Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Redoing doc.sphinx baselines.

Browse source
This commit is contained in:
Robin Sommer 2013-08-31 18:09:16 -07:00
parent ac66db286a
commit 2392a29b7f
127 changed files with 88 additions and 872 deletions
Download patch file Download diff file Expand all files Collapse all files

2
aux/btest

@ -1 +1 @@
Subproject commit 55e2f6c5fce254e822ff98cfd117e40f89c4c30c Subproject commit 13a7718b475d670ae22c1914ac1c26bd11be46b6

4
testing/btest/Baseline/doc.sphinx.framework_logging_factorial-2/btest-doc.sphinx.framework_logging_factorial-2#1
View file

@ -12,7 +12,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path factor #path factor
#open 2013-08-31-22-50-17 #open 2013-09-01-01-08-18
#fields num factorial_num #fields num factorial_num
#types count count #types count count
1 1 1 1
@ -25,5 +25,5 @@
8 40320 8 40320
9 362880 9 362880
10 3628800 10 3628800
#close 2013-08-31-22-50-17 #close 2013-09-01-01-08-18

4
testing/btest/Baseline/doc.sphinx.framework_logging_factorial-3/btest-doc.sphinx.framework_logging_factorial-3#1
View file

@ -12,7 +12,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path factor-mod5 #path factor-mod5
#open 2013-08-31-22-50-17 #open 2013-09-01-01-08-18
#fields num factorial_num #fields num factorial_num
#types count count #types count count
5 120 5 120
@ -21,5 +21,5 @@
8 40320 8 40320
9 362880 9 362880
10 3628800 10 3628800
#close 2013-08-31-22-50-17 #close 2013-09-01-01-08-18

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_connection_record_02_bro.include-doc_scripting_connection_record_02_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- connection_record_02.bro -- connection_record_02.bro

11
testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_connection_record_02_bro@2.include-doc_scripting_connection_record_02_bro@2.btest
View file

@ -1,11 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- connection_record_02.bro
@load base/protocols/conn
@load base/protocols/dns
event connection_state_remove(c: connection)
{
print c;
}

11
testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_connection_record_02_bro@2.include-doc_scripting_connection_record_02_bro@2.btest
View file

@ -1,11 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- connection_record_02.bro
@load base/protocols/conn
@load base/protocols/dns
event connection_state_remove(c: connection)
{
print c;
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_connection_record_02_bro.include-doc_scripting_connection_record_02_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_connection_record_02_bro@2/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- connection_record_02.bro -- connection_record_02.bro

26
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_01_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_record_01_bro.include-doc_scripting_data_struct_record_01_bro.btest
View file

@ -1,26 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_record_01.bro
type Service: record {
name: string;
ports: set[port];
rfc: count;
};
function print_service(serv: Service): string
{
print fmt("Service: %s(RFC%d)",serv$name, serv$rfc);
for ( p in serv$ports )
print fmt(" port: %s", p);
}
event bro_init()
{
local dns: Service = [$name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035];
local http: Service = [$name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616];
print_service(dns);
print_service(http);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_01_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_record_01_bro.include-doc_scripting_data_struct_record_01_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_01_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_record_01.bro -- data_struct_record_01.bro

45
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_02_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_record_02_bro.include-doc_scripting_data_struct_record_02_bro.btest
View file

@ -1,45 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_record_02.bro
type Service: record {
name: string;
ports: set[port];
rfc: count;
};
type System: record {
name: string;
services: set[Service];
};
function print_service(serv: Service): string
{
print fmt(" Service: %s(RFC%d)",serv$name, serv$rfc);
for ( p in serv$ports )
print fmt(" port: %s", p);
}
function print_system(sys: System): string
{
print fmt("System: %s", sys$name);
for ( s in sys$services )
print_service(s);
}
event bro_init()
{
local server01: System;
server01$name = "morlock";
add server01$services[[ $name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035]];
add server01$services[[ $name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616]];
print_system(server01);
# local dns: Service = [ $name="dns", $ports=set(53/udp, 53/tcp), $rfc=1035];
# local http: Service = [ $name="http", $ports=set(80/tcp, 8080/tcp), $rfc=2616];
# print_service(dns);
# print_service(http);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_02_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_record_02_bro.include-doc_scripting_data_struct_record_02_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_record_02_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_record_02.bro -- data_struct_record_02.bro

