Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 04:28:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/master' into topic/bernhard/hyperloglog

Browse source
This commit is contained in:
Bernhard Amann 2013-05-01 18:04:39 -07:00
commit 5e01c34943
8 changed files with 98 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

19
CHANGES
View file

@ -1,4 +1,23 @@
2.1-397 | 2013-04-29 21:19:00 -0700
* Fixing memory leaks in CompHash implementation. Addresses #987.
(Robin Sommer)
2.1-394 | 2013-04-27 15:02:31 -0700
* Fixed a bug in the vulnerable software script and added a test.
(Seth Hall)
* Fix schedule statements used outside event handlers. Addresses
#974. (Jon Siwek)
* Fix record coercion for default inner record fields. Addresses
#973. (Jon Siwek)
* Add bytestring_to_count function to bro.bif. Addresses #968. (Yun
Zheng Hu)
2.1-386 | 2013-03-22 12:41:50 -0700 2.1-386 | 2013-03-22 12:41:50 -0700
* Added reverse() function to strings.bif. (Yun Zheng Hu) * Added reverse() function to strings.bif. (Yun Zheng Hu)

2
VERSION
View file

@ -1 +1 @@
2.1-386 2.1-397

2
aux/binpac

@ -1 +1 @@
Subproject commit 72d121ade5a37df83d3252646de51cb77ce69a89 Subproject commit a4b8dd0b691c3f614537ad8471fc80a82ce7b2df

2
aux/broctl

@ -1 +1 @@
Subproject commit 2b35d0331366865fbf0119919cc9692d55c4538c Subproject commit 786b83664c6a15faeb153d118310526b7790deae

27
scripts/policy/frameworks/software/vulnerable.bro
View file

@ -43,15 +43,6 @@ export {
global internal_vulnerable_versions: table[string] of set[VulnerableVersionRange] = table(); global internal_vulnerable_versions: table[string] of set[VulnerableVersionRange] = table();
event Control::configuration_update()
{
internal_vulnerable_versions = table();
# Copy the const vulnerable versions into the global modifiable one.
for ( sw in vulnerable_versions )
internal_vulnerable_versions[sw] = vulnerable_versions[sw];
}
function decode_vulnerable_version_range(vuln_sw: string): VulnerableVersionRange function decode_vulnerable_version_range(vuln_sw: string): VulnerableVersionRange
{ {
# Create a max value with a dunce value only because the $max field # Create a max value with a dunce value only because the $max field
@ -115,11 +106,27 @@ event grab_vulnerable_versions(i: count)
} }
} }
event bro_init() function update_vulnerable_sw()
{ {
internal_vulnerable_versions = table();
# Copy the const vulnerable versions into the global modifiable one.
for ( sw in vulnerable_versions )
internal_vulnerable_versions[sw] = vulnerable_versions[sw];
event grab_vulnerable_versions(1); event grab_vulnerable_versions(1);
} }
event bro_init() &priority=3
{
update_vulnerable_sw();
}
event Control::configuration_update() &priority=3
{
update_vulnerable_sw();
}
event log_software(rec: Info) event log_software(rec: Info)
{ {
if ( rec$name !in internal_vulnerable_versions ) if ( rec$name !in internal_vulnerable_versions )

