More policy/utils unit tests and documentation.

testing/btest/Baseline/policy.utils.pattern/output

@@ -0,0 +1,6 @@
+/^?((blarg|blah|bleh))$?/
+T
+/^?(foo(blarg|blah|bleh)bar)$?/
+T
+[matched=T, str=blah, off=4]
+[matched=F, str=, off=0]

testing/btest/Baseline/policy.utils.strings/output

@@ -0,0 +1,13 @@
+'hello' is NOT considered binary
+'\xff\xff\xff\0' IS considered binary
+'\0\0\xff\0' IS considered binary
+'\0\0\0\0' is NOT considered binary
+two, one, three
+one
+hell\o w\orl\d
+\\hello world\\
+hello world
+hello worl
+hello
+
+

testing/btest/Baseline/policy.utils.thresholds/output

@@ -0,0 +1,45 @@
+Iteration: 0, threshold check: F
+[n=0, index=0]
+Iteration: 1, threshold check: F
+[n=1, index=0]
+Iteration: 2, threshold check: T
+[n=2, index=1]
+Iteration: 3, threshold check: F
+[n=3, index=1]
+Iteration: 4, threshold check: T
+[n=4, index=2]
+Iteration: 5, threshold check: F
+[n=5, index=2]
+Iteration: 6, threshold check: T
+[n=6, index=3]
+Iteration: 7, threshold check: F
+[n=7, index=3]
+Iteration: 8, threshold check: T
+[n=8, index=4]
+Iteration: 9, threshold check: F
+[n=9, index=4]
+Iteration: 10, threshold check: T
+[n=10, index=5]
+====================================
+Iteration: 0, threshold check: F
+[n=0, index=0]
+Iteration: 1, threshold check: F
+[n=1, index=0]
+Iteration: 2, threshold check: T
+[n=2, index=1]
+Iteration: 3, threshold check: F
+[n=3, index=1]
+Iteration: 4, threshold check: T
+[n=4, index=2]
+Iteration: 5, threshold check: F
+[n=5, index=2]
+Iteration: 6, threshold check: T
+[n=6, index=3]
+Iteration: 7, threshold check: F
+[n=7, index=3]
+Iteration: 8, threshold check: T
+[n=8, index=4]
+Iteration: 9, threshold check: F
+[n=9, index=4]
+Iteration: 10, threshold check: T
+[n=10, index=5]

testing/btest/policy/utils/pattern.test

@@ -0,0 +1,16 @@
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+@load utils/pattern
+
+global r1 = set_to_regex(set("blah", "bleh", "blarg"), "(~~)");
+global r2 = set_to_regex(set("blah", "bleh", "blarg"), "foo(~~)bar");
+
+print r1;
+print "blah" == r1;
+
+print r2;
+print "fooblargbar" == r2;
+
+print match_pattern("123blah123", r1);
+print match_pattern("no match here", r1);

testing/btest/policy/utils/strings.test

@@ -0,0 +1,29 @@
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+@load utils/strings
+
+function test_binary_string(s: string)
+	{
+	if ( is_string_binary(s) )
+		print fmt("'%s' IS considered binary", s);
+	else
+		print fmt("'%s' is NOT considered binary", s);
+	}
+
+test_binary_string("\x68\x65\x6C\x6C\x6F");
+test_binary_string("\xFF\xFF\xFF\x00");
+test_binary_string("\x00\x00\xFF\x00");
+test_binary_string("\x00\x00\x00\x00");
+
+print join_string_set(set("one", "two", "three"), ", ");
+print join_string_set(set("one"), ", ");
+
+print string_escape("hello world", "od");
+print string_escape("\\hello world\\", "");
+
+print cut_tail("hello world", 0);
+print cut_tail("hello world", 1);
+print cut_tail("hello world", 6);
+print cut_tail("hello world", 11);
+print cut_tail("hello world", 12);

testing/btest/policy/utils/thresholds.test

@@ -0,0 +1,28 @@
+# @TEST-EXEC: bro %INPUT >output
+# @TEST-EXEC: btest-diff output
+
+@load utils/thresholds
+
+redef default_notice_thresholds = { 2, 4, 6, 8, 10 };
+const my_thresholds: vector of count = { 2, 4, 6, 8, 10 };
+const loop_v: vector of count = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 };
+global track_count: TrackCount;
+
+for ( i in loop_v )
+	{
+	print fmt("Iteration: %s, threshold check: %s", i,
+	          check_threshold(my_thresholds, track_count));
+	print track_count;
+	++track_count$n;
+	}
+
+track_count$n = 0; track_count$index = 0;
+
+print "====================================";
+for ( i in loop_v )
+	{
+	print fmt("Iteration: %s, threshold check: %s", i,
+	          default_check_threshold(track_count));
+	print track_count;
+	++track_count$n;
+	}