Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-14 20:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/master' into topic/johanna/bloomfilter

Browse source
This commit is contained in:
Johanna Amann 2022-05-03 16:43:36 +01:00 committed by Johanna Amann
commit 42bc6db359
377 changed files with 11627 additions and 8961 deletions
Download patch file Download diff file Expand all files Collapse all files

33
testing/benchmark/broker/node.zeek Normal file
View file

@ -0,0 +1,33 @@
redef exit_only_after_terminate = T;
global event_count = 0;
global event_1: event(val: count);
event event_1(value: count)
{
++event_count;
}
event bye_bye()
{
print "received bye-bye event";
terminate();
}
event print_stats()
{
print "received ", event_count, " events/s";
event_count = 0;
schedule 1sec { print_stats() };
}
event zeek_init()
{
local broker_port = to_port(getenv("BROKER_PORT"));
print "trying to connect to port ", broker_port;
Broker::subscribe("benchmark/terminate");
Broker::subscribe("benchmark/events");
Broker::peer("127.0.0.1", broker_port);
schedule 1sec { print_stats() };
}

28
testing/benchmark/broker/sender.zeek Normal file
View file

@ -0,0 +1,28 @@
redef exit_only_after_terminate = T;
global value = 0;
global event_1: event(val: count);
event bye_bye()
{
print "received bye-bye event";
terminate();
}
event publish_next()
{
Broker::publish("benchmark/events", event_1, value);
++value;
schedule 1msec { publish_next() };
}
event zeek_init()
{
local broker_port = to_port(getenv("BROKER_PORT"));
print fmt("trying to connect to port %s", broker_port);
Broker::subscribe("benchmark/terminate");
Broker::peer("127.0.0.1", broker_port);
schedule 250usec { publish_next() };
}

33
testing/benchmark/broker/server.zeek Normal file
View file

@ -0,0 +1,33 @@
redef exit_only_after_terminate = T;
global event_count = 0;
global event_1: event(val: count);
event event_1(value: count)
{
++event_count;
}
event bye_bye()
{
print "received bye-bye event";
terminate();
}
event print_stats()
{
print "received ", event_count, " events/s";
event_count = 0;
schedule 1sec { print_stats() };
}
event zeek_init()
{
local broker_port = to_port(getenv("BROKER_PORT"));
Broker::subscribe("benchmark/terminate");
Broker::subscribe("benchmark/events");
Broker::listen("127.0.0.1", broker_port);
print fmt("listening on port %d", broker_port);
schedule 1sec { print_stats() };
}

2
testing/btest/Baseline.zam/bifs.to_addr/error Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in <...>/to_addr.zeek, line 20: failed converting string to IP address (not an IP)

10
testing/btest/Baseline.zam/bifs.to_addr/output Normal file
View file

@ -0,0 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
to_addr(0.0.0.0) = 0.0.0.0 (SUCCESS)
to_addr(1.2.3.4) = 1.2.3.4 (SUCCESS)
to_addr(01.02.03.04) = 1.2.3.4 (SUCCESS)
to_addr(001.002.003.004) = 1.2.3.4 (SUCCESS)
to_addr(10.20.30.40) = 10.20.30.40 (SUCCESS)
to_addr(100.200.30.40) = 100.200.30.40 (SUCCESS)
to_addr(10.0.0.0) = 10.0.0.0 (SUCCESS)
to_addr(10.00.00.000) = 10.0.0.0 (SUCCESS)
to_addr(not an IP) = :: (SUCCESS)

3
testing/btest/Baseline.zam/bifs.to_double_from_string/error Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in <...>/to_double_from_string.zeek, line 15: bad conversion to double (NotADouble)
error in <...>/to_double_from_string.zeek, line 16: bad conversion to double ()

6
testing/btest/Baseline.zam/bifs.to_double_from_string/output Normal file
View file

@ -0,0 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
to_double(3.14) = 3.14 (SUCCESS)
to_double(-3.14) = -3.14 (SUCCESS)
to_double(0) = 0.0 (SUCCESS)
to_double(NotADouble) = 0.0 (SUCCESS)
to_double() = 0.0 (SUCCESS)

12
testing/btest/Baseline/bifs.enum_to_int/out
View file

@ -5,3 +5,15 @@ C, 2
AV, 10
BV, 11
CV, 12
T
T
T
T
T
T
T
T
T
T
T
T

1
testing/btest/Baseline/bifs.is_ascii/out
View file

@ -1,3 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
F
T
T

4
testing/btest/Baseline/bifs.raw_bytes_to_v6_addr/out Normal file
View file

@ -0,0 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
4142:4344:4546:4748:494b:4c4d:4e4f:5051
::
dada:beef::4e5e:cff:fe6a:8671

3
testing/btest/Baseline/bifs.string_utils/out
View file

@ -17,14 +17,17 @@ Content checking
----------------
is_num abc : 0
is_num 123 : 1
is_num '' : 0
is_alpha ab : 1
is_alpha 1a : 0
is_alpha a1 : 0
is_alpha '' : 0
is_alnum ab : 1
is_alnum 1a : 1
is_alnum a1 : 1
is_alnum 12 : 1
is_alnum ##12: 0
is_alnum '' : 0
String counting (input str 'aabbaa')
------------------------------------

1
testing/btest/Baseline/broker.disconnect/recv.recv.out
View file

@ -1,3 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
endpoint discovered, found a new peer in the network
peer added, handshake successful
receiver got event, 1

1
testing/btest/Baseline/broker.disconnect/recv2.recv2.out
View file

@ -1,3 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
endpoint discovered, found a new peer in the network
peer added, handshake successful
receiver got event, 2

4
testing/btest/Baseline/broker.disconnect/send.send.out
View file

@ -1,5 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
endpoint discovered, found a new peer in the network
peer added, handshake successful
peer lost, lost connection to remote peer
endpoint unreachable, lost the last path
endpoint discovered, found a new peer in the network
peer added, handshake successful
peer lost, lost connection to remote peer
endpoint unreachable, lost the last path

2
testing/btest/Baseline/broker.error/send.out
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error, Broker::PEER_INVALID, (invalid-node, *1.2.3.4:1947, "cannot unpeer from unknown peer")
error, Broker::PEER_INVALID, (00000000-0000-0000-0000-000000000000, *1.2.3.4:1947, "cannot unpeer from unknown peer")

2
testing/btest/Baseline/broker.ssl_auth_failure/send.send.out
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
sender error: code=Broker::PEER_UNAVAILABLE msg=(invalid-node, *<endpoint addr:port>, "unable to connect to remote peer")
sender error: code=Broker::PEER_UNAVAILABLE msg=(00000000-0000-0000-0000-000000000000, *<endpoint addr:port>, "unable to connect to remote peer")

6
testing/btest/Baseline/core.fake_dns/out
View file

@ -1,10 +1,10 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
{
51f3:f001:5b82:e802:c401:6750:7b95:89bb,
4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd,
7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a
7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a,
4cc7:de52:d869:b2f9:f215:19b8:c828:3bdd
}
lookup_hostname_txt, fake_text_lookup_result_bro.wp.dg.cx
lookup_hostname_txt, fake_lookup_result_T_TXT_bro.wp.dg.cx
lookup_hostname, {
ce06:236:f21f:587:8c10:121d:c47d:b412
}

16
testing/btest/Baseline/core.scalar-vector/out Normal file
View file

@ -0,0 +1,16 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/scalar-vector.zeek, line 11: mixing vector and scalar operands is deprecated (string) (vector)
warning in <...>/scalar-vector.zeek, line 12: mixing vector and scalar operands is deprecated (vector) (string)
warning in <...>/scalar-vector.zeek, line 13: mixing vector and scalar operands is deprecated (string) (vector)
warning in <...>/scalar-vector.zeek, line 17: mixing vector and scalar operands is deprecated (count) (vector)
warning in <...>/scalar-vector.zeek, line 18: mixing vector and scalar operands is deprecated (count) (vector)
warning in <...>/scalar-vector.zeek, line 19: mixing vector and scalar operands is deprecated (vector) (count)
warning in <...>/scalar-vector.zeek, line 20: mixing vector and scalar operands is deprecated (vector) (count)
[F, T, F]
[aa, ba, ca]
[aa, ab, ac]
[F, T, F]
[2, 4, 6]
[1, 0, 1]
[0, 1, 1]
[1, 2, 3, 1]

8
testing/btest/Baseline/coverage.bare-mode-errors/errors
View file

@ -1,9 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
### NOTE: This file has been sorted with diff-sort.
warning in <...>/extract-certs-pem.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:12 "Remove in v5.1. Use log-certs-base64.zeek instead."
warning in <...>/extract-certs-pem.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:15 "Remove in v5.1. Use log-certs-base64.zeek instead."
warning in <...>/extract-certs-pem.zeek, line 1: deprecated script loaded from command line arguments "Remove in v5.1. Use log-certs-base64.zeek instead."
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:59 ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:59 ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:65 ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from <...>/test-all-policy.zeek:65 ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/log-ocsp.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. OCSP logging is now enabled by default")
warning in <...>/notary.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:4 ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")
warning in <...>/notary.zeek, line 1: deprecated script loaded from <...>/__load__.zeek:5 ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")
warning in <...>/notary.zeek, line 1: deprecated script loaded from command line arguments ("Remove in v5.1. Please switch to other more modern approaches like SCT validation (validate-sct.zeek).")

2
testing/btest/Baseline/language.cross-product-init/output
View file

@ -1,7 +1,7 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
{
[bar, 1.2.0.0/19] ,
[foo, 1.2.0.0/19] ,
[foo, 5.6.0.0/21] ,
[foo, 1.2.0.0/19] ,
[bar, 5.6.0.0/21]
}

14
testing/btest/Baseline/language.expire-func-type-check/output
View file

@ -1,23 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/expire-func-type-check.zeek, line 16: Wrong number of arguments for function. Expected 2, got 0. (function() : interval)
error in <...>/expire-func-type-check.zeek, line 38: &expire_func argument type clash (&expire_func=invalid_expire_func_no_params)
warning in <...>/expire-func-type-check.zeek, line 16: Wrong number of arguments for function. Expected 2, got 0. (function() : interval)
error in <...>/expire-func-type-check.zeek, line 38: &expire_func argument type clash (&expire_func=invalid_expire_func_no_params)
warning in <...>/expire-func-type-check.zeek, line 16: Wrong number of arguments for function. Expected 2, got 0. (function() : interval)
error in <...>/expire-func-type-check.zeek, line 38: &expire_func argument type clash (&expire_func=invalid_expire_func_no_params)
error in <...>/expire-func-type-check.zeek, line 39: &expire_func must yield a value of type interval (&expire_func=invalid_expire_func_no_return)
error in <...>/expire-func-type-check.zeek, line 39: &expire_func must yield a value of type interval (&expire_func=invalid_expire_func_no_return)
error in <...>/expire-func-type-check.zeek, line 39: &expire_func must yield a value of type interval (&expire_func=invalid_expire_func_no_return)
warning in <...>/expire-func-type-check.zeek, line 22: Wrong number of arguments for function. Expected 3, got 2. (function(t:table[addr,port] of set[addr]; s:set[addr,port];) : interval)
error in <...>/expire-func-type-check.zeek, line 40: &expire_func argument type clash (&expire_func=invalid_expire_func_index_params)
warning in <...>/expire-func-type-check.zeek, line 22: Wrong number of arguments for function. Expected 3, got 2. (function(t:table[addr,port] of set[addr]; s:set[addr,port];) : interval)
error in <...>/expire-func-type-check.zeek, line 40: &expire_func argument type clash (&expire_func=invalid_expire_func_index_params)
error in <...>/expire-func-type-check.zeek, line 41: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_an_event)
error in <...>/expire-func-type-check.zeek, line 41: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_an_event)
error in <...>/expire-func-type-check.zeek, line 41: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_an_event)
error in <...>/expire-func-type-check.zeek, line 42: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_a_hook)
error in <...>/expire-func-type-check.zeek, line 42: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_a_hook)
error in <...>/expire-func-type-check.zeek, line 42: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_a_hook)
error in <...>/expire-func-type-check.zeek, line 43: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_a_number)
error in <...>/expire-func-type-check.zeek, line 43: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_a_number)
error in <...>/expire-func-type-check.zeek, line 43: &expire_func attribute is not a function (&expire_func=invalid_expire_func_because_its_a_number)