9
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro.include-doc_scripting_data_struct_set_declaration_bro.btest
View file

@ -1,9 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_set_declaration.bro
event bro_init()
{
local ssl_ports: set[port];
local non_ssl_ports = set( 23/tcp, 80/tcp, 143/tcp, 25/tcp );
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro.include-doc_scripting_data_struct_set_declaration_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

9
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2.include-doc_scripting_data_struct_set_declaration_bro@2.btest
View file

@ -1,9 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_set_declaration.bro
for ( i in ssl_ports )
print fmt("SSL Port: %s", i);
for ( i in non_ssl_ports )
print fmt("Non-SSL Port: %s", i);

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2.include-doc_scripting_data_struct_set_declaration_bro@2.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@2/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

7
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3.include-doc_scripting_data_struct_set_declaration_bro@3.btest
View file

@ -1,7 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_set_declaration.bro
# Check for SMTPS
if ( 587/tcp !in ssl_ports )
add ssl_ports[587/tcp];

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3.include-doc_scripting_data_struct_set_declaration_bro@3.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@3/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

26
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4.include-doc_scripting_data_struct_set_declaration_bro@4.btest
View file

@ -1,26 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_set_declaration.bro
event bro_init()
{
local ssl_ports: set[port];
local non_ssl_ports = set( 23/tcp, 80/tcp, 143/tcp, 25/tcp );
# SSH
add ssl_ports[22/tcp];
# HTTPS
add ssl_ports[443/tcp];
# IMAPS
add ssl_ports[993/tcp];
# Check for SMTPS
if ( 587/tcp !in ssl_ports )
add ssl_ports[587/tcp];
for ( i in ssl_ports )
print fmt("SSL Port: %s", i);
for ( i in non_ssl_ports )
print fmt("Non-SSL Port: %s", i);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4.include-doc_scripting_data_struct_set_declaration_bro@4.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_set_declaration_bro@4/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

17
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_complex_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_table_complex_bro.include-doc_scripting_data_struct_table_complex_bro.btest
View file

@ -1,17 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_table_complex.bro
event bro_init()
{
local samurai_flicks: table[string, string, count, string] of string;
samurai_flicks["Kihachi Okamoto", "Toho", 1968, "Tatsuya Nakadai"] = "Kiru";
samurai_flicks["Hideo Gosha", "Fuji", 1969, "Tatsuya Nakadai"] = "Goyokin";
samurai_flicks["Masaki Kobayashi", "Shochiku Eiga", 1962, "Tatsuya Nakadai" ] = "Harakiri";
samurai_flicks["Yoji Yamada", "Eisei Gekijo", 2002, "Hiroyuki Sanada" ] = "Tasogare Seibei";
for ( [d, s, y, a] in samurai_flicks )
print fmt("%s was released in %d by %s studios, directed by %s and starring %s", samurai_flicks[d, s, y, a], y, s, d, a);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_complex_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_table_complex_bro.include-doc_scripting_data_struct_table_complex_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_complex_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_table_complex.bro -- data_struct_table_complex.bro

17
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro.include-doc_scripting_data_struct_table_declaration_bro.btest
View file

@ -1,17 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_table_declaration.bro
event bro_init()
{
local ssl_services: table[string] of port;
ssl_services = table(["SSH"] = 22/tcp, ["HTTPS"] = 443/tcp);
ssl_services["IMAPS"] = 993/tcp;
if ( "SMTPS" !in ssl_services )
ssl_services["SMTPS"] = 587/tcp;
for ( k in ssl_services )
print fmt("Service Name: %s - Common Port: %s", k, ssl_services[k]);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro.include-doc_scripting_data_struct_table_declaration_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_table_declaration_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_table_declaration.bro -- data_struct_table_declaration.bro

19
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro.include-doc_scripting_data_struct_vector_declaration_bro.btest
View file

