Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 07:38:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixed most of the tests after the script reorganization.

Browse source
This commit is contained in:
Seth Hall 2011-07-12 14:12:25 -04:00
parent 492d93cd8d
commit 0332a06012
48 changed files with 151 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

60
doc/scripts/DocSourcesList.cmake
View file

@ -19,28 +19,31 @@ rest_target(${CMAKE_BINARY_DIR}/src strings.bif.bro)
rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro) rest_target(${CMAKE_BINARY_DIR}/src types.bif.bro)
rest_target(${psd} bro.init) rest_target(${psd} bro.init)
rest_target(${psd} functions.bro)
rest_target(${psd} site.bro) rest_target(${psd} site.bro)
rest_target(${psd} detectors/http-MHR.bro) rest_target(${psd} frameworks/cluster/base/main.bro)
rest_target(${psd} frameworks/cluster/base/node/manager.bro)
rest_target(${psd} frameworks/cluster/base/node/proxy.bro)
rest_target(${psd} frameworks/cluster/base/node/worker.bro)
rest_target(${psd} frameworks/cluster/base/setup-connections.bro)
rest_target(${psd} frameworks/communication/base.bro) rest_target(${psd} frameworks/communication/base/main.bro)
rest_target(${psd} frameworks/communication/listen-clear.bro) rest_target(${psd} frameworks/communication/listen-clear.bro)
rest_target(${psd} frameworks/communication/listen-ssl.bro) rest_target(${psd} frameworks/communication/listen-ssl.bro)
rest_target(${psd} frameworks/dpd/base.bro) rest_target(${psd} frameworks/dpd/base/main.bro)
rest_target(${psd} frameworks/dpd/packet-segment-logging.bro) rest_target(${psd} frameworks/dpd/packet-segment-logging.bro)
rest_target(${psd} frameworks/dpd/detect-protocols.bro)
rest_target(${psd} frameworks/intel/base.bro) rest_target(${psd} frameworks/intel/base.bro)
rest_target(${psd} frameworks/logging/base.bro) rest_target(${psd} frameworks/logging/base.bro)
rest_target(${psd} frameworks/logging/plugins/ascii.bro) rest_target(${psd} frameworks/logging/plugins/ascii.bro)
rest_target(${psd} frameworks/metrics/base.bro) rest_target(${psd} frameworks/metrics/base/main.bro)
rest_target(${psd} frameworks/metrics/conn-example.bro) rest_target(${psd} frameworks/metrics/conn-example.bro)
rest_target(${psd} frameworks/metrics/http-example.bro) rest_target(${psd} frameworks/metrics/http-example.bro)
rest_target(${psd} frameworks/notice/action-filters.bro)
rest_target(${psd} frameworks/notice/base.bro) rest_target(${psd} frameworks/notice/base.bro)
rest_target(${psd} frameworks/notice/weird.bro) rest_target(${psd} frameworks/notice/weird.bro)
@ -49,23 +52,25 @@ rest_target(${psd} frameworks/packet-filter/netstats.bro)
rest_target(${psd} frameworks/signatures/base.bro) rest_target(${psd} frameworks/signatures/base.bro)
rest_target(${psd} frameworks/software/base.bro) rest_target(${psd} frameworks/software/base/main.bro)
rest_target(${psd} frameworks/software/vulnerable.bro) rest_target(${psd} frameworks/software/vulnerable.bro)
rest_target(${psd} integration/barnyard2/base.bro) rest_target(${psd} integration/barnyard2/base.bro)
rest_target(${psd} integration/barnyard2/event.bro) rest_target(${psd} integration/barnyard2/event.bro)
rest_target(${psd} integration/barnyard2/types.bro) rest_target(${psd} integration/barnyard2/types.bro)
