Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 22:58:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge branch 'topic/antonio.nappa/fix_lowercase_intel_bug' of ssh://github.com/jeppojeps/zeek

Browse source
This commit is contained in:
Robin Sommer 2020-03-31 07:04:59 +00:00
commit f62d7dd091
3 changed files with 13 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGES
View file

@ -1,4 +1,9 @@
3.2.0-dev.325 | 2020-03-31 07:04:59 +0000
* Fix bug in intel framework letting deletes of mixed-cased entries
fail. (Antonio Nappa, Corelight)
3.2.0-dev.322 | 2020-03-31 06:44:57 +0000 3.2.0-dev.322 | 2020-03-31 06:44:57 +0000
* A large number of functions had return values and/or arguments * A large number of functions had return values and/or arguments

2
VERSION
View file

@ -1 +1 @@
3.2.0-dev.322 3.2.0-dev.325

14
scripts/base/frameworks/intel/main.zeek
View file

@ -9,7 +9,7 @@ module Intel;
export { export {
redef enum Log::ID += { LOG }; redef enum Log::ID += { LOG };
## Enum type to represent various types of intelligence data. ## Enum type to represent various types of intelligence data.
type Type: enum { type Type: enum {
## An IP address. ## An IP address.
@ -523,8 +523,8 @@ function item_exists(item: Item): bool
return have_full_data ? to_subnet(item$indicator) in data_store$subnet_data : return have_full_data ? to_subnet(item$indicator) in data_store$subnet_data :
to_subnet(item$indicator) in min_data_store$subnet_data; to_subnet(item$indicator) in min_data_store$subnet_data;
default: default:
return have_full_data ? [item$indicator, item$indicator_type] in data_store$string_data : return have_full_data ? [to_lower(item$indicator), item$indicator_type] in data_store$string_data :
[item$indicator, item$indicator_type] in min_data_store$string_data; [to_lower(item$indicator), item$indicator_type] in min_data_store$string_data;
} }
} }
@ -550,8 +550,8 @@ function remove_meta_data(item: Item): bool
delete data_store$subnet_data[net][item$meta$source]; delete data_store$subnet_data[net][item$meta$source];
return (|data_store$subnet_data[net]| == 0); return (|data_store$subnet_data[net]| == 0);
default: default:
delete data_store$string_data[item$indicator, item$indicator_type][item$meta$source]; delete data_store$string_data[to_lower(item$indicator), item$indicator_type][item$meta$source];
return (|data_store$string_data[item$indicator, item$indicator_type]| == 0); return (|data_store$string_data[to_lower(item$indicator), item$indicator_type]| == 0);
} }
} }
@ -588,7 +588,7 @@ function remove(item: Item, purge_indicator: bool)
delete data_store$subnet_data[net]; delete data_store$subnet_data[net];
break; break;
default: default:
delete data_store$string_data[item$indicator, item$indicator_type]; delete data_store$string_data[to_lower(item$indicator), item$indicator_type];
break; break;
} }
# Trigger deletion in minimal data stores # Trigger deletion in minimal data stores
@ -610,7 +610,7 @@ event remove_indicator(item: Item)
delete min_data_store$subnet_data[net]; delete min_data_store$subnet_data[net];
break; break;
default: default:
delete min_data_store$string_data[item$indicator, item$indicator_type]; delete min_data_store$string_data[to_lower(item$indicator), item$indicator_type];
break; break;
} }
} }