[Bro-Dev] [JIRA] (BIT-1159) type checking inconsistencies

Vern Paxson (JIRA) jira at bro-tracker.atlassian.net
Thu Mar 20 11:25:44 PDT 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15816#comment-15816 ] 

Vern Paxson commented on BIT-1159:
----------------------------------

I'm okay with removing it, too.  FYI, I don't regret having it there initially, though.  Back when Bro's analysis was heavier on firewall-type rules, this was a good way to keep rules concise and thus less likely to be buggy.  (And I can imagine introducing a cleaner language construct to still provide this sort of compactness in the future …. if we find plausible use cases for modern scripts.)

Also, where are things today with supporting constructs like

{code} global x: table[addr] of string = { [badguy.foo.com] = "uh-oh" }; {code}

where {{badguy.foo.com}} might resolve to multiple addresses?  That was another reason why Bro has support for list-based expansion in initializers.



> type checking inconsistencies
> -----------------------------
>
>                 Key: BIT-1159
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1159
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master, 2.2
>            Reporter: Justin Azoff
>            Assignee: Jon Siwek
>            Priority: Low
>              Labels: language
>         Attachments: signature.asc
>
>
> If you try to compare a count to a port directly, you get the following:
> {code}
> operands must be of the same type (1500/tcp < 2000)
> {code}
> but if you have a record, and mixup the types like so, it silently fails:
> {code}
> type PortRange: record {
>     min: port &default=1/tcp;
>     max: port &default=65535/tcp;
> };
> global pr = PortRange($min=1000,$max=2000);
> #CORRECT: global pr = PortRange($min=1000/tcp,$max=2000/tcp);
> event bro_init()
> {
>     print (pr$min <= 1500/tcp  && 1500/tcp < pr$max) ? "OK" : "NOTOK";
> }
> {code}
> {code}
> $ bro a.bro
> NOTOK
> {code}



--
This message was sent by Atlassian JIRA
(v6.2-OD-10-004-WN#6253)



More information about the bro-dev mailing list