Done issues

Add new string functions
BIT-1754
Attribute propagation
BIT-248
to_json mishandles strings with both \ and unprintable characters
BIT-1959
sets that (ultimately) contain sets do not do proper lookups/deletes
BIT-1949
Bro plugins should support a patch version (x.y.z)
BIT-1985
incorrect module identification in error message
BIT-1937
for-loops that iterate over key-value pairs
BIT-1879
Sum of two vectors of int
BIT-1760
known_* scripts rewrite for broker
BIT-1521
Type-checking is missing for some &attributes
BIT-1981
-f silently fails if base/frameworks/packet-filter isn't loaded
BIT-1407
initialization of "int" record fields fails for unsigned integers
BIT-1759
find-filtered-trace could be a bit smarter
BIT-1919
incorrect type in default attribute segfaults
BIT-1656
Segmentation fault (core dumped) if an expire_func is missing a return <interval>
BIT-1925
Forward declarations of events don't work inside a module namespace
BIT-71
capture_loss should exclude shunted connections
BIT-1975
Bro crash with packet filter definition
BIT-1640
Interpreter exceptions cause memory leaks (was "Memory leak in print")
BIT-831
Misleading error messages
BIT-1899
Bug in Table Value Type Verification
BIT-1859
misc/dump-events only dumps events handled by other scripts
BIT-1218
Malformed .bro script segfaults
BIT-1708
Improve signaling of deprecated code
BIT-1474
broxygen ignores some doc comments
BIT-1483
FR: Protosigs port range support
BIT-1752
Attributes are not checked for consistency
BIT-1982
Need a mechanism to rebuild all packages in face of a Bro update.
BIT-1826
Initialisation of fields of a record : weird coerce error
BIT-1762
Renaming Fields Causes Segfault
BIT-1987
broctl top command and stats-to-csv fixes
BIT-1986
API finalizations to Bro's Broker framework
BIT-1967
Move net stats to uint64
BIT-1983
Please merge topic/johanna/weird-options
BIT-1984
Unused Weirds
BIT-1208
ascii log writer script has the log filename extension hard-coded
BIT-1779
DNS reply - bro stores CNAME answer in c$dns$query
BIT-1761
Merge request: topic/seth/ntlm-fixes
BIT-1920
Exec::Run does not complete
BIT-1475
gssapi - unable to process kerberos due to bad offsets
BIT-1751
network_time() sometimes returns wall time if suspend_processing() and continue_processing() is used.
BIT-1861
different file hash between downloaded file by ANALYZER_EXTRACT with original file
BIT-1832
address test suite stability issues
BIT-1965
Update CAF submodule to a release version (when ready)
BIT-1969
Finalize 2.6 NEWS release notes
BIT-1968
merge topic/jsiwek/at-deprecated
BIT-1980
Add advertised compression methods in event ssl_client_hello
BIT-1855
@else does not work after event line
BIT-1976
bro does not create ssh and scp logs
BIT-1977
Issue in ContentLine_Analyzer::DoDeliverOnce() that could be used as a DoS attack vector
BIT-1978
issue 1 of 1865

Add new string functions

Description

Bro appears to have a rather limited list of built-in string functions. This lack of functionality makes it more difficult to write high performance Bro scripts that require large amounts of string processing.

Using Python as a model (https://docs.python.org/2/library/stdtypes.html#string-methods), I think Bro would benefit from having the following additional string functions:

  • str.count - Return the number of non-overlapping occurrences of substring sub in the range

  • str.find - Return the lowest index in the string where substring sub is found within the slice s[start:end].

  • str.lstrip - Return a copy of the string with leading characters removed. The chars argument is a string specifying the set of characters to be removed.

  • str.replace - Return a copy of the string with all occurrences of substring old replaced by new

  • str.rstrip - Return a copy of the string with trailing characters removed. The chars argument is a string specifying the set of characters to be removed

  • str.strip - Return a copy of the string with the leading and trailing characters removed. The chars argument is a string specifying the set of characters to be removed

Additionally, I think a find_all implementation that returned all indexes of the match would be helpful, as is described here: http://stackoverflow.com/questions/4664850/find-all-occurrences-of-a-substring-in-python .

I am willing to put forth the effort in writing these functions if the resulting code (assuming it meets all quality requirements) would be merged in.

Environment

None

Assignee

Unassigned

Reporter

Moshe Kaplan

Labels

None

External issue ID

None

Components

Affects versions

Priority

Normal
Configure