[Bro-Dev] [Auto] Merge Status
Open Merge Requests === IDComponentReporter AssigneeUpdated For Version PrioritySummary --- - -- -- - -- BIT-1235 [1] Bro Brian O'Berry Jon Siwek 2014-10-142.4 Normal HTTP multipart POST request alters file contents [1] BIT-1235 https://bro-tracker.atlassian.net/browse/BIT-1235 ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature
[ https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brian O'Berry updated BIT-1238: --- Attachment: test.tar.gz Test results that show text file (test.txt) classified as a tar file High false-positive for application/x-tar signature --- Key: BIT-1238 URL: https://bro-tracker.atlassian.net/browse/BIT-1238 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: 2.3 Reporter: Brian O'Berry Assignee: Seth Hall Labels: file, mime, signature Attachments: test.tar.gz The following signature in base/frameworks/files/magic/general.sig frequently triggers on text files in our environment, and includes a strength value higher than GNU and POSIX tar signatures in libmagic.sig. {code} signature file-tar { file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/ file-mime application/x-tar, 150 } {code} -- This message was sent by Atlassian JIRA (v6.4-OD-07-004#64005) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1238) High false-positive for application/x-tar signature
[ https://bro-tracker.atlassian.net/browse/BIT-1238?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=18404#comment-18404 ] Brian O'Berry commented on BIT-1238: Attached test.tar.gz, with test results of an HTTP GET for which the extracted text file is classified as a tar file. * test.pcap contains the HTTP GET session (you'll need to disable checksums to use it) * test.txt is the original file * extract_files/ contains the extracted file * etc/ holds config files used for the test, for which bro was started as a daemon via 'broctl start' * logs/ includes files.*.log.gz showing the incorrect mime type * spool/ includes the local.bro policy file used for the test High false-positive for application/x-tar signature --- Key: BIT-1238 URL: https://bro-tracker.atlassian.net/browse/BIT-1238 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: 2.3 Reporter: Brian O'Berry Assignee: Seth Hall Labels: file, mime, signature Attachments: test.tar.gz The following signature in base/frameworks/files/magic/general.sig frequently triggers on text files in our environment, and includes a strength value higher than GNU and POSIX tar signatures in libmagic.sig. {code} signature file-tar { file-magic /([[:print:]\x00]){100}(([[:digit:]\x00\x20]){8}){3}/ file-mime application/x-tar, 150 } {code} -- This message was sent by Atlassian JIRA (v6.4-OD-07-004#64005) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Geo Location Plugin
On Oct 14, 2014, at 7:48 PM, anthony kasza anthony.ka...@gmail.com wrote: From what I can tell, I don't have geo_location = internal_type(geo_location)-AsRecordType(); in the right location. This line is from the init_net_var() function from NetVar.cc, which gets called by main.cc. Maybe that can just be completely removed if Bro proper no longer relies on that type since all the related functionality is now provided by the plugin? everything sitting in a single .bif file. Would it be useful to post that? How about putting the entire plugin source directory in a github repo? That should make it easy for others to start poking at the same code as you. - Jon ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1273) Broscript crashes Bro with segfault when defining a global enum
[ https://bro-tracker.atlassian.net/browse/BIT-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1273: --- Resolution: Fixed Status: Closed (was: Open) Broscript crashes Bro with segfault when defining a global enum --- Key: BIT-1273 URL: https://bro-tracker.atlassian.net/browse/BIT-1273 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Struck Labels: language Fix For: 2.4 Attachments: test.bro broscript crashes bro with segfault, when trying to define a *global* identifier: enum { } instead of giving just a simple error on parsing. -- This message was sent by Atlassian JIRA (v6.4-OD-07-004#64005) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1273) Broscript crashes Bro with segfault when defining a global enum
[ https://bro-tracker.atlassian.net/browse/BIT-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=18405#comment-18405 ] Jon Siwek commented on BIT-1273: Fixed in master. Thanks. Broscript crashes Bro with segfault when defining a global enum --- Key: BIT-1273 URL: https://bro-tracker.atlassian.net/browse/BIT-1273 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Struck Labels: language Fix For: 2.4 Attachments: test.bro broscript crashes bro with segfault, when trying to define a *global* identifier: enum { } instead of giving just a simple error on parsing. -- This message was sent by Atlassian JIRA (v6.4-OD-07-004#64005) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Geo Location Plugin
On Oct 15, 2014, at 10:46 AM, Siwek, Jon jsi...@illinois.edu wrote: Maybe that can just be completely removed if Bro proper no longer relies on that type since all the related functionality is now provided by the plugin? Agreed. Any code related to GeoIP should move into the plugin, including types. .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
[Bro-Dev] [JIRA] (BIT-1273) Broscript crashes Bro with segfault when defining a global enum
[ https://bro-tracker.atlassian.net/browse/BIT-1273?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jon Siwek updated BIT-1273: --- Fix Version/s: 2.4 Broscript crashes Bro with segfault when defining a global enum --- Key: BIT-1273 URL: https://bro-tracker.atlassian.net/browse/BIT-1273 Project: Bro Issue Tracker Issue Type: Problem Components: Bro Affects Versions: git/master Reporter: Struck Labels: language Fix For: 2.4 Attachments: test.bro broscript crashes bro with segfault, when trying to define a *global* identifier: enum { } instead of giving just a simple error on parsing. -- This message was sent by Atlassian JIRA (v6.4-OD-07-004#64005) ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
Re: [Bro-Dev] Geo Location Plugin
On Oct 15, 2014, at 1:22 PM, anthony kasza anthony.ka...@gmail.com wrote: What are the general conventions for doing this? Oh, also: https://www.bro.org/development/howtos/process.html .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro.org/ ___ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev