mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
Update base scripts and unit tests.
This commit is contained in:
Matthias Vallentin
parent
833a559cac
commit
30bab14dbf
5 changed files with 67 additions and 66 deletions
|
|
@ -22,7 +22,7 @@ export {
|
||||||
|
|
||||||
## Indicates if an MD5 sum is being calculated for the current
|
## Indicates if an MD5 sum is being calculated for the current
|
||||||
## request/response pair.
|
## request/response pair.
|
||||||
calculating_md5: bool &default=F;
|
md5_handle: opaque of md5 &optional;
|
||||||
};
|
};
|
||||||
|
|
||||||
## Generate MD5 sums for these filetypes.
|
## Generate MD5 sums for these filetypes.
|
||||||
|
|
@ -41,13 +41,12 @@ event http_entity_data(c: connection, is_orig: bool, length: count, data: string
|
||||||
if ( c$http$calc_md5 ||
|
if ( c$http$calc_md5 ||
|
||||||
(c$http?$mime_type && generate_md5 in c$http$mime_type) )
|
(c$http?$mime_type && generate_md5 in c$http$mime_type) )
|
||||||
{
|
{
|
||||||
c$http$calculating_md5 = T;
|
c$http$md5_handle = md5_hash_init();
|
||||||
md5_hash_init(c$id);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( c$http$calculating_md5 )
|
if ( c$http?$md5_handle )
|
||||||
md5_hash_update(c$id, data);
|
md5_hash_update(c$http$md5_handle, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
## In the event of a content gap during a file transfer, detect the state for
|
## In the event of a content gap during a file transfer, detect the state for
|
||||||
|
|
@ -55,11 +54,11 @@ event http_entity_data(c: connection, is_orig: bool, length: count, data: string
|
||||||
## incorrect anyway.
|
## incorrect anyway.
|
||||||
event content_gap(c: connection, is_orig: bool, seq: count, length: count) &priority=5
|
event content_gap(c: connection, is_orig: bool, seq: count, length: count) &priority=5
|
||||||
{
|
{
|
||||||
if ( is_orig || ! c?$http || ! c$http$calculating_md5 ) return;
|
if ( is_orig || ! c?$http || ! c$http?$md5_handle ) return;
|
||||||
|
|
||||||
set_state(c, F, is_orig);
|
set_state(c, F, is_orig);
|
||||||
c$http$calculating_md5 = F;
|
md5_hash_finish(c$http$md5_handle); # Ignore return value.
|
||||||
md5_hash_finish(c$id);
|
delete c$http$md5_handle;
|
||||||
}
|
}
|
||||||
|
|
||||||
## When the file finishes downloading, finish the hash and generate a notice.
|
## When the file finishes downloading, finish the hash and generate a notice.
|
||||||
|
|
@ -67,11 +66,11 @@ event http_message_done(c: connection, is_orig: bool, stat: http_message_stat) &
|
||||||
{
|
{
|
||||||
if ( is_orig || ! c?$http ) return;
|
if ( is_orig || ! c?$http ) return;
|
||||||
|
|
||||||
if ( c$http$calculating_md5 )
|
if ( c$http?$md5_handle )
|
||||||
{
|
{
|
||||||
local url = build_url_http(c$http);
|
local url = build_url_http(c$http);
|
||||||
c$http$calculating_md5 = F;
|
c$http$md5 = md5_hash_finish(c$http$md5_handle);
|
||||||
c$http$md5 = md5_hash_finish(c$id);
|
delete c$http$md5_handle;
|
||||||
|
|
||||||
NOTICE([$note=MD5, $msg=fmt("%s %s %s", c$id$orig_h, c$http$md5, url),
|
NOTICE([$note=MD5, $msg=fmt("%s %s %s", c$id$orig_h, c$http$md5, url),
|
||||||
$sub=c$http$md5, $conn=c, $URL=url]);
|
$sub=c$http$md5, $conn=c, $URL=url]);
|
||||||
|
|
@ -82,11 +81,12 @@ event connection_state_remove(c: connection) &priority=-5
|
||||||
{
|
{
|
||||||
if ( c?$http_state &&
|
if ( c?$http_state &&
|
||||||
c$http_state$current_response in c$http_state$pending &&
|
c$http_state$current_response in c$http_state$pending &&
|
||||||
c$http_state$pending[c$http_state$current_response]$calculating_md5 )
|
c$http_state$pending[c$http_state$current_response]?$md5_handle )
|
||||||
{
|
{
|
||||||
# The MD5 sum isn't going to be saved anywhere since the entire
|
# The MD5 sum isn't going to be saved anywhere since the entire
|
||||||
# body wouldn't have been seen anyway and we'd just be giving an
|
# body wouldn't have been seen anyway and we'd just be giving an
|
||||||
# incorrect MD5 sum.
|
# incorrect MD5 sum.
|
||||||
md5_hash_finish(c$id);
|
md5_hash_finish(c$http$md5_handle);
|
||||||
|
delete c$http$md5_handle;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ export {
|
||||||
calc_md5: bool &default=F;
|
calc_md5: bool &default=F;
|
||||||
## This boolean value indicates if an MD5 sum is being calculated
|
## This boolean value indicates if an MD5 sum is being calculated
|
||||||
## for the current file transfer.
|
## for the current file transfer.
|
||||||
calculating_md5: bool &default=F;
|
md5_handle: opaque of md5 &optional;
|
||||||
|
|
||||||
## Optionally write the file to disk. Must be set prior to first
|
## Optionally write the file to disk. Must be set prior to first
|
||||||
## data chunk being seen in an event.
|
## data chunk being seen in an event.
|
||||||
|
|
@ -126,18 +126,16 @@ event mime_segment_data(c: connection, length: count, data: string) &priority=-5
|
||||||
|
|
||||||
if ( c$smtp$current_entity$content_len == 0 )
|
if ( c$smtp$current_entity$content_len == 0 )
|
||||||
{
|
{
|
||||||
if ( generate_md5 in c$smtp$current_entity$mime_type && ! never_calc_md5 )
|
local entity = c$smtp$current_entity;
|
||||||
c$smtp$current_entity$calc_md5 = T;
|
if ( generate_md5 in entity$mime_type && ! never_calc_md5 )
|
||||||
|
entity$calc_md5 = T;
|
||||||
|
|
||||||
if ( c$smtp$current_entity$calc_md5 )
|
if ( entity$calc_md5 )
|
||||||
{
|
entity$md5_handle = md5_hash_init();
|
||||||
c$smtp$current_entity$calculating_md5 = T;
|
|
||||||
md5_hash_init(c$id);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( c$smtp$current_entity$calculating_md5 )
|
if ( c$smtp$current_entity?$md5_handle )
|
||||||
md5_hash_update(c$id, data);
|
md5_hash_update(entity$md5_handle, data);
|
||||||
}
|
}
|
||||||
|
|
||||||
## In the event of a content gap during the MIME transfer, detect the state for
|
## In the event of a content gap during the MIME transfer, detect the state for
|
||||||
|
|
@ -147,10 +145,11 @@ event content_gap(c: connection, is_orig: bool, seq: count, length: count) &prio
|
||||||
{
|
{
|
||||||
if ( is_orig || ! c?$smtp || ! c$smtp?$current_entity ) return;
|
if ( is_orig || ! c?$smtp || ! c$smtp?$current_entity ) return;
|
||||||
|
|
||||||
if ( c$smtp$current_entity$calculating_md5 )
|
local entity = c$smtp$current_entity;
|
||||||
|
if ( entity?$md5_handle )
|
||||||
{
|
{
|
||||||
c$smtp$current_entity$calculating_md5 = F;
|
md5_hash_finish(entity$md5_handle);
|
||||||
md5_hash_finish(c$id);
|
delete entity$md5_handle;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -161,12 +160,14 @@ event mime_end_entity(c: connection) &priority=-3
|
||||||
if ( ! c?$smtp || ! c$smtp?$current_entity )
|
if ( ! c?$smtp || ! c$smtp?$current_entity )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if ( c$smtp$current_entity$calculating_md5 )
