Merge remote-tracking branch 'origin/master' into topic/johanna/imap-starttls

2025-10-02 22:58:20 +00:00 · 2016-04-26 10:52:16 -07:00 · 2016-04-26 10:52:16 -07:00 · 3669b6aa9c
commit 3669b6aa9c
parent 7f2087af34 d93186881d
626 changed files with 13981 additions and 3994 deletions
--- a/testing/btest/scripts/base/protocols/dns/caa.bro
+++ b/testing/btest/scripts/base/protocols/dns/caa.bro
@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -r $TRACES/dns-caa.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event dns_CAA_reply(c: connection, msg: dns_msg, ans: dns_answer, flags: count, tag: string, value: string)
+	{
+	print flags,tag,value;
+	}
--- a/testing/btest/scripts/base/protocols/dns/huge-ttl.bro
+++ b/testing/btest/scripts/base/protocols/dns/huge-ttl.bro
@ -0,0 +1,7 @@
+# @TEST-EXEC: bro -r $TRACES/dns-huge-ttl.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event dns_A_reply(c: connection, msg: dns_msg, ans: dns_answer, a: addr)
+	{
+	print ans;
+	}
--- a/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.bro
+++ b/testing/btest/scripts/base/protocols/ftp/ftp-get-file-size.bro
@ -0,0 +1,5 @@
+# This tests extracting the server reported file size 
+# from FTP sessions.
+#
+# @TEST-EXEC: bro -r $TRACES/ftp/ftp-with-numbers-in-filename.pcap
+# @TEST-EXEC: btest-diff ftp.log
--- a/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.bro
+++ b/testing/btest/scripts/base/protocols/http/http-bad-request-with-version.bro
@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -Cr $TRACES/http/http-bad-request-with-version.trace %INPUT
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff weird.log
+
--- a/testing/btest/scripts/base/protocols/http/http-connect-with-header.bro
+++ b/testing/btest/scripts/base/protocols/http/http-connect-with-header.bro
@ -0,0 +1,12 @@
+# This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly
+# when the server include a header line into its response.
+#
+# @TEST-EXEC: bro -C -r $TRACES/http/connect-with-header.trace %INPUT
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff tunnel.log
+
+@load base/protocols/conn
+@load base/protocols/http
+@load base/protocols/tunnels
+@load base/frameworks/dpd
--- a/testing/btest/scripts/base/protocols/http/no-uri.bro
+++ b/testing/btest/scripts/base/protocols/http/no-uri.bro
@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -Cr $TRACES/http/no-uri.pcap %INPUT
+# @TEST-EXEC: btest-diff http.log
+# @TEST-EXEC: btest-diff weird.log
+
--- a/testing/btest/scripts/base/protocols/http/no-version.bro
+++ b/testing/btest/scripts/base/protocols/http/no-version.bro
@ -0,0 +1,3 @@
+# @TEST-EXEC: bro -Cr $TRACES/http/no-version.pcap %INPUT
+# @TEST-EXEC: btest-diff http.log
+
--- a/testing/btest/scripts/base/protocols/irc/events.test
+++ b/testing/btest/scripts/base/protocols/irc/events.test
@ -0,0 +1,16 @@
+# Test IRC events
+
+# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/irc-basic.trace %INPUT
+# @TEST-EXEC: bro -r $TRACES/irc-whitespace.trace %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+event irc_privmsg_message(c: connection, is_orig: bool, source: string, target: string, message: string)
+	{
+	print fmt("%s -> %s: %s", source, target, message);
+	}
+
+event irc_quit_message(c: connection, is_orig: bool, nick: string, message: string)
+	{
+	print fmt("quit: %s (%s)", nick, message);
+	}
--- a/testing/btest/scripts/base/protocols/irc/starttls.test
+++ b/testing/btest/scripts/base/protocols/irc/starttls.test
@ -0,0 +1,9 @@
+# @TEST-EXEC: bro -b -C -r $TRACES/tls/irc-starttls.pcap %INPUT
+# @TEST-EXEC: btest-diff conn.log
+# @TEST-EXEC: btest-diff ssl.log
+# @TEST-EXEC: btest-diff x509.log
+
+@load base/protocols/conn
+@load base/frameworks/dpd
+@load base/protocols/ssl
+@load base/protocols/irc
--- a/testing/btest/scripts/base/protocols/pop3/starttls.bro
+++ b/testing/btest/scripts/base/protocols/pop3/starttls.bro
@ -1,8 +1,10 @@
 # @TEST-EXEC: bro -C -b -r $TRACES/tls/pop3-starttls.pcap %INPUT
+# @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff ssl.log
 # @TEST-EXEC: btest-diff x509.log

@load base/protocols/conn
+@load base/frameworks/dpd
@load base/protocols/ssl

 module POP3;
--- a/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test
+++ b/testing/btest/scripts/base/protocols/rfb/rfb-apple-remote-desktop.test
@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -C -r $TRACES/rfb/vncmac.pcap
+# @TEST-EXEC: btest-diff rfb.log
+
+@load base/protocols/rfb
--- a/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test
+++ b/testing/btest/scripts/base/protocols/rfb/vnc-mac-to-linux.test
@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -C -r $TRACES/rfb/vnc-mac-to-linux.pcap
+# @TEST-EXEC: btest-diff rfb.log
+
+@load base/protocols/rfb
--- a/testing/btest/scripts/base/protocols/ssh/basic.test
+++ b/testing/btest/scripts/base/protocols/ssh/basic.test
@ -1,4 +1,5 @@
 # This tests some SSH connections and the output log.

 # @TEST-EXEC: bro -r $TRACES/ssh/ssh.trace %INPUT
-# @TEST-EXEC: btest-diff ssh.log
+# @TEST-EXEC: btest-diff ssh.log
+# @TEST-EXEC: btest-diff conn.log
--- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test
+++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test
@ -0,0 +1,6 @@
+# This tests if Bro does not crash when exposed to CVE-2015-3194
+
+# @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT
+# @TEST-EXEC: btest-diff ssl.log
+
+@load protocols/ssl/validate-certs.bro
--- a/testing/btest/scripts/base/protocols/ssl/dpd.test
+++ b/testing/btest/scripts/base/protocols/ssl/dpd.test
@ -1,6 +1,7 @@
 # @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT
 # @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT
 # @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT
+# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT
 # @TEST-EXEC: btest-diff .stdout

@load base/frameworks/dpd