rest_target(${psd} protocols/conn/base.bro) rest_target(${psd} misc/loaded-scripts.bro)
rest_target(${psd} protocols/conn/contents.bro)
rest_target(${psd} protocols/conn/inactivity.bro)
rest_target(${psd} protocols/conn/known-hosts.bro)
rest_target(${psd} protocols/conn/known-services.bro)
rest_target(${psd} protocols/conn/base/main.bro)
rest_target(${psd} protocols/conn/base/contents.bro)
rest_target(${psd} protocols/conn/base/inactivity.bro)
rest_target(${psd} protocols/conn/base/known-hosts.bro)
rest_target(${psd} protocols/conn/base/known-services.bro)
rest_target(${psd} protocols/dns/base/main.bro)
rest_target(${psd} protocols/dns/base/consts.bro)
rest_target(${psd} protocols/dns/base/detect.bro)
rest_target(${psd} protocols/dns/auth-addl.bro) rest_target(${psd} protocols/dns/auth-addl.bro)
rest_target(${psd} protocols/dns/base.bro)
rest_target(${psd} protocols/dns/consts.bro)
rest_target(${psd} protocols/dns/detect.bro)
rest_target(${psd} protocols/ftp/base.bro) rest_target(${psd} protocols/ftp/base.bro)
rest_target(${psd} protocols/ftp/detect.bro) rest_target(${psd} protocols/ftp/detect.bro)
@ -73,16 +78,17 @@ rest_target(${psd} protocols/ftp/file-extract.bro)
rest_target(${psd} protocols/ftp/software.bro) rest_target(${psd} protocols/ftp/software.bro)
rest_target(${psd} protocols/ftp/utils-commands.bro) rest_target(${psd} protocols/ftp/utils-commands.bro)
rest_target(${psd} protocols/http/base.bro) rest_target(${psd} protocols/http/base/main.bro)
rest_target(${psd} protocols/http/detect-intel.bro) rest_target(${psd} protocols/http/base/detect-intel.bro)
rest_target(${psd} protocols/http/detect-sqli.bro) rest_target(${psd} protocols/http/base/detect-sqli.bro)
rest_target(${psd} protocols/http/detect-webapps.bro) rest_target(${psd} protocols/http/base/file-extract.bro)
rest_target(${psd} protocols/http/file-extract.bro) rest_target(${psd} protocols/http/base/file-hash.bro)
rest_target(${psd} protocols/http/file-hash.bro) rest_target(${psd} protocols/http/base/file-ident.bro)
rest_target(${psd} protocols/http/file-ident.bro) rest_target(${psd} protocols/http/base/software.bro)
rest_target(${psd} protocols/http/base/utils.bro)
rest_target(${psd} protocols/http/headers.bro) rest_target(${psd} protocols/http/headers.bro)
rest_target(${psd} protocols/http/software.bro) rest_target(${psd} protocols/http/detect-webapps.bro)
rest_target(${psd} protocols/http/utils.bro)
rest_target(${psd} protocols/http/var-extraction-cookies.bro) rest_target(${psd} protocols/http/var-extraction-cookies.bro)
rest_target(${psd} protocols/http/var-extraction-uri.bro) rest_target(${psd} protocols/http/var-extraction-uri.bro)
@ -96,9 +102,9 @@ rest_target(${psd} protocols/mime/file-ident.bro)
rest_target(${psd} protocols/rpc/base.bro) rest_target(${psd} protocols/rpc/base.bro)
rest_target(${psd} protocols/smtp/base.bro) rest_target(${psd} protocols/smtp/base/main.bro)
rest_target(${psd} protocols/smtp/detect.bro) rest_target(${psd} protocols/smtp/base/detect.bro)
rest_target(${psd} protocols/smtp/software.bro) rest_target(${psd} protocols/smtp/base/software.bro)
rest_target(${psd} protocols/ssh/base.bro) rest_target(${psd} protocols/ssh/base.bro)
rest_target(${psd} protocols/ssh/software.bro) rest_target(${psd} protocols/ssh/software.bro)

2
doc/scripts/example.bro
View file

@ -42,7 +42,7 @@
# is taken as the summary text for a given identifier. # is taken as the summary text for a given identifier.
# @load directives are self-documenting # @load directives are self-documenting
@load notice @load frameworks/notice
# "module" statements are self-documenting # "module" statements are self-documenting
module Example; module Example;

2
policy/all.bro
View file

@ -20,4 +20,4 @@
@load tuning/defaults @load tuning/defaults
@load support/loaded-scripts @load misc/loaded-scripts

5
policy/frameworks/cluster/base/__load__.bro
View file

@ -1,7 +1,8 @@
@load frameworks/cluster/base/main
@if ( Cluster::node != "" ) @if ( Cluster::node != "" )
# Load the core cluster support.
@load frameworks/cluster/base/main
# Only load the communication framework if it really looks like someone is # Only load the communication framework if it really looks like someone is
# trying to start up a cluster node. # trying to start up a cluster node.
@load frameworks/communication @load frameworks/communication

6
policy/frameworks/cluster/base/main.bro
View file

@ -59,6 +59,12 @@ export {
const node = getenv("CLUSTER_NODE") &redef; const node = getenv("CLUSTER_NODE") &redef;
} }
# Give the node being started up it's peer name.
redef peer_description = Cluster::node;
## Set the port that this node is supposed to listen on.
redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p;
event bro_init() event bro_init()
{ {
if ( node != "" && node !in nodes ) if ( node != "" && node !in nodes )

11
policy/frameworks/cluster/base/node/manager.bro
View file

@ -9,29 +9,18 @@
##! This is where the cluster manager sets it's specific settings for other ##! This is where the cluster manager sets it's specific settings for other
##! frameworks and in the core. ##! frameworks and in the core.
## Set the port that the manager is supposed to listen on.
redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p;
## Turn off remote logging since this is the manager and should only log here. ## Turn off remote logging since this is the manager and should only log here.
redef Log::enable_remote_logging = F; redef Log::enable_remote_logging = F;
## Make the logging framework's default log rotation 1 hour.
redef Log::default_rotation_interval = 1hr;
## Use the cluster's archive logging script. ## Use the cluster's archive logging script.
redef Log::default_rotation_postprocessor = "archive-log"; redef Log::default_rotation_postprocessor = "archive-log";
## The cluster manager does not capture packets. ## The cluster manager does not capture packets.
redef interfaces = ""; redef interfaces = "";
## Set the name for the manager.
redef peer_description = Cluster::node;
## We're processing essentially *only* remote events. ## We're processing essentially *only* remote events.
redef max_remote_events_processed = 10000; redef max_remote_events_processed = 10000;
module Cluster;
# Reraise remote notices locally. # Reraise remote notices locally.
event Notice::notice(n: Notice::Info) event Notice::notice(n: Notice::Info)
{ {

9
policy/frameworks/cluster/base/node/proxy.bro
View file

@ -1,7 +1,4 @@
## Communication port setup.
redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p;
## No packet capture on proxy. ## No packet capture on proxy.
redef interfaces = ""; redef interfaces = "";
@ -15,12 +12,6 @@ redef Log::enable_local_logging = F;
## Make sure that remote logging is enabled. ## Make sure that remote logging is enabled.
redef Log::enable_remote_logging = T; redef Log::enable_remote_logging = T;
## Make the logging framework's default log rotation 1 hour.
redef Log::default_rotation_interval = 1hr;
## Use the cluster's delete-log script. ## Use the cluster's delete-log script.
redef Log::default_rotation_postprocessor = "delete-log"; redef Log::default_rotation_postprocessor = "delete-log";
## Set our name.
redef peer_description = Cluster::node;

11
policy/frameworks/cluster/base/node/worker.bro
View file

@ -1,22 +1,13 @@
## Set the port that this worker is supposed to listen on.
redef Communication::listen_port_clear = Cluster::nodes[Cluster::node]$p;
## Don't do any local logging. ## Don't do any local logging.
redef Log::enable_local_logging = T; redef Log::enable_local_logging = F;
## Make sure that remote logging is enabled. ## Make sure that remote logging is enabled.
redef Log::enable_remote_logging = T; redef Log::enable_remote_logging = T;
## Make the logging framework's default log rotation 1 hour.
redef Log::default_rotation_interval = 1hr;
## Use the cluster's delete-log script. ## Use the cluster's delete-log script.
redef Log::default_rotation_postprocessor = "delete-log"; redef Log::default_rotation_postprocessor = "delete-log";
## Give the worker a name.
redef peer_description = Cluster::node;
## Record all packets into trace file. ## Record all packets into trace file.
# TODO: should we really be setting this to T? # TODO: should we really be setting this to T?
redef record_all_packets = T; redef record_all_packets = T;

0
policy/support/loaded-scripts.bro → policy/misc/loaded-scripts.bro
View file

1
policy/misc/remote/__load__.bro Normal file
View file

@ -0,0 +1 @@
@load frameworks/communication/events

0
policy/support/remote/analysis-groups.bro → policy/misc/remote/analysis-groups.bro
View file

