rules: manual flowbit id setting

Use a manual increment to compute the ID of flowbit object. Previous algorithm was triggering an integer overflow when importing the Suricata traffic id source.
StamusNetworks · Mar 12, 2018 · 6d4a314 · 6d4a314
1 parent 88f31fe
commit 6d4a314
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/rules/models.py b/rules/models.py
@@ -1123,6 +1123,11 @@ def get_rules(self, source, existing_rules_hash=None):
             rules_list.append(rule)
 
         flowbits = { 'added': {'flowbit': [], 'through_set': [], 'through_isset': [] }}
+        existing_flowbits = Flowbit.objects.all().order_by('-pk')
+        if len(existing_flowbits):
+            flowbits['last_pk'] = existing_flowbits[0].pk
+        else:
+            flowbits['last_pk'] = 1
         for key in ('flowbits', 'hostbits', 'xbits'):
             flowbits[key] = {}
             for flowb in Flowbit.objects.filter(source=source, type=key):
@@ -1358,7 +1363,6 @@ def get_absolute_url(self):
         return reverse('rule', args=[str(self.sid)])
 
     def parse_flowbits(self, source, flowbits, addition = False):
-        flowbit_count = 0
         for ftype in self.BITSREGEXP:
             match = self.BITSREGEXP[ftype].findall(self.content)
             if match:
@@ -1373,9 +1377,8 @@ def parse_flowbits(self, source, flowbits, addition = False):
                     if not flowinst[1] in flowbits[ftype].keys():
                         elt = Flowbit(type = ftype, name = flowinst[1],
                                       source = source)
-                        # limit at 20 *bits per rule
-                        elt.id = int(self.sid) * 20 + flowbit_count
-                        flowbit_count += 1
+                        flowbits['last_pk'] += 1
+                        elt.id = flowbits['last_pk']
                         flowbits[ftype][flowinst[1]] = elt
                         flowbits['added']['flowbit'].append(elt)
                     else: