    VERSION = "0.1.1"
+    VERSION = "1.0.1"
   end
 end

data/snort-rule.gemspec CHANGED Viewed

@@ -4,23 +4,25 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require 'snort/rule/version'
 Gem::Specification.new do |spec|
-	spec.name          = "snort-rule"
-	spec.version       = Snort::Rule::VERSION
-	spec.authors       = ["chrislee35"]
-	spec.email         = ["rubygems@chrislee.dhs.org"]
-	spec.description   = %q{Parses and generates Snort rules similar to PERL's Snort::Rule}
-	spec.summary       = %q{Class for parsing and generating Snort Rules}
-	spec.homepage      = "http://github.com/chrislee35/snort-rule"
-	spec.license       = "MIT"
+  spec.name          = "snort-rule"
+  spec.version       = Snort::Rule::VERSION
+  spec.authors       = ["chrislee35"]
+  spec.email         = ["rubygems@chrislee.dhs.org"]
+  spec.description   = %q{Parses and generates Snort rules similar to PERL's Snort::Rule}
+  spec.summary       = %q{Class for parsing and generating Snort Rules}
+  spec.homepage      = "http://github.com/chrislee35/snort-rule"
+  spec.license       = "MIT"
-	spec.files         = `git ls-files`.split($/)
-	spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
-	spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
-	spec.require_paths = ["lib"]
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
-	spec.add_development_dependency "bundler", "~> 1.3"
-	spec.add_development_dependency "rake"
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency "minitest"
+  spec.add_development_dependency "guard-minitest"
-	spec.signing_key   = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
-	spec.cert_chain    = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
+  spec.signing_key   = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
+  spec.cert_chain    = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
 end

data/test/helper.rb CHANGED Viewed

@@ -1,2 +1,3 @@
-require 'test/unit'
+require 'minitest/autorun'
+require 'minitest/pride'
 require File.expand_path('../../lib/snort/rule.rb', __FILE__)

