From ef5fb790ef326490e87f268f65ea449f25baa432 Mon Sep 17 00:00:00 2001
From: Justin Azoff <justin@azoff.dev>
Date: Mon, 20 Sep 2021 14:38:47 -0400
Subject: [PATCH] Restore behavior of Software::register event

Use an intermediary event to ensure that software versions are parsed
before calling Software::register.
---
 scripts/base/frameworks/software/main.zeek | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/scripts/base/frameworks/software/main.zeek b/scripts/base/frameworks/software/main.zeek
index 4a81c9f9af..5704ee98b9 100644
--- a/scripts/base/frameworks/software/main.zeek
+++ b/scripts/base/frameworks/software/main.zeek
@@ -476,9 +476,11 @@ function software_fmt(i: Info): string
 	return fmt("%s %s", i$name, software_fmt_version(i$version));
 	}
 
-event Software::register(info: Info)
+# Parse unparsed_version if needed before raising register event
+# This is used to maintain the behavior of the exported Software::register
+# event that expects a pre-parsed 'name' field.
+event Software::new(info: Info)
 	{
-
 	if ( ! info?$version )
 		{
 		local sw = parse_with_cache(info$unparsed_version);
@@ -487,6 +489,12 @@ event Software::register(info: Info)
 		info$version = sw$version;
 		}
 
+	event Software::register(info);
+	}
+
+event Software::register(info: Info)
+	{
+
 	local ts: SoftwareSet;
 
 	if ( info$host in tracked )
@@ -536,9 +544,9 @@ function found(id: conn_id, info: Info): bool
 		}
 
 	@if ( Cluster::is_enabled() )
-		Cluster::publish_hrw(Cluster::proxy_pool, info$host, Software::register, info);
+		Cluster::publish_hrw(Cluster::proxy_pool, info$host, Software::new, info);
 	@else
-		event Software::register(info);
+		event Software::new(info);
 	@endif
 
 	return T;