Ticket #30 (seen Problem)

Opened 3 years ago

Last modified 5 months ago

Drop logic doesn't pass reason to external script

Reported by: rreitz@… Owned by:
Priority: Normal Milestone: Bro2.1
Component: Bro Version: branch-robin-work
Keywords: Cc:

Description

The drop.bro script calls a drop_connectivity_script external script. The only argument currently passed is the drop_address. The enclosing function do_direct_drop() has a msg parameter which has the 'reason' for the drop as the second parameter. This parameter comes from the global drop_address() function in drop.bro. I propose that this argument be passed to the external script.

I believe attached patches to notice.bro and scan.bro are required.

Attachments

Bro_scan_patch.txt Download (932 bytes) - added by seth 3 years ago.

Change History

comment:1 Changed 3 years ago by robin

  • Status changed from new to seen

Looks good to me, except that I think we should pass the msg through str_shell_escape() as it is hard to predict what kind of characters it might contain.

Changed 3 years ago by seth

comment:2 Changed 3 years ago by seth

New patch submitted with appropriate string sanitization applied.

comment:3 Changed 14 months ago by seth

  • Milestone set to Bro1.6

comment:4 Changed 5 months ago by seth

  • Milestone changed from Bro1.6 to Bro1.7

Next release isn't going to have the code to react to things (react framework) so I'm bumping this back.

Note: See TracTickets for help on using tickets.