Merge remote-tracking branch 'origin/topic/awelzel/4562-post-proc-lookup-failure'

* origin/topic/awelzel/4562-post-proc-lookup-failure:
  btest/logging: Fly-by cleanup
  logging/Ascii: Fix abort() for non-existing postrotation functions

(cherry picked from commit f4357485d2)

CHANGES

@@ -1,3 +1,24 @@
+7.0.8-4 | 2025-07-14 14:12:46 -0700
+
+  * btest/logging: Fly-by cleanup (Arne Welzel, Corelight)
+
+    (cherry picked from commit f4357485d2006813fba768aa83e9e1bf8e8bb236)
+
+  * GH-4562: logging/Ascii: Fix abort() for non-existing postrotation functions (Arne Welzel, Corelight)
+
+    When looking up the postprocessor function from shadow files, id::find_func()
+    would abort() if the function wasn't available instead of falling back
+    to the default postprocessor.
+
+    Fix by using id::find() and checking the type explicitly and also adding a
+    strict type check while at it.
+
+    This issue was tickled by loading the json-streaming-logs package,
+    Zeek creating shadow files containing its custom postprocessor function,
+    then restarting Zeek without the package loaded.
+
+    (cherry picked from commit f4357485d2006813fba768aa83e9e1bf8e8bb236)
+
 7.0.8-3 | 2025-07-14 14:11:30 -0700
 
   * docker: Add `net-tools` and `procps` dependencies (Edoardo Mich)

VERSION

@@ -1 +1 @@
-7.0.8-3
+7.0.8-4

src/logging/writers/ascii/Ascii.cc

@@ -744,10 +744,9 @@ void Ascii::RotateLeftoverLogs() {
         auto ppf = default_ppf;
 
         if ( ! ll.post_proc_func.empty() ) {
-            auto func = id::find_func(ll.post_proc_func.data());
-
-            if ( func )
-                ppf = std::move(func);
+            const auto& id = id::find(ll.post_proc_func.data());
+            if ( id && id->GetVal() && same_type(id->GetVal()->GetType(), default_ppf->GetType()) )
+                ppf = id->GetVal()->AsFuncVal()->AsFuncPtr();
             else
                 reporter->Warning(
                     "Could not postprocess log '%s' with intended "

testing/btest/Baseline/scripts.base.frameworks.logging.rotate-leftover-log-rotation-shadow-files-postprocessor-errors/.stderr

@@ -0,0 +1,6 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+### NOTE: This file has been sorted with diff-sort.
+Rotated/postprocessed leftover log '<...>/conn.log' -> 'conn.no-date.log' 
+Rotated/postprocessed leftover log '<...>/dns.log' -> 'dns.no-date.log' 
+warning: Could not postprocess log '<...>/conn.log' with intended postprocessor function 'non_existing_rotation_postprocessor', proceeding  with the default function
+warning: Could not postprocess log '<...>/dns.log' with intended postprocessor function 'wrongly_typed_rotation_postprocessor', proceeding  with the default function

testing/btest/Baseline/scripts.base.frameworks.logging.rotate-leftover-log-rotation-shadow-files-postprocessor-errors/logs.cat

@@ -0,0 +1,3 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+leftover conn log
+leftover dns log

testing/btest/scripts/base/frameworks/logging/rotate-leftover-log-rotation-shadow-files-postprocessor-errors.zeek

@@ -0,0 +1,32 @@
+# @TEST-DOC: Put a non-existing postprocessor function into a shadow file, ensure the default gets picked up. Regression test for #4562
+#
+# @TEST-EXEC: echo ".log" >> .shadow.conn.log
+# @TEST-EXEC: echo "non_existing_rotation_postprocessor" >> .shadow.conn.log
+# @TEST-EXEC: echo "leftover conn log" > conn.log
+#
+# @TEST-EXEC: echo ".log" >> .shadow.dns.log
+# @TEST-EXEC: echo "wrongly_typed_rotation_postprocessor" >> .shadow.dns.log
+# @TEST-EXEC: echo "leftover dns log" > dns.log
+#
+# @TEST-EXEC: zeek -b %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff .stderr
+#
+# Ensure leftover files were removed.
+# @TEST-EXEC: ! test -f .shadow.conn.log
+# @TEST-EXEC: ! test -f conn.log
+# @TEST-EXEC: ! test -f .shadow.dns.log
+# @TEST-EXEC: ! test -f dns.log
+#
+# Ensure the rotated conn log ends-up in the current working directory.
+# @TEST-EXEC: cat ./conn.*.log ./dns.*.log > logs.cat
+# @TEST-EXEC: btest-diff logs.cat
+
+function wrongly_typed_rotation_postprocessor(): bool
+	{
+	exit(1);
+	return T;
+	}
+
+redef LogAscii::enable_leftover_log_rotation = T;
+redef Log::default_rotation_interval = 1hr;
+redef Log::default_rotation_date_format = "no-date";

testing/btest/scripts/base/frameworks/logging/rotate-leftover-log-rotation-shadow-files.zeek

@@ -22,20 +22,6 @@
 # @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
 # @TEST-EXEC: btest-diff logs.cat
 
-module Test;
-
-export {
-	# Create a new ID for our log stream
-	redef enum Log::ID += { LOG };
-
-	# Define a record with all the columns the log file can have.
-	# (I'm using a subset of fields from ssh-ext for demonstration.)
-	type Log: record {
-		t: time;
-		id: conn_id; # Will be rolled out into individual columns.
-	} &log;
-}
-
 module GLOBAL;
 
 function my_rotation_postprocessor(info: Log::RotationInfo) : bool