@ -1,19 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_vector_declaration.bro
event bro_init()
{
local v1: vector of count;
local v2 = vector(1, 2, 3, 4);
v1[|v1|] = 1;
v1[|v1|] = 2;
v1[|v1|] = 3;
v1[|v1|] = 4;
print fmt("contents of v1: %s", v1);
print fmt("length of v1: %d", |v1|);
print fmt("contents of v1: %s", v2);
print fmt("length of v2: %d", |v2|);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro.include-doc_scripting_data_struct_vector_declaration_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_declaration_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_vector_declaration.bro -- data_struct_vector_declaration.bro

11
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro.include-doc_scripting_data_struct_vector_iter_bro.btest
View file

@ -1,11 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_struct_vector_iter.bro
event bro_init()
{
local addr_vector: vector of addr = vector(1.2.3.4, 2.3.4.5, 3.4.5.6);
for (i in addr_vector)
print mask_addr(addr_vector[i], 18);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro.include-doc_scripting_data_struct_vector_iter_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_struct_vector_iter_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_vector_iter.bro -- data_struct_vector_iter.bro

13
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_const_bro.include-doc_scripting_data_type_const_bro.btest
View file

@ -1,13 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_const.bro
const port_list: table[port] of string &redef;
redef port_list += { [6666/tcp] = "IRC"};
redef port_list += { [80/tcp] = "WWW" };
event bro_init()
{
print port_list;
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_const_bro.include-doc_scripting_data_type_const_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_const.bro -- data_type_const.bro

8
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_simple_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_const_simple_bro.include-doc_scripting_data_type_const_simple_bro.btest
View file

@ -1,8 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_const_simple.bro
@load base/protocols/http
redef HTTP::default_capture_password = T;

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_simple_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_const_simple_bro.include-doc_scripting_data_type_const_simple_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_const_simple_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_const_simple.bro -- data_type_const_simple.bro

13
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_declaration_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_declaration_bro.include-doc_scripting_data_type_declaration_bro.btest
View file

@ -1,13 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_declaration.bro
event bro_init()
{
local a: int;
a = 10;
local b = 10;
if ( a == b )
print fmt("A: %d, B: %d", a, b);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_declaration_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_declaration_bro.include-doc_scripting_data_type_declaration_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_declaration_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_declaration.bro -- data_type_declaration.bro

22
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_interval_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_interval_bro.include-doc_scripting_data_type_interval_bro.btest
View file

@ -1,22 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_interval.bro
# Store the time the previous connection was established.
global last_connection_time: time;
# boolean value to indicate whether we have seen a previous connection.
global connection_seen: bool = F;
event connection_established(c: connection)
{
local net_time: time = network_time();
print fmt("%s: New connection established from %s to %s", strftime("%Y/%M/%d %H:%m:%S", net_time), c$id$orig_h, c$id$resp_h);
if ( connection_seen )
print fmt(" Time since last connection: %s", net_time - last_connection_time);
last_connection_time = net_time;
connection_seen = T;
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_interval_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_interval_bro.include-doc_scripting_data_type_interval_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_interval_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_interval.bro -- data_type_interval.bro

15
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_local_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_local_bro.include-doc_scripting_data_type_local_bro.btest
View file

@ -1,15 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_local.bro
function add_two(i: count): count
{
local added_two = i+2;
print fmt("i + 2 = %d", added_two);
return added_two;
}
event bro_init()
{
local test = add_two(10);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_local_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_local_bro.include-doc_scripting_data_type_local_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_local_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_local.bro -- data_type_local.bro

17
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_01_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_pattern_01_bro.include-doc_scripting_data_type_pattern_01_bro.btest
View file

@ -1,17 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_pattern_01.bro
event bro_init()
{
local test_string = "The quick brown fox jumped over the lazy dog.";
local test_pattern = /quick|lazy/;
if ( test_pattern in test_string )
{
local results = split(test_string, test_pattern);
print results[1];
print results[2];
print results[3];
}
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_01_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_pattern_01_bro.include-doc_scripting_data_type_pattern_01_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_01_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_pattern_01.bro -- data_type_pattern_01.bro

14
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_02_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_pattern_02_bro.include-doc_scripting_data_type_pattern_02_bro.btest
View file

