From ea4d30eb6abe7b4f344aa8fd7c9eb11208f09788 Mon Sep 17 00:00:00 2001
From: Benjamin Bannier <benjamin.bannier@corelight.com>
Date: Wed, 18 Jun 2025 10:23:13 +0200
Subject: [PATCH] Clean up use of references in Spicy SSL analyzer

The Spicy SSL analyzer was using references pretty heavily, probably to
work around now fixed issues with `inout` parameters in older Spicy
versions. At least for units this seems not needed anymore, and was also
partially incorrect, e.g., the Spicy docs call out that when using
`inout` parameters, passed and expected types should match exactly so
passing a reference as an `inout` value seems incorrect. Additionally,
one use case for references in Spicy is to use their interior
mutability, i.e., a reference never needs to be passed `inout` since
their can always be mutated.

Internally units are stored as reference-counted values, and references
to units are not much cheaper since they also need to be refcounted.
With that there seems litle reason to use references in this analyzer at
all, and this patch drops their use completely; instead we either pass
values, or values declared `inout`.

We leave the use of references for sharing sinks in place.
---
 src/analyzer/protocol/ssl/spicy/SSL.spicy | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/analyzer/protocol/ssl/spicy/SSL.spicy b/src/analyzer/protocol/ssl/spicy/SSL.spicy
index f028ad07c5..ee50442cb3 100644
--- a/src/analyzer/protocol/ssl/spicy/SSL.spicy
+++ b/src/analyzer/protocol/ssl/spicy/SSL.spicy
@@ -862,16 +862,16 @@ type Heartbeat = unit(sh: Share, length: uint16) {
 };
 
 # note - this will mostly be garbage because it is encrypted.
-public type Alert = unit(sh: Share&) {
+public type Alert = unit(sh: Share) {
     alerts: Alert_message(sh)[];
 };
 
-type Alert_message = unit(sh: Share&) {
+type Alert_message = unit(sh: Share) {
     level: uint8; # &convert=AlertLevel($$);
     description: uint8; # &convert=AlertDescription($$);
 };
 
-type Handshake = unit(inout msg: Message, sh: Share&) {
+type Handshake = unit(inout msg: Message, inout sh: Share) {
     handshakes: Handshake_message(msg, sh)[];
 };
 
@@ -1904,7 +1904,7 @@ public function convert_certificate_authorities(c: vector<CertificateAuthority>)
 }
 
 # returns true for the "client"
-public function get_direction(sh: Share&): bool {
+public function get_direction(sh: Share): bool {
     if (sh.flipped)
         return !zeek::is_orig();
     else