mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
Merge remote-tracking branch 'origin/topic/awelzel/blank-identifer'
* origin/topic/awelzel/blank-identifer: scripts: Migrate table iteration to blank identifiers Introduce special treatment for the blank identifier _
This commit is contained in:
Robin Sommer
commit
9f3a234f40
40 changed files with 391 additions and 68 deletions
|
|
@ -246,7 +246,7 @@ event Cluster::node_down(name: string, id: string) &priority=10
|
|||
|
||||
function site_id_in_pool(pool: Pool, site_id: count): bool
|
||||
{
|
||||
for ( i, pn in pool$nodes )
|
||||
for ( _, pn in pool$nodes )
|
||||
{
|
||||
if ( pn$site_id == site_id )
|
||||
return T;
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ hook extend_match(info: Info, s: Seen, items: set[Item]) &priority=6
|
|||
|
||||
if ( s$f?$conns && |s$f$conns| == 1 )
|
||||
{
|
||||
for ( cid, c in s$f$conns )
|
||||
for ( _, c in s$f$conns )
|
||||
s$conn = c;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -246,7 +246,7 @@ function expire_host_data(data: table[addr] of MetaDataTable, idx: addr): interv
|
|||
{
|
||||
local meta_tbl: MetaDataTable = data[idx];
|
||||
local metas: set[MetaData];
|
||||
for ( src, md in meta_tbl )
|
||||
for ( _, md in meta_tbl )
|
||||
add metas[md];
|
||||
|
||||
return expire_item(cat(idx), ADDR, metas);
|
||||
|
|
@ -256,7 +256,7 @@ function expire_subnet_data(data: table[subnet] of MetaDataTable, idx: subnet):
|
|||
{
|
||||
local meta_tbl: MetaDataTable = data[idx];
|
||||
local metas: set[MetaData];
|
||||
for ( src, md in meta_tbl )
|
||||
for ( _, md in meta_tbl )
|
||||
add metas[md];
|
||||
|
||||
return expire_item(cat(idx), SUBNET, metas);
|
||||
|
|
@ -270,7 +270,7 @@ function expire_string_data(data: table[string, Type] of MetaDataTable, idx: any
|
|||
|
||||
local meta_tbl: MetaDataTable = data[indicator, indicator_type];
|
||||
local metas: set[MetaData];
|
||||
for ( src, md in meta_tbl )
|
||||
for ( _, md in meta_tbl )
|
||||
add metas[md];
|
||||
|
||||
return expire_item(indicator, indicator_type, metas);
|
||||
|
|
@ -317,7 +317,7 @@ function get_items(s: Seen): set[Item]
|
|||
if ( s$host in data_store$host_data )
|
||||
{
|
||||
mt = data_store$host_data[s$host];
|
||||
for ( m, md in mt )
|
||||
for ( _, md in mt )
|
||||
{
|
||||
add return_data[Item($indicator=cat(s$host), $indicator_type=ADDR, $meta=md)];
|
||||
}
|
||||
|
|
@ -327,7 +327,7 @@ function get_items(s: Seen): set[Item]
|
|||
nets = filter_subnet_table(addr_to_subnet(s$host), data_store$subnet_data);
|
||||
for ( n, mt in nets )
|
||||
{
|
||||
for ( m, md in mt )
|
||||
for ( _, md in mt )
|
||||
{
|
||||
add return_data[Item($indicator=cat(n), $indicator_type=SUBNET, $meta=md)];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -240,7 +240,7 @@ function build(): string
|
|||
if ( |capture_filters| == 0 && ! enable_auto_protocol_capture_filters )
|
||||
cfilter = default_capture_filter;
|
||||
|
||||
for ( id, cf in capture_filters )
|
||||
for ( _, cf in capture_filters )
|
||||
cfilter = combine_filters(cfilter, "or", cf);
|
||||
|
||||
if ( enable_auto_protocol_capture_filters )
|
||||
|
|
@ -248,11 +248,11 @@ function build(): string
|
|||
|
||||
# Apply the restriction filters.
|
||||
local rfilter = "";
|
||||
for ( id, rf in restrict_filters )
|
||||
for ( _, rf in restrict_filters )
|
||||
rfilter = combine_filters(rfilter, "and", rf);
