Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

policy: Use literal dots for patterns used against content-type and hostname

Browse source 
The following two patterns were identified while reviewing patterns that
match on any characters. The intention likely was to match actual
literal dots.
This commit is contained in:
Arne Welzel 2022-07-11 10:31:51 +02:00
parent d957f883df
commit c4970e6d4a
2 changed files with 2 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/frameworks/files/detect-MHR.zeek
View file

@ -16,7 +16,7 @@ export {
## File types to attempt matching against the Malware Hash Registry. ## File types to attempt matching against the Malware Hash Registry.
option match_file_types = /application\/x-dosexec/ | option match_file_types = /application\/x-dosexec/ |
/application\/vnd.ms-cab-compressed/ | /application\/vnd\.ms-cab-compressed/ |
/application\/pdf/ | /application\/pdf/ |
/application\/x-shockwave-flash/ | /application\/x-shockwave-flash/ |
/application\/x-java-applet/ | /application\/x-java-applet/ |

2
scripts/policy/frameworks/software/windows-version-detection.zeek
View file

@ -54,7 +54,7 @@ export {
event HTTP::log_http(rec: HTTP::Info) &priority=5 event HTTP::log_http(rec: HTTP::Info) &priority=5
{ {
if ( rec?$host && rec?$user_agent && /crl.microsoft.com/ in rec$host && if ( rec?$host && rec?$user_agent && /crl\.microsoft\.com/ in rec$host &&
/Microsoft-CryptoAPI\// in rec$user_agent ) /Microsoft-CryptoAPI\// in rec$user_agent )
{ {
if ( rec$user_agent !in crypto_api_mapping ) if ( rec$user_agent !in crypto_api_mapping )