[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporter AssigneeUpdated For Version PrioritySummary --- - -- -- - -- BIT-1235 [1] Bro Brian O'Berry Jon Siwek 2014-10-142.4 Normal HTTP multipart POST request alters file contents [1] BIT-1235 https://bro-tracker.atlassian.net/browse/BIT-1235 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature
[
https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian O'Berry updated BIT-1238:
---
Attachment: test.tar.gz
Test results that show text file (test.txt) classified as a tar file
High false-positive for application/x-tar signature
---
Key: BIT-1238
URL: https://bro-tracker.atlassian.net/browse/BIT-1238
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.3
Reporter: Brian O'Berry
Assignee: Seth Hall
Labels: file, mime, signature
Attachments: test.tar.gz
The following signature in base/frameworks/files/magic/general.sig frequently
triggers on text files in our environment, and includes a strength value
higher than GNU and POSIX tar signatures in libmagic.sig.
{code}
signature file-tar {
file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/
file-mime application/x-tar, 150
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4-OD-07-004#64005)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature
[
https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=18404#comment-18404
]
Brian O'Berry commented on BIT-1238:
Attached test.tar.gz, with test results of an HTTP GET for which the extracted
text file is classified as a tar file.
* test.pcap contains the HTTP GET session (you'll need to disable checksums to
use it)
* test.txt is the original file
* extract_files/ contains the extracted file
* etc/ holds config files used for the test, for which bro was started as a
daemon via 'broctl start'
* logs/ includes files.*.log.gz showing the incorrect mime type
* spool/ includes the local.bro policy file used for the test
High false-positive for application/x-tar signature
---
Key: BIT-1238
URL: https://bro-tracker.atlassian.net/browse/BIT-1238
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: 2.3
Reporter: Brian O'Berry
Assignee: Seth Hall
Labels: file, mime, signature
Attachments: test.tar.gz
The following signature in base/frameworks/files/magic/general.sig frequently
triggers on text files in our environment, and includes a strength value
higher than GNU and POSIX tar signatures in libmagic.sig.
{code}
signature file-tar {
file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/
file-mime application/x-tar, 150
}
{code}
--
This message was sent by Atlassian JIRA
(v6.4-OD-07-004#64005)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Geo Location Plugin
On Oct 14, 2014, at 7:48 PM, anthony kasza anthony.ka...@gmail.com wrote: From what I can tell, I don't have geo_location = internal_type(geo_location)-AsRecordType(); in the right location. This line is from the init_net_var() function from NetVar.cc, which gets called by main.cc. Maybe that can just be completely removed if Bro proper no longer relies on that type since all the related functionality is now provided by the plugin? everything sitting in a single .bif file. Would it be useful to post that? How about putting the entire plugin source directory in a github repo? That should make it easy for others to start poking at the same code as you. - Jon ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1273) Broscript crashes Bro with segfault when defining a global enum
[
https://bro-tracker.atlassian.net/browse/BIT-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Siwek updated BIT-1273:
---
Resolution: Fixed
Status: Closed (was: Open)
Broscript crashes Bro with segfault when defining a global enum
---
Key: BIT-1273
URL: https://bro-tracker.atlassian.net/browse/BIT-1273
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Struck
Labels: language
Fix For: 2.4
Attachments: test.bro
broscript crashes bro with segfault, when trying to define a
*global* identifier: enum {
}
instead of giving just a simple error on parsing.
--
This message was sent by Atlassian JIRA
(v6.4-OD-07-004#64005)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1273) Broscript crashes Bro with segfault when defining a global enum
[
https://bro-tracker.atlassian.net/browse/BIT-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=18405#comment-18405
]
Jon Siwek commented on BIT-1273:
Fixed in master. Thanks.
Broscript crashes Bro with segfault when defining a global enum
---
Key: BIT-1273
URL: https://bro-tracker.atlassian.net/browse/BIT-1273
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Struck
Labels: language
Fix For: 2.4
Attachments: test.bro
broscript crashes bro with segfault, when trying to define a
*global* identifier: enum {
}
instead of giving just a simple error on parsing.
--
This message was sent by Atlassian JIRA
(v6.4-OD-07-004#64005)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Geo Location Plugin
On Oct 15, 2014, at 10:46 AM, Siwek, Jon jsi...@illinois.edu wrote: Maybe that can just be completely removed if Bro proper no longer relies on that type since all the related functionality is now provided by the plugin? Agreed. Any code related to GeoIP should move into the plugin, including types. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1273) Broscript crashes Bro with segfault when defining a global enum
[
https://bro-tracker.atlassian.net/browse/BIT-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jon Siwek updated BIT-1273:
---
Fix Version/s: 2.4
Broscript crashes Bro with segfault when defining a global enum
---
Key: BIT-1273
URL: https://bro-tracker.atlassian.net/browse/BIT-1273
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Struck
Labels: language
Fix For: 2.4
Attachments: test.bro
broscript crashes bro with segfault, when trying to define a
*global* identifier: enum {
}
instead of giving just a simple error on parsing.
--
This message was sent by Atlassian JIRA
(v6.4-OD-07-004#64005)
___
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Geo Location Plugin
On Oct 15, 2014, at 1:22 PM, anthony kasza anthony.ka...@gmail.com wrote: What are the general conventions for doing this? Oh, also: https://www.bro.org/development/howtos/process.html .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
