[Bro-Dev] [JIRA] (BIT-1159) count/port comparisons silently fail when part of a record
Bernhard Amann (JIRA)
jira at bro-tracker.atlassian.net
Fri Mar 14 19:05:18 PDT 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15757#comment-15757 ]
Bernhard Amann commented on BIT-1159:
-------------------------------------
To expand a bit on that - this way of constructing a record simply does not seem to do any kind of type checking, so the problem is not with count/port comparisons.
{{{
type PortRange: record {
min: port &default=1/tcp;
max: port &default=65535/tcp;
t: count;
};
global pr = PortRange($min="a",$max=2000, $t=127.0.0.1);
print pr;
}}}
works perfectly (and it should definitely not)
> count/port comparisons silently fail when part of a record
> ----------------------------------------------------------
>
> Key: BIT-1159
> URL: https://bro-tracker.atlassian.net/browse/BIT-1159
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: git/master, 2.2
> Reporter: Justin Azoff
> Priority: Low
> Labels: language
>
> If you try to compare a count to a port directly, you get the following:
> {code}
> operands must be of the same type (1500/tcp < 2000)
> {code}
> but if you have a record, and mixup the types like so, it silently fails:
> {code}
> type PortRange: record {
> min: port &default=1/tcp;
> max: port &default=65535/tcp;
> };
> global pr = PortRange($min=1000,$max=2000);
> #CORRECT: global pr = PortRange($min=1000/tcp,$max=2000/tcp);
> event bro_init()
> {
> print (pr$min <= 1500/tcp && 1500/tcp < pr$max) ? "OK" : "NOTOK";
> }
> {code}
> {code}
> $ bro a.bro
> NOTOK
> {code}
--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)
More information about the bro-dev
mailing list