1
testing/btest/Baseline/language.init-integration/.stderr Normal file
View file

@ -0,0 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

55
testing/btest/Baseline/language.init-integration/out Normal file
View file

@ -0,0 +1,55 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
init_key in state: 1
init_key2 in state2: 1
{
[worker-2] = [node_type=Cluster::WORKER, ip=127.0.0.1, p=7/tcp, manager=manager-1],
[worker-3] = [node_type=Cluster::WORKER, ip=1.2.3.4, p=9/udp, manager=<uninitialized>],
[manager-1] = [node_type=Cluster::MANAGER, ip=127.0.0.1, p=3/tcp, manager=<uninitialized>],
[worker-1] = [node_type=Cluster::WORKER, ip=127.0.0.1, p=5/udp, manager=manager-1]
}
{
[worker-3] = [node_type=Cluster::WORKER, ip=1.2.3.4, p=9/udp, manager=<uninitialized>],
[manager-1] = [node_type=Cluster::MANAGER, ip=127.0.0.1, p=3/tcp, manager=<uninitialized>],
[worker-1] = [node_type=Cluster::WORKER, ip=127.0.0.1, p=5/udp, manager=manager-1]
}
{
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>]
}
{
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>],
[worker-5] = [node_type=Cluster::WORKER, ip=3.4.5.6, zone_id=, p=15/tcp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>]
}
{
[worker-4] = [node_type=Cluster::WORKER, ip=2.3.4.5, zone_id=, p=13/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>],
[worker-6] = [node_type=Cluster::WORKER, ip=4.5.6.7, zone_id=, p=17/udp, interface=<uninitialized>, manager=<uninitialized>, time_machine=<uninitialized>, id=<uninitialized>]
}
{
[3.0, 4]
}
{
[3.0, 4]
}
{
}
{
[9.0, 4]
}
{
[3.0, 4.0] = 5.0
}
{
[3.0, 4.0] = 5.0
}
{
}
{
[bar, 1.2.0.0/19] ,
[foo, 5.6.0.0/21] ,
[foo, 1.2.0.0/19] ,
[bar, 5.6.0.0/21]
}
/(^?(^?(bar)$?)$?)|(^?(^?(foo)$?)$?)/
[1, 3, 5, 9, 2, 4, 6, 20, 21, 22, 23]
[[3, 2, 1], [1, 2, 3], [20, 21, 22, 23], [80, 81], [90, 91, 92]]

21
testing/btest/Baseline/language.init-mismatch/.stderr Normal file
View file

@ -0,0 +1,21 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in <...>/init-mismatch.zeek, line 6: invalid constructor list on RHS of assignment (a = 3, 5)
error in <...>/init-mismatch.zeek, line 6: assignment of non-arithmetic value to arithmetic (count/types) (a = 3, 5)
warning in <...>/init-mismatch.zeek, line 7: initialization not preceded by =<...>/-= is deprecated (4, 6)
error in <...>/init-mismatch.zeek, line 13: different number of indices (list of count,count and list of count,count,count)
error in <...>/init-mismatch.zeek, line 14: table constructor element lacks '=' structure (bar)
error in <...>/init-mismatch.zeek, line 17: empty list in untyped initialization ()
error in <...>/init-mismatch.zeek, line 23: cannot expand constructor elements using a value that depends on local variables (subnets)
error in <...>/init-mismatch.zeek, line 23: type clash in assignment (my_subnets = set(foo, subnets))
error in <...>/init-mismatch.zeek, line 26: invalid constructor list on RHS of assignment (c += 2, 4)
error in <...>/init-mismatch.zeek, line 27: constructor list not allowed for -= operations on vectors (v -= 3, 5)
error in <...>/init-mismatch.zeek, line 29: RHS type mismatch for table/set += (s1 += s2)
error in <...>/init-mismatch.zeek, line 30: RHS type mismatch for table/set -= (s1 -= s2)
error in <...>/init-mismatch.zeek, line 32: table constructor used in a non-table context (3 = F)
error in double and <...>/init-mismatch.zeek, line 32: arithmetic mixed with non-arithmetic (double and 3 = F)
error in <...>/init-mismatch.zeek, line 32 and double: type mismatch (3 = F and double)
error in <...>/init-mismatch.zeek, line 32: inconsistent type in set constructor (set(3 = F))
error in <...>/init-mismatch.zeek, line 34: not a list of indices (s2)
error in <...>/init-mismatch.zeek, line 34: type clash in assignment (s3 = set(s2))
error in <...>/init-mismatch.zeek, line 36: pattern += op requires op to be a pattern (p += 3)
error in <...>/init-mismatch.zeek, line 38: illegal table constructor element (1.2.3.4)

2
testing/btest/Baseline/language.inlined-nested-loop/out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
I compiled and ran!

10
testing/btest/Baseline/language.mismatched-container-ctor-types/.stderr
View file

@ -1,9 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in <...>/mismatched-container-ctor-types.zeek, line 6: unexpected use of vector constructor in 'table' initialization (vector())
error in <...>/mismatched-container-ctor-types.zeek, line 7: unexpected use of table constructor in 'vector' initialization (table())
error in <...>/mismatched-container-ctor-types.zeek, line 8: unexpected use of set constructor in 'vector' initialization (set())
error in <...>/mismatched-container-ctor-types.zeek, line 9: unexpected use of record constructor in 'vector' initialization ([])
error in <...>/mismatched-container-ctor-types.zeek, line 10: unexpected use of record constructor in 'vector' initialization (R())
error in <...>/mismatched-container-ctor-types.zeek, line 6: type clash in assignment (t = vector())
error in <...>/mismatched-container-ctor-types.zeek, line 7: type clash in assignment (v0 = table())
error in <...>/mismatched-container-ctor-types.zeek, line 8: type clash in assignment (v1 = set())
error in <...>/mismatched-container-ctor-types.zeek, line 9: type clash in assignment (v2 = [])
error in <...>/mismatched-container-ctor-types.zeek, line 10: type clash in assignment (v3 = R())
error in <...>/mismatched-container-ctor-types.zeek, line 12: type clash in assignment (lt = vector())
error in <...>/mismatched-container-ctor-types.zeek, line 13: type clash in assignment (lv0 = table())
error in <...>/mismatched-container-ctor-types.zeek, line 14: type clash in assignment (lv1 = set())

3
testing/btest/Baseline/language.record-bad-ctor/out
View file

@ -1,3 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in <...>/record-bad-ctor.zeek, line 6: no type given (asdfasdf)
error in <...>/record-bad-ctor.zeek, line 7: non-optional field "ports" missing in initialization ([ports=<uninitialized>])
expression error in <...>/record-bad-ctor.zeek, line 11: value used but not set (asdfasdf2)
error in <...>/record-bad-ctor.zeek, line 11: initialization failed (blah2)

3
testing/btest/Baseline/language.record-bad-ctor4/out Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in <...>/record-bad-ctor4.zeek, line 29: mandatory field "cnt" missing (info2($str=hello))
error in <...>/record-bad-ctor4.zeek, line 29: mandatory field "a" missing ([$str=hello])

3
testing/btest/Baseline/language.record-type-checking/out
View file

@ -1,11 +1,8 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in port and <...>/record-type-checking.zeek, line 9: arithmetic mixed with non-arithmetic (port and 0)
error in <...>/record-type-checking.zeek, line 9: bad record initializer ([$a=<error>])
error in port and <...>/record-type-checking.zeek, line 12: arithmetic mixed with non-arithmetic (port and 1)
error in <...>/record-type-checking.zeek, line 12: bad record initializer ((coerce [$a=<error>] to error))
error in port and <...>/record-type-checking.zeek, line 18: arithmetic mixed with non-arithmetic (port and 2)
error in <...>/record-type-checking.zeek, line 22 and count: type clash for field "a" ((coerce [$a=3] to MyRec) and count)
error in <...>/record-type-checking.zeek, line 22: bad record initializer ((coerce [$a=3] to error))
error in port and <...>/record-type-checking.zeek, line 27: arithmetic mixed with non-arithmetic (port and 1000)
error in port and <...>/record-type-checking.zeek, line 33: arithmetic mixed with non-arithmetic (port and 1001)
error in port and <...>/record-type-checking.zeek, line 40: arithmetic mixed with non-arithmetic (port and 1002)

3
testing/btest/Baseline/language.redef-same-prefixtable-idx/.stderr Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
warning in <...>/redef-same-prefixtable-idx.zeek, line 7: initialization not preceded by =<...>/-= is deprecated (3.0.0.0/8 = 1.0.0.0/8)
warning in <...>/redef-same-prefixtable-idx.zeek, line 8: initialization not preceded by =<...>/-= is deprecated (3.0.0.0/8 = 2.0.0.0/8)

6
testing/btest/Baseline/language.set-type-checking/out
View file

@ -8,8 +8,10 @@ error in <...>/set-type-checking.zeek, line 10: inconsistent type in set constru
error in port and <...>/set-type-checking.zeek, line 16: arithmetic mixed with non-arithmetic (port and 2)
error in <...>/set-type-checking.zeek, line 16 and port: type mismatch (2 and port)
error in <...>/set-type-checking.zeek, line 16: inconsistent type in set constructor (set(2))
error in port: arithmetic mixed with non-arithmetic (port and 3)
error in <...>/set-type-checking.zeek, line 20: initialization type mismatch in set (set(3) and 3)
error in port and <...>/set-type-checking.zeek, line 20: arithmetic mixed with non-arithmetic (port and 3)
error in <...>/set-type-checking.zeek, line 20 and port: type mismatch (3 and port)
error in <...>/set-type-checking.zeek, line 20: inconsistent type in set constructor (set(3))
error in <...>/set-type-checking.zeek, line 20: type clash in assignment (gea = set(3))
error in port and <...>/set-type-checking.zeek, line 25: arithmetic mixed with non-arithmetic (port and 1000)
error in <...>/set-type-checking.zeek, line 25 and port: type mismatch (1000 and port)
error in <...>/set-type-checking.zeek, line 25: inconsistent type in set constructor (set(1000))

6
testing/btest/Baseline/language.table-aggr-init-type-check/output
View file

@ -1,3 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in <...>/table-aggr-init-type-check.zeek, line 21: type mismatch in table value initialization: assigning 'types' to table with values of type 'record' (three = 1, 2)
error in <...>/table-aggr-init-type-check.zeek, line 25: type mismatch in table value initialization: incompatible record types (four = [$b=No.])
error in <...>/table-aggr-init-type-check.zeek, lines 4-7 and <...>/table-aggr-init-type-check.zeek, line 21: type clash (MyRec and 1, 2)
error in <...>/table-aggr-init-type-check.zeek, line 21: inconsistent types in table constructor (table(three = 1, 2))
error in <...>/table-aggr-init-type-check.zeek, lines 4-7 and <...>/table-aggr-init-type-check.zeek, line 25: incompatible record types (MyRec and [$b=No.])
error in <...>/table-aggr-init-type-check.zeek, line 25: inconsistent types in table constructor (table(four = [$b=No.]))

