[Bro-Dev] HTTP Sensitive POST bro policy

Siwek, Jonathan Luke jsiwek at illinois.edu
Wed Apr 30 12:30:13 PDT 2014

On Apr 30, 2014, at 1:44 PM, Jim Mellander <jmellander at lbl.gov> wrote:

> In any event, it seems like a bug to not even give a warning if you have an event handler for a non-existent event - a typo could cause difficult to detect errors.

It’s a bit tricky (or maybe noisy) to warn on that because it’s also perfectly valid to define a new event handler like that and then generate the event from a script instead of from Bro’s internals (e.g. there could be some other script that does "event connection_end(c);”).  But I agree about it being an error that’s easy to make and hard to find.  For what it’s worth, there’s a script-layer option that you can “redef” called “check_for_unused_event_handlers” that will give such warnings in reporter.log.

- Jon

More information about the bro-dev mailing list