Merge pull request #27 from certeu/add-ignore-errors

add: ignore_export_error custom field option for raw rules
certeu · Nov 11, 2024 · 0904690 · 0904690
2 parents 3f71dea + 44dc077
commit 0904690
Show file tree

Hide file tree

Showing 2 changed files with 28 additions and 8 deletions.
diff --git a/src/droid/export.py b/src/droid/export.py
@@ -101,8 +101,11 @@ def export_rule_raw(parameters: dict, export_config: dict, logger_param: dict):
                 try:
                     platform.create_rule(rule_content, rule_converted, rule_file)
                 except:
-                    logger.error(f"Error in creating search for rule {rule_file}")
-                    error_i = True
+                    if rule_content.get("custom", {}).get("ignore_export_error", False):
+                        logger.warning(f"(Ignoring) Error in creating search for rule {rule_file}")
+                    else:
+                        logger.error(f"Error in creating search for rule {rule_file}")
+                        error_i = True
         if error_i:
             error = True
             return error
@@ -122,8 +125,12 @@ def export_rule_raw(parameters: dict, export_config: dict, logger_param: dict):
             try:
                 platform.create_rule(rule_content, rule_converted, rule_file)
             except Exception as e:
-                logger.error(f"Error in creating search for rule {rule_file} - error: {e}")
-                error = True
+                if rule_content.get("custom", {}).get("ignore_export_error", False):
+                    logger.warning(f"(Ignoring) Error in creating search for rule {rule_file} - error: {e}")
+                    error = False
+                else:
+                    logger.error(f"Error in creating search for rule {rule_file} - error: {e}")
+                    error = True
         if error:
             return error
     else:

diff --git a/src/droid/integrity.py b/src/droid/integrity.py
@@ -398,17 +398,30 @@ def integrity_rule_raw(parameters: dict, export_config: dict, logger_param: dict
             rule_content = load_rule(rule_file)
             rule_converted = rule_content["detection"]
             error = integrity_rule(parameters, rule_converted, rule_content, platform, rule_file, error, logger_param)
+
             if error:
-                error_i = True
-        if error_i:
-            error = True
-            return error
+                custom_settings = rule_content.get("custom", {})
+                if custom_settings.get("ignore_export_error", False):
+                    logger.warning(f"(Ignoring) rule not found {rule_file}")
+                elif custom_settings.get("removed", False):
+                    logger.info(f"Rule not found and intended to be removed {rule_file}")
+                else:
+                    error_i = True
+
+        return error_i
+
 
     elif path.is_file():
         rule_file = path
         rule_content = load_rule(rule_file)
         rule_converted = rule_content["detection"]
         error = integrity_rule(parameters, rule_converted, rule_content, platform, rule_file, error, logger_param)
+        if error and rule_content.get("custom", {}).get("ignore_export_error", False):
+            logger.warning(f"(Ignoring) rule not found {rule_file}")
+            error = False
+        elif error and rule_content.get("custom", {}).get("removed", False):
+            logger.info(f"Rule not found and intended to be removed {rule_file}")
+            error = False
     else:
         print(f"The path {path} is neither a directory nor a file.")