From b2bcba7967cb6b8bd328a60b6c958b18f07c30e4 Mon Sep 17 00:00:00 2001
From: Seth Grover <mero.mero.guero@gmail.com>
Date: Wed, 16 Feb 2022 23:14:17 -0700
Subject: [PATCH] fix use of uninitialized username_value and password_value
 variables

---
 scripts/main.zeek | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/main.zeek b/scripts/main.zeek
index 39ac732..6d8ad62 100644
--- a/scripts/main.zeek
+++ b/scripts/main.zeek
@@ -100,15 +100,17 @@ event http_message_done(c: connection, is_orig: bool, stat: http_message_stat)
     {
         local post_parsed = split_string(c$sp$post_data, /&/);
         local password_seen = F;
+        local username_value = "";
+        local password_value = "";
 
         for (p in post_parsed) {
             local kv = split_string1(post_parsed[p], /=/);
             if (to_upper(kv[0]) in username_fields) {
-                local username_value = kv[1];
+                username_value = kv[1];
                 c$http$post_username = username_value;
             }
             if (to_upper(kv[0]) in password_fields) {
-                local password_value = kv[1];
+                password_value = kv[1];
                 password_seen = T;
 
                 if ( log_password_plaintext )