|
||||
|
||||
# Apply the dynamic restriction filters.
|
||||
for ( filt, drf in dynamic_restrict_filters )
|
||||
for ( _, drf in dynamic_restrict_filters )
|
||||
rfilter = combine_filters(rfilter, "and", string_cat("not (", drf, ")"));
|
||||
|
||||
# Finally, join them into one filter.
|
||||
|
|
|
|||
|
|
@ -222,7 +222,7 @@ hook finalize_dce_rpc(c: connection)
|
|||
return;
|
||||
|
||||
# TODO: Go through any remaining dce_rpc requests that haven't been processed with replies.
|
||||
for ( i, x in c$dce_rpc_backing )
|
||||
for ( _, x in c$dce_rpc_backing )
|
||||
{
|
||||
set_state(c, x);
|
||||
|
||||
|
|
|
|||
|
|
@ -191,7 +191,7 @@ function log_unmatched_msgs_queue(q: Queue::Queue)
|
|||
|
||||
function log_unmatched_msgs(msgs: PendingMessages)
|
||||
{
|
||||
for ( trans_id, q in msgs )
|
||||
for ( _, q in msgs )
|
||||
{
|
||||
log_unmatched_msgs_queue(q);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,7 +37,7 @@ function describe_file(f: fa_file): string
|
|||
if ( f$source != "FTP" )
|
||||
return "";
|
||||
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( c?$ftp )
|
||||
return FTP::describe(c$ftp);
|
||||
|
|
|
|||
|
|
@ -369,7 +369,7 @@ hook finalize_ftp(c: connection)
|
|||
{
|
||||
if ( ! c?$ftp ) return;
|
||||
|
||||
for ( ca, cmdarg in c$ftp$pending_commands )
|
||||
for ( _, cmdarg in c$ftp$pending_commands )
|
||||
{
|
||||
c$ftp$cmdarg = cmdarg;
|
||||
ftp_message(c$ftp);
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ function describe_file(f: fa_file): string
|
|||
if ( f$source != "HTTP" )
|
||||
return "";
|
||||
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( c?$http )
|
||||
return build_url_http(c$http);
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ function describe_file(f: fa_file): string
|
|||
# are already populated).
|
||||
#
|
||||
# Just return a bit of our connection information and hope that that is good enough.
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( c?$krb )
|
||||
{
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ function describe_file(f: fa_file): string
|
|||
if ( f$source != "SMB" )
|
||||
return "";
|
||||
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( c?$smb_state && c$smb_state?$current_file && c$smb_state$current_file?$name )
|
||||
return c$smb_state$current_file$name;
|
||||
|
|
|
|||
|
|
@ -241,7 +241,7 @@ event file_state_remove(f: fa_file) &priority=-5
|
|||
if ( f$source != "SMB" )
|
||||
return;
|
||||
|
||||
for ( id, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( c?$smb_state && c$smb_state?$current_file)
|
||||
{
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ function describe_file(f: fa_file): string
|
|||
if ( f$source != "SMTP" )
|
||||
return "";
|
||||
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
return SMTP::describe(c$smtp);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,7 +81,7 @@ function describe_file(f: fa_file): string
|
|||
# are already populated).
|
||||
#
|
||||
# Just return a bit of our connection information and hope that that is good enough.
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( c?$ssl )
|
||||
{
|
||||
|
|
@ -138,7 +138,7 @@ event file_sniff(f: fa_file, meta: fa_metadata) &priority=5
|
|||
|
||||
local c: connection &is_assigned; # to help static analysis
|
||||
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ event file_new(f: fa_file) &priority=5
|
|||
if ( ! f?$bof_buffer ) return;
|
||||
if ( ! f?$conns ) return;
|
||||
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( ! c?$smtp ) next;
|
||||
|
||||
|
|
|
|||
|
|
@ -97,7 +97,7 @@ event x509_ocsp_ext_signed_certificate_timestamp(f: fa_file, version: count, log
|
|||
|
||||
local c: connection &is_assigned;
|
||||
|
||||
for ( cid, c in f$conns )
|
||||
for ( _, c in f$conns )
|
||||
{
|
||||
if ( ! c?$ssl )
|
||||
return;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue