From bff8392ad41ca6ca16dd4d5d812d994a86e2b83c Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Sun, 31 Mar 2019 02:24:47 -0500 Subject: [PATCH 1/7] Remove unnecessary ".bro" from @load directives Removed ".bro" file extensions from "@load" directives because they are not needed. --- scripts/base/files/pe/main.bro | 2 +- scripts/base/frameworks/files/__load__.bro | 2 +- scripts/base/protocols/radius/main.bro | 2 +- scripts/policy/tuning/defaults/__load__.bro | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.bro index 972e8a31c8..9ef859d2fb 100644 --- a/scripts/base/files/pe/main.bro +++ b/scripts/base/files/pe/main.bro @@ -1,6 +1,6 @@ module PE; -@load ./consts.bro +@load ./consts export { redef enum Log::ID += { LOG }; diff --git a/scripts/base/frameworks/files/__load__.bro b/scripts/base/frameworks/files/__load__.bro index 2177d81e25..2da9cffc66 100644 --- a/scripts/base/frameworks/files/__load__.bro +++ b/scripts/base/frameworks/files/__load__.bro @@ -1,2 +1,2 @@ -@load ./main.bro +@load ./main @load ./magic diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.bro index ea30b27911..7c4e721ed6 100644 --- a/scripts/base/protocols/radius/main.bro +++ b/scripts/base/protocols/radius/main.bro @@ -2,7 +2,7 @@ module RADIUS; -@load ./consts.bro +@load ./consts @load base/utils/addrs export { diff --git a/scripts/policy/tuning/defaults/__load__.bro b/scripts/policy/tuning/defaults/__load__.bro index fd52f92401..2b574a6845 100644 --- a/scripts/policy/tuning/defaults/__load__.bro +++ b/scripts/policy/tuning/defaults/__load__.bro @@ -1,3 +1,3 @@ @load ./packet-fragments @load ./warnings -@load ./extracted_file_limits.bro +@load ./extracted_file_limits From 7366155bad048368d96fd120c0226d9fa6ff08d7 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Tue, 9 Apr 2019 01:26:16 -0500 Subject: [PATCH 2/7] Update script search logic for new file extension When searching for script files, look for both the new and old file extensions. If a file with ".zeek" can't be found, then search for a file with ".bro" as a fallback. --- src/Debug.cc | 2 +- src/OSFinger.cc | 2 +- src/RuleMatcher.cc | 2 +- src/broxygen/ScriptInfo.cc | 13 +++++--- src/broxygen/Target.cc | 2 +- src/plugin/Manager.cc | 45 ++++++++++++++++--------- src/scan.l | 21 +++++++++--- src/util.cc | 68 ++++++++++++++++++++++++++++++++------ src/util.h | 17 +++++++--- 9 files changed, 129 insertions(+), 43 deletions(-) diff --git a/src/Debug.cc b/src/Debug.cc index 54a40c58d1..a45c27888e 100644 --- a/src/Debug.cc +++ b/src/Debug.cc @@ -348,7 +348,7 @@ vector parse_location_string(const string& s) if ( ! sscanf(line_string.c_str(), "%d", &plr.line) ) plr.type = plrUnknown; - string path(find_file(filename, bro_path(), "bro")); + string path(find_script_file(filename, bro_path())); if ( path.empty() ) { diff --git a/src/OSFinger.cc b/src/OSFinger.cc index df5f30b0cc..1b540a1fd0 100644 --- a/src/OSFinger.cc +++ b/src/OSFinger.cc @@ -295,7 +295,7 @@ void OSFingerprint::load_config(const char* file) char buf[MAXLINE]; char* p; - FILE* c = open_file(find_file(file, bro_path(), "osf")); + FILE* c = open_file(find_file(file, bro_path(), ".osf")); if (!c) { diff --git a/src/RuleMatcher.cc b/src/RuleMatcher.cc index 54228d58dd..5b72264926 100644 --- a/src/RuleMatcher.cc +++ b/src/RuleMatcher.cc @@ -235,7 +235,7 @@ bool RuleMatcher::ReadFiles(const name_list& files) for ( int i = 0; i < files.length(); ++i ) { - rules_in = open_file(find_file(files[i], bro_path(), "sig")); + rules_in = open_file(find_file(files[i], bro_path(), ".sig")); if ( ! rules_in ) { diff --git a/src/broxygen/ScriptInfo.cc b/src/broxygen/ScriptInfo.cc index a32d96cdd5..da6ba6b44a 100644 --- a/src/broxygen/ScriptInfo.cc +++ b/src/broxygen/ScriptInfo.cc @@ -158,7 +158,7 @@ static string make_redef_details(const string& heading, char underline, ScriptInfo::ScriptInfo(const string& arg_name, const string& arg_path) : Info(), name(arg_name), path(arg_path), - is_pkg_loader(SafeBasename(name).result == PACKAGE_LOADER), + is_pkg_loader(is_package_loader(SafeBasename(name).result)), dependencies(), module_usages(), comments(), id_info(), redef_options(), constants(), state_vars(), types(), events(), hooks(), functions(), redefs() @@ -314,7 +314,7 @@ string ScriptInfo::DoReStructuredText(bool roles_only) const if ( it != dependencies.begin() ) rval += ", "; - string path = find_file(*it, bro_path(), "bro"); + string path = find_script_file(*it, bro_path()); string doc = *it; if ( ! path.empty() && is_dir(path.c_str()) ) @@ -365,8 +365,13 @@ time_t ScriptInfo::DoGetModificationTime() const if ( ! info ) { - string pkg_name = *it + "/" + PACKAGE_LOADER; - info = broxygen_mgr->GetScriptInfo(pkg_name); + for (const string& ext : script_extensions) + { + string pkg_name = *it + "/__load__" + ext; + info = broxygen_mgr->GetScriptInfo(pkg_name); + if ( info ) + break; + } if ( ! info ) reporter->InternalWarning("Broxygen failed to get mtime of %s", diff --git a/src/broxygen/Target.cc b/src/broxygen/Target.cc index dba0d67d6c..2610f648e7 100644 --- a/src/broxygen/Target.cc +++ b/src/broxygen/Target.cc @@ -410,7 +410,7 @@ void ScriptTarget::DoFindDependencies(const vector& infos) for ( size_t i = 0; i < script_deps.size(); ++i ) { - if ( SafeBasename(script_deps[i]->Name()).result == PACKAGE_LOADER ) + if ( is_package_loader(SafeBasename(script_deps[i]->Name()).result) ) { string pkg_dir = SafeDirname(script_deps[i]->Name()).result; string target_file = Name() + pkg_dir + "/index.rst"; diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index 836520d03a..e098d955c1 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -13,6 +13,7 @@ #include "../Reporter.h" #include "../Func.h" #include "../Event.h" +#include "../util.h" using namespace plugin; @@ -182,30 +183,44 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ add_to_bro_path(scripts); } - // First load {scripts}/__preload__.bro automatically. - string init = dir + "scripts/__preload__.bro"; + string init; - if ( is_file(init) ) + // First load {scripts}/__preload__.bro automatically. + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "scripts/__preload__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } // Load {bif,scripts}/__load__.bro automatically. - init = dir + "lib/bif/__load__.bro"; - - if ( is_file(init) ) + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "lib/bif/__load__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } - init = dir + "scripts/__load__.bro"; - - if ( is_file(init) ) + for (const string& ext : script_extensions) { - DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); - scripts_to_load.push_back(init); + init = dir + "scripts/__load__" + ext; + + if ( is_file(init) ) + { + DBG_LOG(DBG_PLUGINS, " Loading %s", init.c_str()); + scripts_to_load.push_back(init); + break; + } } // Load shared libraries. diff --git a/src/scan.l b/src/scan.l index c2be426044..4da18b125f 100644 --- a/src/scan.l +++ b/src/scan.l @@ -77,6 +77,17 @@ static string find_relative_file(const string& filename, const string& ext) return find_file(filename, bro_path(), ext); } +static string find_relative_script_file(const string& filename) + { + if ( filename.empty() ) + return string(); + + if ( filename[0] == '.' ) + return find_script_file(filename, SafeDirname(::filename).result); + else + return find_script_file(filename, bro_path()); + } + static ino_t get_inode_num(FILE* f, const string& path) { struct stat b; @@ -363,14 +374,14 @@ when return TOK_WHEN; @load{WS}{FILE} { const char* new_file = skip_whitespace(yytext + 5); // Skip "@load". string loader = ::filename; // load_files may change ::filename, save copy - string loading = find_relative_file(new_file, "bro"); + string loading = find_relative_script_file(new_file); (void) load_files(new_file); broxygen_mgr->ScriptDependency(loader, loading); } @load-sigs{WS}{FILE} { const char* file = skip_whitespace(yytext + 10); - string path = find_relative_file(file, "sig"); + string path = find_relative_file(file, ".sig"); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(plugin::Plugin::SIGNATURES, file, path), -1); switch ( rc ) { @@ -430,7 +441,7 @@ when return TOK_WHEN; @unload{WS}{FILE} { // Skip "@unload". const char* file = skip_whitespace(yytext + 7); - string path = find_relative_file(file, "bro"); + string path = find_relative_script_file(file); if ( path.empty() ) reporter->Error("failed find file associated with @unload %s", file); @@ -624,7 +635,7 @@ static bool already_scanned(const string& path) static int load_files(const char* orig_file) { - string file_path = find_relative_file(orig_file, "bro"); + string file_path = find_relative_script_file(orig_file); int rc = PLUGIN_HOOK_WITH_RESULT(HOOK_LOAD_FILE, HookLoadFile(plugin::Plugin::SCRIPT, orig_file, file_path), -1); if ( rc == 1 ) @@ -970,7 +981,7 @@ int yywrap() string canon = without_bropath_component(it->name); string flat = flatten_script_name(canon, prefixes[i]); - string path = find_relative_file(flat, "bro"); + string path = find_relative_script_file(flat); if ( ! path.empty() ) { diff --git a/src/util.cc b/src/util.cc index cce49a7f6d..227faa9c1f 100644 --- a/src/util.cc +++ b/src/util.cc @@ -20,6 +20,7 @@ #endif #include +#include #include #include #include @@ -1007,7 +1008,18 @@ string bro_prefixes() return rval; } -const char* PACKAGE_LOADER = "__load__.bro"; +const array script_extensions = {".zeek", ".bro"}; + +bool is_package_loader(const string& path) + { + for (const string& ext : script_extensions) + { + if (path == "__load__" + ext) + return true; + } + + return false; + } FILE* open_file(const string& path, const string& mode) { @@ -1034,13 +1046,22 @@ static bool can_read(const string& path) FILE* open_package(string& path, const string& mode) { string arg_path = path; - path.append("/").append(PACKAGE_LOADER); + path.append("/__load__"); - if ( can_read(path) ) - return open_file(path, mode); + for (const string& ext : script_extensions) + { + string p = path + ext; + if ( can_read(p) ) + { + path.append(ext); + return open_file(path, mode); + } + } + path.append(script_extensions[0]); + string package_loader = "__load__" + script_extensions[0]; reporter->Error("Failed to open package '%s': missing '%s' file", - arg_path.c_str(), PACKAGE_LOADER); + arg_path.c_str(), package_loader.c_str()); return 0; } @@ -1123,7 +1144,7 @@ string flatten_script_name(const string& name, const string& prefix) if ( ! rval.empty() ) rval.append("."); - if ( SafeBasename(name).result == PACKAGE_LOADER ) + if ( is_package_loader(SafeBasename(name).result) ) rval.append(SafeDirname(name).result); else rval.append(name); @@ -1221,7 +1242,7 @@ string without_bropath_component(const string& path) } static string find_file_in_path(const string& filename, const string& path, - const string& opt_ext = "") + const vector& opt_ext) { if ( filename.empty() ) return string(); @@ -1239,10 +1260,13 @@ static string find_file_in_path(const string& filename, const string& path, if ( ! opt_ext.empty() ) { - string with_ext = abs_path + '.' + opt_ext; + for (const string& ext : opt_ext) + { + string with_ext = abs_path + ext; - if ( can_read(with_ext) ) - return with_ext; + if ( can_read(with_ext) ) + return with_ext; + } } if ( can_read(abs_path) ) @@ -1257,9 +1281,31 @@ string find_file(const string& filename, const string& path_set, vector paths; tokenize_string(path_set, ":", &paths); + vector ext; + if ( ! opt_ext.empty() ) + ext.push_back(opt_ext); + for ( size_t n = 0; n < paths.size(); ++n ) { - string f = find_file_in_path(filename, paths[n], opt_ext); + string f = find_file_in_path(filename, paths[n], ext); + + if ( ! f.empty() ) + return f; + } + + return string(); + } + +string find_script_file(const string& filename, const string& path_set) + { + vector paths; + tokenize_string(path_set, ":", &paths); + + vector ext(script_extensions.begin(), script_extensions.end()); + + for ( size_t n = 0; n < paths.size(); ++n ) + { + string f = find_file_in_path(filename, paths[n], ext); if ( ! f.empty() ) return f; diff --git a/src/util.h b/src/util.h index 232275d9c9..bd1566080f 100644 --- a/src/util.h +++ b/src/util.h @@ -26,6 +26,7 @@ #include #include +#include #include #include #include @@ -248,16 +249,16 @@ static const SourceID SOURCE_BROKER = 0xffffffff; extern void pinpoint(); extern int int_list_cmp(const void* v1, const void* v2); -// Contains the name of the script file that gets read -// when a package is loaded (i.e., "__load__.bro). -extern const char* PACKAGE_LOADER; - extern const std::string& bro_path(); extern const char* bro_magic_path(); extern const char* bro_plugin_path(); extern const char* bro_plugin_activate(); extern std::string bro_prefixes(); +extern const std::array script_extensions; + +bool is_package_loader(const std::string& path); + extern void add_to_bro_path(const std::string& dir); @@ -341,6 +342,14 @@ std::string without_bropath_component(const std::string& path); std::string find_file(const std::string& filename, const std::string& path_set, const std::string& opt_ext = ""); +/** + * Locate a script file within a given search path. + * @param filename Name of a file to find. + * @param path_set Colon-delimited set of paths to search for the file. + * @return Path to the found file, or an empty string if not found. + */ +std::string find_script_file(const std::string& filename, const std::string& path_set); + // Wrapper around fopen(3). Emits an error when failing to open. FILE* open_file(const std::string& path, const std::string& mode = "r"); From 7c2477d87a51b2c99d5b7dd65373afe6c0184f90 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 02:38:53 -0500 Subject: [PATCH 3/7] Fix the core/load-duplicates.bro test The load-duplicates.bro test would never fail because loading the provided script code twice wouldn't trigger an error. Fixed this by changing the sample script content. Also added a test case to verify that an error occurs as expected when two scripts with the same content are loaded. --- testing/btest/core/load-duplicates.bro | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/testing/btest/core/load-duplicates.bro b/testing/btest/core/load-duplicates.bro index 8c86fbc272..9b3810d40d 100644 --- a/testing/btest/core/load-duplicates.bro +++ b/testing/btest/core/load-duplicates.bro @@ -3,12 +3,13 @@ # @TEST-EXEC: mkdir -p foo/bar # @TEST-EXEC: echo "@load bar/test" >loader.bro # @TEST-EXEC: cp %INPUT foo/bar/test.bro +# @TEST-EXEC: cp %INPUT foo/bar/test2.bro +# # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader foo/bar/test.bro # @TEST-EXEC: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader `pwd`/foo/bar/test.bro +# @TEST-EXEC-FAIL: BROPATH=$BROPATH:.:./foo bro -b misc/loaded-scripts loader bar/test2 -type Test: enum { - TEST, -}; +global pi = 3.14; From 438fe27ce4306b0b1af56e75af7ad20fa40061e3 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 12:07:54 -0500 Subject: [PATCH 4/7] Add test cases to verify new file extension is recognized Added tests to verify that scripts with the new ".zeek" file extension are recognized and that ".bro" is used as a fallback. --- .../core.load-file-extension/bro_only | 1 + .../core.load-file-extension/bro_preferred | 1 + .../core.load-file-extension/bro_preferred_2 | 1 + .../core.load-file-extension/no_extension | 1 + .../core.load-file-extension/xyz_preferred | 1 + .../core.load-file-extension/zeek_only | 1 + .../core.load-file-extension/zeek_preferred | 1 + .../zeek_script_preferred | 1 + testing/btest/Baseline/core.load-pkg/output | 3 +- testing/btest/Baseline/core.load-pkg/output2 | 2 + .../btest/Baseline/core.load-prefixes/output | 2 +- .../btest/Baseline/core.load-unload/output2 | 1 + testing/btest/core/load-file-extension.bro | 89 +++++++++++++++++++ testing/btest/core/load-pkg.bro | 24 ++++- testing/btest/core/load-prefixes.bro | 8 +- testing/btest/core/load-unload.bro | 27 +++++- 16 files changed, 154 insertions(+), 10 deletions(-) create mode 100644 testing/btest/Baseline/core.load-file-extension/bro_only create mode 100644 testing/btest/Baseline/core.load-file-extension/bro_preferred create mode 100644 testing/btest/Baseline/core.load-file-extension/bro_preferred_2 create mode 100644 testing/btest/Baseline/core.load-file-extension/no_extension create mode 100644 testing/btest/Baseline/core.load-file-extension/xyz_preferred create mode 100644 testing/btest/Baseline/core.load-file-extension/zeek_only create mode 100644 testing/btest/Baseline/core.load-file-extension/zeek_preferred create mode 100644 testing/btest/Baseline/core.load-file-extension/zeek_script_preferred create mode 100644 testing/btest/Baseline/core.load-pkg/output2 create mode 100644 testing/btest/Baseline/core.load-unload/output2 create mode 100644 testing/btest/core/load-file-extension.bro diff --git a/testing/btest/Baseline/core.load-file-extension/bro_only b/testing/btest/Baseline/core.load-file-extension/bro_only new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_only @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/bro_preferred b/testing/btest/Baseline/core.load-file-extension/bro_preferred new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_preferred @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 b/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 new file mode 100644 index 0000000000..bb2333014b --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/bro_preferred_2 @@ -0,0 +1 @@ +Bro script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/no_extension b/testing/btest/Baseline/core.load-file-extension/no_extension new file mode 100644 index 0000000000..b9cfe8016f --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/no_extension @@ -0,0 +1 @@ +No file extension script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/xyz_preferred b/testing/btest/Baseline/core.load-file-extension/xyz_preferred new file mode 100644 index 0000000000..8883b557a3 --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/xyz_preferred @@ -0,0 +1 @@ +Non-standard file extension script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_only b/testing/btest/Baseline/core.load-file-extension/zeek_only new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_only @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_preferred b/testing/btest/Baseline/core.load-file-extension/zeek_preferred new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_preferred @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred b/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred new file mode 100644 index 0000000000..129000059a --- /dev/null +++ b/testing/btest/Baseline/core.load-file-extension/zeek_script_preferred @@ -0,0 +1 @@ +Zeek script loaded diff --git a/testing/btest/Baseline/core.load-pkg/output b/testing/btest/Baseline/core.load-pkg/output index 119b2f9a18..ab438bfe3b 100644 --- a/testing/btest/Baseline/core.load-pkg/output +++ b/testing/btest/Baseline/core.load-pkg/output @@ -1 +1,2 @@ -Foo loaded +test.zeek loaded +__load__.zeek loaded diff --git a/testing/btest/Baseline/core.load-pkg/output2 b/testing/btest/Baseline/core.load-pkg/output2 new file mode 100644 index 0000000000..1021a36092 --- /dev/null +++ b/testing/btest/Baseline/core.load-pkg/output2 @@ -0,0 +1,2 @@ +test.zeek loaded +__load__.bro loaded diff --git a/testing/btest/Baseline/core.load-prefixes/output b/testing/btest/Baseline/core.load-prefixes/output index ea35b3a8c0..2969d774cf 100644 --- a/testing/btest/Baseline/core.load-prefixes/output +++ b/testing/btest/Baseline/core.load-prefixes/output @@ -1,4 +1,4 @@ loaded lcl2.base.utils.site.bro loaded lcl.base.utils.site.bro loaded lcl2.base.protocols.http.bro -loaded lcl.base.protocols.http.bro +loaded lcl.base.protocols.http.zeek diff --git a/testing/btest/Baseline/core.load-unload/output2 b/testing/btest/Baseline/core.load-unload/output2 new file mode 100644 index 0000000000..bd327f15d4 --- /dev/null +++ b/testing/btest/Baseline/core.load-unload/output2 @@ -0,0 +1 @@ +Loaded: dontloadme.bro diff --git a/testing/btest/core/load-file-extension.bro b/testing/btest/core/load-file-extension.bro new file mode 100644 index 0000000000..1b5520c873 --- /dev/null +++ b/testing/btest/core/load-file-extension.bro @@ -0,0 +1,89 @@ +# Test loading scripts with different file extensions. +# +# Test that either ".zeek" or ".bro" can be loaded without specifying extension +# @TEST-EXEC: cp x/foo.bro . +# @TEST-EXEC: bro -b load_foo > bro_only +# @TEST-EXEC: btest-diff bro_only +# @TEST-EXEC: rm foo.bro +# +# @TEST-EXEC: cp x/foo.zeek . +# @TEST-EXEC: bro -b load_foo > zeek_only +# @TEST-EXEC: btest-diff zeek_only +# @TEST-EXEC: rm foo.zeek +# +# Test that ".zeek" is the preferred file extension, unless ".bro" is specified +# @TEST-EXEC: cp x/foo.* . +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > zeek_preferred +# @TEST-EXEC: btest-diff zeek_preferred +# +# @TEST-EXEC: bro -b load_foo_bro > bro_preferred +# @TEST-EXEC: btest-diff bro_preferred +# @TEST-EXEC: rm foo* +# +# Test that ".bro" is preferred over a script with no file extension (when +# there is no ".zeek" script) +# @TEST-EXEC: cp x/foo.bro . +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > bro_preferred_2 +# @TEST-EXEC: btest-diff bro_preferred_2 +# @TEST-EXEC: rm foo* +# +# Test that a script with no file extension can be loaded +# @TEST-EXEC: cp x2/foo . +# @TEST-EXEC: bro -b load_foo > no_extension +# @TEST-EXEC: btest-diff no_extension +# @TEST-EXEC: rm foo +# +# Test that a ".zeek" script is preferred over a script package of same name +# @TEST-EXEC: cp -r x/foo* . +# @TEST-EXEC: bro -b load_foo > zeek_script_preferred +# @TEST-EXEC: btest-diff zeek_script_preferred +# @TEST-EXEC: rm -r foo* +# +# Test that unrecognized file extensions can be loaded explicitly +# @TEST-EXEC: cp x/foo.* . +# @TEST-EXEC: bro -b load_foo_xyz > xyz_preferred +# @TEST-EXEC: btest-diff xyz_preferred +# @TEST-EXEC: rm foo.* +# +# @TEST-EXEC: cp x/foo.xyz . +# @TEST-EXEC-FAIL: bro -b load_foo +# @TEST-EXEC: rm foo.xyz + +@TEST-START-FILE load_foo +@load foo +@TEST-END-FILE + +@TEST-START-FILE load_foo_bro +@load foo.bro +@TEST-END-FILE + +@TEST-START-FILE load_foo_xyz +@load foo.xyz +@TEST-END-FILE + + +@TEST-START-FILE x/foo.bro +print "Bro script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo.zeek +print "Zeek script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo.xyz +print "Non-standard file extension script loaded"; +@TEST-END-FILE + +@TEST-START-FILE x/foo/__load__.zeek +@load ./main +@TEST-END-FILE + +@TEST-START-FILE x/foo/main.zeek +print "Script package loaded"; +@TEST-END-FILE + +@TEST-START-FILE x2/foo +print "No file extension script loaded"; +@TEST-END-FILE diff --git a/testing/btest/core/load-pkg.bro b/testing/btest/core/load-pkg.bro index e6671e038d..8c861f7982 100644 --- a/testing/btest/core/load-pkg.bro +++ b/testing/btest/core/load-pkg.bro @@ -1,10 +1,28 @@ +# Test that package loading works when a package loader script is present. +# +# Test that ".zeek" is loaded when there is also a ".bro" # @TEST-EXEC: bro -b foo >output # @TEST-EXEC: btest-diff output +# +# Test that ".bro" is loaded when there is no ".zeek" +# @TEST-EXEC: rm foo/__load__.zeek +# @TEST-EXEC: bro -b foo >output2 +# @TEST-EXEC: btest-diff output2 +# +# Test that package cannot be loaded when no package loader script exists. +# @TEST-EXEC: rm foo/__load__.bro +# @TEST-EXEC-FAIL: bro -b foo @TEST-START-FILE foo/__load__.bro -@load ./test.bro +@load ./test +print "__load__.bro loaded"; @TEST-END-FILE -@TEST-START-FILE foo/test.bro -print "Foo loaded"; +@TEST-START-FILE foo/__load__.zeek +@load ./test +print "__load__.zeek loaded"; +@TEST-END-FILE + +@TEST-START-FILE foo/test.zeek +print "test.zeek loaded"; @TEST-END-FILE diff --git a/testing/btest/core/load-prefixes.bro b/testing/btest/core/load-prefixes.bro index 1dfc3ac5dd..5d064c0d36 100644 --- a/testing/btest/core/load-prefixes.bro +++ b/testing/btest/core/load-prefixes.bro @@ -8,6 +8,8 @@ @prefixes += lcl2 @TEST-END-FILE +# Since base/utils/site.bro is a script, only a script with the original file +# extension can be loaded here. @TEST-START-FILE lcl.base.utils.site.bro print "loaded lcl.base.utils.site.bro"; @TEST-END-FILE @@ -16,8 +18,10 @@ print "loaded lcl.base.utils.site.bro"; print "loaded lcl2.base.utils.site.bro"; @TEST-END-FILE -@TEST-START-FILE lcl.base.protocols.http.bro -print "loaded lcl.base.protocols.http.bro"; +# For a script package like base/protocols/http/, either of the recognized +# file extensions can be loaded here. +@TEST-START-FILE lcl.base.protocols.http.zeek +print "loaded lcl.base.protocols.http.zeek"; @TEST-END-FILE @TEST-START-FILE lcl2.base.protocols.http.bro diff --git a/testing/btest/core/load-unload.bro b/testing/btest/core/load-unload.bro index 6525a8e8ea..6b2614a50c 100644 --- a/testing/btest/core/load-unload.bro +++ b/testing/btest/core/load-unload.bro @@ -1,11 +1,32 @@ # This tests the @unload directive # -# @TEST-EXEC: bro -b %INPUT misc/loaded-scripts dontloadmebro > output +# Test that @unload works with ".bro" when there is no ".zeek" script +# @TEST-EXEC: bro -b unloadbro misc/loaded-scripts dontloadmebro > output # @TEST-EXEC: btest-diff output -# @TEST-EXEC: grep -q dontloadmebro loaded_scripts.log && exit 1 || exit 0 +# @TEST-EXEC: grep dontloadmebro loaded_scripts.log && exit 1 || exit 0 +# +# Test that @unload looks for ".zeek" first (assuming no file extension is +# specified in the @unload) +# @TEST-EXEC: bro -b unload misc/loaded-scripts dontloadme.zeek dontloadme.bro > output2 +# @TEST-EXEC: btest-diff output2 +# @TEST-EXEC: grep dontloadme.bro loaded_scripts.log +@TEST-START-FILE unloadbro.bro @unload dontloadmebro +@TEST-END-FILE @TEST-START-FILE dontloadmebro.bro -print "FAIL"; +print "Loaded: dontloadmebro.bro"; +@TEST-END-FILE + +@TEST-START-FILE unload.zeek +@unload dontloadme +@TEST-END-FILE + +@TEST-START-FILE dontloadme.zeek +print "Loaded: dontloadme.zeek"; +@TEST-END-FILE + +@TEST-START-FILE dontloadme.bro +print "Loaded: dontloadme.bro"; @TEST-END-FILE From 537d9cab97d3c9f4413dee4a32a82a89af188af4 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 14:59:17 -0500 Subject: [PATCH 5/7] Update a few tests due to scripts with new file extension --- testing/btest/plugins/bifs-and-scripts-install.sh | 2 +- testing/btest/plugins/bifs-and-scripts.sh | 2 +- .../protocol-plugin/scripts/{__load__.bro => __load__.zeek} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename testing/btest/plugins/protocol-plugin/scripts/{__load__.bro => __load__.zeek} (100%) diff --git a/testing/btest/plugins/bifs-and-scripts-install.sh b/testing/btest/plugins/bifs-and-scripts-install.sh index 60c754f8ff..5498e515ca 100644 --- a/testing/btest/plugins/bifs-and-scripts-install.sh +++ b/testing/btest/plugins/bifs-and-scripts-install.sh @@ -9,7 +9,7 @@ mkdir -p scripts/demo/foo/base/ -cat >scripts/__load__.bro <scripts/__load__.zeek <scripts/__load__.bro <scripts/__load__.zeek < Date: Thu, 11 Apr 2019 21:12:40 -0500 Subject: [PATCH 6/7] Rename all scripts to have ".zeek" file extension --- scripts/CMakeLists.txt | 8 +- .../extract/{__load__.bro => __load__.zeek} | 0 .../files/extract/{main.bro => main.zeek} | 0 .../hash/{__load__.bro => __load__.zeek} | 0 .../base/files/hash/{main.bro => main.zeek} | 0 .../files/pe/{__load__.bro => __load__.zeek} | 0 .../base/files/pe/{consts.bro => consts.zeek} | 0 scripts/base/files/pe/{main.bro => main.zeek} | 0 .../unified2/{__load__.bro => __load__.zeek} | 0 .../files/unified2/{main.bro => main.zeek} | 0 .../x509/{__load__.bro => __load__.zeek} | 0 .../base/files/x509/{main.bro => main.zeek} | 0 .../analyzer/{__load__.bro => __load__.zeek} | 0 .../analyzer/{main.bro => main.zeek} | 0 .../broker/{__load__.bro => __load__.zeek} | 0 .../frameworks/broker/{log.bro => log.zeek} | 0 .../frameworks/broker/{main.bro => main.zeek} | 0 .../broker/{store.bro => store.zeek} | 0 .../cluster/{__load__.bro => __load__.zeek} | 0 .../cluster/{main.bro => main.zeek} | 6 +- .../cluster/nodes/{logger.bro => logger.zeek} | 0 .../nodes/{manager.bro => manager.zeek} | 0 .../cluster/nodes/{proxy.bro => proxy.zeek} | 0 .../cluster/nodes/{worker.bro => worker.zeek} | 0 .../cluster/{pools.bro => pools.zeek} | 0 ...connections.bro => setup-connections.zeek} | 0 .../config/{__load__.bro => __load__.zeek} | 0 .../config/{input.bro => input.zeek} | 0 .../frameworks/config/{main.bro => main.zeek} | 0 .../config/{weird.bro => weird.zeek} | 0 .../control/{__load__.bro => __load__.zeek} | 0 .../control/{main.bro => main.zeek} | 0 .../dpd/{__load__.bro => __load__.zeek} | 0 .../frameworks/dpd/{main.bro => main.zeek} | 0 .../files/{__load__.bro => __load__.zeek} | 0 .../magic/{__load__.bro => __load__.zeek} | 0 .../frameworks/files/{main.bro => main.zeek} | 0 .../input/{__load__.bro => __load__.zeek} | 0 .../frameworks/input/{main.bro => main.zeek} | 0 .../input/readers/{ascii.bro => ascii.zeek} | 0 .../readers/{benchmark.bro => benchmark.zeek} | 0 .../input/readers/{binary.bro => binary.zeek} | 0 .../input/readers/{config.bro => config.zeek} | 0 .../input/readers/{raw.bro => raw.zeek} | 0 .../input/readers/{sqlite.bro => sqlite.zeek} | 0 .../intel/{__load__.bro => __load__.zeek} | 0 .../intel/{cluster.bro => cluster.zeek} | 0 .../intel/{files.bro => files.zeek} | 0 .../intel/{input.bro => input.zeek} | 0 .../frameworks/intel/{main.bro => main.zeek} | 0 .../logging/{__load__.bro => __load__.zeek} | 0 .../logging/{main.bro => main.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../postprocessors/{scp.bro => scp.zeek} | 0 .../postprocessors/{sftp.bro => sftp.zeek} | 0 .../logging/writers/{ascii.bro => ascii.zeek} | 0 .../logging/writers/{none.bro => none.zeek} | 0 .../writers/{sqlite.bro => sqlite.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 ...and-release.bro => catch-and-release.zeek} | 0 .../netcontrol/{cluster.bro => cluster.zeek} | 0 .../netcontrol/{drop.bro => drop.zeek} | 0 .../netcontrol/{main.bro => main.zeek} | 4 +- .../{non-cluster.bro => non-cluster.zeek} | 0 .../netcontrol/{plugin.bro => plugin.zeek} | 0 .../plugins/{__load__.bro => __load__.zeek} | 0 .../plugins/{acld.bro => acld.zeek} | 0 .../plugins/{broker.bro => broker.zeek} | 0 .../plugins/{debug.bro => debug.zeek} | 0 .../plugins/{openflow.bro => openflow.zeek} | 0 .../{packetfilter.bro => packetfilter.zeek} | 0 .../netcontrol/{shunt.bro => shunt.zeek} | 0 .../netcontrol/{types.bro => types.zeek} | 0 .../notice/{__load__.bro => __load__.zeek} | 0 .../{add-geodata.bro => add-geodata.zeek} | 0 .../notice/actions/{drop.bro => drop.zeek} | 0 .../{email_admin.bro => email_admin.zeek} | 0 .../notice/actions/{page.bro => page.zeek} | 0 .../actions/{pp-alarms.bro => pp-alarms.zeek} | 0 .../frameworks/notice/{main.bro => main.zeek} | 0 .../notice/{weird.bro => weird.zeek} | 0 .../openflow/{__load__.bro => __load__.zeek} | 0 .../openflow/{cluster.bro => cluster.zeek} | 0 .../openflow/{consts.bro => consts.zeek} | 0 .../openflow/{main.bro => main.zeek} | 2 +- .../{non-cluster.bro => non-cluster.zeek} | 0 .../plugins/{__load__.bro => __load__.zeek} | 0 .../plugins/{broker.bro => broker.zeek} | 0 .../openflow/plugins/{log.bro => log.zeek} | 0 .../openflow/plugins/{ryu.bro => ryu.zeek} | 0 .../openflow/{types.bro => types.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../{cluster.bro => cluster.zeek} | 0 .../packet-filter/{main.bro => main.zeek} | 0 .../{netstats.bro => netstats.zeek} | 0 .../packet-filter/{utils.bro => utils.zeek} | 0 .../reporter/{__load__.bro => __load__.zeek} | 0 .../reporter/{main.bro => main.zeek} | 2 +- .../{__load__.bro => __load__.zeek} | 0 .../signatures/{main.bro => main.zeek} | 0 .../software/{__load__.bro => __load__.zeek} | 0 .../software/{main.bro => main.zeek} | 0 .../sumstats/{__load__.bro => __load__.zeek} | 0 .../sumstats/{cluster.bro => cluster.zeek} | 0 .../sumstats/{main.bro => main.zeek} | 0 .../{non-cluster.bro => non-cluster.zeek} | 0 .../plugins/{__load__.bro => __load__.zeek} | 0 .../plugins/{average.bro => average.zeek} | 0 .../{hll_unique.bro => hll_unique.zeek} | 0 .../sumstats/plugins/{last.bro => last.zeek} | 0 .../sumstats/plugins/{max.bro => max.zeek} | 0 .../sumstats/plugins/{min.bro => min.zeek} | 0 .../plugins/{sample.bro => sample.zeek} | 0 .../plugins/{std-dev.bro => std-dev.zeek} | 0 .../sumstats/plugins/{sum.bro => sum.zeek} | 0 .../sumstats/plugins/{topk.bro => topk.zeek} | 0 .../plugins/{unique.bro => unique.zeek} | 0 .../plugins/{variance.bro => variance.zeek} | 0 .../tunnels/{__load__.bro => __load__.zeek} | 0 .../tunnels/{main.bro => main.zeek} | 0 .../base/{init-bare.bro => init-bare.zeek} | 6 +- .../{init-default.bro => init-default.zeek} | 2 +- ...bifs.bro => init-frameworks-and-bifs.zeek} | 2 +- ...ding.bro => find-checksum-offloading.zeek} | 0 ...red-trace.bro => find-filtered-trace.zeek} | 0 .../base/misc/{version.bro => version.zeek} | 0 .../conn/{__load__.bro => __load__.zeek} | 0 .../conn/{contents.bro => contents.zeek} | 0 .../conn/{inactivity.bro => inactivity.zeek} | 0 .../protocols/conn/{main.bro => main.zeek} | 0 .../conn/{polling.bro => polling.zeek} | 0 .../conn/{thresholds.bro => thresholds.zeek} | 0 .../dce-rpc/{__load__.bro => __load__.zeek} | 0 .../dce-rpc/{consts.bro => consts.zeek} | 0 .../protocols/dce-rpc/{main.bro => main.zeek} | 0 .../dhcp/{__load__.bro => __load__.zeek} | 0 .../dhcp/{consts.bro => consts.zeek} | 0 .../protocols/dhcp/{main.bro => main.zeek} | 0 .../dnp3/{__load__.bro => __load__.zeek} | 0 .../dnp3/{consts.bro => consts.zeek} | 0 .../protocols/dnp3/{main.bro => main.zeek} | 0 .../dns/{__load__.bro => __load__.zeek} | 0 .../protocols/dns/{consts.bro => consts.zeek} | 0 .../protocols/dns/{main.bro => main.zeek} | 0 .../ftp/{__load__.bro => __load__.zeek} | 0 .../protocols/ftp/{files.bro => files.zeek} | 0 .../ftp/{gridftp.bro => gridftp.zeek} | 0 .../protocols/ftp/{info.bro => info.zeek} | 0 .../protocols/ftp/{main.bro => main.zeek} | 0 ...utils-commands.bro => utils-commands.zeek} | 0 .../protocols/ftp/{utils.bro => utils.zeek} | 0 .../http/{__load__.bro => __load__.zeek} | 0 .../http/{entities.bro => entities.zeek} | 0 .../protocols/http/{files.bro => files.zeek} | 0 .../protocols/http/{main.bro => main.zeek} | 0 .../protocols/http/{utils.bro => utils.zeek} | 0 .../imap/{__load__.bro => __load__.zeek} | 0 .../protocols/imap/{main.bro => main.zeek} | 0 .../irc/{__load__.bro => __load__.zeek} | 0 .../irc/{dcc-send.bro => dcc-send.zeek} | 0 .../protocols/irc/{files.bro => files.zeek} | 0 .../protocols/irc/{main.bro => main.zeek} | 0 .../krb/{__load__.bro => __load__.zeek} | 0 .../protocols/krb/{consts.bro => consts.zeek} | 0 .../protocols/krb/{files.bro => files.zeek} | 0 .../protocols/krb/{main.bro => main.zeek} | 0 .../modbus/{__load__.bro => __load__.zeek} | 0 .../modbus/{consts.bro => consts.zeek} | 0 .../protocols/modbus/{main.bro => main.zeek} | 0 .../mysql/{__load__.bro => __load__.zeek} | 0 .../mysql/{consts.bro => consts.zeek} | 0 .../protocols/mysql/{main.bro => main.zeek} | 0 .../ntlm/{__load__.bro => __load__.zeek} | 0 .../protocols/ntlm/{main.bro => main.zeek} | 0 .../pop3/{__load__.bro => __load__.zeek} | 0 .../radius/{__load__.bro => __load__.zeek} | 0 .../radius/{consts.bro => consts.zeek} | 0 .../protocols/radius/{main.bro => main.zeek} | 0 .../rdp/{__load__.bro => __load__.zeek} | 0 .../protocols/rdp/{consts.bro => consts.zeek} | 0 .../protocols/rdp/{main.bro => main.zeek} | 0 .../rfb/{__load__.bro => __load__.zeek} | 0 .../protocols/rfb/{main.bro => main.zeek} | 0 .../sip/{__load__.bro => __load__.zeek} | 0 .../protocols/sip/{main.bro => main.zeek} | 0 .../smb/{__load__.bro => __load__.zeek} | 0 ...nst-dos-error.bro => const-dos-error.zeek} | 0 ...nst-nt-status.bro => const-nt-status.zeek} | 0 .../protocols/smb/{consts.bro => consts.zeek} | 2 +- .../protocols/smb/{files.bro => files.zeek} | 0 .../protocols/smb/{main.bro => main.zeek} | 0 .../smb/{smb1-main.bro => smb1-main.zeek} | 0 .../smb/{smb2-main.bro => smb2-main.zeek} | 0 .../smtp/{__load__.bro => __load__.zeek} | 0 .../smtp/{entities.bro => entities.zeek} | 0 .../protocols/smtp/{files.bro => files.zeek} | 0 .../protocols/smtp/{main.bro => main.zeek} | 0 .../snmp/{__load__.bro => __load__.zeek} | 0 .../protocols/snmp/{main.bro => main.zeek} | 0 .../socks/{__load__.bro => __load__.zeek} | 0 .../socks/{consts.bro => consts.zeek} | 0 .../protocols/socks/{main.bro => main.zeek} | 0 .../ssh/{__load__.bro => __load__.zeek} | 0 .../protocols/ssh/{main.bro => main.zeek} | 0 .../ssl/{__load__.bro => __load__.zeek} | 0 .../protocols/ssl/{consts.bro => consts.zeek} | 0 .../ssl/{ct-list.bro => ct-list.zeek} | 0 .../protocols/ssl/{files.bro => files.zeek} | 0 .../protocols/ssl/{main.bro => main.zeek} | 4 +- ...zilla-ca-list.bro => mozilla-ca-list.zeek} | 0 .../syslog/{__load__.bro => __load__.zeek} | 0 .../syslog/{consts.bro => consts.zeek} | 0 .../protocols/syslog/{main.bro => main.zeek} | 0 .../tunnels/{__load__.bro => __load__.zeek} | 0 .../xmpp/{__load__.bro => __load__.zeek} | 0 .../protocols/xmpp/{main.bro => main.zeek} | 0 .../{active-http.bro => active-http.zeek} | 0 scripts/base/utils/{addrs.bro => addrs.zeek} | 0 .../utils/{conn-ids.bro => conn-ids.zeek} | 0 scripts/base/utils/{dir.bro => dir.zeek} | 0 ...nd-hosts.bro => directions-and-hosts.zeek} | 0 scripts/base/utils/{email.bro => email.zeek} | 0 scripts/base/utils/{exec.bro => exec.zeek} | 0 scripts/base/utils/{files.bro => files.zeek} | 0 ...geoip-distance.bro => geoip-distance.zeek} | 0 .../utils/{hash_hrw.bro => hash_hrw.zeek} | 0 scripts/base/utils/{json.bro => json.zeek} | 0 .../base/utils/{numbers.bro => numbers.zeek} | 0 scripts/base/utils/{paths.bro => paths.zeek} | 0 .../utils/{patterns.bro => patterns.zeek} | 0 scripts/base/utils/{queue.bro => queue.zeek} | 0 scripts/base/utils/{site.bro => site.zeek} | 0 .../base/utils/{strings.bro => strings.zeek} | 0 .../utils/{thresholds.bro => thresholds.zeek} | 0 scripts/base/utils/{time.bro => time.zeek} | 0 scripts/base/utils/{urls.bro => urls.zeek} | 0 scripts/broxygen/__load__.bro | 17 --- scripts/broxygen/__load__.zeek | 17 +++ .../broxygen/{example.bro => example.zeek} | 0 .../x509/{log-ocsp.bro => log-ocsp.zeek} | 0 .../{controllee.bro => controllee.zeek} | 0 .../{controller.bro => controller.zeek} | 0 ...ct-protocols.bro => detect-protocols.zeek} | 0 ...ogging.bro => packet-segment-logging.zeek} | 0 .../files/{detect-MHR.bro => detect-MHR.zeek} | 0 ...-files.bro => entropy-test-all-files.zeek} | 0 ...t-all-files.bro => extract-all-files.zeek} | 0 ...hash-all-files.bro => hash-all-files.zeek} | 0 .../intel/{do_expire.bro => do_expire.zeek} | 0 .../intel/{do_notice.bro => do_notice.zeek} | 0 .../intel/{removal.bro => removal.zeek} | 0 .../seen/{__load__.bro => __load__.zeek} | 0 ...-established.bro => conn-established.zeek} | 0 .../intel/seen/{dns.bro => dns.zeek} | 0 .../{file-hashes.bro => file-hashes.zeek} | 0 .../seen/{file-names.bro => file-names.zeek} | 0 .../{http-headers.bro => http-headers.zeek} | 0 .../seen/{http-url.bro => http-url.zeek} | 0 .../{pubkey-hashes.bro => pubkey-hashes.zeek} | 0 .../{smb-filenames.bro => smb-filenames.zeek} | 0 ...xtraction.bro => smtp-url-extraction.zeek} | 0 .../intel/seen/{smtp.bro => smtp.zeek} | 0 .../intel/seen/{ssl.bro => ssl.zeek} | 0 ...ere-locations.bro => where-locations.zeek} | 0 .../intel/seen/{x509.bro => x509.zeek} | 0 .../intel/{whitelist.bro => whitelist.zeek} | 0 .../notice/{__load__.bro => __load__.zeek} | 0 .../{hostnames.bro => hostnames.zeek} | 0 .../packet-filter/{shunt.bro => shunt.zeek} | 0 ...rsion-changes.bro => version-changes.zeek} | 0 .../{vulnerable.bro => vulnerable.zeek} | 0 ...ion.bro => windows-version-detection.zeek} | 0 .../barnyard2/{__load__.bro => __load__.zeek} | 0 .../barnyard2/{main.bro => main.zeek} | 0 .../barnyard2/{types.bro => types.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../collective-intel/{main.bro => main.zeek} | 0 .../{capture-loss.bro => capture-loss.zeek} | 0 .../{__load__.bro => __load__.zeek} | 0 .../detect-traceroute/{main.bro => main.zeek} | 0 .../{dump-events.bro => dump-events.zeek} | 0 ...load-balancing.bro => load-balancing.zeek} | 0 ...loaded-scripts.bro => loaded-scripts.zeek} | 0 .../misc/{profiling.bro => profiling.zeek} | 0 scripts/policy/misc/{scan.bro => scan.zeek} | 0 scripts/policy/misc/{stats.bro => stats.zeek} | 0 ...im-trace-file.bro => trim-trace-file.zeek} | 0 .../{weird-stats.bro => weird-stats.zeek} | 0 .../{known-hosts.bro => known-hosts.zeek} | 0 ...known-services.bro => known-services.zeek} | 0 .../{mac-logging.bro => mac-logging.zeek} | 0 .../{vlan-logging.bro => vlan-logging.zeek} | 0 .../conn/{weirds.bro => weirds.zeek} | 0 ...ated_events.bro => deprecated_events.zeek} | 0 .../dhcp/{msg-orig.bro => msg-orig.zeek} | 0 .../dhcp/{software.bro => software.zeek} | 0 .../dhcp/{sub-opts.bro => sub-opts.zeek} | 0 .../dns/{auth-addl.bro => auth-addl.zeek} | 0 ...l-names.bro => detect-external-names.zeek} | 0 ...teforcing.bro => detect-bruteforcing.zeek} | 0 .../protocols/ftp/{detect.bro => detect.zeek} | 0 .../ftp/{software.bro => software.zeek} | 0 .../{detect-sqli.bro => detect-sqli.zeek} | 0 ...detect-webapps.bro => detect-webapps.zeek} | 0 .../{header-names.bro => header-names.zeek} | 0 ...gins.bro => software-browser-plugins.zeek} | 0 .../http/{software.bro => software.zeek} | 0 ...ookies.bro => var-extraction-cookies.zeek} | 0 ...action-uri.bro => var-extraction-uri.zeek} | 0 ...ticket-logging.bro => ticket-logging.zeek} | 0 ...s-slaves.bro => known-masters-slaves.zeek} | 0 .../{track-memmap.bro => track-memmap.zeek} | 0 .../mysql/{software.bro => software.zeek} | 0 .../{indicate_ssl.bro => indicate_ssl.zeek} | 0 .../smb/{__load__.bro => __load__.zeek} | 0 .../smb/{log-cmds.bro => log-cmds.zeek} | 0 .../smtp/{blocklists.bro => blocklists.zeek} | 0 ...s-orig.bro => detect-suspicious-orig.zeek} | 0 ...ties-excerpt.bro => entities-excerpt.zeek} | 0 .../smtp/{software.bro => software.zeek} | 0 ...teforcing.bro => detect-bruteforcing.zeek} | 0 .../ssh/{geo-data.bro => geo-data.zeek} | 0 ...stnames.bro => interesting-hostnames.zeek} | 0 .../ssh/{software.bro => software.zeek} | 0 ...expiring-certs.bro => expiring-certs.zeek} | 0 ...t-certs-pem.bro => extract-certs-pem.zeek} | 0 .../ssl/{heartbleed.bro => heartbleed.zeek} | 0 .../ssl/{known-certs.bro => known-certs.zeek} | 0 ...certs-only.bro => log-hostcerts-only.zeek} | 0 .../protocols/ssl/{notary.bro => notary.zeek} | 0 ...validate-certs.bro => validate-certs.zeek} | 0 .../{validate-ocsp.bro => validate-ocsp.zeek} | 0 .../{validate-sct.bro => validate-sct.zeek} | 0 .../ssl/{weak-keys.bro => weak-keys.zeek} | 0 .../tuning/{__load__.bro => __load__.zeek} | 0 .../defaults/{__load__.bro => __load__.zeek} | 0 ..._limits.bro => extracted_file_limits.zeek} | 0 ...et-fragments.bro => packet-fragments.zeek} | 0 .../defaults/{warnings.bro => warnings.zeek} | 0 .../tuning/{json-logs.bro => json-logs.zeek} | 0 ...k-all-assets.bro => track-all-assets.zeek} | 0 scripts/site/{local.bro => local.zeek} | 0 scripts/test-all-policy.bro | 113 ------------------ scripts/test-all-policy.zeek | 113 ++++++++++++++++++ src/CMakeLists.txt | 6 +- src/Type.cc | 2 +- src/broxygen/ScriptInfo.cc | 4 +- src/broxygen/ScriptInfo.h | 2 +- src/broxygen/Target.h | 2 +- src/broxygen/broxygen.bif | 2 +- src/const.bif | 2 +- src/main.cc | 6 +- src/plugin/Manager.cc | 4 +- src/reporter.bif | 2 +- src/scan.l | 4 +- src/types.bif | 2 +- src/util.h | 2 +- 357 files changed, 169 insertions(+), 169 deletions(-) rename scripts/base/files/extract/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/extract/{main.bro => main.zeek} (100%) rename scripts/base/files/hash/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/hash/{main.bro => main.zeek} (100%) rename scripts/base/files/pe/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/pe/{consts.bro => consts.zeek} (100%) rename scripts/base/files/pe/{main.bro => main.zeek} (100%) rename scripts/base/files/unified2/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/unified2/{main.bro => main.zeek} (100%) rename scripts/base/files/x509/{__load__.bro => __load__.zeek} (100%) rename scripts/base/files/x509/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/analyzer/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/analyzer/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/broker/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/broker/{log.bro => log.zeek} (100%) rename scripts/base/frameworks/broker/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/broker/{store.bro => store.zeek} (100%) rename scripts/base/frameworks/cluster/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/cluster/{main.bro => main.zeek} (98%) rename scripts/base/frameworks/cluster/nodes/{logger.bro => logger.zeek} (100%) rename scripts/base/frameworks/cluster/nodes/{manager.bro => manager.zeek} (100%) rename scripts/base/frameworks/cluster/nodes/{proxy.bro => proxy.zeek} (100%) rename scripts/base/frameworks/cluster/nodes/{worker.bro => worker.zeek} (100%) rename scripts/base/frameworks/cluster/{pools.bro => pools.zeek} (100%) rename scripts/base/frameworks/cluster/{setup-connections.bro => setup-connections.zeek} (100%) rename scripts/base/frameworks/config/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/config/{input.bro => input.zeek} (100%) rename scripts/base/frameworks/config/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/config/{weird.bro => weird.zeek} (100%) rename scripts/base/frameworks/control/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/control/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/dpd/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/dpd/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/files/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/files/magic/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/files/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/input/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/input/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/input/readers/{ascii.bro => ascii.zeek} (100%) rename scripts/base/frameworks/input/readers/{benchmark.bro => benchmark.zeek} (100%) rename scripts/base/frameworks/input/readers/{binary.bro => binary.zeek} (100%) rename scripts/base/frameworks/input/readers/{config.bro => config.zeek} (100%) rename scripts/base/frameworks/input/readers/{raw.bro => raw.zeek} (100%) rename scripts/base/frameworks/input/readers/{sqlite.bro => sqlite.zeek} (100%) rename scripts/base/frameworks/intel/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/intel/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/intel/{files.bro => files.zeek} (100%) rename scripts/base/frameworks/intel/{input.bro => input.zeek} (100%) rename scripts/base/frameworks/intel/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/logging/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/logging/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/logging/postprocessors/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/logging/postprocessors/{scp.bro => scp.zeek} (100%) rename scripts/base/frameworks/logging/postprocessors/{sftp.bro => sftp.zeek} (100%) rename scripts/base/frameworks/logging/writers/{ascii.bro => ascii.zeek} (100%) rename scripts/base/frameworks/logging/writers/{none.bro => none.zeek} (100%) rename scripts/base/frameworks/logging/writers/{sqlite.bro => sqlite.zeek} (100%) rename scripts/base/frameworks/netcontrol/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/netcontrol/{catch-and-release.bro => catch-and-release.zeek} (100%) rename scripts/base/frameworks/netcontrol/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/netcontrol/{drop.bro => drop.zeek} (100%) rename scripts/base/frameworks/netcontrol/{main.bro => main.zeek} (99%) rename scripts/base/frameworks/netcontrol/{non-cluster.bro => non-cluster.zeek} (100%) rename scripts/base/frameworks/netcontrol/{plugin.bro => plugin.