@ -1,14 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_pattern_02.bro
event bro_init()
{
local test_string = "equality";
local test_pattern = /equal/;
print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
test_pattern = /equality/;
print fmt("%s and %s %s equal", test_string, test_pattern, test_pattern == test_string ? "are" : "are not");
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_02_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_pattern_02_bro.include-doc_scripting_data_type_pattern_02_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_pattern_02_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_pattern_02.bro -- data_type_pattern_02.bro

19
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_subnets_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_subnets_bro.include-doc_scripting_data_type_subnets_bro.btest
View file

@ -1,19 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_subnets.bro
event bro_init()
{
local subnets = vector(172.16.0.0/20, 172.16.16.0/20, 172.16.32.0/20, 172.16.48.0/20);
local addresses = vector(172.16.4.56, 172.16.47.254, 172.16.22.45, 172.16.1.1);
for ( a in addresses )
{
for ( s in subnets )
{
if ( addresses[a] in subnets[s] )
print fmt("%s belongs to subnet %s", addresses[a], subnets[s]);
}
}
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_subnets_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_subnets_bro.include-doc_scripting_data_type_subnets_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_subnets_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_subnets.bro -- data_type_subnets.bro

8
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_time_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_time_bro.include-doc_scripting_data_type_time_bro.btest
View file

@ -1,8 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- data_type_time.bro
event connection_established(c: connection)
{
print fmt("%s: New connection established from %s to %s\n", strftime("%Y/%M/%d %H:%m:%S", network_time()), c$id$orig_h, c$id$resp_h);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_time_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_data_type_time_bro.include-doc_scripting_data_type_time_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_data_type_time_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_time.bro -- data_type_time.bro

23
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro.include-doc_scripting_framework_logging_factorial_01_bro.btest
View file

@ -1,23 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_logging_factorial_01.bro
module Factor;
function factorial(n: count): count
{
if ( n == 0 )
return 1;
else
return ( n * factorial(n - 1) );
}
event bro_init()
{
local numbers: vector of count = vector(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
for ( n in numbers )
print fmt("%d", factorial(numbers[n]));
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro.include-doc_scripting_framework_logging_factorial_01_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_01_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_logging_factorial_01.bro -- framework_logging_factorial_01.bro

36
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro.include-doc_scripting_framework_logging_factorial_02_bro.btest
View file

@ -1,36 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_logging_factorial_02.bro
module Factor;
export {
redef enum Log::ID += { LOG };
type Info: record {
num: count &log;
factorial_num: count &log;
};
}
function factorial(n: count): count
{
if ( n == 0 )
return 1;
else
return ( n * factorial(n - 1) );
}
event bro_init()
{
Log::create_stream(LOG, [$columns=Info]);
}
event bro_done()
{
local numbers: vector of count = vector(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
for ( n in numbers )
Log::write( Factor::LOG, [$num=numbers[n],
$factorial_num=factorial(numbers[n])]);
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro.include-doc_scripting_framework_logging_factorial_02_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_02_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_logging_factorial_02.bro -- framework_logging_factorial_02.bro

12
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro.include-doc_scripting_framework_logging_factorial_03_bro.btest
View file

@ -1,12 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_logging_factorial_03.bro
event bro_init()
{
Log::create_stream(LOG, [$columns=Info]);
local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5];
Log::add_filter(Factor::LOG, filter);
Log::remove_filter(Factor::LOG, "default");
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro.include-doc_scripting_framework_logging_factorial_03_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_03_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_logging_factorial_03.bro -- framework_logging_factorial_03.bro

54
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro.include-doc_scripting_framework_logging_factorial_04_bro.btest
View file

@ -1,54 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_logging_factorial_04.bro
module Factor;
export {
redef enum Log::ID += { LOG };
type Info: record {
num: count &log;
factorial_num: count &log;
};
global log_factor: event(rec: Info);
}
function factorial(n: count): count
{
if ( n == 0 )
return 1;
else
return (n * factorial(n - 1));
}
event bro_init()
{
Log::create_stream(LOG, [$columns=Info, $ev=log_factor]);
}
event bro_done()
{
local numbers: vector of count = vector(1, 2, 3, 4, 5, 6, 7, 8, 9, 10);
for ( n in numbers )
Log::write( Factor::LOG, [$num=numbers[n],
$factorial_num=factorial(numbers[n])]);
}
function mod5(id: Log::ID, path: string, rec: Factor::Info) : string
{
if ( rec$factorial_num % 5 == 0 )
return "factor-mod5";
else
return "factor-non5";
}
event bro_init()
{
local filter: Log::Filter = [$name="split-mod5s", $path_func=mod5];
Log::add_filter(Factor::LOG, filter);
Log::remove_filter(Factor::LOG, "default");
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro.include-doc_scripting_framework_logging_factorial_04_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_logging_factorial_04_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_logging_factorial_04.bro -- framework_logging_factorial_04.bro

11
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro.include-doc_scripting_framework_notice_hook_01_bro.btest
View file

@ -1,11 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_notice_hook_01.bro
@load policy/protocols/ssh/interesting-hostnames.bro
hook Notice::policy(n: Notice::Info)
{
if ( n$note == SSH::Interesting_Hostname_Login )
add n$actions[Notice::ACTION_EMAIL];
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro.include-doc_scripting_framework_notice_hook_01_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_01_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_notice_hook_01.bro -- framework_notice_hook_01.bro

11
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro.include-doc_scripting_framework_notice_hook_suppression_01_bro.btest
View file

@ -1,11 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_notice_hook_suppression_01.bro
@load policy/protocols/ssl/expiring-certs.bro
hook Notice::policy(n: Notice::Info)
{
if ( n$note == SSL::Certificate_Expires_Soon )
n$suppress_for = 12hrs;
}

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro.include-doc_scripting_framework_notice_hook_suppression_01_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_hook_suppression_01_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_notice_hook_suppression_01.bro -- framework_notice_hook_suppression_01.bro

12
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro.include-doc_scripting_framework_notice_shortcuts_01_bro.btest
View file

@ -1,12 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_notice_shortcuts_01.bro
@load policy/protocols/ssh/interesting-hostnames.bro
@load base/protocols/ssh/
redef Notice::emailed_types += {
SSH::Interesting_Hostname_Login,
SSH::Login
};

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro.include-doc_scripting_framework_notice_shortcuts_01_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_01_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_notice_shortcuts_01.bro -- framework_notice_shortcuts_01.bro

11
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro.include-doc_scripting_framework_notice_shortcuts_02_bro.btest
View file

@ -1,11 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- framework_notice_shortcuts_02.bro
@load policy/protocols/ssh/interesting-hostnames.bro
@load base/protocols/ssh/
redef Notice::type_suppression_intervals += {
[SSH::Interesting_Hostname_Login] = 1day,
[SSH::Login] = 12hrs,
};

2
testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro.include-doc_scripting_framework_notice_shortcuts_02_bro.btest → testing/btest/Baseline/doc.sphinx.include-doc_scripting_framework_notice_shortcuts_02_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- framework_notice_shortcuts_02.bro -- framework_notice_shortcuts_02.bro

25
testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_base_bif_event_bif_bro.include-scripts_base_bif_event_bif_bro.btest
View file

@ -1,25 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- event.bif.bro
## script-level cleanup that needs to be performed for every connection. This
## event is generated not only for TCP sessions but also for UDP and ICMP
## flows.
##
##
global connection_external: event(c: connection , tag: string );
## Generated when a UDP session for a supported protocol has finished. Some of
## Bro's application-layer UDP analyzers flag the end of a session by raising
## Generated when a connection is seen that is marked as being expected.
global ipv6_ext_headers: event(c: connection , p: pkt_hdr );
## their specifics differ slightly. Often, however, both will be raised for
## the same connection if some of its data is missing. We should eventually
## merge the two.
global ack_above_hole: event(c: connection );
##

2
testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_base_bif_event_bif_bro.include-scripts_base_bif_event_bif_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_event_bif_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- event.bif.bro -- event.bif.bro

