From 40f5bb25eff83eee05a8638a392d53900d8c8d9e Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Fri, 11 Nov 2022 16:28:23 -0500
Subject: [PATCH] FIX: Avoid deprecation warning in Zeek file extraction script
 #9123

---
 salt/zeek/policy/securityonion/file-extraction/extract.zeek | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/salt/zeek/policy/securityonion/file-extraction/extract.zeek b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
index d4ba0551e..36c211938 100644
--- a/salt/zeek/policy/securityonion/file-extraction/extract.zeek
+++ b/salt/zeek/policy/securityonion/file-extraction/extract.zeek
@@ -45,7 +45,7 @@ event file_state_remove(f: fa_file)
           # Delete the file if it didn't pass our requirements check.
 
           local nuke = fmt("rm %s/%s", FileExtract::prefix, f$info$extracted);
-          when ( local nukeit = Exec::run([$cmd=nuke]) )
+          when [nuke] ( local nukeit = Exec::run([$cmd=nuke]) )
                     {
                     }
                     return;
@@ -56,7 +56,7 @@ event file_state_remove(f: fa_file)
         local dest = fmt("%scomplete/%s-%s-%s.%s", FileExtract::prefix, f$source, f$id, f$info$md5, extension);
         # Copy it to the $prefix/complete folder then delete it. I got some weird results with moving when it came to watchdog in python.
         local cmd = fmt("cp %s/%s %s && rm %s/%s", FileExtract::prefix, orig, dest, FileExtract::prefix, orig);
-      when ( local result = Exec::run([$cmd=cmd]) )
+      when [cmd] ( local result = Exec::run([$cmd=cmd]) )
                 {
                 }
       f$info$extracted = dest;