3
testing/btest/Baseline/language.table-init/output
View file

@ -9,3 +9,6 @@ global table default
[3] = three
}
local table default
{
}

3
testing/btest/Baseline/language.table-list-assign-type-check/output
View file

@ -1,8 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in count and <...>/table-list-assign-type-check.zeek, line 16: arithmetic mixed with non-arithmetic (count and Internal Web Server)
error in <...>/table-list-assign-type-check.zeek, lines 15-20: inconsistent types in table constructor (table(www, 80 = Internal Web Server, dns1, 53 = Internal DNS 1, dns2, 53 = Internal DNS 2, dhcp-for-wifi, 443 = DHCP Management interface for WiFi))
error in <...>/table-list-assign-type-check.zeek, lines 15-20: type clash in assignment (service_table_bad_yield = table(www, 80 = Internal Web Server, dns1, 53 = Internal DNS 1, dns2, 53 = Internal DNS 2, dhcp-for-wifi, 443 = DHCP Management interface for WiFi))
error in count and <...>/table-list-assign-type-check.zeek, line 24: arithmetic mixed with non-arithmetic (count and 80)
error in <...>/table-list-assign-type-check.zeek, lines 23-28: inconsistent types in table constructor (table(www, 80 = Internal Web Server, dns1, 53 = Internal DNS 1, dns2, 53 = Internal DNS 2, dhcp-for-wifi, 443 = DHCP Management interface for WiFi))
error in <...>/table-list-assign-type-check.zeek, lines 23-28: type clash in assignment (service_table_bad_index = table(www, 80 = Internal Web Server, dns1, 53 = Internal DNS 1, dns2, 53 = Internal DNS 2, dhcp-for-wifi, 443 = DHCP Management interface for WiFi))
error in string and <...>/table-list-assign-type-check.zeek, line 31: arithmetic mixed with non-arithmetic (string and 1)
error in <...>/table-list-assign-type-check.zeek, line 31 and string: type mismatch (1 and string)
error in <...>/table-list-assign-type-check.zeek, line 31: inconsistent type in set constructor (set(1, 2, 3))
error in <...>/table-list-assign-type-check.zeek, line 31: type clash in assignment (test_set_bad = set(1, 2, 3))

30
testing/btest/Baseline/language.table-type-checking/out
View file

@ -1,15 +1,17 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
error in port and <...>/table-type-checking.zeek, line 7: type clash (port and zero)
error in <...>/table-type-checking.zeek, line 7: inconsistent types in table constructor (table(zero = 0))
error in port and <...>/table-type-checking.zeek, line 10: type clash (port and one)
error in <...>/table-type-checking.zeek, line 10: inconsistent types in table constructor (table(one = 1))
error in <...>/table-type-checking.zeek, line 17: type clash in assignment (gda = gda2)
error in <...>/table-type-checking.zeek, line 21 and <...>/table-type-checking.zeek, line 4: index type doesn't match table (three and list of port)
expression error in <...>/table-type-checking.zeek, line 21: type clash in table assignment (three = 3)
error in port and <...>/table-type-checking.zeek, line 26: type clash (port and thousand)
error in <...>/table-type-checking.zeek, line 26: inconsistent types in table constructor (table(thousand = 1000))
error in port and <...>/table-type-checking.zeek, line 32: type clash (port and thousand-one)
error in <...>/table-type-checking.zeek, line 32: inconsistent types in table constructor (table(thousand-one = 1001))
error in port and <...>/table-type-checking.zeek, line 39: type clash (port and thousand-two)
error in <...>/table-type-checking.zeek, line 39: inconsistent types in table constructor (table(thousand-two = 1002))
error in <...>/table-type-checking.zeek, line 45: type clash in assignment (lea = table(thousand-three = 1003))
error in <...>/table-type-checking.zeek, line 7: empty constructor in untyped initialization (table())
error in port and <...>/table-type-checking.zeek, line 10: type clash (port and zero)
error in <...>/table-type-checking.zeek, line 10: inconsistent types in table constructor (table(zero = 0))
error in port and <...>/table-type-checking.zeek, line 13: type clash (port and one)
error in <...>/table-type-checking.zeek, line 13: inconsistent types in table constructor (table(one = 1))
error in <...>/table-type-checking.zeek, line 20: type clash in assignment (gda = gda2)
error in <...>/table-type-checking.zeek, line 24: type clash in assignment (gea = table(three = 3))
error in port and <...>/table-type-checking.zeek, line 29: type clash (port and thousand)
error in <...>/table-type-checking.zeek, line 29: inconsistent types in table constructor (table(thousand = 1000))
error in port and <...>/table-type-checking.zeek, line 35: type clash (port and thousand-one)
error in <...>/table-type-checking.zeek, line 35: inconsistent types in table constructor (table(thousand-one = 1001))
error in port and <...>/table-type-checking.zeek, line 42: type clash (port and thousand-two)
error in <...>/table-type-checking.zeek, line 42: inconsistent types in table constructor (table(thousand-two = 1002))
error in <...>/table-type-checking.zeek, line 48: type clash in assignment (lea = table(thousand-three = 1003))
error in count and <...>/table-type-checking.zeek, line 54: arithmetic mixed with non-arithmetic (count and foo)
error in <...>/table-type-checking.zeek, line 4 and <...>/table-type-checking.zeek, line 54: &default value has inconsistent type (table[port] of count and table())

2
testing/btest/Baseline/language.vector-slice-assign/out Normal file
View file

@ -0,0 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[[seq=4], [seq=5], [seq=3], [seq=1], [seq=2], [seq=6], [seq=7]]

3
testing/btest/Baseline/language.vector-type-checking/out
View file

@ -6,8 +6,7 @@ error in count and <...>/vector-type-checking.zeek, line 10: arithmetic mixed wi
error in <...>/vector-type-checking.zeek, line 10 and count: type mismatch (one and count)
error in <...>/vector-type-checking.zeek, line 10: inconsistent types in vector constructor (vector(one))
error in <...>/vector-type-checking.zeek, line 17: type clash in assignment (gda = gda2)
error in count and <...>/vector-type-checking.zeek, line 21: arithmetic mixed with non-arithmetic (count and three)
error in <...>/vector-type-checking.zeek, line 21: initialization type mismatch at index 0 (vector(three) and three)
error in <...>/vector-type-checking.zeek, line 21: type clash in assignment (gea = vector(three))
error in count and <...>/vector-type-checking.zeek, line 26: arithmetic mixed with non-arithmetic (count and thousand)
error in <...>/vector-type-checking.zeek, line 26 and count: type mismatch (thousand and count)
error in <...>/vector-type-checking.zeek, line 26: inconsistent types in vector constructor (vector(thousand))

2
testing/btest/Baseline/language.vector-unspecified/output
View file

@ -1,2 +1,2 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[5, Hi, 127.0.0.1]
error in <...>/vector-unspecified.zeek, line 7: empty constructor in untyped initialization (vector())

6
testing/btest/Baseline/plugins.hooks/output
View file

@ -668,7 +668,7 @@
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)})) -> <no result>
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val})) -> <no result>
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::TOPK, lambda_<6366101205573988923>{ topk_add(SumStats::rv$topk, to_any_coerceSumStats::obs)})) -> <no result>
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::UNIQUE, lambda_<14393221830775341876>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) -> <no result>
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::UNIQUE, lambda_<5561482868084494682>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce (coerce set() to set[SumStats::Observation]) to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})) -> <no result>
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})) -> <no result>
0.000000 MetaHookPost CallFunction(SumStats::register_observe_plugins, <frame>, ()) -> <no result>
0.000000 MetaHookPost CallFunction(Supervisor::__is_supervisor, <frame>, ()) -> <no result>
@ -2125,7 +2125,7 @@
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)}))
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val}))
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::TOPK, lambda_<6366101205573988923>{ topk_add(SumStats::rv$topk, to_any_coerceSumStats::obs)}))
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::UNIQUE, lambda_<14393221830775341876>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals}))
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::UNIQUE, lambda_<5561482868084494682>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce (coerce set() to set[SumStats::Observation]) to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals}))
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugin, <frame>, (SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average}))
0.000000 MetaHookPre CallFunction(SumStats::register_observe_plugins, <frame>, ())
0.000000 MetaHookPre CallFunction(Supervisor::__is_supervisor, <frame>, ())
@ -3581,7 +3581,7 @@
0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::STD_DEV, lambda_<5704045257244168718>{ SumStats::calc_std_dev(SumStats::rv)})
0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::SUM, lambda_<6958532551242393774>{ SumStats::rv$sum += SumStats::val})
0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::TOPK, lambda_<6366101205573988923>{ topk_add(SumStats::rv$topk, to_any_coerceSumStats::obs)})
0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::UNIQUE, lambda_<14393221830775341876>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce set() to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})
0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::UNIQUE, lambda_<5561482868084494682>{ if (!SumStats::rv?$unique_vals) SumStats::rv$unique_vals = (coerce (coerce set() to set[SumStats::Observation]) to set[SumStats::Observation])if (SumStats::r?$unique_max) SumStats::rv$unique_max = SumStats::r$unique_maxif (!SumStats::r?$unique_max || sizeofSumStats::rv$unique_vals <= SumStats::r$unique_max) add SumStats::rv$unique_vals[SumStats::obs]SumStats::rv$unique = sizeofSumStats::rv$unique_vals})
0.000000 | HookCallFunction SumStats::register_observe_plugin(SumStats::VARIANCE, lambda_<6557258612059469785>{ if (1 < SumStats::rv$num) SumStats::rv$var_s += ((SumStats::val - SumStats::rv$prev_avg) * (SumStats::val - SumStats::rv$average))SumStats::calc_variance(SumStats::rv)SumStats::rv$prev_avg = SumStats::rv$average})
0.000000 | HookCallFunction SumStats::register_observe_plugins()
0.000000 | HookCallFunction Supervisor::__is_supervisor()

8
testing/btest/Baseline/plugins.plugin-load-file-extended/output
View file

@ -1,7 +1,9 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
HookLoadExtended/script: file=|xxx| resolved=|./xxx.zeek|
HookLoadExtended/script: file=|yyy| resolved=||
HookLoadExtended/signature: file=|abc.sig| resolved=|./abc.sig|
HookLoadExtended/script: file=|xxx| resolved=|./xxx.zeek| srcloc=|n/a|
HookLoadExtended/script: file=|xxx3| resolved=|./xxx3.zeek| srcloc=|./xxx2.zeek|
HookLoadExtended/script: file=|yyy| resolved=|| srcloc=|n/a|
HookLoadExtended/signature: file=|abc.sig| resolved=|./abc.sig| srcloc=|n/a|
HookLoadExtended/signature: file=|def.sig| resolved=|./def.sig| srcloc=|./xxx2.zeek|
new zeek_init(): script has been replaced
new zeek_init(): script has been added
signature works!

