From 51963adab74a1a55b519e60b8fd5870ed8ff3b2c Mon Sep 17 00:00:00 2001
From: Laurenz <laurenz@llvl.de>
Date: Fri, 13 Oct 2023 11:49:10 +0200
Subject: [PATCH 1/2] added a function for handling lua files

---
 suricata/update/main.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/suricata/update/main.py b/suricata/update/main.py
index 4a0e7a6..3b52201 100644
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -499,6 +499,28 @@ def handle_filehash_files(rule, dep_files, fhash):
     else:
         logger.error("{} file {} was not found".format(fhash, filehash_fname))
 
+def handle_lua_rule_files(rule, dep_files, kw):
+    if not rule.enabled:
+        return
+    lua_rule_fname = rule.get(kw)
+    filename = [fname for fname, content in dep_files.items() if fname == lua_rule_fname]
+    if filename:
+        logger.debug("Copying lua file %s to output directory" % (lua_rule_fname))
+        filepath = os.path.join(config.get_state_dir(), "rules", os.path.dirname(filename[0]))
+        logger.debug("filepath: %s" % filepath)
+        try:
+            os.makedirs(filepath)
+        except OSError as oserr:
+            if oserr.errno != errno.EEXIST:
+                logger.error(oserr)
+                sys.exit(1)
+        logger.debug("output fname: %s" % os.path.join(filepath, os.path.basename(lua_rule_fname)))
+        with open(os.path.join(filepath, os.path.basename(lua_rule_fname)), "w+") as fp:
+            fp.write(dep_files[lua_rule_fname].decode("utf-8"))
+    else:
+        logger.error("lua file {} was not found".format(lua_rule_fname))
+
+
 def write_merged(filename, rulemap, dep_files):
 
     if not args.quiet:

From 445d972c7f7b7ad2d545d5effd5506322bbec8cb Mon Sep 17 00:00:00 2001
From: Laurenz <laurenz@llvl.de>
Date: Fri, 13 Oct 2023 11:50:26 +0200
Subject: [PATCH 2/2] added the logic for calling the lua file handler

---
 suricata/update/main.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/suricata/update/main.py b/suricata/update/main.py
index 3b52201..b4b8ba6 100644
--- a/suricata/update/main.py
+++ b/suricata/update/main.py
@@ -97,7 +97,7 @@
 INDEX_EXPIRATION_TIME = 60 * 60 * 24 * 14
 
 # Rule keywords that come with files
-file_kw = ["filemd5", "filesha1", "filesha256", "dataset"]
+file_kw = ["filemd5", "filesha1", "filesha256", "dataset", "lua", "luajit"]
 
 def strict_error(msg):
     logger.error(msg)
@@ -562,6 +562,8 @@ def write_merged(filename, rulemap, dep_files):
                 if kw in rule:
                     if "dataset" == kw:
                         reformatted = handle_dataset_files(rule, dep_files)
+                    elif kw in ["lua", "luajit"]:
+                        handle_lua_rule_files(rule, dep_files, kw)
                     else:
                         handle_filehash_files(rule, dep_files, kw)
             if reformatted:
@@ -623,6 +625,8 @@ def write_to_directory(directory, files, rulemap, dep_files):
                         if kw in rule:
                             if "dataset" == kw:
                                 reformatted = handle_dataset_files(rulemap[rule.id], dep_files)
+                            elif kw in ["lua", "luajit"]:
+                                handle_lua_rule_files(rulemap[rule.id], dep_files, kw)
                             else:
                                 handle_filehash_files(rulemap[rule.id], dep_files, kw)
                     if reformatted: