diff --git a/NEWS b/NEWS index 6e6a299f15..5a97c2e4a3 100644 --- a/NEWS +++ b/NEWS @@ -259,6 +259,24 @@ Changed Functionality fatal error in /usr/local/bro/share/bro/policy/frameworks/software/vulnerable.bro, line 41: BroType::AsRecordType (table/record) (set[record { min:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; max:record { major:count; minor:count; minor2:count; minor3:count; addl:string; }; }]) +- The type of ``Software::vulnerable_versions`` changed to allow + more flexibility and range specifications. An example usage: + + .. code:: bro + + const java_1_6_vuln = Software::VulnerableVersionRange( + $max = Software::Version($major = 1, $minor = 6, $minor2 = 0, $minor3 = 44) + ); + + const java_1_7_vuln = Software::VulnerableVersionRange( + $min = Software::Version($major = 1, $minor = 7), + $max = Software::Version($major = 1, $minor = 7, $minor2 = 0, $minor3 = 20) + ); + + redef Software::vulnerable_versions += { + ["Java"] = set(java_1_6_vuln, java_1_7_vuln) + }; + - The interface to extracting content from application-layer protocols (including HTTP, SMTP, FTP) has changed significantly due to the introduction of the new file analysis framework (see above). diff --git a/src/Val.cc b/src/Val.cc index 450f3c1653..dbd4863c67 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -2720,16 +2720,22 @@ RecordVal* RecordVal::CoerceTo(const RecordType* t, Val* aggr, bool allow_orphan break; } + Val* v = Lookup(i); + + if ( ! v ) + // Check for allowable optional fields is outside the loop, below. + continue; + if ( ar_t->FieldType(t_i)->Tag() == TYPE_RECORD - && ! same_type(ar_t->FieldType(t_i), Lookup(i)->Type()) ) + && ! same_type(ar_t->FieldType(t_i), v->Type()) ) { - Expr* rhs = new ConstExpr(Lookup(i)->Ref()); + Expr* rhs = new ConstExpr(v->Ref()); Expr* e = new RecordCoerceExpr(rhs, ar_t->FieldType(t_i)->AsRecordType()); ar->Assign(t_i, e->Eval(0)); continue; } - ar->Assign(t_i, Lookup(i)->Ref()); + ar->Assign(t_i, v->Ref()); } for ( i = 0; i < ar_t->NumFields(); ++i ) diff --git a/testing/btest/Baseline/language.named-record-ctors/out b/testing/btest/Baseline/language.named-record-ctors/out index 39b2ed7c0b..89a7025012 100644 --- a/testing/btest/Baseline/language.named-record-ctors/out +++ b/testing/btest/Baseline/language.named-record-ctors/out @@ -1,2 +1,9 @@ [min=, max=2] [min=7, max=42] +[aaa=1, bbb=test, ccc=, ddd=default] +{ +[Java] = { +[min=, max=[major=1, minor=6, minor2=0, minor3=44, addl=]], +[min=[major=1, minor=7, minor2=, minor3=, addl=], max=[major=1, minor=7, minor2=0, minor3=20, addl=]] +} +} diff --git a/testing/btest/language/named-record-ctors.bro b/testing/btest/language/named-record-ctors.bro index 7f04b9d4b0..d0a6fc70e5 100644 --- a/testing/btest/language/named-record-ctors.bro +++ b/testing/btest/language/named-record-ctors.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b %INPUT >out +# @TEST-EXEC: bro -b frameworks/software/vulnerable %INPUT >out # @TEST-EXEC: btest-diff out type MyRec: record { @@ -6,7 +6,32 @@ type MyRec: record { max: count; }; +type Bar: record { + aaa: count; + bbb: string &optional; + ccc: string &optional; + ddd: string &default="default"; +}; + +const java_1_6_vuln = Software::VulnerableVersionRange( + $max = Software::Version($major = 1, $minor = 6, $minor2 = 0, $minor3 = 44) +); + +const java_1_7_vuln = Software::VulnerableVersionRange( + $min = Software::Version($major = 1, $minor = 7), + $max = Software::Version($major = 1, $minor = 7, $minor2 = 0, $minor3 = 20) +); + +redef Software::vulnerable_versions += { + ["Java"] = set(java_1_6_vuln, java_1_7_vuln) +}; + local myrec: MyRec = MyRec($max=2); print myrec; myrec = MyRec($min=7, $max=42); print myrec; + +local data = Bar($aaa=1, $bbb="test"); +print data; + +print Software::vulnerable_versions;