Python, Ruby, Javascript, Go, ..., allow use of trailing commas and is even
recommended in some style-guides as it keeps diffs smaller. The black formatter
for Python even goes as far to take a trailing comma as an indication to
format a list one-item on a line.
It has been a bit unusual to not be able to put trailing commas in Zeek
scripts, so this change allows for it.
It explicitly prevents trailing commas in list expressions on the left
hand side. Concretely, this disallows trailing commas in the key list
expression during table initializations.
It probably allows for commas in more places that I haven't fully grasped.
Maybe we should tighten those down again if we find them surprising.
With the release of alpine 3.17 (2022-11-22), the fts-dev package
was renamed to musl-fts-dev. Change it accordingly.
This is currently breaking CI in a fork of zeek/zeek. Suspect some
caching prevents it from breaking here currently.
Alpine 3.16 is still supported till 2024-05-23, but we're essentially
not doing CI testing for it anymore. Appears to be in line with the
comment in .cirrus.yml
From Vern in GH-846: This is a conscious decision in the TCP analysis to
consider a connection's "duration" to run up through the end of its
productive (= data can be delivered) lifetime, not extending beyond that. So
once it's closed, packets seen subsequently (until the state-holding for the
connection times out) get processed in terms of updating the associated
history, but not the duration. This can include (unnecessarily) retransmitted
data packets, like in one of the examples above. An advantage of this definition
of "duration" is it allows more accurate computation of connection data rates.
...also add/propose aliases for sync-commits / sync-repos, because I could not
remember for the past 5 times or so in which direction they would sync and
would find myself reading the README, Makefile, or comments in the scripts.
* origin/topic/vern/script-opt-Nov22-maint2:
script optimization fixes: new initialization model for standalone C++ scripts type coercion fix ZAM fix for compiling using C++ optimizer disambiguate empty constructors
* origin/topic/awelzel/2514-expire-all-timers-special-case:
TimerMgr: Add back max_timer_expires=0 special case
Add btest for expiration of all pending timers.
I've skipped treating overflows as warnings, as ++ wrapping around at 0
doesn't currently trigger a runtime error and might be expected to be
quiet and silently wrap.
Closes#2486
* origin/topic/vern/vec-construct-compat:
provide deprecated version of merge_type_list()
keep merge_types() externally available; address reviewing suggestion
change vector constructors to require direct type equivalence for non-arithmetics
Commit 58fae22708 removed the max_expire==0
handling from DoAdvance() due to not being obvious what use it is. Jan
later reported that it broke the `redef max_timer_expires=0` (#2514).
This commit adds back the special case re-introducing the `max_timer_expires=0` ,
trying to make it fairly explicit that it exists.
This is an adaption of #2516 not adding a new option and trying a bit
to avoid global variable accesses down in DoAdvance(), though that
just moved to InitPostScript().
Fixes#2514.
In normal installations, a plugin's basename has an underscore in it
to separate the namespace from the plugin name. E.g Zeek_Spicy. When
there is no underscore, this is most likely due to ./build being
picked up when using ZEEK_PLUGIN_PATH. The basename ends-up "build"
and is susceptible to collisions.
Prepend one parent directory as a heuristic to make this scenario less
likely, assuming ./build is usually below a repository checkout that
uniquely identifies the plugin.
Fixes#2577
Two new BIFs get_identifier_declaring_script() and get_record_field_declaring_script()
mirroring existing functions for comments. This allows to query the declaring
script information from Zeek scripts and further determine if a redef operations
were involved for record fields or enum names by comparing the declaring script
with the one of the involved type. See the tests.
Yet another one of @stevesmoot's requests.
oss-fuzz produced FTP traffic with a ~550KB long FTP command. Cap FTP command
length at 100 bytes, log a weird if a command is larger than that and move
on to the next. Likely it's not actual FTP traffic, but raising an
analyzer violation would allow clients an easy way to disable the analyzer
by sending an overly long command.
The added test PCAP was generated using a fake Python socket server/client.