0
policy/support/remote/config.bro → policy/misc/remote/config.bro
View file

0
policy/support/remote/events.bro → policy/misc/remote/events.bro
View file

9
policy/protocols/http/__load__.bro
View file

@ -1,11 +1,4 @@
##! This script is the wrapper script for HTTP analysis. ##! This script is the wrapper script for HTTP analysis.
##! :Author: Seth Hall <seth@icir.org> - Inspired by the work of many others. ##! :Author: Seth Hall <seth@icir.org> - Inspired by the work of many others.
@load protocols/http/base/main @load protocols/http/base
#@load protocols/http/detect-MHR
#@load protocols/http/headers
# Disabling web app detection for now. It's too intense and will probably
# be moved out of the core http protocol support later.
#@load http/detect-webapps

4
policy/protocols/http/base/detect-intel.bro
View file

@ -1,7 +1,7 @@
##! Intelligence based HTTP detections. ##! Intelligence based HTTP detections.
@load intel @load frameworks/intel
@load http/utils @load protocols/http/base/utils
module HTTP; module HTTP;

3
policy/protocols/http/base/detect-sqli.bro
View file

@ -1,7 +1,6 @@
##! SQL injection detection in HTTP. ##! SQL injection detection in HTTP.
@load http/base @load frameworks/metrics
@load metrics
module HTTP; module HTTP;

2
policy/protocols/http/base/file-extract.bro
View file

@ -1,7 +1,7 @@
##! Extracts the items from HTTP traffic, one per file. At this time only ##! Extracts the items from HTTP traffic, one per file. At this time only
##! the message body from the server can be extracted with this script. ##! the message body from the server can be extracted with this script.
@load http/file-ident @load protocols/http
@load utils/files @load utils/files
module HTTP; module HTTP;

3
policy/protocols/http/base/file-hash.bro
View file

@ -1,7 +1,6 @@
##! Calculate hashes for HTTP body transfers. ##! Calculate hashes for HTTP body transfers.
@load http/file-ident @load protocols/http
@load notice
module HTTP; module HTTP;

9
policy/protocols/http/base/file-ident.bro
View file

@ -1,13 +1,12 @@
##! This script is involved in the identification of file types in HTTP ##! This script is involved in the identification of file types in HTTP
##! response bodies. ##! response bodies.
@load http/base @load protocols/http
@load http/utils
@load notice @load frameworks/notice
@load signatures @load frameworks/signatures
redef signature_files += "protocols/http/file-ident.sig"; redef signature_files += "protocols/http/base/file-ident.sig";
# Ignore the signatures used to match files # Ignore the signatures used to match files
redef Signatures::ignored_ids += /^matchfile-/; redef Signatures::ignored_ids += /^matchfile-/;

4
policy/protocols/http/base/software.bro
View file

@ -1,7 +1,7 @@
##! Software identification and extraction for HTTP traffic. ##! Software identification and extraction for HTTP traffic.
@load http/base @load protocols/http
@load software @load frameworks/software
module HTTP; module HTTP;

2
policy/protocols/http/base/utils.bro
View file

@ -1,7 +1,5 @@
##! Utilities specific for HTTP processing. ##! Utilities specific for HTTP processing.
@load http/base
module HTTP; module HTTP;
export { export {

