Merge remote-tracking branch 'origin/topic/vern/when-lambda'

* origin/topic/vern/when-lambda: explicitly provide the frame for evaluating a "when" timeout expression attempt to make "when" btest deterministic tests for new "when" semantics/errors update existing test suite usage of "when" statements to include captures update uses of "when" in base scripts to include captures captures for "when" statements update Triggers to IntrusivePtr's and simpler AST traversal introduce IDSet type, migrate associated "ID*" types to "const ID*" logic (other than in profiling) for assignments that yield separate values option for internal use to mark a function type as allowing non-expression returns removed some now-obsolete profiling functionality minor commenting clarifications
2025-10-17 14:08:20 +00:00 · 2022-01-14 14:41:15 -07:00 · 2022-01-14 14:41:15 -07:00 · 3d9d6e953b
commit 3d9d6e953b
parent c6078cd6d5 98a05538b7
56 changed files with 931 additions and 255 deletions
--- a/scripts/policy/frameworks/files/detect-MHR.zeek
+++ b/scripts/policy/frameworks/files/detect-MHR.zeek
@ -39,7 +39,7 @@ function do_mhr_lookup(hash: string, fi: Notice::FileInfo)
 	{
 	local hash_domain = fmt("%s.malware.hash.cymru.com", hash);

-	when ( local MHR_result = lookup_hostname_txt(hash_domain) )
+	when [hash, fi, hash_domain] ( local MHR_result = lookup_hostname_txt(hash_domain) )
 		{
 		# Data is returned as "<dateFirstDetected> <detectionRate>"
 		local MHR_answer = split_string1(MHR_result, / /);
--- a/scripts/policy/frameworks/notice/extend-email/hostnames.zeek
+++ b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek
@ -33,7 +33,7 @@ hook notice(n: Notice::Info) &priority=-1
 	if ( n?$src )
 		{
 		add n$email_delay_tokens["hostnames-src"];
-		when ( local src_name = lookup_addr(n$src) )
+		when [n, uid, output] ( local src_name = lookup_addr(n$src) )
 			{
 			output = string_cat("orig/src hostname: ", src_name, "\n");
 			tmp_notice_storage[uid]$email_body_sections += output;
@ -43,7 +43,7 @@ hook notice(n: Notice::Info) &priority=-1
 	if ( n?$dst )
 		{
 		add n$email_delay_tokens["hostnames-dst"];
-		when ( local dst_name = lookup_addr(n$dst) )
+		when [n, uid, output] ( local dst_name = lookup_addr(n$dst) )
 			{
 			output = string_cat("resp/dst hostname: ", dst_name, "\n");
 			tmp_notice_storage[uid]$email_body_sections += output;
--- a/scripts/policy/frameworks/software/vulnerable.zeek
+++ b/scripts/policy/frameworks/software/vulnerable.zeek
@ -82,7 +82,7 @@ event grab_vulnerable_versions(i: count)
 		return;
 		}

-	when ( local result = lookup_hostname_txt(cat(i,".",vulnerable_versions_update_endpoint)) )
+	when [i] ( local result = lookup_hostname_txt(cat(i,".",vulnerable_versions_update_endpoint)) )
 		{
 		local parts = split_string1(result, /\x09/);
 		if ( |parts| != 2 ) #failure or end of list!
--- a/scripts/policy/protocols/conn/known-hosts.zeek
+++ b/scripts/policy/protocols/conn/known-hosts.zeek
@ -77,7 +77,7 @@ event Known::host_found(info: HostsInfo)
 	if ( ! Known::use_host_store )
 		return;

-	when ( local r = Broker::put_unique(Known::host_store$store, info$host,
+	when [info] ( local r = Broker::put_unique(Known::host_store$store, info$host,
 	                                    T, Known::host_store_expiry) )
 		{
 		if ( r$status == Broker::SUCCESS )
--- a/scripts/policy/protocols/conn/known-services.zeek
+++ b/scripts/policy/protocols/conn/known-services.zeek
@ -123,7 +123,7 @@ event service_info_commit(info: ServicesInfo)
 		{
 		local key = AddrPortServTriplet($host = info$host, $p = info$port_num, $serv = s);

-		when ( local r = Broker::put_unique(Known::service_store$store, key,
+		when [info, s, key] ( local r = Broker::put_unique(Known::service_store$store, key,
 		                                    T, Known::service_store_expiry) )
 			{
 			if ( r$status == Broker::SUCCESS )
--- a/scripts/policy/protocols/ssh/interesting-hostnames.zeek
+++ b/scripts/policy/protocols/ssh/interesting-hostnames.zeek
@ -29,7 +29,7 @@ export {

 function check_ssh_hostname(id: conn_id, uid: string, host: addr)
 	{
-	when ( local hostname = lookup_addr(host) )
+	when [id, uid, host] ( local hostname = lookup_addr(host) )
 		{
 		if ( interesting_hostnames in hostname )
 			{
--- a/scripts/policy/protocols/ssl/known-certs.zeek
+++ b/scripts/policy/protocols/ssl/known-certs.zeek
@ -89,7 +89,7 @@ event Known::cert_found(info: CertsInfo, hash: string)

 	local key = AddrCertHashPair($host = info$host, $hash = hash);

-	when ( local r = Broker::put_unique(Known::cert_store$store, key,
+	when [info, key] ( local r = Broker::put_unique(Known::cert_store$store, key,
 	                                    T, Known::cert_store_expiry) )
 		{
 		if ( r$status == Broker::SUCCESS )
--- a/scripts/policy/protocols/ssl/notary.zeek
+++ b/scripts/policy/protocols/ssl/notary.zeek
@ -63,7 +63,7 @@ event ssl_established(c: connection) &priority=3
 	if ( waits_already )
 		return;

-	when ( local str = lookup_hostname_txt(fmt("%s.%s", digest, domain)) )
+	when [digest] ( local str = lookup_hostname_txt(fmt("%s.%s", digest, domain)) )
 		{
 		notary_cache[digest] = [];