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{acld.bro => acld.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{broker.bro => broker.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{debug.bro => debug.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{openflow.bro => openflow.zeek} (100%) rename scripts/base/frameworks/netcontrol/plugins/{packetfilter.bro => packetfilter.zeek} (100%) rename scripts/base/frameworks/netcontrol/{shunt.bro => shunt.zeek} (100%) rename scripts/base/frameworks/netcontrol/{types.bro => types.zeek} (100%) rename scripts/base/frameworks/notice/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/notice/actions/{add-geodata.bro => add-geodata.zeek} (100%) rename scripts/base/frameworks/notice/actions/{drop.bro => drop.zeek} (100%) rename scripts/base/frameworks/notice/actions/{email_admin.bro => email_admin.zeek} (100%) rename scripts/base/frameworks/notice/actions/{page.bro => page.zeek} (100%) rename scripts/base/frameworks/notice/actions/{pp-alarms.bro => pp-alarms.zeek} (100%) rename scripts/base/frameworks/notice/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/notice/{weird.bro => weird.zeek} (100%) rename scripts/base/frameworks/openflow/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/openflow/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/openflow/{consts.bro => consts.zeek} (100%) rename scripts/base/frameworks/openflow/{main.bro => main.zeek} (99%) rename scripts/base/frameworks/openflow/{non-cluster.bro => non-cluster.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{broker.bro => broker.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{log.bro => log.zeek} (100%) rename scripts/base/frameworks/openflow/plugins/{ryu.bro => ryu.zeek} (100%) rename scripts/base/frameworks/openflow/{types.bro => types.zeek} (100%) rename scripts/base/frameworks/packet-filter/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/packet-filter/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/packet-filter/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/packet-filter/{netstats.bro => netstats.zeek} (100%) rename scripts/base/frameworks/packet-filter/{utils.bro => utils.zeek} (100%) rename scripts/base/frameworks/reporter/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/reporter/{main.bro => main.zeek} (99%) rename scripts/base/frameworks/signatures/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/signatures/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/software/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/software/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/sumstats/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/sumstats/{cluster.bro => cluster.zeek} (100%) rename scripts/base/frameworks/sumstats/{main.bro => main.zeek} (100%) rename scripts/base/frameworks/sumstats/{non-cluster.bro => non-cluster.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{average.bro => average.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{hll_unique.bro => hll_unique.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{last.bro => last.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{max.bro => max.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{min.bro => min.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{sample.bro => sample.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{std-dev.bro => std-dev.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{sum.bro => sum.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{topk.bro => topk.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{unique.bro => unique.zeek} (100%) rename scripts/base/frameworks/sumstats/plugins/{variance.bro => variance.zeek} (100%) rename scripts/base/frameworks/tunnels/{__load__.bro => __load__.zeek} (100%) rename scripts/base/frameworks/tunnels/{main.bro => main.zeek} (100%) rename scripts/base/{init-bare.bro => init-bare.zeek} (99%) rename scripts/base/{init-default.bro => init-default.zeek} (98%) rename scripts/base/{init-frameworks-and-bifs.bro => init-frameworks-and-bifs.zeek} (86%) rename scripts/base/misc/{find-checksum-offloading.bro => find-checksum-offloading.zeek} (100%) rename scripts/base/misc/{find-filtered-trace.bro => find-filtered-trace.zeek} (100%) rename scripts/base/misc/{version.bro => version.zeek} (100%) rename scripts/base/protocols/conn/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/conn/{contents.bro => contents.zeek} (100%) rename scripts/base/protocols/conn/{inactivity.bro => inactivity.zeek} (100%) rename scripts/base/protocols/conn/{main.bro => main.zeek} (100%) rename scripts/base/protocols/conn/{polling.bro => polling.zeek} (100%) rename scripts/base/protocols/conn/{thresholds.bro => thresholds.zeek} (100%) rename scripts/base/protocols/dce-rpc/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dce-rpc/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dce-rpc/{main.bro => main.zeek} (100%) rename scripts/base/protocols/dhcp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dhcp/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dhcp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/dnp3/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dnp3/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dnp3/{main.bro => main.zeek} (100%) rename scripts/base/protocols/dns/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/dns/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/dns/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ftp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ftp/{files.bro => files.zeek} (100%) rename scripts/base/protocols/ftp/{gridftp.bro => gridftp.zeek} (100%) rename scripts/base/protocols/ftp/{info.bro => info.zeek} (100%) rename scripts/base/protocols/ftp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ftp/{utils-commands.bro => utils-commands.zeek} (100%) rename scripts/base/protocols/ftp/{utils.bro => utils.zeek} (100%) rename scripts/base/protocols/http/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/http/{entities.bro => entities.zeek} (100%) rename scripts/base/protocols/http/{files.bro => files.zeek} (100%) rename scripts/base/protocols/http/{main.bro => main.zeek} (100%) rename scripts/base/protocols/http/{utils.bro => utils.zeek} (100%) rename scripts/base/protocols/imap/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/imap/{main.bro => main.zeek} (100%) rename scripts/base/protocols/irc/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/irc/{dcc-send.bro => dcc-send.zeek} (100%) rename scripts/base/protocols/irc/{files.bro => files.zeek} (100%) rename scripts/base/protocols/irc/{main.bro => main.zeek} (100%) rename scripts/base/protocols/krb/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/krb/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/krb/{files.bro => files.zeek} (100%) rename scripts/base/protocols/krb/{main.bro => main.zeek} (100%) rename scripts/base/protocols/modbus/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/modbus/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/modbus/{main.bro => main.zeek} (100%) rename scripts/base/protocols/mysql/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/mysql/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/mysql/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ntlm/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ntlm/{main.bro => main.zeek} (100%) rename scripts/base/protocols/pop3/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/radius/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/radius/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/radius/{main.bro => main.zeek} (100%) rename scripts/base/protocols/rdp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/rdp/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/rdp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/rfb/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/rfb/{main.bro => main.zeek} (100%) rename scripts/base/protocols/sip/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/sip/{main.bro => main.zeek} (100%) rename scripts/base/protocols/smb/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/smb/{const-dos-error.bro => const-dos-error.zeek} (100%) rename scripts/base/protocols/smb/{const-nt-status.bro => const-nt-status.zeek} (100%) rename scripts/base/protocols/smb/{consts.bro => consts.zeek} (99%) rename scripts/base/protocols/smb/{files.bro => files.zeek} (100%) rename scripts/base/protocols/smb/{main.bro => main.zeek} (100%) rename scripts/base/protocols/smb/{smb1-main.bro => smb1-main.zeek} (100%) rename scripts/base/protocols/smb/{smb2-main.bro => smb2-main.zeek} (100%) rename scripts/base/protocols/smtp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/smtp/{entities.bro => entities.zeek} (100%) rename scripts/base/protocols/smtp/{files.bro => files.zeek} (100%) rename scripts/base/protocols/smtp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/snmp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/snmp/{main.bro => main.zeek} (100%) rename scripts/base/protocols/socks/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/socks/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/socks/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ssh/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ssh/{main.bro => main.zeek} (100%) rename scripts/base/protocols/ssl/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/ssl/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/ssl/{ct-list.bro => ct-list.zeek} (100%) rename scripts/base/protocols/ssl/{files.bro => files.zeek} (100%) rename scripts/base/protocols/ssl/{main.bro => main.zeek} (99%) rename scripts/base/protocols/ssl/{mozilla-ca-list.bro => mozilla-ca-list.zeek} (100%) rename scripts/base/protocols/syslog/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/syslog/{consts.bro => consts.zeek} (100%) rename scripts/base/protocols/syslog/{main.bro => main.zeek} (100%) rename scripts/base/protocols/tunnels/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/xmpp/{__load__.bro => __load__.zeek} (100%) rename scripts/base/protocols/xmpp/{main.bro => main.zeek} (100%) rename scripts/base/utils/{active-http.bro => active-http.zeek} (100%) rename scripts/base/utils/{addrs.bro => addrs.zeek} (100%) rename scripts/base/utils/{conn-ids.bro => conn-ids.zeek} (100%) rename scripts/base/utils/{dir.bro => dir.zeek} (100%) rename scripts/base/utils/{directions-and-hosts.bro => directions-and-hosts.zeek} (100%) rename scripts/base/utils/{email.bro => email.zeek} (100%) rename scripts/base/utils/{exec.bro => exec.zeek} (100%) rename scripts/base/utils/{files.bro => files.zeek} (100%) rename scripts/base/utils/{geoip-distance.bro => geoip-distance.zeek} (100%) rename scripts/base/utils/{hash_hrw.bro => hash_hrw.zeek} (100%) rename scripts/base/utils/{json.bro => json.zeek} (100%) rename scripts/base/utils/{numbers.bro => numbers.zeek} (100%) rename scripts/base/utils/{paths.bro => paths.zeek} (100%) rename scripts/base/utils/{patterns.bro => patterns.zeek} (100%) rename scripts/base/utils/{queue.bro => queue.zeek} (100%) rename scripts/base/utils/{site.bro => site.zeek} (100%) rename scripts/base/utils/{strings.bro => strings.zeek} (100%) rename scripts/base/utils/{thresholds.bro => thresholds.zeek} (100%) rename scripts/base/utils/{time.bro => time.zeek} (100%) rename scripts/base/utils/{urls.bro => urls.zeek} (100%) delete mode 100644 scripts/broxygen/__load__.bro create mode 100644 scripts/broxygen/__load__.zeek rename scripts/broxygen/{example.bro => example.zeek} (100%) rename scripts/policy/files/x509/{log-ocsp.bro => log-ocsp.zeek} (100%) rename scripts/policy/frameworks/control/{controllee.bro => controllee.zeek} (100%) rename scripts/policy/frameworks/control/{controller.bro => controller.zeek} (100%) rename scripts/policy/frameworks/dpd/{detect-protocols.bro => detect-protocols.zeek} (100%) rename scripts/policy/frameworks/dpd/{packet-segment-logging.bro => packet-segment-logging.zeek} (100%) rename scripts/policy/frameworks/files/{detect-MHR.bro => detect-MHR.zeek} (100%) rename scripts/policy/frameworks/files/{entropy-test-all-files.bro => entropy-test-all-files.zeek} (100%) rename scripts/policy/frameworks/files/{extract-all-files.bro => extract-all-files.zeek} (100%) rename scripts/policy/frameworks/files/{hash-all-files.bro => hash-all-files.zeek} (100%) rename scripts/policy/frameworks/intel/{do_expire.bro => do_expire.zeek} (100%) rename scripts/policy/frameworks/intel/{do_notice.bro => do_notice.zeek} (100%) rename scripts/policy/frameworks/intel/{removal.bro => removal.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{conn-established.bro => conn-established.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{dns.bro => dns.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{file-hashes.bro => file-hashes.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{file-names.bro => file-names.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{http-headers.bro => http-headers.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{http-url.bro => http-url.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{pubkey-hashes.bro => pubkey-hashes.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{smb-filenames.bro => smb-filenames.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{smtp-url-extraction.bro => smtp-url-extraction.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{smtp.bro => smtp.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{ssl.bro => ssl.