1
policy/support/remote/__load__.bro
View file

@ -1 +0,0 @@
@load support/remote/events

24
testing/btest/Baseline/core.load-pkg/loaded_scripts.log Normal file
View file

@ -0,0 +1,24 @@
# depth name
0 /Users/seth/bro.git9/policy/bro.init
1 /Users/seth/bro.git9/build/src/const.bif.bro
1 /Users/seth/bro.git9/build/src/types.bif.bro
1 /Users/seth/bro.git9/build/src/strings.bif.bro
1 /Users/seth/bro.git9/build/src/bro.bif.bro
1 /Users/seth/bro.git9/build/src/reporter.bif.bro
1 /Users/seth/bro.git9/build/src/event.bif.bro
1 /Users/seth/bro.git9/policy/site.bro
2 /Users/seth/bro.git9/policy/utils/pattern.bro
1 /Users/seth/bro.git9/policy/frameworks/logging/__load__.bro
2 /Users/seth/bro.git9/policy/frameworks/logging/base.bro
3 /Users/seth/bro.git9/build/src/logging.bif.bro
2 /Users/seth/bro.git9/policy/frameworks/logging/plugins/ascii.bro
1 /Users/seth/bro.git9/policy/frameworks/packet-filter/__load__.bro
2 /Users/seth/bro.git9/policy/frameworks/packet-filter/base.bro
3 /Users/seth/bro.git9/policy/frameworks/notice/__load__.bro
4 /Users/seth/bro.git9/policy/frameworks/notice/base.bro
4 /Users/seth/bro.git9/policy/frameworks/notice/weird.bro
5 /Users/seth/bro.git9/policy/utils/conn_ids.bro
2 /Users/seth/bro.git9/policy/frameworks/packet-filter/netstats.bro
0 /Users/seth/bro.git9/policy/misc/loaded-scripts.bro
0 ./foo/__load__.bro
1 ./foo/test.bro

24
testing/btest/Baseline/core.load-unload/loaded_scripts.log Normal file
View file

@ -0,0 +1,24 @@
# depth name
0 /Users/seth/bro.git9/policy/bro.init
1 /Users/seth/bro.git9/build/src/const.bif.bro
1 /Users/seth/bro.git9/build/src/types.bif.bro
1 /Users/seth/bro.git9/build/src/strings.bif.bro
1 /Users/seth/bro.git9/build/src/bro.bif.bro
1 /Users/seth/bro.git9/build/src/reporter.bif.bro
1 /Users/seth/bro.git9/build/src/event.bif.bro
1 /Users/seth/bro.git9/policy/site.bro
2 /Users/seth/bro.git9/policy/utils/pattern.bro
1 /Users/seth/bro.git9/policy/frameworks/logging/__load__.bro
2 /Users/seth/bro.git9/policy/frameworks/logging/base.bro
3 /Users/seth/bro.git9/build/src/logging.bif.bro
2 /Users/seth/bro.git9/policy/frameworks/logging/plugins/ascii.bro
1 /Users/seth/bro.git9/policy/frameworks/packet-filter/__load__.bro
2 /Users/seth/bro.git9/policy/frameworks/packet-filter/base.bro
3 /Users/seth/bro.git9/policy/frameworks/notice/__load__.bro
4 /Users/seth/bro.git9/policy/frameworks/notice/base.bro
4 /Users/seth/bro.git9/policy/frameworks/notice/weird.bro
5 /Users/seth/bro.git9/policy/utils/conn_ids.bro
2 /Users/seth/bro.git9/policy/frameworks/packet-filter/netstats.bro
0 /Users/seth/bro.git9/testing/btest/.tmp/core.load-unload/load-unload.bro
1 ./dontloadmebro.bro
0 /Users/seth/bro.git9/policy/misc/loaded-scripts.bro

8
testing/btest/core/conn-uid.bro
View file

@ -1,23 +1,23 @@
# #
# In "normal" test mode, connection uids should be determistic. # In "normal" test mode, connection uids should be determistic.
# #
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn >output # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn >output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output
# #
# Without a seed, they should differ each time: # Without a seed, they should differ each time:
# #
# @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT conn >output2 # @TEST-EXEC: unset BRO_SEED_FILE && bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn >output2
# @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts # @TEST-EXEC: cat output output2 | sort | uniq -c | wc -l | sed 's/ //g' >counts
# @TEST-EXEC: btest-diff counts # @TEST-EXEC: btest-diff counts
# #
# Make sure it works without the connection compressor as well. # Make sure it works without the connection compressor as well.
# #
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn use_connection_compressor=F >output.cc # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn use_connection_compressor=F >output.cc
# @TEST-EXEC: btest-diff output.cc # @TEST-EXEC: btest-diff output.cc
# #
# Make sure it works with the full connection compressor as well. # Make sure it works with the full connection compressor as well.
# #
# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT conn cc_handle_only_syns=F >output.cc2 # @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT protocols/conn cc_handle_only_syns=F >output.cc2
# @TEST-EXEC: btest-diff output.cc2 # @TEST-EXEC: btest-diff output.cc2

