GH-281: Improve parsing of Google Pixel user agent

Fixes GH-281
2025-10-02 14:48:21 +00:00 · 2019-02-25 14:07:53 -06:00 · 2019-02-25 14:07:53 -06:00 · 53dc1176b7
commit 53dc1176b7
parent a342090f18
3 changed files with 48 additions and 17 deletions
--- a/scripts/base/frameworks/software/main.bro
+++ b/scripts/base/frameworks/software/main.bro
@ -147,6 +147,22 @@ function parse(unparsed_version: string): Description
 		{
 		return parse_mozilla(unparsed_version);
 		}
 	else if ( /A\/[0-9\.]*\/Google\/Pixel/ in unparsed_version )
 		{
 		software_name = "Android (Google Pixel)";
 		local parts = split_string_all(unparsed_version, /\//);
 		if ( 2 in parts )
 			{
 			local vs = parts[2];
 			if ( "." in vs )
 				v = parse(vs)$version;
 			else
 				v = Version($major=extract_count(vs));
 			return [$version=v, $unparsed_version=unparsed_version, $name=software_name];
 			}
 		}
 	else
 		{
 		# The regular expression should match the complete version number
--- a/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output
+++ b/testing/btest/Baseline/scripts.base.frameworks.software.version-parsing/output
@ -1,38 +1,33 @@
 success on: Flash/10,2,153,1
 success on: Apache/2.0.46 (Win32) mod_ssl/2.0.46 OpenSSL/0.9.7b mod_jk2/2.0.4
 success on: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
 success on: %E6%9C%89%E9%81%93%E8%AF%8D%E5%85%B8/128 CFNetwork/760.2.6 Darwin/15.3.0 (x86_64)
 success on: Java1.2.2-JDeveloper
 success on: Zope/(Zope 2.7.8-final, python 2.3.5, darwin) ZServer/1.1 Plone/Unknown
 success on: iTunes/9.0 (Macintosh; Intel Mac OS X 10.5.8) AppleWebKit/531.9
 success on: ProFTPD 1.2.5rc1 Server (Debian)
 success on: Flash%20Player/26.0.0.137 CFNetwork/811.5.4 Darwin/16.6.0 (x86_64)
 success on: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5
 success on: Opera/9.80 (Windows NT 5.1; Opera Mobi/49; U; en) Presto/2.4.18 Version/10.00
 success on: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
 success on: Apple Mail (2.1084)
 success on: Apache/2.0.63 (Unix) mod_auth_kerb/5.3 mod_ssl/2.0.63 OpenSSL/0.9.7a mod_fastcgi/2.4.2
 success on: Apache/1.3.19 (Unix)
 success on: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
 success on: Wget/1.11.4 (Red Hat modified)
 success on: \xe6\xbc\xab\xe7\x94\xbb\xe4\xba\xba 2.6.2 rv:1.2 (iPhone; iOS 10.3.2; en_US)
 success on: wu-2.6.2(1)
 success on: QQ%E9%82%AE%E7%AE%B1/5.3.2.8 CFNetwork/811.5.4 Darwin/16.6.0
 success on: The Bat! (3.0.1 RC3) Professional
 success on: Mozilla/5.0 (iPhone; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5
 success on: Mozilla/5.0 (iPod; U; CPU iPhone OS 4_0 like Mac OS X; en-us) AppleWebKit/532.9 (KHTML, like Gecko) Version/4.0.5 Mobile/8A293 Safari/6531.22.7
 success on: Opera/9.80 (Windows NT 5.1; Opera Mobi/49; U; en) Presto/2.4.18 Version/10.00
 success on: The Bat! (v2.00.9) Personal
 success on: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040804 Netscape/7.2 (ax)
 success on: %E6%9C%89%E9%81%93%E8%AF%8D%E5%85%B8/128 CFNetwork/760.2.6 Darwin/15.3.0 (x86_64)
 success on: Zope/(Zope 2.7.8-final, python 2.3.5, darwin) ZServer/1.1 Plone/Unknown
 success on: A/8.1.0/Google/Pixel#2/walleye/unknown/QCX3/l10660929675510745862/-/104360422/-/google/3606/3607/-
 success on: Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1; Media Center PC 3.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
 success on: Apache/2.0.46 (Win32) mod_ssl/2.0.46 OpenSSL/0.9.7b mod_jk2/2.0.4
 success on: wu-2.4.2-academ[BETA-18-VR14](1)
 success on: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3; Creative AutoUpdate v1.40.02)
 success on: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; GTB5; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; InfoPath.2)
 success on: A/8.0.0/Google/Pixel#XL/marlin/unknown/QCX3/l8100358318783302904/-/1456904160/-/google/662107/662098/-
 success on: Apache/2.0.63 (Unix) mod_auth_kerb/5.3 mod_ssl/2.0.63 OpenSSL/0.9.7a mod_fastcgi/2.4.2
 success on: Apache/1.3.19 (Unix)
 success on: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_7; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.205 Safari/534.16
 success on: Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063
 success on: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)
 success on: Total Commander
 success on: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; Trident/7.0; .NET4.0E; .NET4.0C)