30
testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.btest
View file

@ -1,30 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- Bro_DNS.events.bif.bro
## Generated for DNS requests. For requests with multiple queries, this event
## is raised once for each.
##
## See `Wikipedia <http://en.wikipedia.org/wiki/Domain_Name_System>`__ for more
## information about the DNS protocol. Bro analyzes both UDP and TCP DNS
## sessions.
##
## c: The connection, which may be UDP or TCP depending on the type of the
## transport-layer session being analyzed.
##
## msg: The parsed DNS message header.
##
## query: The queried name.
##
## qtype: The queried resource record type.
##
## qclass: The queried resource record class.
##
## .. bro:see:: dns_AAAA_reply dns_A_reply dns_CNAME_reply dns_EDNS_addl
## dns_HINFO_reply dns_MX_reply dns_NS_reply dns_PTR_reply dns_SOA_reply
## dns_SRV_reply dns_TSIG_addl dns_TXT_reply dns_WKS_reply dns_end
## dns_full_request dns_mapping_altered dns_mapping_lost_name dns_mapping_new_name
## dns_mapping_unverified dns_mapping_valid dns_message dns_query_reply
## dns_rejected non_dns_request dns_max_queries dns_session_timeout dns_skip_addl
## dns_skip_all_addl dns_skip_all_auth dns_skip_auth
global dns_request: event(c: connection , msg: dns_msg , query: string , qtype: count , qclass: count );

2
testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_base_bif_plugins_Bro_DNS_events_bif_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- Bro_DNS.events.bif.bro -- Bro_DNS.events.bif.bro

7
testing/btest/Baseline/doc.sphinx.include-scripts_base_init-bare_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_base_init-bare_bro.include-scripts_base_init-bare_bro.btest
View file

@ -1,7 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- init-bare.bro
type string_array: table[count] of string;
type string_set: set[string];
type addr_set: set[addr];

2
testing/btest/Baseline/doc.sphinx.include-scripts_base_init-bare_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_base_init-bare_bro.include-scripts_base_init-bare_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_base_init-bare_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- init-bare.bro -- init-bare.bro

28
testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_base_protocols_conn_main_bro.include-scripts_base_protocols_conn_main_bro.btest
View file

@ -1,28 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- main.bro
module Conn;
export {
## The record type which contains column fields of the connection log.
type Info: record {
ts: time &log;
uid: string &log;
id: conn_id &log;
proto: transport_proto &log;
service: string &log &optional;
duration: interval &log &optional;
orig_bytes: count &log &optional;
resp_bytes: count &log &optional;
conn_state: string &log &optional;
local_orig: bool &log &optional;
missed_bytes: count &log &default=0;
history: string &log &optional;
orig_pkts: count &log &optional;
orig_ip_bytes: count &log &optional;
resp_pkts: count &log &optional;
resp_ip_bytes: count &log &optional;
tunnel_parents: set[string] &log;
};
}

2
testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_base_protocols_conn_main_bro.include-scripts_base_protocols_conn_main_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_conn_main_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- main.bro -- main.bro

10
testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_http_main_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_base_protocols_http_main_bro.include-scripts_base_protocols_http_main_bro.btest
View file

@ -1,10 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- main.bro
module HTTP;
export {
## This setting changes if passwords used in Basic-Auth are captured or not.
const default_capture_password = F &redef;
}

2
testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_http_main_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_base_protocols_http_main_bro.include-scripts_base_protocols_http_main_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_base_protocols_http_main_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- main.bro -- main.bro

61
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro.include-scripts_policy_frameworks_files_detect-MHR_bro.btest
View file

