From 5bab676d8783a9b8557e95b20d5cd7586e21387a Mon Sep 17 00:00:00 2001
From: wbbigdave <Luke@wbbigdave.com>
Date: Wed, 13 Mar 2024 14:30:24 +0000
Subject: [PATCH] Update parse.py

Switched the group order for rule_pattern, so that the group "raw" is processed with the preceeding #. In the previous order, a disabled rule would not be commented out in the "raw" rule string, and would have to be added manually.
---
 suricataparser/parse.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/suricataparser/parse.py b/suricataparser/parse.py
index c28e90b..3803e91 100644
--- a/suricataparser/parse.py
+++ b/suricataparser/parse.py
@@ -4,8 +4,8 @@
 from suricataparser.rule import Rule, Option, Metadata
 
 
-rule_pattern = re.compile(r"^(?P<enabled>#)*[\s#]*"
-                          r"(?P<raw>"
+rule_pattern = re.compile(r"(?P<raw>"
+                          r"^(?P<enabled>#)*[\s#]*"
                           r"(?P<header>[^()]+)"
                           r"\((?P<options>.*)\)"
                           r"$)")