Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Add unit tests for new SMB2 event -- smb2_file_sattr.

Browse source
This commit is contained in:
Devin Trejo 2018-04-04 16:55:10 -04:00
parent 868cb5838d
commit 17202e9df4
2 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
testing/btest/Baseline/scripts.base.protocols.smb.smb2/.stdout
View file

@ -5,6 +5,7 @@ smb2_create_response 10.0.0.11 -> 10.0.0.12:445 [file_id=[persistent=73, volatil
smb2_create_request 10.0.0.11 -> 10.0.0.12:445 [filename=<share_root>, disposition=2, create_options=2097185]
smb2_create_request 10.0.0.11 -> 10.0.0.12:445 [filename=WP_SMBPlugin.pdf, disposition=2, create_options=68]
smb2_create_response 10.0.0.11 -> 10.0.0.12:445 [file_id=[persistent=77, volatile=18446744069414584329], size=0, times=[modified=1323202695.427036, accessed=1323202695.427036, created=1323202695.427036, changed=1323202695.427036], attrs=[read_only=F, hidden=F, system=F, directory=F, archive=T, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F], create_action=2]
smb2_file_sattr 10.0.0.11 -> 10.0.0.12:445 [persistent=77, volatile=18446744069414584329] MACTimes:[modified=1319047808.3125, accessed=-1.164447e+10, created=-1.164447e+10, changed=-1.164447e+10] FileAttrs:[read_only=F, hidden=F, system=F, directory=F, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F]
smb2_create_request 10.0.0.11 -> 10.0.0.12:445 [filename=<share_root>, disposition=1, create_options=32]
smb2_create_response 10.0.0.11 -> 10.0.0.12:445 [file_id=[persistent=81, volatile=18446744069414584333], size=8192, times=[modified=1323202695.427036, accessed=1323202695.427036, created=1322343963.945297, changed=1323202695.427036], attrs=[read_only=F, hidden=F, system=F, directory=T, archive=F, normal=F, temporary=F, sparse_file=F, reparse_point=F, compressed=F, offline=F, not_content_indexed=F, encrypted=F, integrity_stream=F, no_scrub_data=F], create_action=1]
smb2_create_request 10.0.0.11 -> 10.0.0.12:445 [filename=<share_root>, disposition=1, create_options=32]

6
testing/btest/scripts/base/protocols/smb/smb2.test
View file

@ -19,3 +19,9 @@ event smb2_create_response(c: connection, hdr: SMB2::Header, response: SMB2::Cre
print fmt("smb2_create_response %s -> %s:%d %s", c$id$orig_h, c$id$resp_h, c$id$resp_p, response);
}
event smb2_file_sattr(c: connection, hdr: SMB2::Header, file_id:
SMB2::GUID, times: SMB::MACTimes, attrs: SMB2::FileAttrs)
{
print fmt("smb2_file_sattr %s -> %s:%d %s MACTimes:%s FileAttrs:%s", c$id$orig_h, c$id$resp_h, c$id$resp_p, file_id, times, attrs);
}