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{where-locations.bro => where-locations.zeek} (100%) rename scripts/policy/frameworks/intel/seen/{x509.bro => x509.zeek} (100%) rename scripts/policy/frameworks/intel/{whitelist.bro => whitelist.zeek} (100%) rename scripts/policy/frameworks/notice/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/frameworks/notice/extend-email/{hostnames.bro => hostnames.zeek} (100%) rename scripts/policy/frameworks/packet-filter/{shunt.bro => shunt.zeek} (100%) rename scripts/policy/frameworks/software/{version-changes.bro => version-changes.zeek} (100%) rename scripts/policy/frameworks/software/{vulnerable.bro => vulnerable.zeek} (100%) rename scripts/policy/frameworks/software/{windows-version-detection.bro => windows-version-detection.zeek} (100%) rename scripts/policy/integration/barnyard2/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/integration/barnyard2/{main.bro => main.zeek} (100%) rename scripts/policy/integration/barnyard2/{types.bro => types.zeek} (100%) rename scripts/policy/integration/collective-intel/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/integration/collective-intel/{main.bro => main.zeek} (100%) rename scripts/policy/misc/{capture-loss.bro => capture-loss.zeek} (100%) rename scripts/policy/misc/detect-traceroute/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/misc/detect-traceroute/{main.bro => main.zeek} (100%) rename scripts/policy/misc/{dump-events.bro => dump-events.zeek} (100%) rename scripts/policy/misc/{load-balancing.bro => load-balancing.zeek} (100%) rename scripts/policy/misc/{loaded-scripts.bro => loaded-scripts.zeek} (100%) rename scripts/policy/misc/{profiling.bro => profiling.zeek} (100%) rename scripts/policy/misc/{scan.bro => scan.zeek} (100%) rename scripts/policy/misc/{stats.bro => stats.zeek} (100%) rename scripts/policy/misc/{trim-trace-file.bro => trim-trace-file.zeek} (100%) rename scripts/policy/misc/{weird-stats.bro => weird-stats.zeek} (100%) rename scripts/policy/protocols/conn/{known-hosts.bro => known-hosts.zeek} (100%) rename scripts/policy/protocols/conn/{known-services.bro => known-services.zeek} (100%) rename scripts/policy/protocols/conn/{mac-logging.bro => mac-logging.zeek} (100%) rename scripts/policy/protocols/conn/{vlan-logging.bro => vlan-logging.zeek} (100%) rename scripts/policy/protocols/conn/{weirds.bro => weirds.zeek} (100%) rename scripts/policy/protocols/dhcp/{deprecated_events.bro => deprecated_events.zeek} (100%) rename scripts/policy/protocols/dhcp/{msg-orig.bro => msg-orig.zeek} (100%) rename scripts/policy/protocols/dhcp/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/dhcp/{sub-opts.bro => sub-opts.zeek} (100%) rename scripts/policy/protocols/dns/{auth-addl.bro => auth-addl.zeek} (100%) rename scripts/policy/protocols/dns/{detect-external-names.bro => detect-external-names.zeek} (100%) rename scripts/policy/protocols/ftp/{detect-bruteforcing.bro => detect-bruteforcing.zeek} (100%) rename scripts/policy/protocols/ftp/{detect.bro => detect.zeek} (100%) rename scripts/policy/protocols/ftp/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/http/{detect-sqli.bro => detect-sqli.zeek} (100%) rename scripts/policy/protocols/http/{detect-webapps.bro => detect-webapps.zeek} (100%) rename scripts/policy/protocols/http/{header-names.bro => header-names.zeek} (100%) rename scripts/policy/protocols/http/{software-browser-plugins.bro => software-browser-plugins.zeek} (100%) rename scripts/policy/protocols/http/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/http/{var-extraction-cookies.bro => var-extraction-cookies.zeek} (100%) rename scripts/policy/protocols/http/{var-extraction-uri.bro => var-extraction-uri.zeek} (100%) rename scripts/policy/protocols/krb/{ticket-logging.bro => ticket-logging.zeek} (100%) rename scripts/policy/protocols/modbus/{known-masters-slaves.bro => known-masters-slaves.zeek} (100%) rename scripts/policy/protocols/modbus/{track-memmap.bro => track-memmap.zeek} (100%) rename scripts/policy/protocols/mysql/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/rdp/{indicate_ssl.bro => indicate_ssl.zeek} (100%) rename scripts/policy/protocols/smb/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/protocols/smb/{log-cmds.bro => log-cmds.zeek} (100%) rename scripts/policy/protocols/smtp/{blocklists.bro => blocklists.zeek} (100%) rename scripts/policy/protocols/smtp/{detect-suspicious-orig.bro => detect-suspicious-orig.zeek} (100%) rename scripts/policy/protocols/smtp/{entities-excerpt.bro => entities-excerpt.zeek} (100%) rename scripts/policy/protocols/smtp/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/ssh/{detect-bruteforcing.bro => detect-bruteforcing.zeek} (100%) rename scripts/policy/protocols/ssh/{geo-data.bro => geo-data.zeek} (100%) rename scripts/policy/protocols/ssh/{interesting-hostnames.bro => interesting-hostnames.zeek} (100%) rename scripts/policy/protocols/ssh/{software.bro => software.zeek} (100%) rename scripts/policy/protocols/ssl/{expiring-certs.bro => expiring-certs.zeek} (100%) rename scripts/policy/protocols/ssl/{extract-certs-pem.bro => extract-certs-pem.zeek} (100%) rename scripts/policy/protocols/ssl/{heartbleed.bro => heartbleed.zeek} (100%) rename scripts/policy/protocols/ssl/{known-certs.bro => known-certs.zeek} (100%) rename scripts/policy/protocols/ssl/{log-hostcerts-only.bro => log-hostcerts-only.zeek} (100%) rename scripts/policy/protocols/ssl/{notary.bro => notary.zeek} (100%) rename scripts/policy/protocols/ssl/{validate-certs.bro => validate-certs.zeek} (100%) rename scripts/policy/protocols/ssl/{validate-ocsp.bro => validate-ocsp.zeek} (100%) rename scripts/policy/protocols/ssl/{validate-sct.bro => validate-sct.zeek} (100%) rename scripts/policy/protocols/ssl/{weak-keys.bro => weak-keys.zeek} (100%) rename scripts/policy/tuning/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/tuning/defaults/{__load__.bro => __load__.zeek} (100%) rename scripts/policy/tuning/defaults/{extracted_file_limits.bro => extracted_file_limits.zeek} (100%) rename scripts/policy/tuning/defaults/{packet-fragments.bro => packet-fragments.zeek} (100%) rename scripts/policy/tuning/defaults/{warnings.bro => warnings.zeek} (100%) rename scripts/policy/tuning/{json-logs.bro => json-logs.zeek} (100%) rename scripts/policy/tuning/{track-all-assets.bro => track-all-assets.zeek} (100%) rename scripts/site/{local.bro => local.zeek} (100%) delete mode 100644 scripts/test-all-policy.bro create mode 100644 scripts/test-all-policy.zeek diff --git a/scripts/CMakeLists.txt b/scripts/CMakeLists.txt index 96c682871a..189c9b9df8 100644 --- a/scripts/CMakeLists.txt +++ b/scripts/CMakeLists.txt @@ -2,8 +2,8 @@ include(InstallPackageConfigFile) install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING PATTERN "site/local*" EXCLUDE - PATTERN "test-all-policy.bro" EXCLUDE - PATTERN "*.bro" + PATTERN "test-all-policy.zeek" EXCLUDE + PATTERN "*.zeek" PATTERN "*.sig" PATTERN "*.fp" ) @@ -11,6 +11,6 @@ install(DIRECTORY ./ DESTINATION ${BRO_SCRIPT_INSTALL_PATH} FILES_MATCHING # Install all local* scripts as config files since they are meant to be # user modify-able. InstallPackageConfigFile( - ${CMAKE_CURRENT_SOURCE_DIR}/site/local.bro + ${CMAKE_CURRENT_SOURCE_DIR}/site/local.zeek ${BRO_SCRIPT_INSTALL_PATH}/site - local.bro) + local.zeek) diff --git a/scripts/base/files/extract/__load__.bro b/scripts/base/files/extract/__load__.zeek similarity index 100% rename from scripts/base/files/extract/__load__.bro rename to scripts/base/files/extract/__load__.zeek diff --git a/scripts/base/files/extract/main.bro b/scripts/base/files/extract/main.zeek similarity index 100% rename from scripts/base/files/extract/main.bro rename to scripts/base/files/extract/main.zeek diff --git a/scripts/base/files/hash/__load__.bro b/scripts/base/files/hash/__load__.zeek similarity index 100% rename from scripts/base/files/hash/__load__.bro rename to scripts/base/files/hash/__load__.zeek diff --git a/scripts/base/files/hash/main.bro b/scripts/base/files/hash/main.zeek similarity index 100% rename from scripts/base/files/hash/main.bro rename to scripts/base/files/hash/main.zeek diff --git a/scripts/base/files/pe/__load__.bro b/scripts/base/files/pe/__load__.zeek similarity index 100% rename from scripts/base/files/pe/__load__.bro rename to scripts/base/files/pe/__load__.zeek diff --git a/scripts/base/files/pe/consts.bro b/scripts/base/files/pe/consts.zeek similarity index 100% rename from scripts/base/files/pe/consts.bro rename to scripts/base/files/pe/consts.zeek diff --git a/scripts/base/files/pe/main.bro b/scripts/base/files/pe/main.zeek similarity index 100% rename from scripts/base/files/pe/main.bro rename to scripts/base/files/pe/main.zeek diff --git a/scripts/base/files/unified2/__load__.bro b/scripts/base/files/unified2/__load__.zeek similarity index 100% rename from scripts/base/files/unified2/__load__.bro rename to scripts/base/files/unified2/__load__.zeek diff --git a/scripts/base/files/unified2/main.bro b/scripts/base/files/unified2/main.zeek similarity index 100% rename from scripts/base/files/unified2/main.bro rename to scripts/base/files/unified2/main.zeek diff --git a/scripts/base/files/x509/__load__.bro b/scripts/base/files/x509/__load__.zeek similarity index 100% rename from scripts/base/files/x509/__load__.bro rename to scripts/base/files/x509/__load__.zeek diff --git a/scripts/base/files/x509/main.bro b/scripts/base/files/x509/main.zeek similarity index 100% rename from scripts/base/files/x509/main.bro rename to scripts/base/files/x509/main.zeek diff --git a/scripts/base/frameworks/analyzer/__load__.bro b/scripts/base/frameworks/analyzer/__load__.zeek similarity index 100% rename from scripts/base/frameworks/analyzer/__load__.bro rename to scripts/base/frameworks/analyzer/__load__.zeek diff --git a/scripts/base/frameworks/analyzer/main.bro b/scripts/base/frameworks/analyzer/main.zeek similarity index 100% rename from scripts/base/frameworks/analyzer/main.bro rename to scripts/base/frameworks/analyzer/main.zeek diff --git a/scripts/base/frameworks/broker/__load__.bro b/scripts/base/frameworks/broker/__load__.zeek similarity index 100% rename from scripts/base/frameworks/broker/__load__.bro rename to scripts/base/frameworks/broker/__load__.zeek diff --git a/scripts/base/frameworks/broker/log.bro b/scripts/base/frameworks/broker/log.zeek similarity index 100% rename from scripts/base/frameworks/broker/log.bro rename to scripts/base/frameworks/broker/log.zeek diff --git a/scripts/base/frameworks/broker/main.bro b/scripts/base/frameworks/broker/main.zeek similarity index 100% rename from scripts/base/frameworks/broker/main.bro rename to scripts/base/frameworks/broker/main.zeek diff --git a/scripts/base/frameworks/broker/store.bro b/scripts/base/frameworks/broker/store.zeek similarity index 100% rename from scripts/base/frameworks/broker/store.bro rename to scripts/base/frameworks/broker/store.zeek diff --git a/scripts/base/frameworks/cluster/__load__.bro b/scripts/base/frameworks/cluster/__load__.zeek similarity index 100% rename from scripts/base/frameworks/cluster/__load__.bro rename to scripts/base/frameworks/cluster/__load__.zeek diff --git a/scripts/base/frameworks/cluster/main.bro b/scripts/base/frameworks/cluster/main.zeek similarity index 98% rename from scripts/base/frameworks/cluster/main.bro rename to scripts/base/frameworks/cluster/main.zeek index 2d492454d4..2cb0401eea 100644 --- a/scripts/base/frameworks/cluster/main.bro +++ b/scripts/base/frameworks/cluster/main.zeek @@ -1,6 +1,6 @@ ##! A framework for establishing and controlling a cluster of Bro instances. ##! In order to use the cluster framework, a script named -##! ``cluster-layout.bro`` must exist somewhere in Bro's script search path +##! ``cluster-layout.zeek`` must exist somewhere in Bro's script search path ##! which has a cluster definition of the :bro:id:`Cluster::nodes` variable. ##! The ``CLUSTER_NODE`` environment variable or :bro:id:`Cluster::node` ##! must also be sent and the cluster framework loaded as a package like @@ -192,7 +192,7 @@ export { global worker_count: count = 0; ## The cluster layout definition. This should be placed into a filter - ## named cluster-layout.bro somewhere in the BROPATH. It will be + ## named cluster-layout.zeek somewhere in the BROPATH. It will be ## automatically loaded if the CLUSTER_NODE environment variable is set. ## Note that BroControl handles all of this automatically. ## The table is typically indexed by node names/labels (e.g. "manager" @@ -200,7 +200,7 @@ export { const nodes: table[string] of Node = {} &redef; ## Indicates whether or not the manager will act as the logger and receive - ## logs. This value should be set in the cluster-layout.bro script (the + ## logs. This value should be set in the cluster-layout.zeek script (the ## value should be true only if no logger is specified in Cluster::nodes). ## Note that BroControl handles this automatically. const manager_is_logger = T &redef; diff --git a/scripts/base/frameworks/cluster/nodes/logger.bro b/scripts/base/frameworks/cluster/nodes/logger.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/logger.bro rename to scripts/base/frameworks/cluster/nodes/logger.zeek diff --git a/scripts/base/frameworks/cluster/nodes/manager.bro b/scripts/base/frameworks/cluster/nodes/manager.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/manager.bro rename to scripts/base/frameworks/cluster/nodes/manager.zeek diff --git a/scripts/base/frameworks/cluster/nodes/proxy.bro b/scripts/base/frameworks/cluster/nodes/proxy.