23
testing/btest/Baseline/plugins.reporter-hook/output
View file

@ -1,11 +1,14 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
| Hook Some Info <...>/reporter-hook.zeek, line 16
| Hook error An Error <...>/reporter-hook.zeek, line 18
| Hook error An Error that does not show up in the log <...>/reporter-hook.zeek, line 19
| Hook expression error field value missing (b$a) <...>/reporter-hook.zeek, line 23
| Hook warning A warning <...>/reporter-hook.zeek, line 17
<...>/reporter-hook.zeek, line 16: Some Info
error in <...>/reporter-hook.zeek, line 18: An Error
error in <...>/reporter-hook.zeek, line 19: An Error that does not show up in the log
expression error in <...>/reporter-hook.zeek, line 23: field value missing (b$a)
warning in <...>/reporter-hook.zeek, line 17: A warning
Reporter::Hook - Exercise Reporter Hook (dynamic, version 1.0.0)
Implements Reporter (priority 0)
| Hook Some Info <...>/reporter-hook.zeek, line 17
| Hook error An Error <...>/reporter-hook.zeek, line 19
| Hook error An Error that does not show up in the log <...>/reporter-hook.zeek, line 20
| Hook expression error field value missing (b$a) <...>/reporter-hook.zeek, line 24
| Hook warning A warning <...>/reporter-hook.zeek, line 18
<...>/reporter-hook.zeek, line 17: Some Info
error in <...>/reporter-hook.zeek, line 19: An Error
error in <...>/reporter-hook.zeek, line 20: An Error that does not show up in the log
expression error in <...>/reporter-hook.zeek, line 24: field value missing (b$a)
warning in <...>/reporter-hook.zeek, line 18: A warning

8
testing/btest/Baseline/plugins.reporter-hook/reporter.log
View file

@ -7,8 +7,8 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts level message location
#types time enum string string
XXXXXXXXXX.XXXXXX Reporter::INFO Some Info <...>/reporter-hook.zeek, line 16
XXXXXXXXXX.XXXXXX Reporter::WARNING A warning <...>/reporter-hook.zeek, line 17
XXXXXXXXXX.XXXXXX Reporter::ERROR An Error <...>/reporter-hook.zeek, line 18
XXXXXXXXXX.XXXXXX Reporter::ERROR field value missing (b$a) <...>/reporter-hook.zeek, line 23
XXXXXXXXXX.XXXXXX Reporter::INFO Some Info <...>/reporter-hook.zeek, line 17
XXXXXXXXXX.XXXXXX Reporter::WARNING A warning <...>/reporter-hook.zeek, line 18
XXXXXXXXXX.XXXXXX Reporter::ERROR An Error <...>/reporter-hook.zeek, line 19
XXXXXXXXXX.XXXXXX Reporter::ERROR field value missing (b$a) <...>/reporter-hook.zeek, line 24
#close XXXX-XX-XX-XX-XX-XX

9
testing/btest/Baseline/scripts.base.frameworks.intel.read-file-dist-cluster/manager-1.intel.log
View file

@ -1,4 +1,5 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
### NOTE: This file has been sorted with diff-sort.
#separator \x09
#set_separator ,
#empty_field (empty)
@ -7,8 +8,8 @@
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p seen.indicator seen.indicator_type seen.where seen.node matched sources fuid file_mime_type file_desc
#types time string addr port addr port string enum enum string set[enum] set[string] string string string
XXXXXXXXXX.XXXXXX - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST worker-1 Intel::ADDR source1 - - -
XXXXXXXXXX.XXXXXX - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST worker-1 Intel::EMAIL source1 - - -
XXXXXXXXXX.XXXXXX - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST worker-2 Intel::ADDR source1 - - -
XXXXXXXXXX.XXXXXX - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST worker-2 Intel::EMAIL source1 - - -
#close XXXX-XX-XX-XX-XX-XX
XXXXXXXXXX.XXXXXX - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST worker-1 Intel::ADDR source1 - - -
XXXXXXXXXX.XXXXXX - - - - - 1.2.3.4 Intel::ADDR Intel::IN_A_TEST worker-2 Intel::ADDR source1 - - -
XXXXXXXXXX.XXXXXX - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST worker-1 Intel::EMAIL source1 - - -
XXXXXXXXXX.XXXXXX - - - - - e@mail.com Intel::EMAIL Intel::IN_A_TEST worker-2 Intel::EMAIL source1 - - -

0
testing/btest/Baseline/scripts.policy.frameworks.cluster.controller.agent-checkin/zeek.controller.stdout → testing/btest/Baseline/scripts.policy.frameworks.management.controller.agent-checkin/zeek.controller.stdout
View file

11
testing/btest/Baseline/scripts.policy.protocols.ssl.decryption/http.log Normal file
View file

@ -0,0 +1,11 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path http
#open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types
#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string]
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.100.70 48216 193.99.144.80 443 1 GET heise.de / - 1.1 Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 - 0 229 301 Moved Permanently - - (empty) - - - - - - FaOfPL638bbaQ1KMh - text/html
#close XXXX-XX-XX-XX-XX-XX

BIN
testing/btest/Traces/echo-connections.pcap.gz Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/tls/tls-1.2-stream-keylog.pcap Normal file
View file

Binary file not shown.

BIN
testing/btest/Traces/tls/tls12-decryption.pcap Normal file
View file

Binary file not shown.

16
testing/btest/bifs/enum_to_int.zeek
View file

@ -18,12 +18,24 @@ export {
event zeek_init()
{
print A, enum_to_int(A);
print B, enum_to_int(B);
print C, enum_to_int(C);
print AV, enum_to_int(AV);
print BV, enum_to_int(BV);
print CV, enum_to_int(CV);
print enum_to_int(A) != enum_to_int(B);
print enum_to_int(A) != enum_to_int(C);
print enum_to_int(B) != enum_to_int(C);
print enum_to_int(A) < enum_to_int(B);
print enum_to_int(A) < enum_to_int(C);
print enum_to_int(B) < enum_to_int(C);
print enum_to_int(AV) != enum_to_int(BV);
print enum_to_int(AV) != enum_to_int(CV);
print enum_to_int(BV) != enum_to_int(CV);
print enum_to_int(AV) < enum_to_int(BV);
print enum_to_int(AV) < enum_to_int(CV);
print enum_to_int(BV) < enum_to_int(CV);
}

1
testing/btest/bifs/is_ascii.zeek
View file

@ -9,4 +9,5 @@ event zeek_init()
print is_ascii(a);
print is_ascii(b);
print is_ascii("");
}

10
testing/btest/bifs/raw_bytes_to_v6_addr.zeek Normal file
View file

@ -0,0 +1,10 @@
#
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: btest-diff out
event zeek_init()
{
print raw_bytes_to_v6_addr("ABCDEFGHIKLMNOPQ");
print raw_bytes_to_v6_addr("ABCDEFGHIKLMNOP");
print raw_bytes_to_v6_addr("\xda\xda\xbe\xef\x00\x00\x00\x00N^\x0c\xff\xfej\x86q");
}

3
testing/btest/bifs/string_utils.zeek
View file

@ -23,14 +23,17 @@ event zeek_init()
print "----------------";
print fmt("is_num abc : %d", is_num("abc"));
print fmt("is_num 123 : %d", is_num("123"));
print fmt("is_num '' : %d", is_num(""));
print fmt("is_alpha ab : %d", is_alpha("ab"));
print fmt("is_alpha 1a : %d", is_alpha("1a"));
print fmt("is_alpha a1 : %d", is_alpha("a1"));
print fmt("is_alpha '' : %d", is_alpha(""));
print fmt("is_alnum ab : %d", is_alnum("ab"));
print fmt("is_alnum 1a : %d", is_alnum("1a"));
print fmt("is_alnum a1 : %d", is_alnum("a1"));
print fmt("is_alnum 12 : %d", is_alnum("12"));
print fmt("is_alnum ##12: %d", is_alnum("##12"));
print fmt("is_alnum '' : %d", is_alnum(""));
print "";
print "String counting (input str 'aabbaa')";

2
testing/btest/broker/connect-on-retry.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

32
testing/btest/broker/disconnect.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
@ -7,7 +9,7 @@
# @TEST-EXEC: btest-bg-run recv2 "zeek -b ../recv.zeek >recv2.out"
# @TEST-EXEC: btest-bg-wait 45
#
# @TEST-EXEC: btest-diff send/send.out
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff recv2/recv2.out
@ -33,10 +35,6 @@ event zeek_init()
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
{
print "peer lost", msg;
system("touch lost");
if ( peers == 2 )
terminate();
}
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
@ -46,6 +44,20 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
Broker::publish(test_topic, my_event, peers);
}
event Broker::endpoint_discovered(endpoint: Broker::EndpointInfo, msg: string)
{
print "endpoint discovered", msg;
}
event Broker::endpoint_unreachable(endpoint: Broker::EndpointInfo, msg: string)
{
print "endpoint unreachable", msg;
system("touch lost");
if ( peers == 2 )
terminate();
}
@TEST-END-FILE
@ -77,4 +89,14 @@ event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
print "peer added", msg;
}
event Broker::endpoint_discovered(endpoint: Broker::EndpointInfo, msg: string)
{
print "endpoint discovered", msg;
}
event Broker::endpoint_unreachable(endpoint: Broker::EndpointInfo, msg: string)
{
print "endpoint unreachable", msg;
}
@TEST-END-FILE

4
testing/btest/broker/error.zeek
View file

@ -1,6 +1,8 @@
# @TEST-GROUP: broker
#
# @TEST-EXEC: zeek -b send.zeek >send.out
# @TEST-EXEC: btest-diff send.out
#
#
@TEST-START-FILE send.zeek

2
testing/btest/broker/opaque.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff .stderr

2
testing/btest/broker/remote_event.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_event_any.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_event_auto.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_event_ssl_auth.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_event_vector_any.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_id.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_log.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_log_batch.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_log_late_join.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/remote_log_types.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

2
testing/btest/broker/ssl-mismatch.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run listen "zeek -b %INPUT connect=F Broker::disable_ssl=T"

2
testing/btest/broker/ssl_auth_failure.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"