data/test/test_snort-rule.rb CHANGED Viewed

@@ -8,26 +8,52 @@ end
 require_relative 'helper'
-class TestSnortRule < Test::Unit::TestCase
-	def test_constructor_should_set_all_the_parameters_and_generate_the_correct_rule
-		rule = Snort::Rule.new({:action => 'pass', :proto => 'udp', :src => '192.168.0.1', :sport => 'any', :dir => '<>', :dst => 'any', :dport => 53, :opts => {'sid' => 48, 'threshold' => 'type limit,track by_src,count 1,seconds 3600' }})
-		assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
-	end
+class TestSnortRule < Minitest::Test
+  def test_constructor_should_set_all_the_parameters_and_generate_the_correct_rule
+    rule = Snort::Rule.new({:action => 'pass', :proto => 'udp', :src => '192.168.0.1', :sport => 'any', :dir => '<>',
+      :dst => 'any', :dport => 53,
+      :options => [Snort::RuleOption.new('sid', 48), Snort::RuleOption.new('threshold', 'type limit,track by_src,count 1,seconds 3600')]
+    })
+    assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 (sid:48; threshold:type limit,track by_src,count 1,seconds 3600;)"
+  end
-	def test_construct_a_default_rule_and_update_each_member_to_generate_the_correct_rule
-		rule = Snort::Rule.new
-		rule.action = 'pass'
-		rule.proto = 'udp'
-		rule.src = '192.168.0.1'
-		rule.dir = '<>'
-		rule.dport = 53
-		rule.opts['sid'] = 48
-		rule.opts['threshold'] = 'type limit,track by_src,count 1,seconds 3600'
-		assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
-	end
+  def test_construct_a_default_rule_and_update_each_member_to_generate_the_correct_rule
+    rule = Snort::Rule.new
+    rule.action = 'pass'
+    rule.proto = 'udp'
+    rule.src = '192.168.0.1'
+    rule.dir = '<>'
+    rule.dport = 53
+    rule.options << Snort::RuleOption.new('sid', 48)
+    rule.options << Snort::RuleOption.new('threshold', 'type limit,track by_src,count 1,seconds 3600')
+    assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 (sid:48; threshold:type limit,track by_src,count 1,seconds 3600;)"
+  end
-	def test_parse_an_existing_rule_and_generate_the_same_rule
-		rule = Snort::Rule.parse("pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )")
-		assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 ( sid:48; threshold:type limit,track by_src,count 1,seconds 3600; )"
-	end
+  def test_construct_a_default_rule_with_many_options_having_the_same_keyword
+    rule = Snort::Rule.new
+    rule.action = 'alert'
+    rule.proto = 'tcp'
+    rule.src = '$HOME_NET'
+    rule.dir = '->'
+    rule.dst = '$EXTERNAL_NET'
+    rule.dport = '$HTTP_PORTS'
+    rule.options << Snort::RuleOption.new('msg', '"HTTP Host www.baddomain.com"')
+    rule.options << Snort::RuleOption.new('content', '"Host|3a|"')
+    rule.options << Snort::RuleOption.new('nocase')
+    rule.options << Snort::RuleOption.new('http_header')
+    rule.options << Snort::RuleOption.new('content', '"www.baddomain.com"')
+    rule.options << Snort::RuleOption.new('nocase')
+    rule.options << Snort::RuleOption.new('http_header')
+    rule.options << Snort::RuleOption.new('pcre', '"/^Host\\x3a(.*\\.|\\s*)www\\.baddomain\\.com\\s*$/mi"')
+    rule.options << Snort::RuleOption.new('flow', 'to_server,established')
+    rule.options << Snort::RuleOption.new('threshold', 'type limit, track by_src, count 1, seconds 300')
+    rule.options << Snort::RuleOption.new('classtype', 'bad-unknown')
+    rule.options << Snort::RuleOption.new('sid', '100000000')
+    assert_equal 'alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:"HTTP Host www.baddomain.com"; content:"Host|3a|"; nocase; http_header; content:"www.baddomain.com"; nocase; http_header; pcre:"/^Host\x3a(.*\.|\s*)www\.baddomain\.com\s*$/mi"; flow:to_server,established; threshold:type limit, track by_src, count 1, seconds 300; classtype:bad-unknown; sid:100000000;)', rule.to_s
+  end
+  def test_parse_an_existing_rule_and_generate_the_same_rule
+    rule = Snort::Rule.parse("pass udp 192.168.0.1 any <> any 53 (   sid:48;     threshold:type limit,track by_src,count 1,seconds 3600; )")
+    assert_equal rule.to_s, "pass udp 192.168.0.1 any <> any 53 (sid:48; threshold:type limit,track by_src,count 1,seconds 3600;)"
+  end
 end

data/test/test_snort_rule_option.rb ADDED Viewed

@@ -0,0 +1,40 @@
+unless Kernel.respond_to?(:require_relative)
+  module Kernel
+    def require_relative(path)
+      require File.join(File.dirname(caller[0]), path.to_str)
+    end
+  end
+end
+require_relative 'helper'
+class TestSnortRuleOption < Minitest::Test
+  def test_to_s_on_option_with_keyword_and_argument
+    option = Snort::RuleOption.new('msg', '"OHAI"')
+    assert_equal 'msg:"OHAI";', option.to_s
+  end
+  def test_to_s_on_option_with_keyword_and_no_arguments
+    option = Snort::RuleOption.new('nocase')
+    assert_equal 'nocase;', option.to_s
+  end
+  def test_two_options_with_same_keyword_and_arguments_are_double_equals
+    option1 = Snort::RuleOption.new('msg', '"OHAI"')
+    option2 = Snort::RuleOption.new('msg', '"OHAI"')
+    assert option1 == option2, 'They are not `==`'
+  end
+  def test_two_options_with_same_keyword_and_arguments_are_eql
+    option1 = Snort::RuleOption.new('msg', '"OHAI"')
+    option2 = Snort::RuleOption.new('msg', '"OHAI"')
+    assert option1.eql?(option2), 'They are not `eql?`'
+  end
+  def test_two_options_with_same_keyword_and_arguments_produce_same_hash
+    option1 = Snort::RuleOption.new('msg', '"OHAI"')
+    option2 = Snort::RuleOption.new('msg', '"OHAI"')
+    assert_equal option1.hash, option2.hash
+  end
+end