10
testing/btest/core/load-normalization.bro
View file

@ -3,11 +3,11 @@
# @TEST-EXEC: mkdir -p foo/bar # @TEST-EXEC: mkdir -p foo/bar
# @TEST-EXEC: echo "@load bar/test" >loader.bro # @TEST-EXEC: echo "@load bar/test" >loader.bro
# @TEST-EXEC: cp %INPUT foo/bar/test.bro # @TEST-EXEC: cp %INPUT foo/bar/test.bro
# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader bar/test
# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader bar/test.bro
# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader foo/bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader foo/bar/test
# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader foo/bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader foo/bar/test.bro
# @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -l loader `pwd`/foo/bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro misc/loaded-scripts loader `pwd`/foo/bar/test.bro
type Test: enum { type Test: enum {
TEST, TEST,

3
testing/btest/core/load-pkg.bro
View file

@ -1,7 +1,8 @@
# @TEST-EXEC: mkdir foo # @TEST-EXEC: mkdir foo
# @TEST-EXEC: echo "@load foo/test.bro" >foo/__load__.bro # @TEST-EXEC: echo "@load foo/test.bro" >foo/__load__.bro
# @TEST-EXEC: cp %INPUT foo/test.bro # @TEST-EXEC: cp %INPUT foo/test.bro
# @TEST-EXEC: bro -l foo >output # @TEST-EXEC: bro misc/loaded-scripts foo >output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output
# @TEST-EXEC: btest-diff loaded_scripts.log
print "Foo loaded"; print "Foo loaded";

3
testing/btest/core/load-unload.bro
View file

@ -1,7 +1,8 @@
# This tests the @unload directive # This tests the @unload directive
# #
# @TEST-EXEC: echo 'print "oops12345";' >dontloadmebro.bro # @TEST-EXEC: echo 'print "oops12345";' >dontloadmebro.bro
# @TEST-EXEC: bro -l %INPUT dontloadmebro >output # @TEST-EXEC: bro %INPUT misc/loaded-scripts dontloadmebro > output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output
# @TEST-EXEC: btest-diff loaded_scripts.log
@unload dontloadmebro @unload dontloadmebro

4
testing/btest/core/print-bpf-filters-ipv4.bro
View file

@ -2,11 +2,11 @@
# #
# @TEST-EXEC: bro -e '' >output # @TEST-EXEC: bro -e '' >output
# @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro PacketFilter::all_packets=F ssh >>output # @TEST-EXEC: bro PacketFilter::all_packets=F protocols/ssh >>output
# @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro -f "port 42" -e '' >>output # @TEST-EXEC: bro -f "port 42" -e '' >>output
# @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace conn >>output # @TEST-EXEC: bro -C -f "port 56730" -r $TRACES/mixed-vlan-mpls.trace protocols/conn >>output
# @TEST-EXEC: cat packet_filter.log >>output # @TEST-EXEC: cat packet_filter.log >>output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: btest-diff output
# @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff conn.log

2
testing/btest/core/vlan-mpls.bro
View file

@ -1,2 +1,2 @@
# @TEST-EXEC: bro -C -r $TRACES/mixed-vlan-mpls.trace conn # @TEST-EXEC: bro -C -r $TRACES/mixed-vlan-mpls.trace protocols/conn
# @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff conn.log

8
testing/btest/istate/events-ssl.bro
View file

@ -16,8 +16,8 @@
@TEST-START-FILE sender.bro @TEST-START-FILE sender.bro
@load http/base @load protocols/http
@load communication/listen-ssl @load frameworks/communication/listen-ssl
event bro_init() event bro_init()
{ {
@ -41,8 +41,8 @@ redef ssl_passphrase = "my-password";
@TEST-START-FILE receiver.bro @TEST-START-FILE receiver.bro
@load http/base @load protocols/http
@load communication @load frameworks/communication
event bro_init() event bro_init()
{ {

