Comments (12)
local g = table(
[192.168.0.2, 22/tcp] = "ssh",
[192.168.0.3, 80/tcp] = "http"
);
turns into
{"[\"192.168.0.2\",\"22/tcp\"]":"ssh","[\"192.168.0.3\",\"80/tcp\"]":"http"}
That looks ok and is readable enough.
from zeek.
Not quite sure which piece here triggered the 3.0 tag, but I'd suggest we tackle the part on moving to_json()
into C++ bif.
from zeek.
Not quite sure which piece here triggered the 3.0 tag
Think it was mostly added in the context of looking for any "bad" bugs and this one seemed like it's a fairly broken usability issue. But I wouldn't consider it a showstopper for 3.0.
from zeek.
At a quick glance, this is basically wanting to replace the to_json
method in scripts/base/utils/json.zeek
with one in a bif that's written in C++. Is that correct?
from zeek.
@timwoj yeah, my understanding of the scope here: re-implement to_json
as BIF/C++ and also properly escape characters in strings that require it
from zeek.
A couple questions so far:
- How should a
set
be represented? They're technically a table internally, but it's really just a list of values similar to a vector. - Is it possible to call other non-C++ bif methods from inside C++ in a bif? For example, I could really use the
record_fields
method.
from zeek.
- Representing a set like a vector sounds good to me
- Yes, you can call them, though it's not pretty: look at
build/src/bro.bif.func_h
to see howrecord_fields
ends up looking at the C++ level. In this specific case it might be easier to just replicate the code or factor it out into a separate C++ function.
from zeek.
How should a table be represented when the key isn't an elementary type? Right now it looks like json.zeek
just converts the key object into json and uses a string of that as the key for the table entry, but that seems ugly at best.
EDIT: This question actually applies to any non-string type. For example right now a table like this:
local e: table[count] of count = {
[1] = 5,
[2] = 6
};
I have outputting as {"1":5,"2":6}
. JSON keys must always be strings, so there has to be a conversion there somewhere.
from zeek.
For atomic keys, that sounds right: just convert to string. For composite keys, not sure ... converting them to string isn't great, but I don't see much better either; other than just declining to work on such tables.
from zeek.
For either an atomic key or a composite key, a Zeek table
can be defined as a JSON object
whose keys are a JSON string
containing the content of any arbitrary Zeek value after its conversion to a JSON value
. Doesn't seem that "ugly" to me -- it's recursively consistent (plus can't think of another way to do it).
Not sure if there's other gotchas, but inner JSON string
values within the key at least need to escape their use of double-quote characters.
from zeek.
Is there a reason why the field replacement doesn't get passed down to further calls of to_json
in the existing code?
# replace the escape pattern in the field.
if( field_escape_pattern in field )
field = cat(sub(field, field_escape_pattern, ""));
It only uses the user-provided pattern on the first call, and then uses the default of /^_
for any subsequent calls.
from zeek.
Fixed in 1f329ad
from zeek.
Related Issues (20)
- Zeek source code build. HOT 1
- When a TCP connection is established and the server retransmits a SYN-ACK (with a different TCP sequence number), it results in a significant discrepancy between the conn's resp_bytes statistics and the actual data received HOT 2
- Redefining lambda leads to segfault
- Segfault 6.0.1 - Failed to find variable named: packet_filter_default HOT 4
- Registering Spicy analyzer with ports in EVT not equivalent to using Zeek `Analyzer::register_for_ports` HOT 1
- OSS-Fuzz 61037: zeek-http-fuzzer: Timeout in zeek-http-fuzzer HOT 1
- Unintuitive `get_current_packet*()` behavior HOT 1
- logging: WRITER_NONE using more (system) CPU time than WRITER_ASCII
- Broker-backed tables don't support deletion for complex index types.
- GRE-over-UDP support HOT 2
- Unknown type: uint8_t HOT 2
- Consider adding convenience workaround so sanitizer builds of Zeek can be run on macOS HOT 3
- Save live traffic to pcap files HOT 2
- Allow creating an analyzer which can consume both TCP and UDP traffic
- Stable Files::Info$analyzers order even when analyzers are added HOT 1
- Generated code for exporting Spicy types with many deps extremely slow HOT 2
- GRE-over-UDP tunnel connection association
- ssh kex algorithm list needs update
- `spicyz -v` output is empty
- Path issue in `spicy-build`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from zeek.