Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Deprecate binpac::bytestring_to_val, replace with binpac::to_stringval

Browse source
This commit is contained in:
Jon Siwek 2020-04-20 14:30:49 -07:00
parent 81517bd703
commit 743303950b
18 changed files with 63 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

2
NEWS
View file

@ -113,6 +113,8 @@ Deprecated Functionality
- ``BifEvent::generate_`` functions are deprecated, use ``BifEvent::enqueue_``. - ``BifEvent::generate_`` functions are deprecated, use ``BifEvent::enqueue_``.
- ``binpac::bytestring_to_val()`` is deprecated, use ``binpac::to_stringval()``.
Zeek 3.1.0 Zeek 3.1.0
========== ==========

2
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -752,7 +752,7 @@ refine flow DHCP_Flow += {
{ {
auto r = new RecordVal(BifType::Record::DHCP::SubOpt); auto r = new RecordVal(BifType::Record::DHCP::SubOpt);
r->Assign(0, val_mgr->Count((*ptrsubopt)->code())); r->Assign(0, val_mgr->Count((*ptrsubopt)->code()));
r->Assign(1, bytestring_to_val((*ptrsubopt)->value())); r->Assign(1, to_stringval((*ptrsubopt)->value()));
relay_agent_sub_opt->Assign(i, r); relay_agent_sub_opt->Assign(i, r);
++i; ++i;

12
src/analyzer/protocol/krb/krb-analyzer.pac
View file

@ -49,7 +49,7 @@ RecordVal* proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const BroAnalyzer bro_an
rv->Assign(4, GetStringFromPrincipalName(element->data()->principal())); rv->Assign(4, GetStringFromPrincipalName(element->data()->principal()));
break; break;
case 2: case 2:
rv->Assign(5, bytestring_to_val(element->data()->realm()->encoding()->content())); rv->Assign(5, to_stringval(element->data()->realm()->encoding()->content()));
break; break;
case 3: case 3:
rv->Assign(6, GetStringFromPrincipalName(element->data()->sname())); rv->Assign(6, GetStringFromPrincipalName(element->data()->sname()));
@ -139,19 +139,19 @@ bool proc_error_arguments(RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args
break; break;
// ctime/stime handled above // ctime/stime handled above
case 7: case 7:
rv->Assign(5, bytestring_to_val((*args)[i]->args()->crealm()->encoding()->content())); rv->Assign(5, to_stringval((*args)[i]->args()->crealm()->encoding()->content()));
break; break;
case 8: case 8:
rv->Assign(6, GetStringFromPrincipalName((*args)[i]->args()->cname())); rv->Assign(6, GetStringFromPrincipalName((*args)[i]->args()->cname()));
break; break;
case 9: case 9:
rv->Assign(7, bytestring_to_val((*args)[i]->args()->realm()->encoding()->content())); rv->Assign(7, to_stringval((*args)[i]->args()->realm()->encoding()->content()));
break; break;
case 10: case 10:
rv->Assign(8, GetStringFromPrincipalName((*args)[i]->args()->sname())); rv->Assign(8, GetStringFromPrincipalName((*args)[i]->args()->sname()));
break; break;
case 11: case 11:
rv->Assign(9, bytestring_to_val((*args)[i]->args()->e_text()->encoding()->content())); rv->Assign(9, to_stringval((*args)[i]->args()->e_text()->encoding()->content()));
break; break;
case 12: case 12:
if ( error_code == KDC_ERR_PREAUTH_REQUIRED ) if ( error_code == KDC_ERR_PREAUTH_REQUIRED )
@ -211,7 +211,7 @@ refine connection KRB_Conn += {
if ( ${msg.padata.has_padata} ) if ( ${msg.padata.has_padata} )
rv->Assign(2, proc_padata(${msg.padata.padata.padata}, bro_analyzer(), false)); rv->Assign(2, proc_padata(${msg.padata.padata.padata}, bro_analyzer(), false));
rv->Assign(3, bytestring_to_val(${msg.client_realm.encoding.content})); rv->Assign(3, to_stringval(${msg.client_realm.encoding.content}));
rv->Assign(4, GetStringFromPrincipalName(${msg.client_name})); rv->Assign(4, GetStringFromPrincipalName(${msg.client_name}));
rv->Assign(5, proc_ticket(${msg.ticket})); rv->Assign(5, proc_ticket(${msg.ticket}));
@ -322,7 +322,7 @@ refine connection KRB_Conn += {
switch ( ${msg.safe_body.args[i].seq_meta.index} ) switch ( ${msg.safe_body.args[i].seq_meta.index} )
{ {
case 0: case 0:
rv->Assign(3, bytestring_to_val(${msg.safe_body.args[i].args.user_data.encoding.content})); rv->Assign(3, to_stringval(${msg.safe_body.args[i].args.user_data.encoding.content}));
break; break;
case 3: case 3:
rv->Assign(5, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, TYPE_COUNT)); rv->Assign(5, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, TYPE_COUNT));

17
src/analyzer/protocol/krb/krb-asn1.pac
View file

@ -2,21 +2,20 @@
%include ../asn1/asn1.pac %include ../asn1/asn1.pac
%header{ %header{
Val* GetTimeFromAsn1(const KRB_Time* atime, int64 usecs); IntrusivePtr<Val> GetTimeFromAsn1(const KRB_Time* atime, int64 usecs);
Val* GetTimeFromAsn1(StringVal* atime, int64 usecs); IntrusivePtr<Val> GetTimeFromAsn1(StringVal* atime, int64 usecs);
%} %}
%code{ %code{
Val* GetTimeFromAsn1(const KRB_Time* atime, int64 usecs) IntrusivePtr<Val> GetTimeFromAsn1(const KRB_Time* atime, int64 usecs)
{ {
StringVal* atime_bytestring = bytestring_to_val(atime->time()); auto atime_bytestring = to_stringval(atime->time());
Val* result = GetTimeFromAsn1(atime_bytestring, usecs); auto result = GetTimeFromAsn1(atime_bytestring.get(), usecs);
Unref(atime_bytestring);
return result; return result;
} }
Val* GetTimeFromAsn1(StringVal* atime, int64 usecs) IntrusivePtr<Val> GetTimeFromAsn1(StringVal* atime, int64 usecs)
{ {
time_t lResult = 0; time_t lResult = 0;
@ -27,7 +26,7 @@ Val* GetTimeFromAsn1(StringVal* atime, int64 usecs)
char * pString = (char *) atime->Bytes(); char * pString = (char *) atime->Bytes();
if ( lTimeLength != 15 && lTimeLength != 17 ) if ( lTimeLength != 15 && lTimeLength != 17 )
return 0; return nullptr;
if (lTimeLength == 17 ) if (lTimeLength == 17 )
pString = pString + 2; pString = pString + 2;
@ -52,7 +51,7 @@ Val* GetTimeFromAsn1(StringVal* atime, int64 usecs)
if ( !lResult ) if ( !lResult )
lResult = 0; lResult = 0;
return new Val(double(lResult + double(usecs/100000.0)), TYPE_TIME); return make_intrusive<Val>(double(lResult + double(usecs/100000.0)), TYPE_TIME);
} }
%} %}

8
src/analyzer/protocol/krb/krb-padata.pac
View file

@ -38,7 +38,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
{ {
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pa_pw_salt()->encoding()->content())); type_val->Assign(1, to_stringval(element->pa_data_element()->pa_pw_salt()->encoding()->content()));
vv->Assign(vv->Size(), type_val); vv->Assign(vv->Size(), type_val);
break; break;
} }
@ -46,7 +46,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
{ {
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pf_enctype_info()->salt())); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info()->salt()));
vv->Assign(vv->Size(), type_val); vv->Assign(vv->Size(), type_val);
break; break;
} }
@ -54,7 +54,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
{ {
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->pf_enctype_info2()->salt())); type_val->Assign(1, to_stringval(element->pa_data_element()->pf_enctype_info2()->salt()));
vv->Assign(vv->Size(), type_val); vv->Assign(vv->Size(), type_val);
break; break;
} }
@ -112,7 +112,7 @@ VectorVal* proc_padata(const KRB_PA_Data_Sequence* data, const BroAnalyzer bro_a
{ {
RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value); RecordVal * type_val = new RecordVal(BifType::Record::KRB::Type_Value);
type_val->Assign(0, val_mgr->Count(element->data_type())); type_val->Assign(0, val_mgr->Count(element->data_type()));
type_val->Assign(1, bytestring_to_val(element->pa_data_element()->unknown()->content())); type_val->Assign(1, to_stringval(element->pa_data_element()->unknown()->content()));
vv->Assign(vv->Size(), type_val); vv->Assign(vv->Size(), type_val);
} }
break; break;

20
src/analyzer/protocol/krb/krb-types.pac
View file

@ -1,7 +1,7 @@
# Fundamental KRB types # Fundamental KRB types
%header{ %header{
Val* GetStringFromPrincipalName(const KRB_Principal_Name* pname); IntrusivePtr<Val> GetStringFromPrincipalName(const KRB_Principal_Name* pname);
VectorVal* proc_cipher_list(const Array* list); VectorVal* proc_cipher_list(const Array* list);
@ -13,16 +13,16 @@ IntrusivePtr<RecordVal> proc_ticket(const KRB_Ticket* ticket);
%} %}
%code{ %code{
Val* GetStringFromPrincipalName(const KRB_Principal_Name* pname) IntrusivePtr<Val> GetStringFromPrincipalName(const KRB_Principal_Name* pname)
{ {
if ( pname->data()->size() == 1 ) if ( pname->data()->size() == 1 )
return bytestring_to_val(pname->data()[0][0]->encoding()->content()); return to_stringval(pname->data()[0][0]->encoding()->content());
if ( pname->data()->size() == 2 ) if ( pname->data()->size() == 2 )
return new StringVal(fmt("%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin())); return make_intrusive<StringVal>(fmt("%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin()));
if ( pname->data()->size() == 3 ) // if the name-string has a third value, this will just append it, else this will return unknown as the principal name if ( pname->data()->size() == 3 ) // if the name-string has a third value, this will just append it, else this will return unknown as the principal name
return new StringVal(fmt("%s/%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin(), (char *)pname->data()[0][2]->encoding()->content().begin())); return make_intrusive<StringVal>(fmt("%s/%s/%s", (char *) pname->data()[0][0]->encoding()->content().begin(), (char *)pname->data()[0][1]->encoding()->content().begin(), (char *)pname->data()[0][2]->encoding()->content().begin()));
return new StringVal("unknown"); return make_intrusive<StringVal>("unknown");
} }
VectorVal* proc_cipher_list(const Array* list) VectorVal* proc_cipher_list(const Array* list)
@ -78,7 +78,7 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
} }
case 20: case 20:
{ {
rv->Assign(1, bytestring_to_val(addr_bytes)); rv->Assign(1, to_stringval(addr_bytes));
return rv; return rv;
} }
default: default:
@ -87,7 +87,7 @@ RecordVal* proc_host_address(const BroAnalyzer a, const KRB_Host_Address* addr)
RecordVal* unk = new RecordVal(BifType::Record::KRB::Type_Value); RecordVal* unk = new RecordVal(BifType::Record::KRB::Type_Value);
unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT)); unk->Assign(0, asn1_integer_to_val(addr->addr_type(), TYPE_COUNT));
unk->Assign(1, bytestring_to_val(addr_bytes)); unk->Assign(1, to_stringval(addr_bytes));
rv->Assign(2, unk); rv->Assign(2, unk);
return rv; return rv;
} }
@ -110,10 +110,10 @@ IntrusivePtr<RecordVal> proc_ticket(const KRB_Ticket* ticket)
auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::Ticket); auto rv = make_intrusive<RecordVal>(BifType::Record::KRB::Ticket);
rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT)); rv->Assign(0, asn1_integer_to_val(ticket->tkt_vno()->data(), TYPE_COUNT));
rv->Assign(1, bytestring_to_val(ticket->realm()->data()->content())); rv->Assign(1, to_stringval(ticket->realm()->data()->content()));
rv->Assign(2, GetStringFromPrincipalName(ticket->sname())); rv->Assign(2, GetStringFromPrincipalName(ticket->sname()));
rv->Assign(3, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), TYPE_COUNT)); rv->Assign(3, asn1_integer_to_val(ticket->enc_part()->data()->etype()->data(), TYPE_COUNT));
rv->Assign(4, bytestring_to_val(ticket->enc_part()->data()->ciphertext()->encoding()->content())); rv->Assign(4, to_stringval(ticket->enc_part()->data()->ciphertext()->encoding()->content()));
return rv; return rv;
} }

