[Bro-Dev] [JIRA] (BIT-1159) count/port comparisons silently fail when part of a record

Bernhard Amann (JIRA) jira at bro-tracker.atlassian.net
Fri Mar 14 19:05:18 PDT 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15757#comment-15757 ] 

Bernhard Amann commented on BIT-1159:
-------------------------------------

To expand a bit on that - this way of constructing a record simply does not seem to do any kind of type checking, so the problem is not with count/port comparisons.

{{{
type PortRange: record {
   min: port &default=1/tcp;
   max: port &default=65535/tcp;
   t: count;
};

global pr = PortRange($min="a",$max=2000, $t=127.0.0.1);
print pr;
}}}

works perfectly (and it should definitely not)

> count/port comparisons silently fail when part of a record
> ----------------------------------------------------------
>
>                 Key: BIT-1159
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1159
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master, 2.2
>            Reporter: Justin Azoff
>            Priority: Low
>              Labels: language
>
> If you try to compare a count to a port directly, you get the following:
> {code}
> operands must be of the same type (1500/tcp < 2000)
> {code}
> but if you have a record, and mixup the types like so, it silently fails:
> {code}
> type PortRange: record {
>     min: port &default=1/tcp;
>     max: port &default=65535/tcp;
> };
> global pr = PortRange($min=1000,$max=2000);
> #CORRECT: global pr = PortRange($min=1000/tcp,$max=2000/tcp);
> event bro_init()
> {
>     print (pr$min <= 1500/tcp  && 1500/tcp < pr$max) ? "OK" : "NOTOK";
> }
> {code}
> {code}
> $ bro a.bro
> NOTOK
> {code}



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)


More information about the bro-dev mailing list