metadata CHANGED Viewed

@@ -1,49 +1,40 @@
 --- !ruby/object:Gem::Specification
 name: snort-rule
 version: !ruby/object:Gem::Version
-  version: 0.1.1
-  prerelease:
+  version: 1.0.1
 platform: ruby
 authors:
 - chrislee35
 autorequire:
 bindir: bin
 cert_chain:
-- !binary |-
-  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZakNDQWtxZ0F3SUJB
-  Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREJYTVJFd0R3WURWUVFEREFoeWRX
-  SjUKWjJWdGN6RVlNQllHQ2dtU0pvbVQ4aXhrQVJrV0NHTm9jbWx6YkdWbE1S
-  TXdFUVlLQ1pJbWlaUHlMR1FCR1JZRApaR2h6TVJNd0VRWUtDWkltaVpQeUxH
-  UUJHUllEYjNKbk1CNFhEVEV6TURVeU1qRXlOVGswTjFvWERURTBNRFV5Ck1q
-  RXlOVGswTjFvd1Z6RVJNQThHQTFVRUF3d0ljblZpZVdkbGJYTXhHREFXQmdv
-  SmtpYUprL0lzWkFFWkZnaGoKYUhKcGMyeGxaVEVUTUJFR0NnbVNKb21UOGl4
-  a0FSa1dBMlJvY3pFVE1CRUdDZ21TSm9tVDhpeGtBUmtXQTI5eQpaekNDQVNJ
-  d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOY1ByeDhC
-  WmlXSVI5eFdXRzhJCnRxUjUzOHRTMXQrVUo0RlpGbCsxdnJ0VTlUaXVXWDNW
-  ajM3VHdVcGEyZkZremlLMG41S3VwVlRoeUVoY2VtNW0KT0dSanZnclJGYldR
-  SlNTc2NJS09wd3FVUkhWS1JwVjlnVnovSG56azhTK3hvdFVSMUJ1bzNVZ3Ir
-  STFqSGV3RApDZ3IreSt6Z1pidGp0SHNKdHN1dWprT2NQaEVqalVpbmo2OEw5
-  Rno5QmRlSlF0K0lhY2p3QXpVTGl4NmpXQ2h0ClVjK2crMHo4RXNyeWNhMkc2
-  STFHc3JnWDZXSHc4ZHlreVFEVDlkQ3RTMmZsQ093U0MxUjBLNVQveEhXNTRm
-  KzUKd2N3OG1tNTNLTE5lK3RtZ1ZDNlpIeU1FK3FKc0JuUDZ1eEYwYVRFbkdB
-  L2pEQlFEaFFOVEYwWlAvYWJ6eVRzTAp6alVDQXdFQUFhTTVNRGN3Q1FZRFZS
-  MFRCQUl3QURBTEJnTlZIUThFQkFNQ0JMQXdIUVlEVlIwT0JCWUVGTzh3Cith
-  ZVA3VDZrVkpibENnNmV1c09JSTlEZk1BMEdDU3FHU0liM0RRRUJCUVVBQTRJ
-  QkFRQkNReVJKTFhzQm8yRnkKOFc2ZS9XNFJlbVFScmxBdzlESzVPNlU3MUp0
-  ZWRWb2Iyb3ErT2Irem1TK1BpZkUyK0wrM1JpSjJINlZUbE96aQp4K0EwNjFN
-  VVhoR3JhcVZxNEoyRkM4a3Q0RVF5d0FEMFAwVGE1R1UyNENHU0YwOFkzR2tK
-  eTFTYTRYcVRDMllDCm81MXM3SlArdGtDQ3RwVllTZHpKaFRsbGllUkFXQnBH
-  VjFkdGFvZVVLRTZ0WVBNQmtvc3hTUmNWR2N6ay9TYzMKN2VRQ3BleFl5OUps
-  VUJJOXUzQnFJWTlFK2wrTVNuOGloWFNQbXlLMERncmhhQ3Urdm9hU0ZWT1g2
-  WStCNXFibwpqTFhNUXUyWmdJU1l3WE5qTmJHVkhlaHV0ODJVN1U5b2lIb1dj
-  ck9HYXphUlVtR085VFhQK2FKTEgwZ3cyZGNLCkFmTWdsWFBpCi0tLS0tRU5E
-  IENFUlRJRklDQVRFLS0tLS0K
-date: 2013-06-02 00:00:00.000000000 Z
+- |
+  -----BEGIN CERTIFICATE-----
+  MIIDYjCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQUFADBXMREwDwYDVQQDDAhydWJ5
+  Z2VtczEYMBYGCgmSJomT8ixkARkWCGNocmlzbGVlMRMwEQYKCZImiZPyLGQBGRYD
+  ZGhzMRMwEQYKCZImiZPyLGQBGRYDb3JnMB4XDTEzMDUyMjEyNTk0N1oXDTE0MDUy
+  MjEyNTk0N1owVzERMA8GA1UEAwwIcnVieWdlbXMxGDAWBgoJkiaJk/IsZAEZFghj
+  aHJpc2xlZTETMBEGCgmSJomT8ixkARkWA2RoczETMBEGCgmSJomT8ixkARkWA29y
