[Bro-Dev] [JIRA] (BIT-1051) smtp-url-extraction.bro misses/truncates urls between data chunks
Brian Little (JIRA)
jira at bro-tracker.atlassian.net
Tue Aug 6 03:22:06 PDT 2013
Brian Little created BIT-1051:
---------------------------------
Summary: smtp-url-extraction.bro misses/truncates urls between data chunks
Key: BIT-1051
URL: https://bro-tracker.atlassian.net/browse/BIT-1051
Project: Bro Issue Tracker
Issue Type: Problem
Components: Bro
Affects Versions: git/master
Reporter: Brian Little
Priority: Low
Files::add_analyzer(f, Files::ANALYZER_DATA_EVENT, [$stream_event=intel_mime_data]);
event intel_mime_data(f: fa_file, data: string) {}
I think the file analysis framework sends the data through to the intel_mime_data event in sections (appears that way from adding print debugging). The cutting point between the data sections can fall in the middle of an url, causing the regex to miss the url, or truncate it.
What would be the recommended way around for this? (and other usage of file analysis framework)
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://bro-tracker.atlassian.net/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the bro-dev
mailing list