|
local entity = c$smtp$current_entity;
|
||||||
|
if ( entity?$md5_handle )
|
||||||
{
|
{
|
||||||
c$smtp$current_entity$md5 = md5_hash_finish(c$id);
|
entity$md5 = md5_hash_finish(entity$md5_handle);
|
||||||
|
delete entity$md5_handle;
|
||||||
|
|
||||||
NOTICE([$note=MD5, $msg=fmt("Calculated a hash for a MIME entity from %s", c$id$orig_h),
|
NOTICE([$note=MD5, $msg=fmt("Calculated a hash for a MIME entity from %s", c$id$orig_h),
|
||||||
$sub=c$smtp$current_entity$md5, $conn=c]);
|
$sub=entity$md5, $conn=c]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -4,16 +4,16 @@
|
||||||
print md5_hash("one");
|
print md5_hash("one");
|
||||||
print md5_hash("one", "two", "three");
|
print md5_hash("one", "two", "three");
|
||||||
|
|
||||||
md5_hash_init("a");
|
local a = md5_hash_init();
|
||||||
md5_hash_init("b");
|
local b = md5_hash_init();
|
||||||
|
|
||||||
md5_hash_update("a", "one");
|
md5_hash_update(a, "one");
|
||||||
md5_hash_update("b", "one");
|
md5_hash_update(b, "one");
|
||||||
md5_hash_update("b", "two");
|
md5_hash_update(b, "two");
|
||||||
md5_hash_update("b", "three");
|
md5_hash_update(b, "three");
|
||||||
|
|
||||||
print md5_hash_finish("a");
|
print md5_hash_finish(a);
|
||||||
print md5_hash_finish("b");
|
print md5_hash_finish(b);
|
||||||
|
|
||||||
print md5_hmac("one");
|
print md5_hmac("one");
|
||||||
print md5_hmac("one", "two", "three");
|
print md5_hmac("one", "two", "three");
|
||||||
|
|
|
||||||
|
|
@ -4,13 +4,13 @@
|
||||||
print sha1_hash("one");
|
print sha1_hash("one");
|
||||||
print sha1_hash("one", "two", "three");
|
print sha1_hash("one", "two", "three");
|
||||||
|
|
||||||
sha1_hash_init("a");
|
local a = sha1_hash_init();
|
||||||
sha1_hash_init("b");
|
local b = sha1_hash_init();
|
||||||
|
|
||||||
sha1_hash_update("a", "one");
|
sha1_hash_update(a, "one");
|
||||||
sha1_hash_update("b", "one");
|
sha1_hash_update(b, "one");
|
||||||
sha1_hash_update("b", "two");
|
sha1_hash_update(b, "two");
|
||||||
sha1_hash_update("b", "three");
|
sha1_hash_update(b, "three");
|
||||||
|
|
||||||
print sha1_hash_finish("a");
|
print sha1_hash_finish(a);
|
||||||
print sha1_hash_finish("b");
|
print sha1_hash_finish(b);
|
||||||
|
|
|
||||||
|
|
@ -4,13 +4,13 @@
|
||||||
print sha256_hash("one");
|
print sha256_hash("one");
|
||||||
print sha256_hash("one", "two", "three");
|
print sha256_hash("one", "two", "three");
|
||||||
|
|
||||||
sha256_hash_init("a");
|
local a = sha256_hash_init();
|
||||||
sha256_hash_init("b");
|
local b = sha256_hash_init();
|
||||||
|
|
||||||
sha256_hash_update("a", "one");
|
sha256_hash_update(a, "one");
|
||||||
sha256_hash_update("b", "one");
|
sha256_hash_update(b, "one");
|
||||||
sha256_hash_update("b", "two");
|
sha256_hash_update(b, "two");
|
||||||
sha256_hash_update("b", "three");
|
sha256_hash_update(b, "three");
|
||||||
|
|
||||||
print sha256_hash_finish("a");
|
print sha256_hash_finish(a);
|
||||||
print sha256_hash_finish("b");
|
print sha256_hash_finish(b);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue