Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/timw/2338-signature-eval-unused'

Browse source 
* origin/topic/timw/2338-signature-eval-unused:
  Add is_used attribute to an ID if used in a signature eval statement
This commit is contained in:
Tim Wojtulewicz 2022-09-06 07:44:18 -07:00
commit 7cc876d84a
6 changed files with 42 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
5.1.0-dev.489 | 2022-09-06 07:44:18 -0700
* Add is_used attribute to an ID if used in a signature eval statement (Tim Wojtulewicz, Corelight)
5.1.0-dev.486 | 2022-09-02 13:57:31 -0700 5.1.0-dev.486 | 2022-09-02 13:57:31 -0700
* Update Management framework to new Supervisor::NodeConfig script fields (Christian Kreibich, Corelight) * Update Management framework to new Supervisor::NodeConfig script fields (Christian Kreibich, Corelight)

2
VERSION
View file

@ -1 +1 @@
5.1.0-dev.486 5.1.0-dev.489

4
src/RuleCondition.cc
View file

@ -180,6 +180,10 @@ RuleConditionEval::RuleConditionEval(const char* func)
rules_error("eval function parameters must be a 'signature_state' " rules_error("eval function parameters must be a 'signature_state' "
"and a 'string' type", "and a 'string' type",
func); func);
std::vector<AttrPtr> attrv{make_intrusive<Attr>(ATTR_IS_USED, nullptr)};
id->AddAttrs(
make_intrusive<Attributes>(std::move(attrv), id->GetType(), false, id->IsGlobal()));
} }
} }

1
testing/btest/Baseline/signatures.signature-cond-used/.stderr Normal file
View file

@ -0,0 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

3
testing/btest/Baseline/signatures.signature-cond-used/.stdout Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
signature_cond, GET /download/CHANGES.bro-aux.txt HTTP/1.1\x0d\x0aUser-Agent: Wget/1.14 (darwin12.2.0)\x0d\x0aAccept: */*\x0d\x0aHost: bro.org\x0d\x0aConnection: Keep-Alive\x0d\x0a\x0d\x0a
signature_match, GET, GET /download/CHANGES.bro-aux.txt HTTP/1.1\x0d\x0aUser-Agent: Wget/1.14 (darwin12.2.0)\x0d\x0aAccept: */*\x0d\x0aHost: bro.org\x0d\x0aConnection: Keep-Alive\x0d\x0a\x0d\x0a

29
testing/btest/signatures/signature-cond-used.zeek Normal file
View file

@ -0,0 +1,29 @@
# @TEST-DOC: The function signature_cond used for eval in test.sig should not be reported as unused
# @TEST-EXEC: zeek -b %INPUT -r $TRACES/http/get.trace
# @TEST-EXEC: btest-diff .stderr
# @TEST-EXEC: btest-diff .stdout
module SignatureEvalTest;
@load-sigs ./test.sig
event signature_match(state: signature_state, msg: string, data: string)
{
print "signature_match", msg, data;
}
function signature_cond(state: signature_state, data: string): bool
{
print "signature_cond", data;
return T;
}
@TEST-START-FILE test.sig
signature my-first-sig {
ip-proto == tcp
dst-port == 80
payload /GET/
event "GET"
eval SignatureEvalTest::signature_cond
}
@TEST-END-FILE