[Bro-Dev] How to use Broker::Data in an event handler?

[Jon Siwek]

On Tue, Sep 11, 2018 at 5:52 AM Matthias Vallentin <vallentin at icir.org> wrote:

> One more question: how would I capture a default-constructed
> broker::Data() in a case statement? This would happen when I publish
> just "None" on the Python side. In Bro, it shows up on the command
> line as "broker::data{nil}".

There's no nil/null/none type in Bro, so only way I can think to do it
at the moment is:

function is_nil(x: any): bool
    {
    if ( ! (x is Broker::Data) )
        return F;

    local d = x as Broker::Data;

    if ( ! d?$data )
        return T;

    if ( cat(d$data) != "broker::data{nil}" )
        return F;

    return T;
    }

Or in switch case, it's like:

    case type Broker::Data as d:
        print "Broker::Data, expected to be nil", d?$data, d?$data ?
cat(d$data) : "nil";
        # or use the same logic from the is_nil() function above

- Jon