12
testing/btest/istate/events.bro
View file

@ -7,8 +7,8 @@
# @TEST-EXEC: btest-diff receiver/http.log # @TEST-EXEC: btest-diff receiver/http.log
# @TEST-EXEC: cmp sender/http.log receiver/http.log # @TEST-EXEC: cmp sender/http.log receiver/http.log
# #
# @TEST-EXEC: bro -x sender/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log # @TEST-EXEC: bro -x sender/events.bst protocols/http | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.snd.log
# @TEST-EXEC: bro -x receiver/events.bst http/base | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log # @TEST-EXEC: bro -x receiver/events.bst protocols/http | sed 's/^Event \[[-0-9.]*\] //g' | grep '^http_' | grep -v http_stats | sed 's/(.*$//g' >events.rec.log
# @TEST-EXEC: cmp events.rec.log events.snd.log # @TEST-EXEC: cmp events.rec.log events.snd.log
# #
# We don't compare the transmitted event paramerters anymore. With the dynamic # We don't compare the transmitted event paramerters anymore. With the dynamic
@ -16,8 +16,8 @@
@TEST-START-FILE sender.bro @TEST-START-FILE sender.bro
@load http/base @load protocols/http
@load communication/listen-clear @load frameworks/communication/listen-clear
event bro_init() event bro_init()
{ {
@ -37,8 +37,8 @@ redef tcp_close_delay = 0secs;
@TEST-START-FILE receiver.bro @TEST-START-FILE receiver.bro
@load http/base @load protocols/http
@load communication @load frameworks/communication
event bro_init() event bro_init()
{ {

4
testing/btest/istate/sync.bro
View file

@ -133,7 +133,7 @@ function modify()
foo2 = 1234567; foo2 = 1234567;
} }
@load communication/listen-clear @load frameworks/communication/listen-clear
event remote_connection_handshake_done(p: event_peer) event remote_connection_handshake_done(p: event_peer)
{ {
@ -151,7 +151,7 @@ redef Communication::nodes += {
@TEST-START-FILE receiver.bro @TEST-START-FILE receiver.bro
@load communication @load frameworks/communication
event bro_init() event bro_init()
{ {

2
testing/btest/policy/frameworks/intel/insert-and-matcher.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro %INPUT >out # @TEST-EXEC: bro %INPUT >out
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
@load intel @load frameworks/intel
event bro_init() event bro_init()
{ {

2
testing/btest/policy/frameworks/logging/adapt-filter.bro
View file

@ -5,8 +5,6 @@
module SSH; module SSH;
@load logging
export { export {
# Create a new ID for our log stream # Create a new ID for our log stream
redef enum Log::ID += { SSH }; redef enum Log::ID += { SSH };

2
testing/btest/policy/frameworks/logging/ascii-empty.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro %INPUT # @TEST-EXEC: bro %INPUT
# @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh.log
@load logging/plugins/ascii @load frameworks/logging/plugins/ascii
redef LogAscii::output_to_stdout = F; redef LogAscii::output_to_stdout = F;
redef LogAscii::separator = "|"; redef LogAscii::separator = "|";

2
testing/btest/policy/frameworks/logging/ascii-options.bro
View file

@ -2,7 +2,7 @@
# @TEST-EXEC: bro %INPUT # @TEST-EXEC: bro %INPUT
# @TEST-EXEC: btest-diff ssh.log # @TEST-EXEC: btest-diff ssh.log
@load logging/plugins/ascii @load frameworks/logging/plugins/ascii
redef LogAscii::output_to_stdout = F; redef LogAscii::output_to_stdout = F;
redef LogAscii::separator = "|"; redef LogAscii::separator = "|";

2
testing/btest/policy/frameworks/logging/events.bro
View file

@ -4,8 +4,6 @@
module SSH; module SSH;
@load logging
export { export {
# Create a new ID for our log stream # Create a new ID for our log stream
redef enum Log::ID += { SSH }; redef enum Log::ID += { SSH };

2
testing/btest/policy/frameworks/logging/path-func.bro
View file

@ -5,8 +5,6 @@
module SSH; module SSH;
@load logging
export { export {
# Create a new ID for our log stream # Create a new ID for our log stream
redef enum Log::ID += { SSH }; redef enum Log::ID += { SSH };

2
testing/btest/policy/frameworks/logging/pred.bro
View file

@ -5,8 +5,6 @@
module SSH; module SSH;
@load logging
export { export {
# Create a new ID for our log stream # Create a new ID for our log stream
redef enum Log::ID += { SSH }; redef enum Log::ID += { SSH };

4
testing/btest/policy/frameworks/logging/remote-types.bro
View file

@ -51,7 +51,7 @@ event bro_init()
module SSH; module SSH;
@load communication/listen-clear @load frameworks/communication/listen-clear
event remote_connection_handshake_done(p: event_peer) event remote_connection_handshake_done(p: event_peer)
{ {
@ -84,7 +84,7 @@ event remote_connection_handshake_done(p: event_peer)
##### #####
@load communication @load frameworks/communication
redef Communication::nodes += { redef Communication::nodes += {
["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T] ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T]