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/proxy.bro rename to scripts/base/frameworks/cluster/nodes/proxy.zeek diff --git a/scripts/base/frameworks/cluster/nodes/worker.bro b/scripts/base/frameworks/cluster/nodes/worker.zeek similarity index 100% rename from scripts/base/frameworks/cluster/nodes/worker.bro rename to scripts/base/frameworks/cluster/nodes/worker.zeek diff --git a/scripts/base/frameworks/cluster/pools.bro b/scripts/base/frameworks/cluster/pools.zeek similarity index 100% rename from scripts/base/frameworks/cluster/pools.bro rename to scripts/base/frameworks/cluster/pools.zeek diff --git a/scripts/base/frameworks/cluster/setup-connections.bro b/scripts/base/frameworks/cluster/setup-connections.zeek similarity index 100% rename from scripts/base/frameworks/cluster/setup-connections.bro rename to scripts/base/frameworks/cluster/setup-connections.zeek diff --git a/scripts/base/frameworks/config/__load__.bro b/scripts/base/frameworks/config/__load__.zeek similarity index 100% rename from scripts/base/frameworks/config/__load__.bro rename to scripts/base/frameworks/config/__load__.zeek diff --git a/scripts/base/frameworks/config/input.bro b/scripts/base/frameworks/config/input.zeek similarity index 100% rename from scripts/base/frameworks/config/input.bro rename to scripts/base/frameworks/config/input.zeek diff --git a/scripts/base/frameworks/config/main.bro b/scripts/base/frameworks/config/main.zeek similarity index 100% rename from scripts/base/frameworks/config/main.bro rename to scripts/base/frameworks/config/main.zeek diff --git a/scripts/base/frameworks/config/weird.bro b/scripts/base/frameworks/config/weird.zeek similarity index 100% rename from scripts/base/frameworks/config/weird.bro rename to scripts/base/frameworks/config/weird.zeek diff --git a/scripts/base/frameworks/control/__load__.bro b/scripts/base/frameworks/control/__load__.zeek similarity index 100% rename from scripts/base/frameworks/control/__load__.bro rename to scripts/base/frameworks/control/__load__.zeek diff --git a/scripts/base/frameworks/control/main.bro b/scripts/base/frameworks/control/main.zeek similarity index 100% rename from scripts/base/frameworks/control/main.bro rename to scripts/base/frameworks/control/main.zeek diff --git a/scripts/base/frameworks/dpd/__load__.bro b/scripts/base/frameworks/dpd/__load__.zeek similarity index 100% rename from scripts/base/frameworks/dpd/__load__.bro rename to scripts/base/frameworks/dpd/__load__.zeek diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.zeek similarity index 100% rename from scripts/base/frameworks/dpd/main.bro rename to scripts/base/frameworks/dpd/main.zeek diff --git a/scripts/base/frameworks/files/__load__.bro b/scripts/base/frameworks/files/__load__.zeek similarity index 100% rename from scripts/base/frameworks/files/__load__.bro rename to scripts/base/frameworks/files/__load__.zeek diff --git a/scripts/base/frameworks/files/magic/__load__.bro b/scripts/base/frameworks/files/magic/__load__.zeek similarity index 100% rename from scripts/base/frameworks/files/magic/__load__.bro rename to scripts/base/frameworks/files/magic/__load__.zeek diff --git a/scripts/base/frameworks/files/main.bro b/scripts/base/frameworks/files/main.zeek similarity index 100% rename from scripts/base/frameworks/files/main.bro rename to scripts/base/frameworks/files/main.zeek diff --git a/scripts/base/frameworks/input/__load__.bro b/scripts/base/frameworks/input/__load__.zeek similarity index 100% rename from scripts/base/frameworks/input/__load__.bro rename to scripts/base/frameworks/input/__load__.zeek diff --git a/scripts/base/frameworks/input/main.bro b/scripts/base/frameworks/input/main.zeek similarity index 100% rename from scripts/base/frameworks/input/main.bro rename to scripts/base/frameworks/input/main.zeek diff --git a/scripts/base/frameworks/input/readers/ascii.bro b/scripts/base/frameworks/input/readers/ascii.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/ascii.bro rename to scripts/base/frameworks/input/readers/ascii.zeek diff --git a/scripts/base/frameworks/input/readers/benchmark.bro b/scripts/base/frameworks/input/readers/benchmark.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/benchmark.bro rename to scripts/base/frameworks/input/readers/benchmark.zeek diff --git a/scripts/base/frameworks/input/readers/binary.bro b/scripts/base/frameworks/input/readers/binary.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/binary.bro rename to scripts/base/frameworks/input/readers/binary.zeek diff --git a/scripts/base/frameworks/input/readers/config.bro b/scripts/base/frameworks/input/readers/config.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/config.bro rename to scripts/base/frameworks/input/readers/config.zeek diff --git a/scripts/base/frameworks/input/readers/raw.bro b/scripts/base/frameworks/input/readers/raw.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/raw.bro rename to scripts/base/frameworks/input/readers/raw.zeek diff --git a/scripts/base/frameworks/input/readers/sqlite.bro b/scripts/base/frameworks/input/readers/sqlite.zeek similarity index 100% rename from scripts/base/frameworks/input/readers/sqlite.bro rename to scripts/base/frameworks/input/readers/sqlite.zeek diff --git a/scripts/base/frameworks/intel/__load__.bro b/scripts/base/frameworks/intel/__load__.zeek similarity index 100% rename from scripts/base/frameworks/intel/__load__.bro rename to scripts/base/frameworks/intel/__load__.zeek diff --git a/scripts/base/frameworks/intel/cluster.bro b/scripts/base/frameworks/intel/cluster.zeek similarity index 100% rename from scripts/base/frameworks/intel/cluster.bro rename to scripts/base/frameworks/intel/cluster.zeek diff --git a/scripts/base/frameworks/intel/files.bro b/scripts/base/frameworks/intel/files.zeek similarity index 100% rename from scripts/base/frameworks/intel/files.bro rename to scripts/base/frameworks/intel/files.zeek diff --git a/scripts/base/frameworks/intel/input.bro b/scripts/base/frameworks/intel/input.zeek similarity index 100% rename from scripts/base/frameworks/intel/input.bro rename to scripts/base/frameworks/intel/input.zeek diff --git a/scripts/base/frameworks/intel/main.bro b/scripts/base/frameworks/intel/main.zeek similarity index 100% rename from scripts/base/frameworks/intel/main.bro rename to scripts/base/frameworks/intel/main.zeek diff --git a/scripts/base/frameworks/logging/__load__.bro b/scripts/base/frameworks/logging/__load__.zeek similarity index 100% rename from scripts/base/frameworks/logging/__load__.bro rename to scripts/base/frameworks/logging/__load__.zeek diff --git a/scripts/base/frameworks/logging/main.bro b/scripts/base/frameworks/logging/main.zeek similarity index 100% rename from scripts/base/frameworks/logging/main.bro rename to scripts/base/frameworks/logging/main.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/__load__.bro b/scripts/base/frameworks/logging/postprocessors/__load__.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/__load__.bro rename to scripts/base/frameworks/logging/postprocessors/__load__.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/scp.bro b/scripts/base/frameworks/logging/postprocessors/scp.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/scp.bro rename to scripts/base/frameworks/logging/postprocessors/scp.zeek diff --git a/scripts/base/frameworks/logging/postprocessors/sftp.bro b/scripts/base/frameworks/logging/postprocessors/sftp.zeek similarity index 100% rename from scripts/base/frameworks/logging/postprocessors/sftp.bro rename to scripts/base/frameworks/logging/postprocessors/sftp.zeek diff --git a/scripts/base/frameworks/logging/writers/ascii.bro b/scripts/base/frameworks/logging/writers/ascii.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/ascii.bro rename to scripts/base/frameworks/logging/writers/ascii.zeek diff --git a/scripts/base/frameworks/logging/writers/none.bro b/scripts/base/frameworks/logging/writers/none.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/none.bro rename to scripts/base/frameworks/logging/writers/none.zeek diff --git a/scripts/base/frameworks/logging/writers/sqlite.bro b/scripts/base/frameworks/logging/writers/sqlite.zeek similarity index 100% rename from scripts/base/frameworks/logging/writers/sqlite.bro rename to scripts/base/frameworks/logging/writers/sqlite.zeek diff --git a/scripts/base/frameworks/netcontrol/__load__.bro b/scripts/base/frameworks/netcontrol/__load__.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/__load__.bro rename to scripts/base/frameworks/netcontrol/__load__.zeek diff --git a/scripts/base/frameworks/netcontrol/catch-and-release.bro b/scripts/base/frameworks/netcontrol/catch-and-release.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/catch-and-release.bro rename to scripts/base/frameworks/netcontrol/catch-and-release.zeek diff --git a/scripts/base/frameworks/netcontrol/cluster.bro b/scripts/base/frameworks/netcontrol/cluster.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/cluster.bro rename to scripts/base/frameworks/netcontrol/cluster.zeek diff --git a/scripts/base/frameworks/netcontrol/drop.bro b/scripts/base/frameworks/netcontrol/drop.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/drop.bro rename to scripts/base/frameworks/netcontrol/drop.zeek diff --git a/scripts/base/frameworks/netcontrol/main.bro b/scripts/base/frameworks/netcontrol/main.zeek similarity index 99% rename from scripts/base/frameworks/netcontrol/main.bro rename to scripts/base/frameworks/netcontrol/main.zeek index a9418508af..110a0488dd 100644 --- a/scripts/base/frameworks/netcontrol/main.bro +++ b/scripts/base/frameworks/netcontrol/main.zeek @@ -43,8 +43,8 @@ export { # ### High-level API. # ### - # ### Note - other high level primitives are in catch-and-release.bro, shunt.bro and - # ### drop.bro + # ### Note - other high level primitives are in catch-and-release.zeek, + # ### shunt.zeek and drop.zeek ## Allows all traffic involving a specific IP address to be forwarded. ## diff --git a/scripts/base/frameworks/netcontrol/non-cluster.bro b/scripts/base/frameworks/netcontrol/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/non-cluster.bro rename to scripts/base/frameworks/netcontrol/non-cluster.zeek diff --git a/scripts/base/frameworks/netcontrol/plugin.bro b/scripts/base/frameworks/netcontrol/plugin.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugin.bro rename to scripts/base/frameworks/netcontrol/plugin.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/__load__.bro b/scripts/base/frameworks/netcontrol/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/__load__.bro rename to scripts/base/frameworks/netcontrol/plugins/__load__.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/acld.bro b/scripts/base/frameworks/netcontrol/plugins/acld.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/acld.bro rename to scripts/base/frameworks/netcontrol/plugins/acld.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/broker.bro b/scripts/base/frameworks/netcontrol/plugins/broker.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/broker.bro rename to scripts/base/frameworks/netcontrol/plugins/broker.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/debug.bro b/scripts/base/frameworks/netcontrol/plugins/debug.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/debug.bro rename to scripts/base/frameworks/netcontrol/plugins/debug.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/openflow.bro b/scripts/base/frameworks/netcontrol/plugins/openflow.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/openflow.bro rename to scripts/base/frameworks/netcontrol/plugins/openflow.zeek diff --git a/scripts/base/frameworks/netcontrol/plugins/packetfilter.bro b/scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/plugins/packetfilter.bro rename to scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek diff --git a/scripts/base/frameworks/netcontrol/shunt.bro b/scripts/base/frameworks/netcontrol/shunt.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/shunt.bro rename to scripts/base/frameworks/netcontrol/shunt.zeek diff --git a/scripts/base/frameworks/netcontrol/types.bro b/scripts/base/frameworks/netcontrol/types.zeek similarity index 100% rename from scripts/base/frameworks/netcontrol/types.bro rename to scripts/base/frameworks/netcontrol/types.zeek diff --git a/scripts/base/frameworks/notice/__load__.bro b/scripts/base/frameworks/notice/__load__.zeek similarity index 100% rename from scripts/base/frameworks/notice/__load__.bro rename to scripts/base/frameworks/notice/__load__.zeek diff --git a/scripts/base/frameworks/notice/actions/add-geodata.bro b/scripts/base/frameworks/notice/actions/add-geodata.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/add-geodata.bro rename to scripts/base/frameworks/notice/actions/add-geodata.zeek diff --git a/scripts/base/frameworks/notice/actions/drop.bro b/scripts/base/frameworks/notice/actions/drop.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/drop.bro rename to scripts/base/frameworks/notice/actions/drop.zeek diff --git a/scripts/base/frameworks/notice/actions/email_admin.bro b/scripts/base/frameworks/notice/actions/email_admin.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/email_admin.bro rename to scripts/base/frameworks/notice/actions/email_admin.zeek diff --git a/scripts/base/frameworks/notice/actions/page.bro b/scripts/base/frameworks/notice/actions/page.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/page.bro rename to scripts/base/frameworks/notice/actions/page.zeek diff --git a/scripts/base/frameworks/notice/actions/pp-alarms.bro b/scripts/base/frameworks/notice/actions/pp-alarms.zeek similarity index 100% rename from scripts/base/frameworks/notice/actions/pp-alarms.bro rename to scripts/base/frameworks/notice/actions/pp-alarms.zeek diff --git a/scripts/base/frameworks/notice/main.bro b/scripts/base/frameworks/notice/main.zeek similarity index 100% rename from scripts/base/frameworks/notice/main.bro rename to scripts/base/frameworks/notice/main.zeek diff --git a/scripts/base/frameworks/notice/weird.bro b/scripts/base/frameworks/notice/weird.zeek similarity index 100% rename from scripts/base/frameworks/notice/weird.bro rename to scripts/base/frameworks/notice/weird.zeek diff --git a/scripts/base/frameworks/openflow/__load__.bro b/scripts/base/frameworks/openflow/__load__.zeek similarity index 100% rename from scripts/base/frameworks/openflow/__load__.bro rename to scripts/base/frameworks/openflow/__load__.zeek diff --git a/scripts/base/frameworks/openflow/cluster.bro b/scripts/base/frameworks/openflow/cluster.zeek similarity index 100% rename from scripts/base/frameworks/openflow/cluster.bro rename to scripts/base/frameworks/openflow/cluster.zeek diff --git a/scripts/base/frameworks/openflow/consts.bro b/scripts/base/frameworks/openflow/consts.zeek similarity index 100% rename from scripts/base/frameworks/openflow/consts.bro rename to scripts/base/frameworks/openflow/consts.zeek diff --git a/scripts/base/frameworks/openflow/main.bro b/scripts/base/frameworks/openflow/main.zeek similarity index 99% rename from scripts/base/frameworks/openflow/main.bro rename to scripts/base/frameworks/openflow/main.zeek index 5740e90056..ecddea7cb3 100644 --- a/scripts/base/frameworks/openflow/main.bro +++ b/scripts/base/frameworks/openflow/main.zeek @@ -251,7 +251,7 @@ function controller_init_done(controller: Controller) event OpenFlow::controller_activated(controller$state$_name, controller); } -# Functions that are called from cluster.bro and non-cluster.bro +# Functions that are called from cluster.zeek and non-cluster.zeek function register_controller_impl(tpe: OpenFlow::Plugin, name: string, controller: Controller) { diff --git a/scripts/base/frameworks/openflow/non-cluster.bro b/scripts/base/frameworks/openflow/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/openflow/non-cluster.bro rename to scripts/base/frameworks/openflow/non-cluster.zeek diff --git a/scripts/base/frameworks/openflow/plugins/__load__.bro b/scripts/base/frameworks/openflow/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/__load__.bro rename to scripts/base/frameworks/openflow/plugins/__load__.zeek diff --git a/scripts/base/frameworks/openflow/plugins/broker.bro b/scripts/base/frameworks/openflow/plugins/broker.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/broker.bro rename to scripts/base/frameworks/openflow/plugins/broker.zeek diff --git a/scripts/base/frameworks/openflow/plugins/log.bro b/scripts/base/frameworks/openflow/plugins/log.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/log.bro rename to scripts/base/frameworks/openflow/plugins/log.zeek diff --git a/scripts/base/frameworks/openflow/plugins/ryu.bro b/scripts/base/frameworks/openflow/plugins/ryu.zeek similarity index 100% rename from scripts/base/frameworks/openflow/plugins/ryu.bro rename to scripts/base/frameworks/openflow/plugins/ryu.zeek diff --git a/scripts/base/frameworks/openflow/types.bro b/scripts/base/frameworks/openflow/types.zeek similarity index 100% rename from scripts/base/frameworks/openflow/types.bro rename to scripts/base/frameworks/openflow/types.zeek diff --git a/scripts/base/frameworks/packet-filter/__load__.bro b/scripts/base/frameworks/packet-filter/__load__.