10
testing/btest/broker/store/brokerstore-backend-simple-reverse.zeek
View file

@ -70,6 +70,9 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
@TEST-START-FILE clone.zeek
global has_node_up: bool = F;
global has_announce_masters: bool = F;
event dump_tables()
{
t["a"] = 5;
@ -95,7 +98,9 @@ event dump_tables()
event Cluster::node_up(name: string, id: string)
{
Reporter::info(fmt("Node Up: %s", name));
event dump_tables();
has_node_up = T;
if ( has_announce_masters )
event dump_tables();
}
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
@ -106,6 +111,9 @@ event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
event Broker::announce_masters(masters: set[string])
{
Reporter::info(fmt("Received announce_masters: %s", cat(masters)));
has_announce_masters = T;
if ( has_node_up )
event dump_tables();
}
@TEST-END-FILE

7
testing/btest/broker/store/brokerstore-backend-sqlite.zeek
View file

@ -125,7 +125,12 @@ event dump_tables()
event check_all_set()
{
if ( "whatever" in t && "hi" in s && "b" in r )
# Note: 'a' gets inserted first into 'r'. However, we may still observe 'r'
# with 'b' but without 'a'. This may happen if the clone completes
# its handshake with the server after 'a' and 'b' are already in 'r'.
# In this case, the master sends a snapshot of its state and the
# insertion events for 'a' and 'b' they may trigger in any order.
if ( "whatever" in t && "hi" in s && "a" in r && "b" in r )
event dump_tables();
else
schedule 0.1sec { check_all_set() };

4
testing/btest/broker/unpeer.zeek
View file

@ -1,3 +1,5 @@
# @TEST-GROUP: broker
#
# @TEST-PORT: BROKER_PORT
#
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
@ -6,7 +8,7 @@
# @TEST-EXEC: btest-bg-wait 45
# @TEST-EXEC: btest-diff recv/recv.out
# @TEST-EXEC: btest-diff send/send.out
#
#
# @TEST-EXEC: cat recv/broker.log | awk '/Broker::STATUS/ { $5="XXX"; print; }' >recv/broker.filtered.log
# @TEST-EXEC: cat send/broker.log | awk '/Broker::STATUS/ { $5="XXX"; print; }' >send/broker.filtered.log
# @TEST-EXEC: btest-diff recv/broker.filtered.log

52
testing/btest/core/dict-iteration-expire1.zeek Normal file
View file

@ -0,0 +1,52 @@
# @TEST-EXEC: zeek %INPUT
# @TEST-DOC: Regression test #2017; no output check, just shouldn't crash
redef table_expire_interval = 0.1sec;
redef table_incremental_step = 100;
redef table_expire_delay = 0.5sec;
redef exit_only_after_terminate = T;
global tbl: table[string] of vector of count &default = vector() &create_expire=1sec;
const populates_per_second = 100;
const populates_num = 100;
global done = F;
event do_terminate() {
terminate();
}
event cleanup(idx: string) {
delete tbl[idx];
# terminate a bit after all elements will finally have been expired
if ( done && |tbl| == 0 )
schedule 1sec { do_terminate() };
}
event populate(round: count) {
local i = 0;
while (++i < populates_num) {
local val = rand(1000000);
local val_str = cat(val);
# print(fmt("round %s %s val=%s", round, i, val));
tbl[val_str] = vector(val);
# Schedule an explicit delete at most a second away.
local random_cleanup_delay = double_to_interval(rand(100) / 100.0);
schedule random_cleanup_delay { cleanup(val_str) };
}
if ( round <= 200 ) {
print(fmt("round %s size=%s", round, |tbl|));
schedule 1sec/populates_per_second { populate(++round) };
}
else
done = T;
}
event zeek_init() {
event populate(1);
}

108
testing/btest/core/dict-iteration-expire4.zeek Normal file
View file

@ -0,0 +1,108 @@
# @TEST-EXEC: zcat <$TRACES/echo-connections.pcap.gz | zeek --load-seeds 1.seeds -Cr - %INPUT
# @TEST-EXEC: zcat <$TRACES/echo-connections.pcap.gz | zeek --load-seeds 2.seeds -Cr - %INPUT
# @TEST-DOC: Regression test #2032; no output check, just shouldn't crash
redef table_expire_delay = 0.1sec;
redef table_incremental_step = 10;
redef table_expire_interval = 0.01sec;
# redef exit_only_after_terminate = T;
type Key: record {
c: count;
s1: string;
s2: string;
a1: addr;
a2: addr;
};
global insert_many: event(n: count);
global insert_many_f: function(n: count);
function expire(t: table[Key] of Key, k: Key): interval {
print(fmt("Expiring %s sz=%s", k, |t|));
schedule 0.2sec { insert_many(2 * |t| + 8) };
#insert_many_f(2 * |t| + 8);
return 0sec;
}
global tbl: table[Key] of Key &create_expire=0.1sec &expire_func=expire;
function make_key(i: count): Key {
return Key(
$c=i,
$s1=cat(i),
$s2=cat(2 * i),
$a1=count_to_v4_addr(1000000 + i),
$a2=count_to_v4_addr(2000000 + i)
);
}
event insert_many(n: count) {
local i = n;
while (++i < n + 37) {
local k = make_key(i);
tbl[k] = k;
}
}
function insert_many_f(n: count) {
local i = n;
while (++i < n + 37) {
local k = make_key(i);
tbl[k] = k;
}
}
event zeek_init() {
local k = make_key(1);
tbl[k] = k;
}
@TEST-START-FILE 1.seeds
3569182667
3864322632
2737717875
4292737228
959594593
3440781012
1483058089
950202215
611472157
2218394723
3885890563
1396441520
1851988456
3540954895
2626085489
3793122452
3535210719
936980445
3834222442
2355333979
113403102
@TEST-END-FILE
@TEST-START-FILE 2.seeds
4013930712
1835775324
3393047106
3151534432
2727962940
3990820447
792628001
3844857817
2661636943
2621115293
2909873159
3909343487
1003041063
1365337823
2042927118
3623503659
394335333
302877509
348858887
14638654
4267481449
@TEST-END-FILE

68
testing/btest/core/dict-iteration-expire5.zeek Normal file
View file

@ -0,0 +1,68 @@
# @TEST-EXEC: zcat <$TRACES/echo-connections.pcap.gz | zeek --load-seeds 1.seeds -Cr - %INPUT
# @TEST-EXEC: zcat <$TRACES/echo-connections.pcap.gz | zeek --load-seeds 2.seeds -Cr - %INPUT
# @TEST-DOC: Regression test #2032; no output check, just shouldn't crash
redef table_expire_delay = 0.0001sec;
redef table_incremental_step = 1;
redef table_expire_interval = 0.001sec;
function expire(t: table[conn_id] of string, k: conn_id): interval {
# print(fmt("Expiring %s sz=%s", k, |t|));
return 0sec;
}
global recent_conns: table[conn_id] of string &create_expire=0.05sec &expire_func=expire;
event new_connection(c: connection) {
# print(fmt("%s %s", c$id, network_time()));
recent_conns[c$id] = c$uid;
}
@TEST-START-FILE 1.seeds
3569182667
3864322632
2737717875
4292737228
959594593
3440781012
1483058089
950202215
611472157
2218394723
3885890563
1396441520
1851988456
3540954895
2626085489
3793122452
3535210719
936980445
3834222442
2355333979
113403102
@TEST-END-FILE
@TEST-START-FILE 2.seeds
4013930712
1835775324
3393047106
3151534432
2727962940
3990820447
792628001
3844857817
2661636943
2621115293
2909873159
3909343487
1003041063
1365337823
2042927118
3623503659
394335333
302877509
348858887
14638654
4267481449
@TEST-END-FILE

2
testing/btest/core/fake_dns.zeek
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: ZEEK_DNS_FAKE=1 zeek -b %INPUT >out
# @TEST-EXEC: ZEEK_DNS_FAKE=1 zeek -D -b %INPUT >out
# @TEST-EXEC: btest-diff out
redef exit_only_after_terminate = T;

24
testing/btest/core/scalar-vector.zeek Normal file
View file

@ -0,0 +1,24 @@
# Skip this test when using ZAM, as it will generate a hard error in addition
# to the warning.
# @TEST-REQUIRES: test "${ZEEK_ZAM}" != "1"
#
# @TEST-EXEC: zeek -b %INPUT > out 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath" btest-diff out
event zeek_init()
{
const sv = vector("a", "b", "c");
print sv == "b";
print sv + "a";
print "a" + sv;
const nv = vector(1, 2, 3);
print nv == 2;
print nv * 2;
print nv % 2;
print nv / 2;
const also_nv = nv += 1;
print nv;
}

2
testing/btest/language/cross-product-init.zeek
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: zeek -b %INPUT >output 2>&1
# @TEST-EXEC: zeek -b -D %INPUT >output 2>&1
# @TEST-EXEC: btest-diff output
global my_subs = { 1.2.3.4/19, 5.6.7.8/21 };

115
testing/btest/language/init-integration.zeek Normal file
View file

@ -0,0 +1,115 @@
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff .stderr
# A bunch of tests for the unification of global initializations and
# =/+=/-= expressions.
# This is used just to pull in an example that works for globals, to make
# sure it works for locals.
@load base/frameworks/cluster
# This first covers the bug that motivated the unification.
type Key: record {
k0: string;
k1: string &optional;
};
global init_key = [$k0="x"];
# This used to crash or produce an ASAN error.
global state: table[Key] of count = {
[init_key] = 5,
};
global my_subnets = { 1.2.3.4/19, 5.6.7.8/21 };
event zeek_init()
{
print(fmt("init_key in state: %d", init_key in state));
# Check that the local version works.
local init_key2 = [$k0="y"];
local state2: table[Key] of count = { [init_key2] = 6 };
print(fmt("init_key2 in state2: %d", init_key2 in state2));
# Now checking that a complex initialization that works for
# globals also works for locals.
local cluster_nodes = {
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=3/tcp],
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=5/udp, $manager="manager-1"],
["worker-2"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=7/tcp, $manager="manager-1"],
};
cluster_nodes += { ["worker-3"] = [$node_type=Cluster::WORKER, $ip=1.2.3.4, $p=9/udp] };
print cluster_nodes;
cluster_nodes -= { ["worker-2"] = [$node_type=Cluster::MANAGER, $ip=0.0.0.0, $p=11/tcp] };
print cluster_nodes;
# Similar, but without type inference.
local cluster_nodes2: table[string] of Cluster::Node;
cluster_nodes2 = { ["worker-4"] = [$node_type=Cluster::WORKER, $ip=2.3.4.5, $p=13/udp] };
local cluster_nodes3: table[string] of Cluster::Node = {
["worker-5"] = [$node_type=Cluster::WORKER, $ip=3.4.5.6, $p=15/tcp]
};
print cluster_nodes2;
cluster_nodes2 += cluster_nodes3;
print cluster_nodes2;
cluster_nodes2 -= cluster_nodes3;
cluster_nodes2 += table(["worker-6"] = Cluster::Node($node_type=Cluster::WORKER, $ip=4.5.6.7, $p=17/udp));
print cluster_nodes2;
# Test automatic type conversions.
local s: set[double, int];
s += { [3, 4] };
print s;
s -= { [3, 3] };
print s;
s -= { [3, 4] };
print s;
# Note, the following correctly generates a type-mismatch error
# if we use set([9, 4]) since that's a set[count, count], not
# a set[double, int].
s += set([9.0, +4]);
print s;
# Similar, for tables.
local t: table[double, double] of double;
t += { [3, 4] = 5 };
print t;
t -= { [3, 3] = 9 };
print t;
t -= { [3, 4] = 7 };
print t;
# Test use of sets for expansion. my_subnets needs to be a global,
# because expansion happens at compile-time.
local x: set[string, subnet];
x += { [["foo", "bar"], my_subnets] };
print x;
# Test adding to patterns dynamically.
local p = /foo/;
p += /bar/;
print p;
# Tests for vectors.
local v: vector of count;
local v2 = vector(20, 21, 22, 23);
v = { 1, 3, 5 };
v += 9;
v += { 2, 4, 6 };
v += v2;
print v;
local v3: vector of vector of count;
local v4 = vector(vector(80, 81), vector(90, 91, 92));
v3 += { vector(3,2,1), vector(1,2,3) };
v3 += v2;
v3 += v4;
print v3;
}

