* origin/topic/bernhard/base64:
and re-enable caching of extracted certs
and add bae64 bif tests.
re-unify classes
and modernize script.
add base64-encode functionality and bif.
Closes#965.
* origin/topic/seth/software-version-updates2:
Correctly handle DNS lookups for software version ranges.
Improvements to vulnerable software detection.
Update software version parsing and comparison to account for a third numeric subversion.
Closes#938.
So much nicer!
Closes#954.
* origin/topic/seth/notice-framework-updates:
Update notice framework documentation to represent the new reality.
Complete removal of the old table based notice policy mechanism.
Updates for the notices framework.
Closes#946.
* origin/topic/jsiwek/ticket946:
Fix memory leaks resulting from 'when' and 'return when' statements.
Fix three bugs with 'when' and 'return when' statements. Addresses #946
* origin/topic/matthias/notary:
Small cosmetic changes.
Give log buffer the correct name.
Simplify delayed logging of SSL records.
Implement delay-token style SSL logging.
More style tweaks: replace spaces with tabs.
Factor notary code into separte file.
Adhere to Bro coding style guidelines.
Enhance ssl.log with information from notary.
Closes#928
* origin/topic/bernhard/input-logging-commmon-functions:
add the last of Robins suggestions (separate info-struct for constructors).
port memory leak fix from master
harmonize function naming
move AsciiInputOutput over to threading
and thinking about it, ascii-io doesn't need the separator
change constructors
and factor stuff out the input framework too.
factor out ascii input/output.
std::string accessors to escape_sequence functionality
intermediate commit - it has been over a month since I touched this...
I cleaned up the AsciiInputOutput class somewhat, including renaming
it to AsciiFormatter, renaming some of its methods, and turning the
static methods into members for consistency.
Closes#929.
* origin/fastpath:
Fixing variable size issues (was uint, should be long) with http response code.
Revert "Trick for parallelizing input framework unit tests."
add opaque type-ignoring for the accept_unsupported_types input framework option.
* origin/topic/jsiwek/string-indexing:
Change substring index notation to use a colon (addresses #422).
Tweaked slightly to make it more generic, we may index other types
with slices eventually too.
Closes#422.
* origin/topic/matthias/opaque:
Add new unit test for opaque serialization.
Migrate entropy testing to opaque.
C++ify RandTest.*
Fix a hard-to-spot bug.
Use more descriptive error message.
Fix the fix :-/.
Fix initialization of hash values.
Be clearer about delegation.
Implement serialization of opaque types.
Update hash BiF documentation.
Migrate free SHA* functions to SHA*Val::digest().
Add missing type name that caused failing tests.
Update base scripts and unit tests.
Simplify hash function BiFs.
Add support for opaque hash values.
Adapt BiF & Bro parser to handle opaque types.
More lexer/parser work.
Implement equivalence relation for opaque types.
Support basic serialization of opaque.
Add opaque type to lexer, parser, and BroType.
Closes#925
Conflicts:
aux/broccoli
* origin/fastpath:
Trick for parallelizing input framework unit tests.
Maybe fix reliability of a unit test that relies on when statements.
Remove unused attributes
consisting of letters [A-Za-z].
I had some bogus HTTP sessions now with the test-suite that reported
data as HTTP because it started with "<!... ". Requiring letters seems
a reasonable constraint.
* origin/fastpath:
ok, this one is a bit... embarrassing.
Fix segfault: uninitialized identifiers w/ &synchronized (addresses #66)
Bad record constructor initializers now give an error (addresses #34).
Invalid vector indices now generate error message (addresses #24).
Bump CPack RPM package requirement to python >= 2.6.0.
Interpreter exceptions occurring in "when" blocks are now handled.
* origin/topic/jsiwek/table-init-container-ctors:
Add test of record() constructor to table initializer unit test.
Fix table(), set(), vector() constructors in table initializer lists.
Closes#5.
* origin/topic/jsiwek/hook:
Change hook calls to only be allowed when preceded by "hook" keyword.
Clarification in hook documentation.
Hook functions now directly callable instead of w/ "hook" statements.
Closes#918.
* origin/fastpath:
Slightly fix up file name extraction from Content-Disposition headers.
Quick pass over unit tests, adding -b flag to bro so they run faster.
Fixed a DNS attribute issue (reported by Matt Thompson).
'only_single_header_row' that turns the output into CSV format.
In that mode all meta data is skipped except for a single header line
with the fields names. Example:
local my_filter: Log::Filter = [$name = "my-filter", $writer = Log::WRITER_ASCII, $config = table(["only_single_header_row"] = "T")];
Contributed by Carsten Langer.