 success on: libwww-perl/5.820
 success on: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) AdobeAIR/1.0
 success on: Java/1.6.0_13
 success on: A/9/Google/Pixel#2/walleye/unknown/QCX3/l17463753539612639959/-/2406658516/-/google/724998/724992/-
 success on: Python-urllib/3.1
 success on: Mozilla/4.0 (compatible; MSIE 8.0; Android 2.2.2; Linux; Opera Mobi/ADR-1103311355; en) Opera 11.00
 success on: CacheFlyServe v26b
@ -41,7 +36,11 @@ success on: OpenSSH_5.2
 success on: (vsFTPd 2.0.5)
 success on: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-us) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27
 success on: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; InfoPath.2; InfoPath.3)
 success on: Flash%20Player/26.0.0.137 CFNetwork/811.5.4 Darwin/16.6.0 (x86_64)
 success on: Apache
 success on: Flash/10,2,153,1
 success on: A/9/Google/Pixel#2/walleye/unknown/QCX3/l9335055540778241916/-/1576068601/-/google/63672/63666/00:BOOT.XF.1.2.2.c1-00036-M8998LZB-2+01:TZ.BF.4.0.6-00152+03:RPM.BF.1.7-00128+11:MPSS.AT.2.0.c4.5-00253-8998_GEN_PACK-1.172723.1.178350.2+12:ADSP.HT.3.0-00372-CB8998-1+14:VIDEO.VE.4.4-00033+15:SLPI.HB.2.0.c3-00016-M8998AZL-1
 success on: Java1.2.2-JDeveloper
 success on: Mozilla/5.0 (Windows; U; Windows NT 5.1; de; rv:1.9.2.11) Gecko/20101013 Lightning/1.0b2 Thunderbird/3.1.5
 success on: Mozilla/5.0 (Windows; U; en) AppleWebKit/420+ (KHTML, like Gecko) AdobeAIR/1.0
 success on: curl/7.15.1 (i486-pc-linux-gnu) libcurl/7.15.1 OpenSSL/0.9.8a zlib/1.2.3 libidn/0.5.18
@ -51,5 +50,11 @@ success on: OpenSSH_4.4
 success on: mt2/1.2.3.967 Oct 13 2010-13:40:24 ord-pixel-x2 pid 0x35a3 13731
 success on: Opera/9.80 (J2ME/MIDP; Opera Mini/9.80 (S60; SymbOS; Opera Mobi/23.348; U; en) Presto/2.5.25 Version/10.54
 success on: Opera/9.80 (Windows NT 6.1; U; sv) Presto/2.7.62 Version/11.01
 success on: iTunes/9.0 (Macintosh; Intel Mac OS X 10.5.8) AppleWebKit/531.9
 success on: ProFTPD 1.2.5rc1 Server (Debian)
 success on: Apple Mail (2.1084)
 success on: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
 success on: A/9/Google/Pixel#2#XL/taimen/unknown/QCX3/l2640039522761750592/-/1061307257/-/google/1199700/1199701/-
 success on: Opera/9.80 (J2ME/MIDP; Opera Mini/5.0.18741/18.794; U; en) Presto/2.4.15
 success on: Wget/1.9+cvs-stable (Red Hat modified)
 success on: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko
--- a/testing/btest/scripts/base/frameworks/software/version-parsing.bro
+++ b/testing/btest/scripts/base/frameworks/software/version-parsing.bro
@ -1,5 +1,5 @@
 # @TEST-EXEC: bro %INPUT > output
-# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff output
 module Software;
@ -121,6 +121,16 @@ global matched_software: table[string] of Software::Description = {
 		[$name="QQ\xe9\x82\xae\xe7\xae\xb1", $version=[$major=5,$minor=3,$minor2=2,$minor3=8,$addl="CFNetwork/811"], $unparsed_version=""],
 	["Mozilla/5.0 (Windows Phone 10.0; Android 6.0.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Mobile Safari/537.36 Edge/15.15063"] =
 		[$name="Edge", $version=[$major=15,$minor=15063], $unparsed_version=""],
 	["A/8.0.0/Google/Pixel#XL/marlin/unknown/QCX3/l8100358318783302904/-/1456904160/-/google/662107/662098/-"] =
 		[$name="Android (Google Pixel)", $version=[$major=8,$minor=0,$minor2=0], $unparsed_version=""],
 	["A/8.1.0/Google/Pixel#2/walleye/unknown/QCX3/l10660929675510745862/-/104360422/-/google/3606/3607/-"] =
 		[$name="Android (Google Pixel)", $version=[$major=8,$minor=1,$minor2=0], $unparsed_version=""],
 	["A/9/Google/Pixel#2/walleye/unknown/QCX3/l17463753539612639959/-/2406658516/-/google/724998/724992/-"] =
 		[$name="Android (Google Pixel)", $version=[$major=9], $unparsed_version=""],
 	["A/9/Google/Pixel#2#XL/taimen/unknown/QCX3/l2640039522761750592/-/1061307257/-/google/1199700/1199701/-"] =
 		[$name="Android (Google Pixel)", $version=[$major=9], $unparsed_version=""],
 	["A/9/Google/Pixel#2/walleye/unknown/QCX3/l9335055540778241916/-/1576068601/-/google/63672/63666/00:BOOT.XF.1.2.2.c1-00036-M8998LZB-2+01:TZ.BF.4.0.6-00152+03:RPM.BF.1.7-00128+11:MPSS.AT.2.0.c4.5-00253-8998_GEN_PACK-1.172723.1.178350.2+12:ADSP.HT.3.0-00372-CB8998-1+14:VIDEO.VE.4.4-00033+15:SLPI.HB.2.0.c3-00016-M8998AZL-1"] =
 		[$name="Android (Google Pixel)", $version=[$major=9], $unparsed_version=""],
 };
 event bro_init()