40
testing/btest/language/init-mismatch.zeek Normal file
View file

@ -0,0 +1,40 @@
# @TEST-EXEC-FAIL: zeek -b %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
# Tests for various mismatches in initializations.
global a: count = [3, 5];
global b [4, 6];
global c = 9;
global s1: set[double];
global s2: set[int];
global s3: set[count, count];
global t: table[addr] of bool;
global t2 = { [1, 3] = F, [2, 4, 6] = T };
global t3 = table( ["foo"] = 3, "bar" );
global v: vector of count;
global p: pattern;
global x = { };
function foo()
{
local subnets = { 1.2.3.4/24, 2.3.4.5/5 };
local my_subnets: set[string, subnet];
my_subnets = { ["foo", subnets] };
}
c += { 2, 4 };
v -= { 3, 5 };
s1 += s2;
s1 -= s2;
s1 += { [3] = F };
s3 = { s2 };
p += 3;
t += { 1.2.3.4, F };
print a, b;

24
testing/btest/language/inlined-nested-loop.zeek Normal file
View file

@ -0,0 +1,24 @@
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: btest-diff out
# This used to lead to an assertion failure in the ZAM compiler due to
# a bug in how it computed the lifetime of loops nested via inlining.
function is_local(host: addr): bool
{
for ( local_net in set(10.0.0.0/8) )
if ( host in local_net )
return T;
return F;
}
event zeek_init()
{
for ( host_addr in set(127.0.0.1) )
{
if ( is_local(host_addr) )
next;
}
print "I compiled and ran!";
}

7
testing/btest/language/record-bad-ctor.zeek
View file

@ -5,4 +5,9 @@
global asdfasdf;
const blah = [$ports=asdfasdf];
print blah;
const x = blah;
global asdfasdf2: port;
const blah2 = [$ports=asdfasdf2];
print blah, blah2;

31
testing/btest/language/record-bad-ctor4.zeek Normal file
View file

@ -0,0 +1,31 @@
# @TEST-EXEC-FAIL: zeek -b %INPUT >out 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out
# Named record constructors should include values for every non-optional,
# non-aggregate field.
type info1 : record {
str: string;
cnt: count &optional;
a: addr &optional;
v: vector of bool;
r: record { x: count; };
s: set[bool];
t: table[bool] of string;
};
type info2 : record {
str: string;
cnt: count;
a: addr;
};
event zeek_init()
{
local resp1 = info1($str="hello");
print resp1;
local resp2 = info2($str="hello");
print resp2;
}

1
testing/btest/language/redef-same-prefixtable-idx.zeek
View file

@ -1,4 +1,5 @@
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
# @TEST-EXEC: btest-diff out
const my_table: table[subnet] of subnet &redef;

6
testing/btest/language/table-init-attrs.zeek
View file

@ -11,7 +11,7 @@ redef my_set_ctor_init += {
"test3",
};
redef my_set_ctor_init += set("test4");
redef my_set_ctor_init += { "test4" };
const my_table_ctor_init: table[count] of string = table([1] = "test1") &redef &default="nope";
@ -29,7 +29,7 @@ redef my_set_init += {
"test3",
};
redef my_set_init += set("test4");
redef my_set_init += { "test4" };
const my_table_init: table[count] of string = { [1] = "test1" } &redef &default="nope";
@ -38,7 +38,7 @@ redef my_table_init += {
[3] = "test3",
};
redef my_table_init += table([4] = "test4");
redef my_table_init += { [4] = "test4" };
# For tables that yield tables, we can apply attributes to the both other and
# inner tables...

3
testing/btest/language/table-init.zeek
View file

@ -17,4 +17,7 @@ event zeek_init()
print global_table[0];
print local_table;
print local_table[0];
# Catch regression where this used to crash.
print table() &default=record($crash=F);
}

9
testing/btest/language/table-type-checking.zeek
View file

@ -3,6 +3,9 @@
type MyTable: table[port] of count;
# global, type deduction, empty ctor.
global gempty = table();
# global, type deduction, named ctor
global gdn = MyTable(["zero"] = 0); # type clash in init
@ -44,3 +47,9 @@ event zeek_init()
{
local lea: MyTable = table(["thousand-three"] = 1003); # type clash
}
# local, type explicit, empty ctor has incompatible &default
event zeek_init()
{
local lei: MyTable = table() &default="foo"; # type clash
}

30
testing/btest/language/type-check-operator-in.zeek
View file

@ -15,26 +15,26 @@ local string_records: set[string, MyRec] = set();
local record_strings: set[MyRec, string] = set();
# These are all valid.
["asdf"] in strings;
["hi", 0] in string_counts;
myrec in records;
[myrec] in records;
MyRec() in records;
[$a = 2] in records;
[MyRec()] in records;
[[$a = 2]] in records;
["hi", myrec] in string_records;
print ["asdf"] in strings;
print ["hi", 0] in string_counts;
print myrec in records;
print [myrec] in records;
print MyRec() in records;
print [$a = 2] in records;
print [MyRec()] in records;
print [[$a = 2]] in records;
print ["hi", myrec] in string_records;
# All below should fail type-checking.
myrec in "asdf";
myrec in string_records;
myrec in record_strings;
print myrec in "asdf";
print myrec in string_records;
print myrec in record_strings;
# Patterns do not apply transparently to collections of strings, so fail
# to type-check too:
/foo/ in strings;
print /foo/ in strings;
# Complex index types need to match, too. (For tests with matching types,
# see set.zeek / table.zeek.)
@ -43,5 +43,5 @@ local table_set: set[table[string] of string] = set();
local stringvec_set: set[vector of string] = set();
local string_count_map: table[string] of count = table();
string_count_map in table_set;
vector(1, 2, 3) in stringvec_set;
print string_count_map in table_set;
print vector(1, 2, 3) in stringvec_set;

24
testing/btest/language/vector-slice-assign.zeek Normal file
View file

@ -0,0 +1,24 @@
# @TEST-EXEC: zeek -b %INPUT >out
# @TEST-EXEC: btest-diff out
type testrec: record {
seq: count;
};
function make_recs(seqs: vector of count): vector of testrec
{
local r: vector of testrec;
for (i in seqs)
r += testrec($seq=seqs[i]);
return r;
}
event zeek_init()
{
local seqs: vector of count = {1, 2, 3, 4, 5, 6, 7};
local v = make_recs(seqs);
local tmp = v[0:2];
v[0:2] = v[3:5];
v[3:5] = tmp;
print v;
}

8
testing/btest/language/vector-unspecified.zeek
View file

@ -1,7 +1,9 @@
# @TEST-EXEC: zeek -b %INPUT >output 2>&1
# @TEST-EXEC: btest-diff output
# @TEST-EXEC-FAIL: zeek -b %INPUT >output 2>&1
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff output
# Test assignment behavior of unspecified vectors
# Test assignment behavior of unspecified vectors. This used to treat
# "a" as a vector-of-any, but that seems dangerous - if the user really
# wants that behavior, they can explicitly type it as such.
local a = vector();
a[0] = 5;

3
testing/btest/plugins/binpac-flowbuffer-frame-length-plugin/src/FOO.cc
View file

@ -38,8 +38,7 @@ void FOO_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
{
tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
assert(TCP());
if ( TCP()->IsPartial() )
if ( TCP() && TCP()->IsPartial() )
return;
if ( had_gap )

16
testing/btest/plugins/plugin-load-file-extended.zeek
View file

@ -1,7 +1,7 @@
# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Testing LoadFileExtended
# @TEST-EXEC: cp -r %DIR/plugin-load-file-extended/* .
# @TEST-EXEC: ./configure --zeek-dist=${DIST} && make
# @TEST-EXEC: ZEEK_PLUGIN_PATH=$(pwd) zeek -r $TRACES/wikipedia.trace -b Testing::LoadFileExtended xxx yyy -s abc.sig >> output
# @TEST-EXEC: ZEEK_PLUGIN_PATH=$(pwd) zeek -r $TRACES/wikipedia.trace -b Testing::LoadFileExtended xxx xxx2 yyy -s abc.sig >> output
# @TEST-EXEC: btest-diff output
# @TEST-START-FILE xxx.zeek
@ -12,6 +12,20 @@ event zeek_init() {
# @TEST-END-FILE
# @TEST-START-FILE xxx2.zeek
# Test loading from script land.
@load xxx3
@load-sigs def.sig
# @TEST-END-FILE
# @TEST-START-FILE xxx3.zeek
# empty
# @TEST-END-FILE
# @TEST-START-FILE abc.sig
# empty
# @TEST-END-FILE
# @TEST-START-FILE def.sig
# empty
# @TEST-END-FILE

26
testing/btest/plugins/plugin-load-file-extended/src/Plugin.cc
View file

@ -26,9 +26,15 @@ std::pair<int, std::optional<std::string>> Plugin::HookLoadFileExtended(const Lo
const std::string& file,
const std::string& resolved)
{
// Zeek implicitly provides the location where the current '@load'
// originated. If no location is available, filename will be a nullptr.
auto src = zeek::detail::GetCurrentLocation().filename;
if ( ! src )
src = "n/a";
if ( type == LoadType::SCRIPT && file == "xxx" )
{
printf("HookLoadExtended/script: file=|%s| resolved=|%s|\n", file.c_str(), resolved.c_str());
printf("HookLoadExtended/script: file=|%s| resolved=|%s| srcloc=|%s|\n", file.c_str(), resolved.c_str(), src);
return std::make_pair(1, R"(
event zeek_init() {
@ -41,9 +47,16 @@ std::pair<int, std::optional<std::string>> Plugin::HookLoadFileExtended(const Lo
)");
}
if ( type == LoadType::SCRIPT && file == "xxx3" )
{
printf("HookLoadExtended/script: file=|%s| resolved=|%s| srcloc=|%s|\n", file.c_str(), resolved.c_str(), src);
// We don't replace this one.
return std::make_pair(-1, std::nullopt);
}
if ( type == LoadType::SCRIPT && file == "yyy" )
{
printf("HookLoadExtended/script: file=|%s| resolved=|%s|\n", file.c_str(), resolved.c_str());
printf("HookLoadExtended/script: file=|%s| resolved=|%s| srcloc=|%s|\n", file.c_str(), resolved.c_str(), src);
return std::make_pair(1, R"(
event zeek_init() {
@ -54,7 +67,7 @@ std::pair<int, std::optional<std::string>> Plugin::HookLoadFileExtended(const Lo
if ( type == LoadType::SIGNATURES && file == "abc.sig" )
{
printf("HookLoadExtended/signature: file=|%s| resolved=|%s|\n", file.c_str(), resolved.c_str());
printf("HookLoadExtended/signature: file=|%s| resolved=|%s| srcloc=|%s|\n", file.c_str(), resolved.c_str(), src);
return std::make_pair(1, R"(
signature my-sig {
@ -65,6 +78,13 @@ std::pair<int, std::optional<std::string>> Plugin::HookLoadFileExtended(const Lo
)");
}
if ( type == LoadType::SIGNATURES && file == "def.sig" )
{
printf("HookLoadExtended/signature: file=|%s| resolved=|%s| srcloc=|%s|\n", file.c_str(), resolved.c_str(), src);
// We don't replace this one.
return std::make_pair(-1, std::nullopt);
}
return std::make_pair(-1, std::nullopt);
}