2
src/analyzer/protocol/ntlm/ntlm-analyzer.pac
View file

@ -171,7 +171,7 @@ refine connection NTLM_Conn += {
result->Assign(3, utf16_bytestring_to_utf8_val(bro_analyzer()->Conn(), ${val.workstation.string.data})); result->Assign(3, utf16_bytestring_to_utf8_val(bro_analyzer()->Conn(), ${val.workstation.string.data}));
if ( ${val}->has_encrypted_session_key() > 0 ) if ( ${val}->has_encrypted_session_key() > 0 )
result->Assign(4, bytestring_to_val(${val.encrypted_session_key.string.data})); result->Assign(4, to_stringval(${val.encrypted_session_key.string.data}));
if ( ${val}->has_version() ) if ( ${val}->has_version() )
result->Assign(5, build_version_record(${val.version})); result->Assign(5, build_version_record(${val.version}));

14
src/analyzer/protocol/ntp/ntp-analyzer.pac
View file

@ -46,11 +46,11 @@ refine flow NTP_Flow += {
switch ( ${nsm.stratum} ) { switch ( ${nsm.stratum} ) {
case 0: case 0:
// unknown stratum => kiss code // unknown stratum => kiss code
rv->Assign(5, bytestring_to_val(${nsm.reference_id})); rv->Assign(5, to_stringval(${nsm.reference_id}));
break; break;
case 1: case 1:
// reference clock => ref clock string // reference clock => ref clock string
rv->Assign(6, bytestring_to_val(${nsm.reference_id})); rv->Assign(6, to_stringval(${nsm.reference_id}));
break; break;
default: default:
{ {
@ -68,12 +68,12 @@ refine flow NTP_Flow += {
if ( ${nsm.mac_len} == 20 ) if ( ${nsm.mac_len} == 20 )
{ {
rv->Assign(12, val_mgr->Count(${nsm.mac.key_id})); rv->Assign(12, val_mgr->Count(${nsm.mac.key_id}));
rv->Assign(13, bytestring_to_val(${nsm.mac.digest})); rv->Assign(13, to_stringval(${nsm.mac.digest}));
} }
else if ( ${nsm.mac_len} == 24 ) else if ( ${nsm.mac_len} == 24 )
{ {
rv->Assign(12, val_mgr->Count(${nsm.mac_ext.key_id})); rv->Assign(12, val_mgr->Count(${nsm.mac_ext.key_id}));
rv->Assign(13, bytestring_to_val(${nsm.mac_ext.digest})); rv->Assign(13, to_stringval(${nsm.mac_ext.digest}));
} }
if ( ${nsm.has_exts} ) if ( ${nsm.has_exts} )
@ -99,12 +99,12 @@ refine flow NTP_Flow += {
rv->Assign(6, val_mgr->Count(${ncm.association_id})); rv->Assign(6, val_mgr->Count(${ncm.association_id}));
if ( ${ncm.c} > 0 ) if ( ${ncm.c} > 0 )
rv->Assign(7, bytestring_to_val(${ncm.data})); rv->Assign(7, to_stringval(${ncm.data}));
if ( ${ncm.has_control_mac} ) if ( ${ncm.has_control_mac} )
{ {
rv->Assign(8, val_mgr->Count(${ncm.mac.key_id})); rv->Assign(8, val_mgr->Count(${ncm.mac.key_id}));
rv->Assign(9, bytestring_to_val(${ncm.mac.crypto_checksum})); rv->Assign(9, to_stringval(${ncm.mac.crypto_checksum}));
} }
return rv; return rv;
@ -122,7 +122,7 @@ refine flow NTP_Flow += {
rv->Assign(4, val_mgr->Count(${m7.error_code})); rv->Assign(4, val_mgr->Count(${m7.error_code}));
if ( ${m7.data_len} > 0 ) if ( ${m7.data_len} > 0 )
rv->Assign(5, bytestring_to_val(${m7.data})); rv->Assign(5, to_stringval(${m7.data}));
return rv; return rv;
%} %}

8
src/analyzer/protocol/radius/radius-analyzer.pac
View file

@ -10,7 +10,7 @@ refine flow RADIUS_Flow += {
auto result = make_intrusive<RecordVal>(BifType::Record::RADIUS::Message); auto result = make_intrusive<RecordVal>(BifType::Record::RADIUS::Message);
result->Assign(0, val_mgr->Count(${msg.code})); result->Assign(0, val_mgr->Count(${msg.code}));
result->Assign(1, val_mgr->Count(${msg.trans_id})); result->Assign(1, val_mgr->Count(${msg.trans_id}));
result->Assign(2, bytestring_to_val(${msg.authenticator})); result->Assign(2, to_stringval(${msg.authenticator}));
if ( ${msg.attributes}->size() ) if ( ${msg.attributes}->size() )
{ {
@ -22,18 +22,18 @@ refine flow RADIUS_Flow += {
// Do we already have a vector of attributes for this type? // Do we already have a vector of attributes for this type?
auto current = attributes->Lookup(index.get()); auto current = attributes->Lookup(index.get());
Val* val = bytestring_to_val(${msg.attributes[i].value}); IntrusivePtr<Val> val = to_stringval(${msg.attributes[i].value});
if ( current ) if ( current )
{ {
VectorVal* vcurrent = current->AsVectorVal(); VectorVal* vcurrent = current->AsVectorVal();
vcurrent->Assign(vcurrent->Size(), val); vcurrent->Assign(vcurrent->Size(), std::move(val));
} }
else else
{ {
VectorVal* attribute_list = new VectorVal(BifType::Vector::RADIUS::AttributeList); VectorVal* attribute_list = new VectorVal(BifType::Vector::RADIUS::AttributeList);
attribute_list->Assign((unsigned int)0, val); attribute_list->Assign((unsigned int)0, std::move(val));
attributes->Assign(index.get(), attribute_list); attributes->Assign(index.get(), attribute_list);
} }
} }

2
src/analyzer/protocol/sip/sip-analyzer.pac
View file

@ -116,7 +116,7 @@ refine flow SIP_Flow += {
} }
header_record->Assign(0, name_val); header_record->Assign(0, name_val);
header_record->Assign(1, bytestring_to_val(value)); header_record->Assign(1, to_stringval(value));
return header_record; return header_record;
%} %}

6
src/analyzer/protocol/smb/smb1-com-negotiate.pac
View file

@ -73,7 +73,7 @@ refine connection SMB_Conn += {
lanman->Assign(6, raw); lanman->Assign(6, raw);
lanman->Assign(7, val_mgr->Count(${val.lanman.session_key})); lanman->Assign(7, val_mgr->Count(${val.lanman.session_key}));
lanman->Assign(8, time_from_lanman(${val.lanman.server_time}, ${val.lanman.server_date}, ${val.lanman.server_tz})); lanman->Assign(8, time_from_lanman(${val.lanman.server_time}, ${val.lanman.server_date}, ${val.lanman.server_tz}));
lanman->Assign(9, bytestring_to_val(${val.lanman.encryption_key})); lanman->Assign(9, to_stringval(${val.lanman.encryption_key}));
lanman->Assign(10, smb_string2stringval(${val.lanman.primary_domain})); lanman->Assign(10, smb_string2stringval(${val.lanman.primary_domain}));
@ -125,12 +125,12 @@ refine connection SMB_Conn += {
if ( ${val.ntlm.capabilities_extended_security} == false ) if ( ${val.ntlm.capabilities_extended_security} == false )
{ {
ntlm->Assign(10, bytestring_to_val(${val.ntlm.encryption_key})); ntlm->Assign(10, to_stringval(${val.ntlm.encryption_key}));
ntlm->Assign(11, smb_string2stringval(${val.ntlm.domain_name})); ntlm->Assign(11, smb_string2stringval(${val.ntlm.domain_name}));
} }
else else
{ {
ntlm->Assign(12, bytestring_to_val(${val.ntlm.server_guid})); ntlm->Assign(12, to_stringval(${val.ntlm.server_guid}));
} }
response->Assign(2, ntlm); response->Assign(2, ntlm);

