Comments (6)
Update curl is running and returns json .. but stil same error
from bro-scripts.
in bro 2.5 i am getting below error while running vt_check.bro
1491343971.786777 error in ./vt_check.bro, line 93: value used but not set (VTCHECK::positives)
from bro-scripts.
if ( result?$files && bodyfile in result$files )
{
local body = fmt("%s", result$files[bodyfile]);
local context = "";
local subcon = "-";
if ( |body| > 0 )
{
local positives: string;
local total: string;
local elements = split_string(body, /,/);
local results: vector of string;
local virustotal_url = fmt(match_sub_url, f$info$sha256);
for ( e in elements )
{
print e;
local temp: string_vec;
if ( /"positives":/ in elements[e] )
{
temp = split_string(elements[e], /:/);
positives = sub_bytes(temp[1], 1, |temp[3]|);
print positives;
}
else if ( /"total":/ in elements[e] )
{
temp = split_string(elements[e], /:/);
total = sub_bytes(temp[1], 1, |temp[3]|);
print total;
}
else if ( /"result":/ in elements[e] )
{
if ( ! ( / null/ in elements[e] ) )
{
temp = split_string(elements[e], /"/);
print temp[3];
results[|results|] = temp[3];
}
Change this part and check what is printed
from bro-scripts.
The fix doesn't seem to be working, it can't find the function match_sub_url in match_sub_url and after rem oving that it gives an error on line 98, about regex parsing.
from bro-scripts.
I'll try and take a look at it. I haven't been doing much Bro stuff lately. If you get it figured out before I do I'll happily take a PR.
from bro-scripts.
@RealLinkers: I believe it is not so much a fix as a suggestion to use a print statement for troubleshooting.
As far as the issue goes, it appears it is because VT is returning json in the case of not finding results. The hash is in the "resource" field of the json, so the conditionals at lines 55 and 60 both fall through.
The json from VT also contains a "response_code" field (0 if not found, and 1 if found), so changing line 60 to: if ( |body| > 0 && /\"response_code\": 1/ in body)
will make sure there is a result to work with.
That said, I noticed the tracking of hashes that have previously been checked, and I'm not sure the behavior is what is expected. The script only raises notices the first time a hash is seen, and only if it is in VT at the time it is first spotted. The hash is also added before any of the other code executes, so failure anywhere else in the code will leave the hash unchecked.
from bro-scripts.
Related Issues (5)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bro-scripts.