5
testing/btest/plugins/protocol-plugin/src/Foo.cc
View file

@ -36,10 +36,7 @@ void Foo::DeliverStream(int len, const u_char* data, bool orig)
{
zeek::analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
assert(TCP());
if ( TCP()->IsPartial() )
// punt on partial.
if ( TCP() && TCP()->IsPartial() )
return;
try

3
testing/btest/plugins/reporter-hook.zeek
View file

@ -1,7 +1,8 @@
# @TEST-EXEC: ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Reporter Hook
# @TEST-EXEC: cp -r %DIR/reporter-hook-plugin/* .
# @TEST-EXEC: ./configure --zeek-dist=${DIST} && make
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Reporter::Hook" ZEEK_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >output
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Reporter::Hook" ZEEK_PLUGIN_PATH=`pwd` zeek -NN Reporter::Hook >output
# @TEST-EXEC: ZEEK_PLUGIN_ACTIVATE="Reporter::Hook" ZEEK_PLUGIN_PATH=`pwd` zeek -b %INPUT 2>&1 | $SCRIPTS/diff-remove-abspath | sort | uniq >>output
# @TEST-EXEC: btest-diff output
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-remove-timestamps" btest-diff reporter.log

2
testing/btest/scripts/base/frameworks/intel/read-file-dist-cluster.zeek
View file

@ -7,7 +7,7 @@
# @TEST-EXEC: btest-bg-run worker-2 ZEEKPATH=$ZEEKPATH:.. CLUSTER_NODE=worker-2 zeek -b %INPUT
# @TEST-EXEC: btest-bg-wait 40
# @TEST-EXEC: btest-diff manager-1/.stdout
# @TEST-EXEC: btest-diff manager-1/intel.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-timestamps-and-sort btest-diff manager-1/intel.log
# @TEST-EXEC: btest-diff worker-1/.stdout
# @TEST-EXEC: btest-diff worker-2/.stdout

2
testing/btest/scripts/base/frameworks/software/version-parsing.zeek
View file

@ -35,7 +35,7 @@ global matched_software: table[string] of Software::Description = {
["curl/7.15.1 (i486-pc-linux-gnu) libcurl/7.15.1 OpenSSL/0.9.8a zlib/1.2.3 libidn/0.5.18"] =
[$name="curl", $version=[$major=7,$minor=15,$minor2=1,$addl="i486-pc-linux-gnu"], $unparsed_version=""],
["Apache"] =
[$name="Apache", $unparsed_version=""],
[$name="Apache", $version=[], $unparsed_version=""],
["Zope/(Zope 2.7.8-final, python 2.3.5, darwin) ZServer/1.1 Plone/Unknown"] =
[$name="Zope/(Zope", $version=[$major=2,$minor=7,$minor2=8,$addl="final"], $unparsed_version=""],
["The Bat! (v2.00.9) Personal"] =

1
testing/btest/scripts/base/protocols/ssl/dpd.test
View file

@ -8,6 +8,7 @@
@load base/frameworks/dpd
@load base/frameworks/signatures
@load-sigs base/protocols/ssl/dpd.sig
@load-sigs policy/protocols/ssl/dpd-v2.sig
event zeek_init()
{

22
testing/btest/scripts/policy/frameworks/cluster/controller/agent-checkin.zeek → testing/btest/scripts/policy/frameworks/management/controller/agent-checkin.zeek
View file

@ -1,7 +1,7 @@
# This test verifies basic agent-controller communication. We launch agent and
# controller via the supervisor, add an extra handler for the notify_agent_hello
# event that travels agent -> controller, and verify its print output in the
# controller's stdout log.
# This test verifies basic agent-controller communication in the Management
# framework. We launch agent and controller via the supervisor, add an extra
# handler for the notify_agent_hello event that travels agent -> controller, and
# verify its print output in the controller's stdout log.
# The following env vars is known to the controller framework
# @TEST-PORT: ZEEK_CONTROLLER_PORT
@ -12,20 +12,20 @@
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: btest-diff zeek/controller.stdout
@load policy/frameworks/cluster/agent
@load policy/frameworks/cluster/controller
@load policy/frameworks/management/agent
@load policy/frameworks/management/controller
redef Broker::default_port = to_port(getenv("BROKER_PORT"));
redef ClusterController::name = "controller";
redef ClusterAgent::name = "agent";
redef Management::Controller::name = "controller";
redef Management::Agent::name = "agent";
# Tell the agent where to locate the controller.
redef ClusterAgent::controller = [$address="127.0.0.1", $bound_port=to_port(getenv("ZEEK_CONTROLLER_PORT"))];
redef Management::Agent::controller = [$address="127.0.0.1", $bound_port=to_port(getenv("ZEEK_CONTROLLER_PORT"))];
@if ( Supervisor::is_supervised() )
@load policy/frameworks/cluster/agent/api
@load policy/frameworks/management/agent/api
global logged = F;
@ -41,7 +41,7 @@ event zeek_init()
}
}
event ClusterAgent::API::notify_agent_hello(instance: string, host: addr, api_version: count)
event Management::Agent::API::notify_agent_hello(instance: string, host: addr, api_version: count)
{
if ( Supervisor::node()$name == "controller" )
{

42
testing/btest/scripts/policy/protocols/ssl/decryption-keylog.zeek Normal file
View file