8
src/analyzer/protocol/smb/smb1-com-session-setup-andx.pac
View file

@ -26,7 +26,7 @@ refine connection SMB_Conn += {
request->Assign(5, smb_string2stringval(${val.lanman.native_os})); request->Assign(5, smb_string2stringval(${val.lanman.native_os}));
request->Assign(6, smb_string2stringval(${val.lanman.native_lanman})); request->Assign(6, smb_string2stringval(${val.lanman.native_lanman}));
request->Assign(7, smb_string2stringval(${val.lanman.account_name})); request->Assign(7, smb_string2stringval(${val.lanman.account_name}));
request->Assign(8, bytestring_to_val(${val.lanman.account_password})); request->Assign(8, to_stringval(${val.lanman.account_password}));
request->Assign(9, smb_string2stringval(${val.lanman.primary_domain})); request->Assign(9, smb_string2stringval(${val.lanman.primary_domain}));
break; break;
@ -69,8 +69,8 @@ refine connection SMB_Conn += {
request->Assign(7, smb_string2stringval(${val.ntlm_nonextended_security.account_name})); request->Assign(7, smb_string2stringval(${val.ntlm_nonextended_security.account_name}));
request->Assign(9, smb_string2stringval(${val.ntlm_nonextended_security.primary_domain})); request->Assign(9, smb_string2stringval(${val.ntlm_nonextended_security.primary_domain}));
request->Assign(10, bytestring_to_val(${val.ntlm_nonextended_security.case_insensitive_password})); request->Assign(10, to_stringval(${val.ntlm_nonextended_security.case_insensitive_password}));
request->Assign(11, bytestring_to_val(${val.ntlm_nonextended_security.case_sensitive_password})); request->Assign(11, to_stringval(${val.ntlm_nonextended_security.case_sensitive_password}));
request->Assign(13, capabilities); request->Assign(13, capabilities);
break; break;
} }
@ -103,7 +103,7 @@ refine connection SMB_Conn += {
response->Assign(2, smb_string2stringval(${val.ntlm.native_os})); response->Assign(2, smb_string2stringval(${val.ntlm.native_os}));
response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman})); response->Assign(3, smb_string2stringval(${val.ntlm.native_lanman}));
//response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain})); //response->Assign(4, smb_string2stringval(${val.ntlm.primary_domain}));
//response->Assign(5, bytestring_to_val(${val.ntlm.security_blob})); //response->Assign(5, to_stringval(${val.ntlm.security_blob}));
break; break;
default: // Error! default: // Error!
break; break;

6
src/analyzer/protocol/smb/smb1-com-transaction.pac
View file

@ -9,11 +9,11 @@ enum Trans_subcommands {
{ {
switch ( payload->trans_type() ) { switch ( payload->trans_type() ) {
case SMB_PIPE: case SMB_PIPE:
return {AdoptRef{}, bytestring_to_val(payload->pipe_data())}; return to_stringval(payload->pipe_data());
case SMB_UNKNOWN: case SMB_UNKNOWN:
return {AdoptRef{}, bytestring_to_val(payload->unknown())}; return to_stringval(payload->unknown());
default: default:
return {AdoptRef{}, bytestring_to_val(payload->data())}; return to_stringval(payload->data());
} }
assert(false); assert(false);

4
src/analyzer/protocol/smb/smb2-com-transform-header.pac
View file

@ -4,8 +4,8 @@ refine connection SMB_Conn += {
%{ %{
RecordVal* r = new RecordVal(BifType::Record::SMB2::Transform_header); RecordVal* r = new RecordVal(BifType::Record::SMB2::Transform_header);
r->Assign(0, bytestring_to_val(${hdr.signature})); r->Assign(0, to_stringval(${hdr.signature}));
r->Assign(1, bytestring_to_val(${hdr.nonce})); r->Assign(1, to_stringval(${hdr.nonce}));
r->Assign(2, val_mgr->Count(${hdr.orig_msg_size})); r->Assign(2, val_mgr->Count(${hdr.orig_msg_size}));
r->Assign(3, val_mgr->Count(${hdr.flags})); r->Assign(3, val_mgr->Count(${hdr.flags}));
r->Assign(4, val_mgr->Count(${hdr.session_id})); r->Assign(4, val_mgr->Count(${hdr.session_id}));