@ -1,61 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- detect-MHR.bro
##! Detect file downloads that have hash values matching files in Team
##! Cymru's Malware Hash Registry (http://www.team-cymru.org/Services/MHR/).
@load base/frameworks/files
@load base/frameworks/notice
@load frameworks/files/hash-all-files
module TeamCymruMalwareHashRegistry;
export {
redef enum Notice::Type += {
## The hash value of a file transferred over HTTP matched in the
## malware hash registry.
Match
};
## File types to attempt matching against the Malware Hash Registry.
const match_file_types = /application\/x-dosexec/ |
/application\/vnd.ms-cab-compressed/ |
/application\/pdf/ |
/application\/x-shockwave-flash/ |
/application\/x-java-applet/ |
/application\/jar/ |
/video\/mp4/ &redef;
## The malware hash registry runs each malware sample through several A/V engines.
## Team Cymru returns a percentage to indicate how many A/V engines flagged the
## sample as malicious. This threshold allows you to require a minimum detection
## rate.
const notice_threshold = 10 &redef;
}
event file_hash(f: fa_file, kind: string, hash: string)
{
if ( kind=="sha1" && match_file_types in f$mime_type )
{
local hash_domain = fmt("%s.malware.hash.cymru.com", hash);
when ( local MHR_result = lookup_hostname_txt(hash_domain) )
{
# Data is returned as "<dateFirstDetected> <detectionRate>"
local MHR_answer = split1(MHR_result, / /);
if ( |MHR_answer| == 2 )
{
local mhr_first_detected = double_to_time(to_double(MHR_answer[1]));
local mhr_detect_rate = to_count(MHR_answer[2]);
local readable_first_detected = strftime("%Y-%m-%d %H:%M:%S", mhr_first_detected);
if ( mhr_detect_rate >= notice_threshold )
{
local message = fmt("Malware Hash Registry Detection rate: %d%% Last seen: %s", mhr_detect_rate, readable_first_detected);
local virustotal_url = fmt("https://www.virustotal.com/en/file/%s/analysis/", hash);
NOTICE([$note=Match, $msg=message, $sub=virustotal_url, $f=f]);
}
}
}
}
}

2
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro.include-scripts_policy_frameworks_files_detect-MHR_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- detect-MHR.bro -- detect-MHR.bro

9
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2.include-scripts_policy_frameworks_files_detect-MHR_bro@2.btest
View file

@ -1,9 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- detect-MHR.bro
module TeamCymruMalwareHashRegistry;
export {
redef enum Notice::Type += {

2
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2.include-scripts_policy_frameworks_files_detect-MHR_bro@2.btest → testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@2/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- detect-MHR.bro -- detect-MHR.bro

17
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3.include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest
View file

@ -1,17 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- detect-MHR.bro
## The hash value of a file transferred over HTTP matched in the
## malware hash registry.
Match
};
## File types to attempt matching against the Malware Hash Registry.
const match_file_types = /application\/x-dosexec/ |
/application\/vnd.ms-cab-compressed/ |
/application\/pdf/ |
/application\/x-shockwave-flash/ |
/application\/x-java-applet/ |
/application\/jar/ |
/video\/mp4/ &redef;

2
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3.include-scripts_policy_frameworks_files_detect-MHR_bro@3.btest → testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@3/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- detect-MHR.bro -- detect-MHR.bro

23
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4.include-scripts_policy_frameworks_files_detect-MHR_bro@4.btest
View file

@ -1,23 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- detect-MHR.bro
## The malware hash registry runs each malware sample through several A/V engines.
## Team Cymru returns a percentage to indicate how many A/V engines flagged the
## sample as malicious. This threshold allows you to require a minimum detection
## rate.
const notice_threshold = 10 &redef;
}
event file_hash(f: fa_file, kind: string, hash: string)
{
if ( kind=="sha1" && match_file_types in f$mime_type )
{
local hash_domain = fmt("%s.malware.hash.cymru.com", hash);
when ( local MHR_result = lookup_hostname_txt(hash_domain) )
{
# Data is returned as "<dateFirstDetected> <detectionRate>"
local MHR_answer = split1(MHR_result, / /);
if ( |MHR_answer| == 2 )
{
local mhr_first_detected = double_to_time(to_double(MHR_answer[1]));

2
testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4.include-scripts_policy_frameworks_files_detect-MHR_bro@4.btest → testing/btest/Baseline/doc.sphinx.include-scripts_policy_frameworks_files_detect-MHR_bro@4/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- detect-MHR.bro -- detect-MHR.bro

9
testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro.include-scripts_policy_protocols_conn_known-hosts_bro.btest
View file

@ -1,9 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- known-hosts.bro
module Known;
export {
global known_hosts: set[addr] &create_expire=1day &synchronized &redef;
}

2
testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro.include-scripts_policy_protocols_conn_known-hosts_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_conn_known-hosts_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- known-hosts.bro -- known-hosts.bro

50
testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro.include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
View file