@ -0,0 +1,42 @@
# @TEST-REQUIRES: grep -q "#define OPENSSL_HAVE_KDF_H" $BUILD/zeek-config.h
# @TEST-EXEC: ZEEK_TLS_KEYLOG_FILE=keylogfile.log zeek -B dpd -C -r $TRACES/tls/tls-1.2-stream-keylog.pcap %INPUT
@TEST-START-FILE keylogfile.log
#fields client_random secret
\x0e\x78\x2d\x35\x63\x95\x5d\x8a\x30\xa9\xcf\xb6\x4f\x47\xf3\x96\x34\x8a\x1e\x79\x1a\xa2\x32\x55\xe2\x2f\xc5\x7a \x34\x4f\x12\x65\xbf\x43\x40\xb3\x61\x6b\xa0\x16\x5d\x2b\x4d\xb9\xb1\xe8\x4a\x3d\xa2\x42\x0e\x38\xab\x01\x50\x62\x84\xcc\x34\xcd\xe0\x34\x10\xfe\x1a\x02\x30\x49\x74\x6c\x46\x43\xa7\x0c\x67\x0d
\x24\x8c\x7e\x24\xee\xfb\x13\xcd\xee\xde\xb1\xf4\xb6\xd6\xd5\xee\x67\x8d\xd3\xff\xc7\xe7\x39\x23\x18\x3f\x99\xb4 \xe7\xed\x24\x26\x0d\x25\xd9\xfd\xf5\x0f\xc0\xf4\x56\x51\x0e\x4e\xec\x7f\x58\x9c\xaf\x39\x25\x14\x16\xa6\x71\xdd\xea\xfe\xe9\xc0\x93\xbe\x89\x4c\xab\xcc\xff\xb2\xf0\x9a\xea\x98\xf5\xb2\x53\x1e
\x57\xd7\xc7\x7a\x2d\x5e\x35\x29\x2c\xd7\xe7\x94\xee\xf8\x6f\x31\x45\xf6\xbe\x25\x08\xed\x1d\x92\xd2\x0b\x9b\x04 \xc1\x93\x17\x93\xd9\x7d\xd2\x98\xb3\xe0\xdb\x2c\x5d\xbe\x71\x31\xa7\x9a\xf5\x91\xf9\x87\x90\xee\xb7\x79\x9f\x6b\xb4\x1f\x47\xa7\x69\x62\x4b\xa3\x99\x0c\xa9\x43\xf9\xea\x3b\x4d\x5f\x2f\xfe\xfb
\x30\xd7\xb8\x92\xc1\xec\x17\x90\x5b\x0f\xcb\xda\xe6\x42\xb2\x09\x4c\xdd\x7d\x2e\xa1\x9f\x1a\x3b\x70\x23\x7d\xf2 \xc1\x93\x17\x93\xd9\x7d\xd2\x98\xb3\xe0\xdb\x2c\x5d\xbe\x71\x31\xa7\x9a\xf5\x91\xf9\x87\x90\xee\xb7\x79\x9f\x6b\xb4\x1f\x47\xa7\x69\x62\x4b\xa3\x99\x0c\xa9\x43\xf9\xea\x3b\x4d\x5f\x2f\xfe\xfb
\x49\xc7\x71\x25\xdc\xb0\xa7\xbc\xd6\xb6\x67\x5c\x30\x58\x8d\xad\x47\x5a\x93\x60\xac\xa5\x78\xf5\x62\x7e\xff\x62 \xc1\x93\x17\x93\xd9\x7d\xd2\x98\xb3\xe0\xdb\x2c\x5d\xbe\x71\x31\xa7\x9a\xf5\x91\xf9\x87\x90\xee\xb7\x79\x9f\x6b\xb4\x1f\x47\xa7\x69\x62\x4b\xa3\x99\x0c\xa9\x43\xf9\xea\x3b\x4d\x5f\x2f\xfe\xfb
\x38\x1c\x49\xcc\xf9\x62\xd0\x5c\xf0\xd4\xe2\xd5\xa1\x15\xc1\x5e\x8d\x02\xcc\x50\xed\x6c\x90\x63\x73\x9d\xfb\x96 \xdc\xf5\xfc\x10\xf2\xb3\x8b\xd8\x87\xae\xcf\xb5\xcd\x1a\xe3\xa8\x06\x8e\x85\xfc\xbb\xfc\x22\xec\x0f\x79\x99\x04\x13\x5b\x6b\x03\x52\x02\xee\xe9\x04\x59\x78\x44\xf1\xf3\xc8\xac\x22\x68\x6c\x7e
\x61\x9e\x08\x51\xee\x36\x3c\x2c\xf3\x71\x87\x22\x82\x27\xca\x4e\x68\x0f\x9a\x7c\x0b\xd1\x50\x69\xaa\x7a\x59\x70 \xad\x03\xce\xda\x48\x90\xfa\x58\x1e\x98\x9f\x5e\x38\x62\x02\x3e\x2a\x4e\x3e\x8a\xd8\x13\x25\x23\x8d\x90\x80\x66\xe1\xd3\x5c\xc8\x75\x97\x9e\x34\xc0\x8e\x6f\xdf\xd9\xd8\xc6\xf3\x56\xe3\x85\xc1
\xcb\x3f\x93\xd2\x55\xcb\xb6\x56\x25\x87\xf0\xdd\x01\x02\x12\xfd\xee\x9d\x23\x3a\xff\x64\xe6\xed\x36\xcd\x5c\x45 \x0d\x36\xfa\xaa\x2e\xad\xbd\xa2\xa8\x09\x5f\x95\x1d\xe1\xcb\xac\x46\xb8\x1b\x00\x8f\xbf\x39\x1d\x91\x95\x1b\x34\x85\x47\x6b\xab\x73\x28\x8a\x1e\x17\xcd\x0c\xe8\x0e\x0f\xc0\x40\x1d\xbe\x9e\x3f
\xf9\x7e\x7d\x38\x56\xe2\xfc\xcb\xbe\x80\x79\x8e\xc2\xe3\xf5\x15\x25\x10\x82\xad\x63\xbb\xc7\xc2\x31\xd8\xbe\xe0 \x9a\x7c\xf9\x46\xa0\x47\x18\xa1\x9f\x4d\x20\xc3\xf8\x0c\x1c\xf8\xc8\x23\xc3\xe2\xb1\xc3\x37\xef\x64\x32\x2d\x75\x1b\x41\x05\x43\x31\x5f\x6e\xcf\x7d\xbf\x45\xec\x9b\xe1\x94\xa3\xcc\x7c\x1a\x0f
\x57\x97\x63\x67\xf2\xea\x9c\x95\x46\x7a\x6c\xc5\x59\xda\x6f\xeb\xbc\x44\x2e\x11\x3a\xc5\xea\xa7\xed\x97\xad\x38 \x0e\x5e\xc0\x6c\xa5\x4e\xe3\x86\x05\x5a\xaa\x97\x1c\x7e\x09\x39\xba\x3e\x1f\xb1\x62\x4d\x0a\x5b\x9c\x0c\xae\x97\x5f\x0e\x25\xbc\x4c\x51\x21\xfa\x34\x5e\xa1\x26\x47\xc4\x7a\x5a\x1c\xe5\xbd\xce
\x70\x18\x17\x27\xd6\xe2\x04\xd1\xd8\xa5\xb8\x2a\x05\x01\xaf\x7b\x13\x6d\x3a\x9c\x56\x6c\x32\x5b\x3f\xef\xb5\x04 \x92\x3d\x8a\x93\xba\xc5\x54\xc1\x04\x9a\x8d\xeb\x63\x28\x8c\xd7\x4d\x60\x51\xb0\x7a\x10\x67\x84\x8d\xac\x15\xc8\x75\xf2\x5c\x2a\x60\xe3\x38\xde\xb3\x27\x37\x44\xb1\x53\xe6\x9d\x42\x06\x0e\x18
\x4f\x12\x67\xb1\x13\xdc\x1a\x3e\x5d\xee\xbf\xff\xa7\x4d\xaa\xa1\x96\xff\x43\x0a\x30\xbe\x04\x07\x60\x29\x5f\x5e \x1d\x61\x52\xa6\x1e\x86\x75\x53\x04\xb8\x8e\x12\x6f\xdb\xa4\x49\x05\xeb\x5e\x4b\x33\xf6\xaf\xee\x67\x20\x37\xfd\x84\x48\x9a\xaa\x62\xa6\xb2\x64\x0f\x62\x87\x12\xe8\x05\x98\xae\x0c\xbf\xae\x5f
\xfe\x13\x61\x60\x80\x41\x0b\x9d\xc2\xcc\xc2\xc3\x00\xab\x20\x6b\xb8\x43\xc4\xc4\x22\x81\x1f\x15\xd4\xed\x34\xc3 \x39\xfb\x4d\x9c\x1d\xff\x4d\xe4\x1c\x86\xf9\x67\x9b\x32\xca\xa3\x99\x9c\x91\xcd\x7a\xf5\x4d\xc5\x58\x98\x1c\xcf\xf6\xd9\xa7\x4c\x92\x6e\x93\x7f\x98\x02\x96\x22\x20\x52\x5e\x9d\xe0\xec\x4a\xc1
\x92\xc2\x33\xdd\xf3\xf4\x31\xd6\x0c\x9b\x90\x86\x6a\xde\x5d\x80\x32\x22\xb8\x18\x45\xf5\x11\x72\xa0\x4f\xe9\x65 \xda\x22\x06\x86\xef\x25\x99\xb4\x65\x2c\x45\x94\x73\xcd\xe9\xc6\x64\x55\x84\x21\x42\x35\x86\x57\x9a\x60\xd4\xc7\x88\xd8\x1b\x3a\xbe\xdf\x53\x7b\xd7\x9c\xf9\x29\x47\x05\x07\x0f\x23\x3b\x22\xc4
\x39\x8e\xeb\xdf\x69\xd9\xe3\xe2\xce\xd8\xe9\xb2\x93\xa6\xb7\x58\x30\x9b\xaf\x14\x98\xbd\x27\xa0\xe1\x12\x54\x3f \xa9\xcc\x51\xa6\x83\xf1\xbb\x6b\x37\xf0\xe2\x8b\xa5\xea\x31\xc8\xdc\x19\x5e\xb1\xaf\xa0\x5c\x51\xa1\x4a\x73\x22\xc0\x24\xf1\x41\x4a\xd9\x15\x16\xa8\x83\x38\x84\xe1\xca\x9d\xf0\xd5\x35\x40\x73
\xdc\xf5\x87\xb0\x6d\x66\xd6\xab\x66\x34\xd7\x64\xc8\x51\xa1\x22\xe3\x97\x3d\x4b\x16\xee\x8e\x1e\x0b\xfb\xfc\x13 \xd5\xaf\x0d\xed\x74\x58\x8d\xe8\x97\x6d\xa0\xb2\x46\x83\x58\x0f\x52\xbc\xc7\x66\xb1\x19\x74\x70\x0d\xaa\xd1\x10\x9b\x71\x53\xe6\x80\x34\x5d\x81\xd2\x86\x8a\x33\xfc\x62\x88\xa7\x80\xac\x63\xb6
\x51\xcb\xcc\x61\xae\xd0\xeb\x08\x75\x09\xde\x68\x3c\x36\x03\xf5\xa3\xd5\xa5\x15\xdc\x3e\x87\xdb\xcf\xc7\x7a\x1e \x25\x90\xa9\x7e\x5a\x93\xe9\xdd\x61\x6c\x46\xf2\xf6\x03\x7c\x19\xb1\xf5\x9a\x4a\x6c\x58\x71\x8e\xfe\xa4\xfe\xa6\x30\x70\x5f\xaf\xd4\xf9\xb9\x3a\x16\xa8\x0f\x69\x8d\x29\xfb\x1a\x34\x62\x87\x36
\x01\x01\x12\xfb\x01\x61\xc6\xcd\xde\xdd\x2a\x9b\x2a\x2f\x02\x65\xa5\x0f\x62\xb1\x1b\x26\xd3\xa2\x69\x78\xe0\x17 \x8a\x67\x2f\xc6\xc1\x75\xed\xb9\x2f\x8c\xb5\x3d\xdc\x56\xb4\x3e\xab\x11\xa7\xb6\xff\x32\x47\x7b\x9c\x9c\x32\xe9\xbe\xa6\xb1\xed\xe1\x29\x7e\x4b\x89\xb7\xb0\xd6\x21\xc1\xda\x5c\x90\x70\x1b\xe4
\x7a\xf0\xf4\x6e\x91\x8e\x38\x51\xfd\xd6\x42\xfb\x3e\x9b\x78\x29\x49\x3f\x78\x19\xd6\x2b\x61\xd5\x8b\xad\xfd\x70 \x78\xd8\x68\x51\x05\xc5\x3c\xeb\xcd\x22\xe0\x2e\x4b\x6f\xae\x53\x3f\xe8\x23\x73\xeb\xeb\x1b\xb2\x9a\x76\xca\x65\x01\x16\xa2\x97\x93\x60\xd5\x5d\xd4\xac\x52\x22\x16\x40\x15\x03\xb6\x23\xc1\xac
\x31\x15\xDD\x9D\x68\x19\xB3\xBF\x45\x32\x99\x74\x0D\x04\xAE\x37\xAD\x69\xE5\x23\x4C\xD5\x40\xF8\xB5\x89\x4B\xA4 \x7C\x57\xC5\x98\xCD\x00\xE0\x0F\x55\x48\x6A\xF0\x02\x4E\x84\xB7\xAE\x07\xB5\xCD\xB1\x1E\x17\x2D\x24\xF0\xB3\xB3\xB8\x4B\x54\x4A\x82\x84\x15\xAD\x52\x24\x52\xBB\x34\x0D\x95\x30\x45\x3E\x15\x14
\x07\xDF\x9C\xC1\x59\xB6\x42\x8E\x57\x84\xED\xB1\x60\x37\xF3\x24\x2F\x70\x27\x5D\x07\xC4\xA8\xB9\xF0\xA7\xA6\x7F \x13\x9C\x33\x7E\x5C\x4E\x23\x5F\xCB\xFF\xD0\xD0\x54\x38\x0E\x04\x46\x2E\x6C\x8D\x51\x52\xEE\xAD\x79\x3F\x07\xA8\xCD\x18\x7D\x99\x99\x82\x1F\xA1\x51\xE2\xF6\xD4\x3F\x7B\x5C\x8A\xFE\x83\x6F\x4F
@TEST-END-FILE
@load protocols/ssl/decryption
@load base/protocols/http
event zeek_init()
{
suspend_processing();
}
event Input::end_of_data(name: string, source: string)
{
if ( name == "tls-keylog-file" )
continue_processing();
}

13
testing/btest/scripts/policy/protocols/ssl/decryption.zeek Normal file
View file

@ -0,0 +1,13 @@
# @TEST-REQUIRES: grep -q "#define OPENSSL_HAVE_KDF_H" $BUILD/zeek-config.h
# @TEST-EXEC: zeek -B dpd -C -r $TRACES/tls/tls12-decryption.pcap %INPUT
# @TEST-EXEC: btest-diff http.log
@load protocols/ssl/decryption
@load base/protocols/http
module SSL;
redef SSL::secrets += {
["\xb4\x0a\x24\x4b\x48\xe4\x2e\xac\x28\x71\x44\xb1\xb7\x39\x30\x57\xca\xa1\x31\xf9\x61\xa7\x8e\x38\xb0\xe7\x7c\x1e"] = "\xbd\x01\xe5\x89\xd1\x05\x19\x9e\x9a\xb5\xfc\x9b\xd7\x58\xb5\xf2\x88\xdb\x28\xfd\x80\xaa\x02\x26\x1e\x47\x65\xac\x13\x57\xd0\x07\xfd\x08\xc7\xbd\xab\x45\x45\x0e\x01\x5a\x01\xd0\x8e\x5e\x7c\xa6",
};

Some files were not shown because too many files have changed in this diff Show more