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/__load__.bro rename to scripts/base/frameworks/packet-filter/__load__.zeek diff --git a/scripts/base/frameworks/packet-filter/cluster.bro b/scripts/base/frameworks/packet-filter/cluster.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/cluster.bro rename to scripts/base/frameworks/packet-filter/cluster.zeek diff --git a/scripts/base/frameworks/packet-filter/main.bro b/scripts/base/frameworks/packet-filter/main.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/main.bro rename to scripts/base/frameworks/packet-filter/main.zeek diff --git a/scripts/base/frameworks/packet-filter/netstats.bro b/scripts/base/frameworks/packet-filter/netstats.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/netstats.bro rename to scripts/base/frameworks/packet-filter/netstats.zeek diff --git a/scripts/base/frameworks/packet-filter/utils.bro b/scripts/base/frameworks/packet-filter/utils.zeek similarity index 100% rename from scripts/base/frameworks/packet-filter/utils.bro rename to scripts/base/frameworks/packet-filter/utils.zeek diff --git a/scripts/base/frameworks/reporter/__load__.bro b/scripts/base/frameworks/reporter/__load__.zeek similarity index 100% rename from scripts/base/frameworks/reporter/__load__.bro rename to scripts/base/frameworks/reporter/__load__.zeek diff --git a/scripts/base/frameworks/reporter/main.bro b/scripts/base/frameworks/reporter/main.zeek similarity index 99% rename from scripts/base/frameworks/reporter/main.bro rename to scripts/base/frameworks/reporter/main.zeek index 8cba29bdc2..ea97048049 100644 --- a/scripts/base/frameworks/reporter/main.bro +++ b/scripts/base/frameworks/reporter/main.zeek @@ -9,7 +9,7 @@ ##! Note that this framework deals with the handling of internally generated ##! reporter messages, for the interface ##! into actually creating reporter messages from the scripting layer, use -##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif.bro`. +##! the built-in functions in :doc:`/scripts/base/bif/reporter.bif.zeek`. module Reporter; diff --git a/scripts/base/frameworks/signatures/__load__.bro b/scripts/base/frameworks/signatures/__load__.zeek similarity index 100% rename from scripts/base/frameworks/signatures/__load__.bro rename to scripts/base/frameworks/signatures/__load__.zeek diff --git a/scripts/base/frameworks/signatures/main.bro b/scripts/base/frameworks/signatures/main.zeek similarity index 100% rename from scripts/base/frameworks/signatures/main.bro rename to scripts/base/frameworks/signatures/main.zeek diff --git a/scripts/base/frameworks/software/__load__.bro b/scripts/base/frameworks/software/__load__.zeek similarity index 100% rename from scripts/base/frameworks/software/__load__.bro rename to scripts/base/frameworks/software/__load__.zeek diff --git a/scripts/base/frameworks/software/main.bro b/scripts/base/frameworks/software/main.zeek similarity index 100% rename from scripts/base/frameworks/software/main.bro rename to scripts/base/frameworks/software/main.zeek diff --git a/scripts/base/frameworks/sumstats/__load__.bro b/scripts/base/frameworks/sumstats/__load__.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/__load__.bro rename to scripts/base/frameworks/sumstats/__load__.zeek diff --git a/scripts/base/frameworks/sumstats/cluster.bro b/scripts/base/frameworks/sumstats/cluster.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/cluster.bro rename to scripts/base/frameworks/sumstats/cluster.zeek diff --git a/scripts/base/frameworks/sumstats/main.bro b/scripts/base/frameworks/sumstats/main.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/main.bro rename to scripts/base/frameworks/sumstats/main.zeek diff --git a/scripts/base/frameworks/sumstats/non-cluster.bro b/scripts/base/frameworks/sumstats/non-cluster.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/non-cluster.bro rename to scripts/base/frameworks/sumstats/non-cluster.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/__load__.bro b/scripts/base/frameworks/sumstats/plugins/__load__.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/__load__.bro rename to scripts/base/frameworks/sumstats/plugins/__load__.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/average.bro b/scripts/base/frameworks/sumstats/plugins/average.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/average.bro rename to scripts/base/frameworks/sumstats/plugins/average.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/hll_unique.bro b/scripts/base/frameworks/sumstats/plugins/hll_unique.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/hll_unique.bro rename to scripts/base/frameworks/sumstats/plugins/hll_unique.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/last.bro b/scripts/base/frameworks/sumstats/plugins/last.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/last.bro rename to scripts/base/frameworks/sumstats/plugins/last.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/max.bro b/scripts/base/frameworks/sumstats/plugins/max.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/max.bro rename to scripts/base/frameworks/sumstats/plugins/max.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/min.bro b/scripts/base/frameworks/sumstats/plugins/min.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/min.bro rename to scripts/base/frameworks/sumstats/plugins/min.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/sample.bro b/scripts/base/frameworks/sumstats/plugins/sample.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/sample.bro rename to scripts/base/frameworks/sumstats/plugins/sample.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/std-dev.bro b/scripts/base/frameworks/sumstats/plugins/std-dev.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/std-dev.bro rename to scripts/base/frameworks/sumstats/plugins/std-dev.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/sum.bro b/scripts/base/frameworks/sumstats/plugins/sum.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/sum.bro rename to scripts/base/frameworks/sumstats/plugins/sum.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/topk.bro b/scripts/base/frameworks/sumstats/plugins/topk.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/topk.bro rename to scripts/base/frameworks/sumstats/plugins/topk.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/unique.bro b/scripts/base/frameworks/sumstats/plugins/unique.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/unique.bro rename to scripts/base/frameworks/sumstats/plugins/unique.zeek diff --git a/scripts/base/frameworks/sumstats/plugins/variance.bro b/scripts/base/frameworks/sumstats/plugins/variance.zeek similarity index 100% rename from scripts/base/frameworks/sumstats/plugins/variance.bro rename to scripts/base/frameworks/sumstats/plugins/variance.zeek diff --git a/scripts/base/frameworks/tunnels/__load__.bro b/scripts/base/frameworks/tunnels/__load__.zeek similarity index 100% rename from scripts/base/frameworks/tunnels/__load__.bro rename to scripts/base/frameworks/tunnels/__load__.zeek diff --git a/scripts/base/frameworks/tunnels/main.bro b/scripts/base/frameworks/tunnels/main.zeek similarity index 100% rename from scripts/base/frameworks/tunnels/main.bro rename to scripts/base/frameworks/tunnels/main.zeek diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.zeek similarity index 99% rename from scripts/base/init-bare.bro rename to scripts/base/init-bare.zeek index 0c32cebcc5..3c1c6f98fb 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.zeek @@ -480,7 +480,7 @@ type NetStats: record { pkts_dropped: count &default=0; ##< Packets reported dropped by the system. ## Packets seen on the link. Note that this may differ ## from *pkts_recvd* because of a potential capture_filter. See - ## :doc:`/scripts/base/frameworks/packet-filter/main.bro`. Depending on the + ## :doc:`/scripts/base/frameworks/packet-filter/main.zeek`. Depending on the ## packet capture system, this value may not be available and will then ## be always set to zero. pkts_link: count &default=0; @@ -4629,13 +4629,13 @@ const log_max_size = 0.0 &redef; const log_encryption_key = "" &redef; ## Write profiling info into this file in regular intervals. The easiest way to -## activate profiling is loading :doc:`/scripts/policy/misc/profiling.bro`. +## activate profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## ## .. bro:see:: profiling_interval expensive_profiling_multiple segment_profiling global profiling_file: file &redef; ## Update interval for profiling (0 disables). The easiest way to activate -## profiling is loading :doc:`/scripts/policy/misc/profiling.bro`. +## profiling is loading :doc:`/scripts/policy/misc/profiling.zeek`. ## ## .. bro:see:: profiling_file expensive_profiling_multiple segment_profiling const profiling_interval = 0 secs &redef; diff --git a/scripts/base/init-default.bro b/scripts/base/init-default.zeek similarity index 98% rename from scripts/base/init-default.bro rename to scripts/base/init-default.zeek index 463f5c2942..6982b0b2f4 100644 --- a/scripts/base/init-default.bro +++ b/scripts/base/init-default.zeek @@ -25,7 +25,7 @@ @load base/utils/urls # This has some deep interplay between types and BiFs so it's -# loaded in base/init-bare.bro +# loaded in base/init-bare.zeek #@load base/frameworks/logging @load base/frameworks/notice @load base/frameworks/analyzer diff --git a/scripts/base/init-frameworks-and-bifs.bro b/scripts/base/init-frameworks-and-bifs.zeek similarity index 86% rename from scripts/base/init-frameworks-and-bifs.bro rename to scripts/base/init-frameworks-and-bifs.zeek index f772e2d223..19897e7ffb 100644 --- a/scripts/base/init-frameworks-and-bifs.bro +++ b/scripts/base/init-frameworks-and-bifs.zeek @@ -1,7 +1,7 @@ # Load these frameworks here because they use fairly deep integration with # BiFs and script-land defined types. They are also more likely to # make use of calling BIFs for variable initializations, and that -# can't be done until init-bare.bro has been loaded completely (hence +# can't be done until init-bare.zeek has been loaded completely (hence # the separate file). @load base/frameworks/logging @load base/frameworks/broker diff --git a/scripts/base/misc/find-checksum-offloading.bro b/scripts/base/misc/find-checksum-offloading.zeek similarity index 100% rename from scripts/base/misc/find-checksum-offloading.bro rename to scripts/base/misc/find-checksum-offloading.zeek diff --git a/scripts/base/misc/find-filtered-trace.bro b/scripts/base/misc/find-filtered-trace.zeek similarity index 100% rename from scripts/base/misc/find-filtered-trace.bro rename to scripts/base/misc/find-filtered-trace.zeek diff --git a/scripts/base/misc/version.bro b/scripts/base/misc/version.zeek similarity index 100% rename from scripts/base/misc/version.bro rename to scripts/base/misc/version.zeek diff --git a/scripts/base/protocols/conn/__load__.bro b/scripts/base/protocols/conn/__load__.zeek similarity index 100% rename from scripts/base/protocols/conn/__load__.bro rename to scripts/base/protocols/conn/__load__.zeek diff --git a/scripts/base/protocols/conn/contents.bro b/scripts/base/protocols/conn/contents.zeek similarity index 100% rename from scripts/base/protocols/conn/contents.bro rename to scripts/base/protocols/conn/contents.zeek diff --git a/scripts/base/protocols/conn/inactivity.bro b/scripts/base/protocols/conn/inactivity.zeek similarity index 100% rename from scripts/base/protocols/conn/inactivity.bro rename to scripts/base/protocols/conn/inactivity.zeek diff --git a/scripts/base/protocols/conn/main.bro b/scripts/base/protocols/conn/main.zeek similarity index 100% rename from scripts/base/protocols/conn/main.bro rename to scripts/base/protocols/conn/main.zeek diff --git a/scripts/base/protocols/conn/polling.bro b/scripts/base/protocols/conn/polling.zeek similarity index 100% rename from scripts/base/protocols/conn/polling.bro rename to scripts/base/protocols/conn/polling.zeek diff --git a/scripts/base/protocols/conn/thresholds.bro b/scripts/base/protocols/conn/thresholds.zeek similarity index 100% rename from scripts/base/protocols/conn/thresholds.bro rename to scripts/base/protocols/conn/thresholds.zeek diff --git a/scripts/base/protocols/dce-rpc/__load__.bro b/scripts/base/protocols/dce-rpc/__load__.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/__load__.bro rename to scripts/base/protocols/dce-rpc/__load__.zeek diff --git a/scripts/base/protocols/dce-rpc/consts.bro b/scripts/base/protocols/dce-rpc/consts.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/consts.bro rename to scripts/base/protocols/dce-rpc/consts.zeek diff --git a/scripts/base/protocols/dce-rpc/main.bro b/scripts/base/protocols/dce-rpc/main.zeek similarity index 100% rename from scripts/base/protocols/dce-rpc/main.bro rename to scripts/base/protocols/dce-rpc/main.zeek diff --git a/scripts/base/protocols/dhcp/__load__.bro b/scripts/base/protocols/dhcp/__load__.zeek similarity index 100% rename from scripts/base/protocols/dhcp/__load__.bro rename to scripts/base/protocols/dhcp/__load__.zeek diff --git a/scripts/base/protocols/dhcp/consts.bro b/scripts/base/protocols/dhcp/consts.zeek similarity index 100% rename from scripts/base/protocols/dhcp/consts.bro rename to scripts/base/protocols/dhcp/consts.zeek diff --git a/scripts/base/protocols/dhcp/main.bro b/scripts/base/protocols/dhcp/main.zeek similarity index 100% rename from scripts/base/protocols/dhcp/main.bro rename to scripts/base/protocols/dhcp/main.zeek diff --git a/scripts/base/protocols/dnp3/__load__.bro b/scripts/base/protocols/dnp3/__load__.zeek similarity index 100% rename from scripts/base/protocols/dnp3/__load__.bro rename to scripts/base/protocols/dnp3/__load__.zeek diff --git a/scripts/base/protocols/dnp3/consts.bro b/scripts/base/protocols/dnp3/consts.zeek similarity index 100% rename from scripts/base/protocols/dnp3/consts.bro rename to scripts/base/protocols/dnp3/consts.zeek diff --git a/scripts/base/protocols/dnp3/main.bro b/scripts/base/protocols/dnp3/main.zeek similarity index 100% rename from scripts/base/protocols/dnp3/main.bro rename to scripts/base/protocols/dnp3/main.zeek diff --git a/scripts/base/protocols/dns/__load__.bro b/scripts/base/protocols/dns/__load__.zeek similarity index 100% rename from scripts/base/protocols/dns/__load__.bro rename to scripts/base/protocols/dns/__load__.zeek diff --git a/scripts/base/protocols/dns/consts.bro b/scripts/base/protocols/dns/consts.zeek similarity index 100% rename from scripts/base/protocols/dns/consts.bro rename to scripts/base/protocols/dns/consts.zeek diff --git a/scripts/base/protocols/dns/main.bro b/scripts/base/protocols/dns/main.zeek similarity index 100% rename from scripts/base/protocols/dns/main.bro rename to scripts/base/protocols/dns/main.zeek diff --git a/scripts/base/protocols/ftp/__load__.bro b/scripts/base/protocols/ftp/__load__.zeek similarity index 100% rename from scripts/base/protocols/ftp/__load__.bro rename to scripts/base/protocols/ftp/__load__.zeek diff --git a/scripts/base/protocols/ftp/files.bro b/scripts/base/protocols/ftp/files.zeek similarity index 100% rename from scripts/base/protocols/ftp/files.bro rename to scripts/base/protocols/ftp/files.zeek diff --git a/scripts/base/protocols/ftp/gridftp.bro