[Bro] bro syntax checking
Azoff, Justin S
jazoff at illinois.edu
Wed Oct 26 06:36:26 PDT 2016
> On Oct 26, 2016, at 9:22 AM, Zeolla at GMail.com <zeolla at gmail.com> wrote:
>
> So I've been looking for a cleaner way to check bro syntax via a pre-commit hook - we currently have bro installed on a server where we commit from that does a `broctl check`. I was thinking of doing something small like a docker instance that can run `broctl check` using a mounted host directory. My questions are:
>
> 1. Has anybody else already solved this issue? What are others using to validate syntax before pushing out changes?
bro supports a '-a' option for validating syntax on scripts. I've built integration for it inside syntastic for vim and wrote an atom linter for bro, adding support for other editors is pretty easy.
Aside from that we don't bother.. if a broken script ends up getting pushed out somehow, broctl deploy will complain and we can fix it without ever impacting the running bro instances.
> 2. Is this the official bro docker image? I pulled it down and was playing around a bit but ran into an issue but I wasn't sure if this was expected. Specifically, /bro/bin/broctl wasn't functional until I installed python, but after running `apt-get update && apt-get install -y python && /bin/bro/broctl install` things seemed to be functional.
Ah.. I build those images for try.bro.org and for script testing (there's one for each version of bro) but I've never actually used them to run bro via broctl. You're probably better off just using it to run your scripts against a pcap.
--
- Justin Azoff
More information about the Bro
mailing list