From f6e3ad51febaa3185bb681b9a13c9b6eb7a82b1d Mon Sep 17 00:00:00 2001
From: Jason Ish <jason@codemonkey.net>
Date: Thu, 9 May 2024 11:22:37 -0600
Subject: [PATCH] rules: update to new rule parser

---
 Cargo.lock   |  6 ++++--
 Cargo.toml   |  2 +-
 src/rules.rs | 11 ++++++-----
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 7830e0be..43da3eff 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2118,12 +2118,14 @@ checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
 
 [[package]]
 name = "suricatax-rule-parser"
-version = "0.1.0"
-source = "git+https://github.com/jasonish/rust-suricatax-rule-parser#67166893e79144622e9a9a0881b45e9d05a7eee0"
+version = "0.2.0-alpha.1"
+source = "git+https://github.com/jasonish/suricatax-rule-parser-rs#f5e3fa7000302b74c253dcc1d0931fcd7cd34a0c"
 dependencies = [
+ "lazy_static",
  "nom",
  "num-traits",
  "serde",
+ "serde_json",
 ]
 
 [[package]]
diff --git a/Cargo.toml b/Cargo.toml
index 53a23d7f..e724e3d6 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -57,7 +57,7 @@ serde = { version = "1.0.196", features = ["derive"] }
 serde_json = "1.0.112"
 serde_yaml = "0.9.30"
 
-suricatax-rule-parser = { git = "https://github.com/jasonish/rust-suricatax-rule-parser" }
+suricatax-rule-parser = { git = "https://github.com/jasonish/suricatax-rule-parser-rs" }
 time = { version = "0.3.31", features = ["formatting", "local-offset", "macros", "parsing"] }
 tracing = "0.1.40"
 tracing-subscriber = { version = "0.3.18", features = ["std", "fmt", "env-filter", "time"] }
diff --git a/src/rules.rs b/src/rules.rs
index 1a4daa83..e8cb35f9 100644
--- a/src/rules.rs
+++ b/src/rules.rs
@@ -129,11 +129,12 @@ fn parse_line(line: &str) -> Option<(u64, String)> {
     }
 
     let original = &line[offset..];
-    match suricatax_rule_parser::parse_elements(original) {
-        Ok((_, elements)) => {
-            for element in &elements {
-                if let suricatax_rule_parser::Element::Sid(sid) = element {
-                    return Some((*sid, original.to_string()));
+
+    match suricatax_rule_parser::parse_rule(original) {
+        Ok(rule) => {
+            for option in &rule.options {
+                if let suricatax_rule_parser::Parsed::Sid(sid) = option.parsed {
+                    return Some((sid, original.to_string()));
                 }
             }
         }