[Bro-Dev] HTTP Sensitive POST bro policy
Siwek, Jonathan Luke
jsiwek at illinois.edu
Wed Apr 30 12:30:13 PDT 2014
On Apr 30, 2014, at 1:44 PM, Jim Mellander <jmellander at lbl.gov> wrote:
> In any event, it seems like a bug to not even give a warning if you have an event handler for a non-existent event - a typo could cause difficult to detect errors.
It’s a bit tricky (or maybe noisy) to warn on that because it’s also perfectly valid to define a new event handler like that and then generate the event from a script instead of from Bro’s internals (e.g. there could be some other script that does "event connection_end(c);”). But I agree about it being an error that’s easy to make and hard to find. For what it’s worth, there’s a script-layer option that you can “redef” called “check_for_unused_event_handlers” that will give such warnings in reporter.log.
More information about the bro-dev