@ -1,50 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- interesting-hostnames.bro
##! This script will generate a notice if an apparent SSH login originates
##! or heads to a host with a reverse hostname that looks suspicious. By
##! default, the regular expression to match "interesting" hostnames includes
##! names that are typically used for infrastructure hosts like nameservers,
##! mail servers, web servers and ftp servers.
@load base/frameworks/notice
module SSH;
export {
redef enum Notice::Type += {
## Generated if a login originates or responds with a host where the
## reverse hostname lookup resolves to a name matched by the
## :bro:id:`SSH::interesting_hostnames` regular expression.
Interesting_Hostname_Login,
};
## Strange/bad host names to see successful SSH logins from or to.
const interesting_hostnames =
/^d?ns[0-9]*\./ |
/^smtp[0-9]*\./ |
/^mail[0-9]*\./ |
/^pop[0-9]*\./ |
/^imap[0-9]*\./ |
/^www[0-9]*\./ |
/^ftp[0-9]*\./ &redef;
}
event SSH::heuristic_successful_login(c: connection)
{
for ( host in set(c$id$orig_h, c$id$resp_h) )
{
when ( local hostname = lookup_addr(host) )
{
if ( interesting_hostnames in hostname )
{
NOTICE([$note=Interesting_Hostname_Login,
$msg=fmt("Possible SSH login involving a %s %s with an interesting hostname.",
Site::is_local_addr(host) ? "local" : "remote",
host == c$id$orig_h ? "client" : "server"),
$sub=hostname, $conn=c]);
}
}
}
}

2
testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro.include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- interesting-hostnames.bro -- interesting-hostnames.bro

8
testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro/.home.robin.bro.master.testing.btest..tmp.doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro.include-scripts_policy_protocols_ssl_expiring-certs_bro.btest
View file

@ -1,8 +0,0 @@
# @TEST-EXEC: btest-diff %INPUT
-- expiring-certs.bro
NOTICE([$note=Certificate_Expires_Soon,
$msg=fmt("Certificate %s is going to expire at %T", cert$subject, cert$not_valid_after),
$conn=c, $suppress_for=1day,
$identifier=cat(c$id$resp_h, c$id$resp_p, c$ssl$cert_hash)]);

2
testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro/.Users.robin.bro.docs.testing.btest..tmp.doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro.include-scripts_policy_protocols_ssl_expiring-certs_bro.btest → testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssl_expiring-certs_bro/output
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- expiring-certs.bro -- expiring-certs.bro

2
testing/btest/Baseline/doc.sphinx.using_bro/btest-doc.sphinx.using_bro#1
View file

@ -12,7 +12,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path conn #path conn
#open 2013-08-31-22-50-20 #open 2013-09-01-01-08-21
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool count string count count count count table[string] #types time string addr port addr port enum string interval count count string bool count string count count count count table[string]
1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty) 1300475167.096535 CXWv6p3arKYeMETxOg 141.142.220.202 5353 224.0.0.251 5353 udp dns - - - S0 - 0 D 1 73 0 0 (empty)

2
testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- connection_record_02.bro -- connection_record_02.bro

2
testing/btest/doc/sphinx/include-doc_scripting_connection_record_02_bro@2.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- connection_record_02.bro -- connection_record_02.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_01_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_record_01.bro -- data_struct_record_01.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_record_02_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_record_02.bro -- data_struct_record_02.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@2.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@3.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_set_declaration_bro@4.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_set_declaration.bro -- data_struct_set_declaration.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_complex_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_table_complex.bro -- data_struct_table_complex.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_table_declaration_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_table_declaration.bro -- data_struct_table_declaration.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_declaration_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_vector_declaration.bro -- data_struct_vector_declaration.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_struct_vector_iter_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_struct_vector_iter.bro -- data_struct_vector_iter.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_type_const_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_const.bro -- data_type_const.bro

2
testing/btest/doc/sphinx/include-doc_scripting_data_type_const_simple_bro.btest
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: btest-diff %INPUT # @TEST-EXEC: cat %INPUT >output && btest-diff output
-- data_type_const_simple.bro -- data_type_const_simple.bro

Some files were not shown because too many files have changed in this diff Show more