4
testing/btest/policy/frameworks/logging/remote.bro
View file

@ -40,7 +40,7 @@ event bro_init()
module SSH; module SSH;
@load communication/listen-clear @load frameworks/communication/listen-clear
function fail(rec: Log): bool function fail(rec: Log): bool
{ {
@ -68,7 +68,7 @@ event remote_connection_handshake_done(p: event_peer)
##### #####
@load communication @load frameworks/communication
redef Communication::nodes += { redef Communication::nodes += {
["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T] ["foo"] = [$host = 127.0.0.1, $connect=T, $request_logs=T]

2
testing/btest/policy/misc/testing-coverage.bro
View file

@ -2,5 +2,5 @@
# scripts loaded there actually exist. # scripts loaded there actually exist.
@TEST-EXEC: ( cd $DIST/policy && find . -name '*.bro' ) | sort >"all scripts found" @TEST-EXEC: ( cd $DIST/policy && find . -name '*.bro' ) | sort >"all scripts found"
@TEST-EXEC: cat $DIST/policy/test-all.bro | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all.bro @TEST-EXEC: cat $DIST/policy/test-all.bro | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all.bro
@TEST-EXEC: diff -u "all scripts found" test-all.bro 1>&2 @TEST-EXEC: diff -u "all scripts found" test-all.bro 1>&2

3
testing/btest/policy/protocols/conn/known-hosts.bro
View file

@ -15,7 +15,6 @@
# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT KnownHosts::asset_tracking=NO_HOSTS # @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT KnownHosts::asset_tracking=NO_HOSTS
# @TEST-EXEC: test '!' -e known_hosts.log # @TEST-EXEC: test '!' -e known_hosts.log
@load conn/known-hosts @load protocols/conn
@load site
redef Site::local_nets += {141.142.0.0/16}; redef Site::local_nets += {141.142.0.0/16};

9
testing/btest/policy/protocols/conn/known-services.bro
View file

@ -15,10 +15,9 @@
# @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT KnownServices::asset_tracking=NO_HOSTS # @TEST-EXEC: bro -r $TRACES/var-services-std-ports.trace %INPUT KnownServices::asset_tracking=NO_HOSTS
# @TEST-EXEC: test '!' -e known_services.log # @TEST-EXEC: test '!' -e known_services.log
@load conn/known-services @load protocols/conn
@load http @load protocols/http
@load ssh @load protocols/ssh
@load ftp @load protocols/ftp
@load site
redef Site::local_nets += {172.16.238.0/24}; redef Site::local_nets += {172.16.238.0/24};

4
testing/btest/policy/protocols/dns/event-priority.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: bro -r $TRACES/dns-session.trace %INPUT # @TEST-EXEC: bro -r $TRACES/dns-session.trace %INPUT
# @TEST-EXEC: btest-diff dns.log # @TEST-EXEC: btest-diff dns.log
@load dns @load protocols/dns
@load dns/auth-addl @load protocols/dns/auth-addl

2
testing/btest/policy/protocols/http/http-header-crlf.bro
View file

@ -5,5 +5,5 @@
# @TEST-EXEC: bro -r $TRACES/http-byteranges.trace %INPUT # @TEST-EXEC: bro -r $TRACES/http-byteranges.trace %INPUT
# @TEST-EXEC: grep -q http_no_crlf_in_header_list weird.log && exit 1 || exit 0 # @TEST-EXEC: grep -q http_no_crlf_in_header_list weird.log && exit 1 || exit 0
@load http @load protocols/http

2
testing/btest/policy/protocols/http/http-pipelining-and-md5.bro
View file

@ -1,6 +1,6 @@
# @TEST-EXEC: bro -r $TRACES/http-pipelined-requests.trace %INPUT > output # @TEST-EXEC: bro -r $TRACES/http-pipelined-requests.trace %INPUT > output
# @TEST-EXEC: btest-diff http.log # @TEST-EXEC: btest-diff http.log
@load http @load protocols/http
redef HTTP::generate_md5 += /image\/png/; redef HTTP::generate_md5 += /image\/png/;