Rearrange scripts to prevent double-loading in plugin and package space

The Zeek scripts were loaded twice after installation, once via the plugin subsystem and once via zkg also pointing at the scripts folder. Since installation puts these sets of files in two separate locations, Zeek's path-based recognition of redundant loads of a script doesn't catch, and Zeek aborts due to redundant symbols etc. This package has no script content that needs to be loaded at plugin bootstrap time, so this commit shifts the content into the existing subdirectory of the scripts folder and updates zkg accordingly.
corelight · Oct 31, 2023 · f1ea9f9 · f1ea9f9
1 parent 331a00d
commit f1ea9f9
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 8 deletions.
diff --git a/scripts/Corelight/PE_XOR/__load__.zeek b/scripts/Corelight/PE_XOR/__load__.zeek
@@ -3,4 +3,3 @@
 #
 
 @load ./main
-
diff --git a/scripts/__load__.zeek b/scripts/__load__.zeek
@@ -1,8 +1,2 @@
 # This is loaded unconditionally at Zeek startup. Include scripts here that should
 # always be loaded.
-
-@load ./init
-@load ./Corelight/PE_XOR
-
-
-
diff --git a/scripts/init.zeek b/scripts/init.zeek
diff --git a/zkg.meta b/zkg.meta
@@ -2,6 +2,6 @@
 description = A plugin to find Windows executables that have been XOR encoded.
 tags = plugin, pe, executable, malware
 plugin_dir = build
-script_dir = scripts
+script_dir = scripts/Corelight/PE_XOR
 build_command = ./configure && make
 test_command = cd tests && btest -d