26
src/CompHash.cc
View file

@ -181,16 +181,24 @@ char* CompositeHash::SingleValHash(int type_check, char* kp0,
Val* key = lv->Index(i); Val* key = lv->Index(i);
if ( ! (kp1 = SingleValHash(type_check, kp1, key->Type(), key, if ( ! (kp1 = SingleValHash(type_check, kp1, key->Type(), key,
false)) ) false)) )
{
Unref(lv);
return 0; return 0;
}
if ( ! v->Type()->IsSet() ) if ( ! v->Type()->IsSet() )
{ {
Val* val = tv->Lookup(key); Val* val = tv->Lookup(key);
if ( ! (kp1 = SingleValHash(type_check, kp1, val->Type(), if ( ! (kp1 = SingleValHash(type_check, kp1, val->Type(),
val, false)) ) val, false)) )
{
Unref(lv);
return 0; return 0;
}
} }
} }
Unref(lv);
} }
break; break;
@ -454,16 +462,27 @@ int CompositeHash::SingleTypeKeySize(BroType* bt, const Val* v,
Val* key = lv->Index(i); Val* key = lv->Index(i);
sz = SingleTypeKeySize(key->Type(), key, type_check, sz, false, sz = SingleTypeKeySize(key->Type(), key, type_check, sz, false,
calc_static_size); calc_static_size);
if ( ! sz ) return 0; if ( ! sz )
{
Unref(lv);
return 0;
}
if ( ! bt->IsSet() ) if ( ! bt->IsSet() )
{ {
Val* val = tv->Lookup(key); Val* val = tv->Lookup(key);
sz = SingleTypeKeySize(val->Type(), val, type_check, sz, sz = SingleTypeKeySize(val->Type(), val, type_check, sz,
false, calc_static_size); false, calc_static_size);
if ( ! sz ) return 0; if ( ! sz )
{
Unref(lv);
return 0;
}
} }
} }
Unref(lv);
break; break;
} }
@ -830,7 +849,10 @@ const char* CompositeHash::RecoverOneVal(const HashKey* k, const char* kp0,
} }
for ( int i = 0; i < n; ++i ) for ( int i = 0; i < n; ++i )
{
tv->Assign(keys[i], t->IsSet() ? 0 : values[i]); tv->Assign(keys[i], t->IsSet() ? 0 : values[i]);
Unref(keys[i]);
}
pval = tv; pval = tv;
} }

11
testing/btest/Baseline/scripts.policy.frameworks.software.vulnerable/notice.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path notice
#open 2013-04-25-18-55-26
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto note msg sub src dst p n peer_descr actions suppress_for dropped remote_location.country_code remote_location.region remote_location.city remote_location.latitude remote_location.longitude metric_index.host metric_index.str metric_index.network
#types time string addr port addr port enum enum string string addr addr port count string table[enum] interval bool string string string double double addr string subnet
1366916126.685057 - - - - - - Software::Vulnerable_Version 1.2.3.4 is running Java 1.7.0.15 which is vulnerable. Java 1.7.0.15 1.2.3.4 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - - - - -
1366916126.685057 - - - - - - Software::Vulnerable_Version 1.2.3.5 is running Java 1.6.0.43 which is vulnerable. Java 1.6.0.43 1.2.3.5 - - - bro Notice::ACTION_LOG 3600.000000 F - - - - - - - -
#close 2013-04-25-18-55-26

23
testing/btest/scripts/policy/frameworks/software/vulnerable.bro Normal file
View file

@ -0,0 +1,23 @@
# @TEST-EXEC: bro %INPUT
# @TEST-EXEC: btest-diff notice.log
@load frameworks/software/vulnerable
redef Software::asset_tracking = ALL_HOSTS;
global java_1_6_vuln: Software::VulnerableVersionRange = [$max=[$major=1,$minor=6,$minor2=0,$minor3=43]];
global java_1_7_vuln: Software::VulnerableVersionRange = [$min=[$major=1,$minor=7], $max=[$major=1,$minor=7,$minor2=0,$minor3=20]];
redef Software::vulnerable_versions += {
["Java"] = set(java_1_6_vuln, java_1_7_vuln)
};
event bro_init()
{
Software::found([$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=4.3.2.1, $resp_p=80/tcp],
[$name="Java", $host=1.2.3.4, $version=[$major=1, $minor=7, $minor2=0, $minor3=15]]);
Software::found([$orig_h=1.2.3.5, $orig_p=1234/tcp, $resp_h=4.3.2.1, $resp_p=80/tcp],
[$name="Java", $host=1.2.3.5, $version=[$major=1, $minor=6, $minor2=0, $minor3=43]]);
Software::found([$orig_h=1.2.3.6, $orig_p=1234/tcp, $resp_h=4.3.2.1, $resp_p=80/tcp],
[$name="Java", $host=1.2.3.6, $version=[$major=1, $minor=6, $minor2=0, $minor3=50]]);
}