6
src/analyzer/protocol/smb/smb2-protocol.pac
View file

@ -120,7 +120,7 @@ refine connection SMB_Conn += {
ha->Assign(i, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg[i]})); ha->Assign(i, val_mgr->Count(${ncv.preauth_integrity_capabilities.hash_alg[i]}));
rpreauth->Assign(2, ha); rpreauth->Assign(2, ha);
rpreauth->Assign(3, bytestring_to_val(${ncv.preauth_integrity_capabilities.salt})); rpreauth->Assign(3, to_stringval(${ncv.preauth_integrity_capabilities.salt}));
r->Assign(2, rpreauth); r->Assign(2, rpreauth);
} }
break; break;
@ -157,7 +157,7 @@ refine connection SMB_Conn += {
case SMB2_NETNAME_NEGOTIATE_CONTEXT_ID: case SMB2_NETNAME_NEGOTIATE_CONTEXT_ID:
{ {
r->Assign(5, bytestring_to_val(${ncv.netname_negotiate_context_id.net_name})); r->Assign(5, to_stringval(${ncv.netname_negotiate_context_id.net_name}));
} }
break; break;
@ -181,7 +181,7 @@ refine connection SMB_Conn += {
r->Assign(6, val_mgr->Count(${hdr.process_id})); r->Assign(6, val_mgr->Count(${hdr.process_id}));
r->Assign(7, val_mgr->Count(${hdr.tree_id})); r->Assign(7, val_mgr->Count(${hdr.tree_id}));
r->Assign(8, val_mgr->Count(${hdr.session_id})); r->Assign(8, val_mgr->Count(${hdr.session_id}));
r->Assign(9, bytestring_to_val(${hdr.signature})); r->Assign(9, to_stringval(${hdr.signature}));
return r; return r;
%} %}

4
src/binpac_bro-lib.pac
View file

@ -21,7 +21,7 @@ function utf16_bytestring_to_utf8_val(conn: Connection, utf16: bytestring): Stri
{ {
reporter->Info("utf16 too long in utf16_bytestring_to_utf8_val"); reporter->Info("utf16 too long in utf16_bytestring_to_utf8_val");
// If the conversion didn't go well, return the original data. // If the conversion didn't go well, return the original data.
return bytestring_to_val(utf16); return to_stringval(utf16).release();
} }
resultstring.resize(utf8size, '\0'); resultstring.resize(utf8size, '\0');
@ -49,7 +49,7 @@ function utf16_bytestring_to_utf8_val(conn: Connection, utf16: bytestring): Stri
{ {
reporter->Weird(conn, "utf16_conversion_failed", "utf16 conversion failed in utf16_bytestring_to_utf8_val"); reporter->Weird(conn, "utf16_conversion_failed", "utf16 conversion failed in utf16_bytestring_to_utf8_val");
// If the conversion didn't go well, return the original data. // If the conversion didn't go well, return the original data.
return bytestring_to_val(utf16); return to_stringval(utf16).release();
} }
*targetstart = 0; *targetstart = 0;

1
src/binpac_bro.h
View file

@ -28,6 +28,7 @@ inline StringVal* string_to_val(string const &str)
return new StringVal(str.c_str()); return new StringVal(str.c_str());
} }
[[deprecated("Remove in v4.1. Use binpac::to_stringval() instead.")]]
inline StringVal* bytestring_to_val(const_bytestring const &str) inline StringVal* bytestring_to_val(const_bytestring const &str)
{ {
return new StringVal(str.length(), (const char*) str.begin()); return new StringVal(str.length(), (const char*) str.begin());

2
src/file_analysis/analyzer/unified2/unified2-analyzer.pac
View file

@ -129,7 +129,7 @@ refine flow Flow += {
packet->Assign(2, val_mgr->Count(${pkt.event_second})); packet->Assign(2, val_mgr->Count(${pkt.event_second}));
packet->Assign(3, make_intrusive<Val>(ts_to_double(${pkt.packet_ts}), TYPE_TIME)); packet->Assign(3, make_intrusive<Val>(ts_to_double(${pkt.packet_ts}), TYPE_TIME));
packet->Assign(4, val_mgr->Count(${pkt.link_type})); packet->Assign(4, val_mgr->Count(${pkt.link_type}));
packet->Assign(5, bytestring_to_val(${pkt.packet_data})); packet->Assign(5, to_stringval(${pkt.packet_data}));
mgr.Enqueue(::unified2_packet, mgr.Enqueue(::unified2_packet,
IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()}, IntrusivePtr{NewRef{}, connection()->bro_analyzer()->GetFile()->GetVal()},