Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/robin/gh-3881-spicy-ports'

Browse source 
* origin/topic/robin/gh-3881-spicy-ports:
  Spicy: Register well-known ports through an event handler.
  Revert "Remove deprecated port/ports fields for spicy analyzers"

(cherry picked from commit a2079bcda6)
This commit is contained in:
Robin Sommer 2024-08-23 08:10:02 +02:00 committed by Tim Wojtulewicz
parent 8f9c5f79c6
commit 15be682f63
15 changed files with 112 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

1
testing/btest/Baseline/core.check-unused-event-handlers/.stderr
View file

@ -22,5 +22,6 @@ warning in <params>, line 1: event handler never invoked: SupervisorControl::res
warning in <params>, line 1: event handler never invoked: SupervisorControl::status_request
warning in <params>, line 1: event handler never invoked: SupervisorControl::stop_request
warning in <params>, line 1: event handler never invoked: spicy_analyzer_for_mime_type
warning in <params>, line 1: event handler never invoked: spicy_analyzer_for_port
warning in <params>, line 1: event handler never invoked: terminate_event
warning in <params>, line 1: event handler never invoked: this_is_never_used

2
testing/btest/Baseline/spicy.port-deprecated/out.stderr
View file

@ -1,2 +0,0 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[warning] <...>/udp-test.evt:4: Remove in v7.1: Analyzer spicy::TEST is using the deprecated 'port' or 'ports' keyword to register well-known ports. Use Analyzer::register_for_ports() in the accompanying Zeek script instead.

2
testing/btest/Baseline/spicy.port-fail/output
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[error] <...>/port-fail.evt:9: port outside of valid range
[error] <...>/port-fail.evt:7: port outside of valid range
[error] error loading EVT file "<...>/port-fail.evt"

19
testing/btest/Baseline/spicy.port/output Normal file
View file

@ -0,0 +1,19 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
Analyzer::ANALYZER_SPICY_TEST, 11337/udp
Analyzer::ANALYZER_SPICY_TEST, 11338/udp
Analyzer::ANALYZER_SPICY_TEST, 11339/udp
Analyzer::ANALYZER_SPICY_TEST, 11340/udp
Analyzer::ANALYZER_SPICY_TEST, 31337/udp
Analyzer::ANALYZER_SPICY_TEST, 31338/udp
Analyzer::ANALYZER_SPICY_TEST, 31339/udp
Analyzer::ANALYZER_SPICY_TEST, 31340/udp
{
31339/udp,
31337/udp,
31338/udp,
11339/udp,
11338/udp,
11340/udp,
31340/udp,
11337/udp
}

21
testing/btest/spicy/port-deprecated.evt
View file

@ -1,21 +0,0 @@
# @TEST-REQUIRES: have-spicy
#
# @TEST-EXEC: spicyz -d -o test.hlto ./udp-test.evt 2>out.stderr
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out.stderr
#
# @TEST-DOC: Remove with v7.1: Specifying ports is deprecated.
module Test;
import zeek;
public type Message = unit {
data: bytes &eod {}
};
# @TEST-START-FILE udp-test.evt
protocol analyzer spicy::TEST over UDP:
parse with Test::Message,
port 11337/udp-11340/udp,
ports {31337/udp-31340/udp};
# @TEST-END-FILE

2
testing/btest/spicy/port-fail.evt
View file

@ -2,8 +2,6 @@
#
# @TEST-EXEC-FAIL: spicyz %INPUT -d -o x.hlto >output 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=diff-canonifier-spicy btest-diff output
#
# @TEST-DOC: Remove with v7.1
protocol analyzer spicy::SSH over TCP:
port 123456/udp;

2
testing/btest/spicy/port-range-one-port.zeek
View file

@ -5,7 +5,7 @@
# @TEST-EXEC: grep -e 'Scheduling analyzer' -e 'error during parsing' < out > out.filtered
# @TEST-EXEC: btest-diff out.filtered
# @TEST-DOC: Remove with v7.1. Expect a single 'Scheduling analyzer ...' message in the debug output and no parsing errors. There was a bug that 'port 31336/udp' would be wrongly interpreted as a 31336/udp-31337/udp port range. Regression test for #3278.
# @TEST-DOC: Expect a single 'Scheduling analyzer ...' message in the debug output and no parsing errors. There was a bug that 'port 31336/udp' would be wrongly interpreted as a 31336/udp-31337/udp port range. Regression test for #3278.
# @TEST-START-FILE udp-test.spicy
module UDPTest;

32
testing/btest/spicy/port.zeek Normal file
View file

@ -0,0 +1,32 @@
# @TEST-REQUIRES: have-spicy
#
# @TEST-EXEC: spicyz -d -o test.hlto test.spicy test.evt
# @TEST-EXEC: zeek test.hlto %INPUT >output
# @TEST-EXEC: btest-diff output
#
# @TEST-DOC: Check that we raise port events for Spicy analyzers, and that the ports get correctly registered.
event spicy_analyzer_for_port(a: Analyzer::Tag, p: port){
print a, p;
}
event zeek_done() {
print Analyzer::ports[Analyzer::ANALYZER_SPICY_TEST];
}
# @TEST-START-FILE test.spicy
module Test;
import zeek;
public type Message = unit {
data: bytes &eod {}
};
# @TEST-END-FILE
# @TEST-START-FILE test.evt
protocol analyzer spicy::Test over UDP:
parse with Test::Message,
port 11337/udp-11340/udp,
ports {31337/udp-31340/udp};
# @TEST-END-FILE