+  ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcPrx8BZiWIR9xWWG8I
+  tqR538tS1t+UJ4FZFl+1vrtU9TiuWX3Vj37TwUpa2fFkziK0n5KupVThyEhcem5m
+  OGRjvgrRFbWQJSSscIKOpwqURHVKRpV9gVz/Hnzk8S+xotUR1Buo3Ugr+I1jHewD
+  Cgr+y+zgZbtjtHsJtsuujkOcPhEjjUinj68L9Fz9BdeJQt+IacjwAzULix6jWCht
+  Uc+g+0z8Esryca2G6I1GsrgX6WHw8dykyQDT9dCtS2flCOwSC1R0K5T/xHW54f+5
+  wcw8mm53KLNe+tmgVC6ZHyME+qJsBnP6uxF0aTEnGA/jDBQDhQNTF0ZP/abzyTsL
+  zjUCAwEAAaM5MDcwCQYDVR0TBAIwADALBgNVHQ8EBAMCBLAwHQYDVR0OBBYEFO8w
+  +aeP7T6kVJblCg6eusOII9DfMA0GCSqGSIb3DQEBBQUAA4IBAQBCQyRJLXsBo2Fy
+  8W6e/W4RemQRrlAw9DK5O6U71JtedVob2oq+Ob+zmS+PifE2+L+3RiJ2H6VTlOzi
+  x+A061MUXhGraqVq4J2FC8kt4EQywAD0P0Ta5GU24CGSF08Y3GkJy1Sa4XqTC2YC
+  o51s7JP+tkCCtpVYSdzJhTllieRAWBpGV1dtaoeUKE6tYPMBkosxSRcVGczk/Sc3
+  7eQCpexYy9JlUBI9u3BqIY9E+l+MSn8ihXSPmyK0DgrhaCu+voaSFVOX6Y+B5qbo
+  jLXMQu2ZgISYwXNjNbGVHehut82U7U9oiHoWcrOGazaRUmGO9TXP+aJLH0gw2dcK
+  AfMglXPi
+  -----END CERTIFICATE-----
+date: 2014-05-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -51,7 +42,6 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -59,17 +49,43 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
-    none: false
     requirements:
-    - - ! '>='
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: guard-minitest
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '>='
       - !ruby/object:Gem::Version
         version: '0'
 description: Parses and generates Snort rules similar to PERL's Snort::Rule
@@ -82,46 +98,43 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - Gemfile
+- Guardfile
 - LICENSE.txt
 - README.md
 - Rakefile
 - bin/snortrule
 - lib/snort/rule.rb
+- lib/snort/rule/option.rb
 - lib/snort/rule/version.rb
 - snort-rule.gemspec
 - test/helper.rb
 - test/test_snort-rule.rb
+- test/test_snort_rule_option.rb
 homepage: http://github.com/chrislee35/snort-rule
 licenses:
 - MIT
+metadata: {}
 post_install_message:
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 845204443714955193
 required_rubygems_version: !ruby/object:Gem::Requirement
-  none: false
   requirements:
-  - - ! '>='
+  - - '>='
     - !ruby/object:Gem::Version
       version: '0'
-      segments:
-      - 0
-      hash: 845204443714955193
 requirements: []
 rubyforge_project:
-rubygems_version: 1.8.25
+rubygems_version: 2.1.11
 signing_key:
-specification_version: 3
+specification_version: 4
 summary: Class for parsing and generating Snort Rules
 test_files:
 - test/helper.rb
 - test/test_snort-rule.rb
+- test/test_snort_rule_option.rb

metadata.gz.sig CHANGED Viewed

Binary file