b/scripts/base/protocols/ftp/gridftp.zeek similarity index 100% rename from scripts/base/protocols/ftp/gridftp.bro rename to scripts/base/protocols/ftp/gridftp.zeek diff --git a/scripts/base/protocols/ftp/info.bro b/scripts/base/protocols/ftp/info.zeek similarity index 100% rename from scripts/base/protocols/ftp/info.bro rename to scripts/base/protocols/ftp/info.zeek diff --git a/scripts/base/protocols/ftp/main.bro b/scripts/base/protocols/ftp/main.zeek similarity index 100% rename from scripts/base/protocols/ftp/main.bro rename to scripts/base/protocols/ftp/main.zeek diff --git a/scripts/base/protocols/ftp/utils-commands.bro b/scripts/base/protocols/ftp/utils-commands.zeek similarity index 100% rename from scripts/base/protocols/ftp/utils-commands.bro rename to scripts/base/protocols/ftp/utils-commands.zeek diff --git a/scripts/base/protocols/ftp/utils.bro b/scripts/base/protocols/ftp/utils.zeek similarity index 100% rename from scripts/base/protocols/ftp/utils.bro rename to scripts/base/protocols/ftp/utils.zeek diff --git a/scripts/base/protocols/http/__load__.bro b/scripts/base/protocols/http/__load__.zeek similarity index 100% rename from scripts/base/protocols/http/__load__.bro rename to scripts/base/protocols/http/__load__.zeek diff --git a/scripts/base/protocols/http/entities.bro b/scripts/base/protocols/http/entities.zeek similarity index 100% rename from scripts/base/protocols/http/entities.bro rename to scripts/base/protocols/http/entities.zeek diff --git a/scripts/base/protocols/http/files.bro b/scripts/base/protocols/http/files.zeek similarity index 100% rename from scripts/base/protocols/http/files.bro rename to scripts/base/protocols/http/files.zeek diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.zeek similarity index 100% rename from scripts/base/protocols/http/main.bro rename to scripts/base/protocols/http/main.zeek diff --git a/scripts/base/protocols/http/utils.bro b/scripts/base/protocols/http/utils.zeek similarity index 100% rename from scripts/base/protocols/http/utils.bro rename to scripts/base/protocols/http/utils.zeek diff --git a/scripts/base/protocols/imap/__load__.bro b/scripts/base/protocols/imap/__load__.zeek similarity index 100% rename from scripts/base/protocols/imap/__load__.bro rename to scripts/base/protocols/imap/__load__.zeek diff --git a/scripts/base/protocols/imap/main.bro b/scripts/base/protocols/imap/main.zeek similarity index 100% rename from scripts/base/protocols/imap/main.bro rename to scripts/base/protocols/imap/main.zeek diff --git a/scripts/base/protocols/irc/__load__.bro b/scripts/base/protocols/irc/__load__.zeek similarity index 100% rename from scripts/base/protocols/irc/__load__.bro rename to scripts/base/protocols/irc/__load__.zeek diff --git a/scripts/base/protocols/irc/dcc-send.bro b/scripts/base/protocols/irc/dcc-send.zeek similarity index 100% rename from scripts/base/protocols/irc/dcc-send.bro rename to scripts/base/protocols/irc/dcc-send.zeek diff --git a/scripts/base/protocols/irc/files.bro b/scripts/base/protocols/irc/files.zeek similarity index 100% rename from scripts/base/protocols/irc/files.bro rename to scripts/base/protocols/irc/files.zeek diff --git a/scripts/base/protocols/irc/main.bro b/scripts/base/protocols/irc/main.zeek similarity index 100% rename from scripts/base/protocols/irc/main.bro rename to scripts/base/protocols/irc/main.zeek diff --git a/scripts/base/protocols/krb/__load__.bro b/scripts/base/protocols/krb/__load__.zeek similarity index 100% rename from scripts/base/protocols/krb/__load__.bro rename to scripts/base/protocols/krb/__load__.zeek diff --git a/scripts/base/protocols/krb/consts.bro b/scripts/base/protocols/krb/consts.zeek similarity index 100% rename from scripts/base/protocols/krb/consts.bro rename to scripts/base/protocols/krb/consts.zeek diff --git a/scripts/base/protocols/krb/files.bro b/scripts/base/protocols/krb/files.zeek similarity index 100% rename from scripts/base/protocols/krb/files.bro rename to scripts/base/protocols/krb/files.zeek diff --git a/scripts/base/protocols/krb/main.bro b/scripts/base/protocols/krb/main.zeek similarity index 100% rename from scripts/base/protocols/krb/main.bro rename to scripts/base/protocols/krb/main.zeek diff --git a/scripts/base/protocols/modbus/__load__.bro b/scripts/base/protocols/modbus/__load__.zeek similarity index 100% rename from scripts/base/protocols/modbus/__load__.bro rename to scripts/base/protocols/modbus/__load__.zeek diff --git a/scripts/base/protocols/modbus/consts.bro b/scripts/base/protocols/modbus/consts.zeek similarity index 100% rename from scripts/base/protocols/modbus/consts.bro rename to scripts/base/protocols/modbus/consts.zeek diff --git a/scripts/base/protocols/modbus/main.bro b/scripts/base/protocols/modbus/main.zeek similarity index 100% rename from scripts/base/protocols/modbus/main.bro rename to scripts/base/protocols/modbus/main.zeek diff --git a/scripts/base/protocols/mysql/__load__.bro b/scripts/base/protocols/mysql/__load__.zeek similarity index 100% rename from scripts/base/protocols/mysql/__load__.bro rename to scripts/base/protocols/mysql/__load__.zeek diff --git a/scripts/base/protocols/mysql/consts.bro b/scripts/base/protocols/mysql/consts.zeek similarity index 100% rename from scripts/base/protocols/mysql/consts.bro rename to scripts/base/protocols/mysql/consts.zeek diff --git a/scripts/base/protocols/mysql/main.bro b/scripts/base/protocols/mysql/main.zeek similarity index 100% rename from scripts/base/protocols/mysql/main.bro rename to scripts/base/protocols/mysql/main.zeek diff --git a/scripts/base/protocols/ntlm/__load__.bro b/scripts/base/protocols/ntlm/__load__.zeek similarity index 100% rename from scripts/base/protocols/ntlm/__load__.bro rename to scripts/base/protocols/ntlm/__load__.zeek diff --git a/scripts/base/protocols/ntlm/main.bro b/scripts/base/protocols/ntlm/main.zeek similarity index 100% rename from scripts/base/protocols/ntlm/main.bro rename to scripts/base/protocols/ntlm/main.zeek diff --git a/scripts/base/protocols/pop3/__load__.bro b/scripts/base/protocols/pop3/__load__.zeek similarity index 100% rename from scripts/base/protocols/pop3/__load__.bro rename to scripts/base/protocols/pop3/__load__.zeek diff --git a/scripts/base/protocols/radius/__load__.bro b/scripts/base/protocols/radius/__load__.zeek similarity index 100% rename from scripts/base/protocols/radius/__load__.bro rename to scripts/base/protocols/radius/__load__.zeek diff --git a/scripts/base/protocols/radius/consts.bro b/scripts/base/protocols/radius/consts.zeek similarity index 100% rename from scripts/base/protocols/radius/consts.bro rename to scripts/base/protocols/radius/consts.zeek diff --git a/scripts/base/protocols/radius/main.bro b/scripts/base/protocols/radius/main.zeek similarity index 100% rename from scripts/base/protocols/radius/main.bro rename to scripts/base/protocols/radius/main.zeek diff --git a/scripts/base/protocols/rdp/__load__.bro b/scripts/base/protocols/rdp/__load__.zeek similarity index 100% rename from scripts/base/protocols/rdp/__load__.bro rename to scripts/base/protocols/rdp/__load__.zeek diff --git a/scripts/base/protocols/rdp/consts.bro b/scripts/base/protocols/rdp/consts.zeek similarity index 100% rename from scripts/base/protocols/rdp/consts.bro rename to scripts/base/protocols/rdp/consts.zeek diff --git a/scripts/base/protocols/rdp/main.bro b/scripts/base/protocols/rdp/main.zeek similarity index 100% rename from scripts/base/protocols/rdp/main.bro rename to scripts/base/protocols/rdp/main.zeek diff --git a/scripts/base/protocols/rfb/__load__.bro b/scripts/base/protocols/rfb/__load__.zeek similarity index 100% rename from scripts/base/protocols/rfb/__load__.bro rename to scripts/base/protocols/rfb/__load__.zeek diff --git a/scripts/base/protocols/rfb/main.bro b/scripts/base/protocols/rfb/main.zeek similarity index 100% rename from scripts/base/protocols/rfb/main.bro rename to scripts/base/protocols/rfb/main.zeek diff --git a/scripts/base/protocols/sip/__load__.bro b/scripts/base/protocols/sip/__load__.zeek similarity index 100% rename from scripts/base/protocols/sip/__load__.bro rename to scripts/base/protocols/sip/__load__.zeek diff --git a/scripts/base/protocols/sip/main.bro b/scripts/base/protocols/sip/main.zeek similarity index 100% rename from scripts/base/protocols/sip/main.bro rename to scripts/base/protocols/sip/main.zeek diff --git a/scripts/base/protocols/smb/__load__.bro b/scripts/base/protocols/smb/__load__.zeek similarity index 100% rename from scripts/base/protocols/smb/__load__.bro rename to scripts/base/protocols/smb/__load__.zeek diff --git a/scripts/base/protocols/smb/const-dos-error.bro b/scripts/base/protocols/smb/const-dos-error.zeek similarity index 100% rename from scripts/base/protocols/smb/const-dos-error.bro rename to scripts/base/protocols/smb/const-dos-error.zeek diff --git a/scripts/base/protocols/smb/const-nt-status.bro b/scripts/base/protocols/smb/const-nt-status.zeek similarity index 100% rename from scripts/base/protocols/smb/const-nt-status.bro rename to scripts/base/protocols/smb/const-nt-status.zeek diff --git a/scripts/base/protocols/smb/consts.bro b/scripts/base/protocols/smb/consts.zeek similarity index 99% rename from scripts/base/protocols/smb/consts.bro rename to scripts/base/protocols/smb/consts.zeek index f36d029be9..32a03dd17d 100644 --- a/scripts/base/protocols/smb/consts.bro +++ b/scripts/base/protocols/smb/consts.zeek @@ -12,7 +12,7 @@ export { ## Heuristic detection of named pipes when the pipe ## mapping isn't seen. This variable is defined in - ## init-bare.bro. + ## init-bare.zeek. redef SMB::pipe_filenames = { "spoolss", "winreg", diff --git a/scripts/base/protocols/smb/files.bro b/scripts/base/protocols/smb/files.zeek similarity index 100% rename from scripts/base/protocols/smb/files.bro rename to scripts/base/protocols/smb/files.zeek diff --git a/scripts/base/protocols/smb/main.bro b/scripts/base/protocols/smb/main.zeek similarity index 100% rename from scripts/base/protocols/smb/main.bro rename to scripts/base/protocols/smb/main.zeek diff --git a/scripts/base/protocols/smb/smb1-main.bro b/scripts/base/protocols/smb/smb1-main.zeek similarity index 100% rename from scripts/base/protocols/smb/smb1-main.bro rename to scripts/base/protocols/smb/smb1-main.zeek diff --git a/scripts/base/protocols/smb/smb2-main.bro b/scripts/base/protocols/smb/smb2-main.zeek similarity index 100% rename from scripts/base/protocols/smb/smb2-main.bro rename to scripts/base/protocols/smb/smb2-main.zeek diff --git a/scripts/base/protocols/smtp/__load__.bro b/scripts/base/protocols/smtp/__load__.zeek similarity index 100% rename from scripts/base/protocols/smtp/__load__.bro rename to scripts/base/protocols/smtp/__load__.zeek diff --git a/scripts/base/protocols/smtp/entities.bro b/scripts/base/protocols/smtp/entities.zeek similarity index 100% rename from scripts/base/protocols/smtp/entities.bro rename to scripts/base/protocols/smtp/entities.zeek diff --git a/scripts/base/protocols/smtp/files.bro b/scripts/base/protocols/smtp/files.zeek similarity index 100% rename from scripts/base/protocols/smtp/files.bro rename to scripts/base/protocols/smtp/files.zeek diff --git a/scripts/base/protocols/smtp/main.bro b/scripts/base/protocols/smtp/main.zeek similarity index 100% rename from scripts/base/protocols/smtp/main.bro rename to scripts/base/protocols/smtp/main.zeek diff --git a/scripts/base/protocols/snmp/__load__.bro b/scripts/base/protocols/snmp/__load__.zeek similarity index 100% rename from scripts/base/protocols/snmp/__load__.bro rename to scripts/base/protocols/snmp/__load__.zeek diff --git a/scripts/base/protocols/snmp/main.bro b/scripts/base/protocols/snmp/main.zeek similarity index 100% rename from scripts/base/protocols/snmp/main.bro rename to scripts/base/protocols/snmp/main.zeek diff --git a/scripts/base/protocols/socks/__load__.bro b/scripts/base/protocols/socks/__load__.zeek similarity index 100% rename from scripts/base/protocols/socks/__load__.bro rename to scripts/base/protocols/socks/__load__.zeek diff --git a/scripts/base/protocols/socks/consts.bro b/scripts/base/protocols/socks/consts.zeek similarity index 100% rename from scripts/base/protocols/socks/consts.bro rename to scripts/base/protocols/socks/consts.zeek diff --git a/scripts/base/protocols/socks/main.bro b/scripts/base/protocols/socks/main.zeek similarity index 100% rename from scripts/base/protocols/socks/main.bro rename to scripts/base/protocols/socks/main.zeek diff --git a/scripts/base/protocols/ssh/__load__.bro b/scripts/base/protocols/ssh/__load__.zeek similarity index 100% rename from scripts/base/protocols/ssh/__load__.bro rename to scripts/base/protocols/ssh/__load__.zeek diff --git a/scripts/base/protocols/ssh/main.bro b/scripts/base/protocols/ssh/main.zeek similarity index 100% rename from scripts/base/protocols/ssh/main.bro rename to scripts/base/protocols/ssh/main.zeek diff --git a/scripts/base/protocols/ssl/__load__.bro b/scripts/base/protocols/ssl/__load__.zeek similarity index 100% rename from scripts/base/protocols/ssl/__load__.bro rename to scripts/base/protocols/ssl/__load__.zeek diff --git a/scripts/base/protocols/ssl/consts.bro b/scripts/base/protocols/ssl/consts.zeek similarity index 100% rename from scripts/base/protocols/ssl/consts.bro rename to scripts/base/protocols/ssl/consts.zeek diff --git a/scripts/base/protocols/ssl/ct-list.bro b/scripts/base/protocols/ssl/ct-list.zeek similarity index 100% rename from scripts/base/protocols/ssl/ct-list.bro rename to scripts/base/protocols/ssl/ct-list.zeek diff --git a/scripts/base/protocols/ssl/files.bro b/scripts/base/protocols/ssl/files.zeek similarity index 100% rename from scripts/base/protocols/ssl/files.bro rename to scripts/base/protocols/ssl/files.zeek diff --git a/scripts/base/protocols/ssl/main.bro b/scripts/base/protocols/ssl/main.zeek similarity index 99% rename from scripts/base/protocols/ssl/main.bro rename to scripts/base/protocols/ssl/main.zeek index 8abb6e1d3f..73a8639891 100644 --- a/scripts/base/protocols/ssl/main.bro +++ b/scripts/base/protocols/ssl/main.zeek @@ -69,7 +69,7 @@ export { logged: bool &default=F; }; - ## The default root CA bundle. By default, the mozilla-ca-list.bro + ## The default root CA bundle. By default, the mozilla-ca-list.zeek ## script sets this to Mozilla's root CA list. const root_certs: table[string] of string = {} &redef; @@ -88,7 +88,7 @@ export { url: string; }; - ## The Certificate Transparency log bundle. By default, the ct-list.bro + ## The Certificate Transparency log bundle. By default, the ct-list.zeek ## script sets this to the current list of known logs. Entries ## are indexed by (binary) log-id. option ct_logs: table[string] of CTInfo = {}; diff --git a/scripts/base/protocols/ssl/mozilla-ca-list.bro b/scripts/base/protocols/ssl/mozilla-ca-list.zeek similarity index 100% rename from scripts/base/protocols/ssl/mozilla-ca-list.bro rename to scripts/base/protocols/ssl/mozilla-ca-list.zeek diff --git a/scripts/base/protocols/syslog/__load__.bro b/scripts/base/protocols/syslog/__load__.zeek similarity index 100% rename from scripts/base/protocols/syslog/__load__.bro rename to scripts/base/protocols/syslog/__load__.zeek diff --git a/scripts/base/protocols/syslog/consts.bro b/scripts/base/protocols/syslog/consts.zeek similarity index 100% rename from scripts/base/protocols/syslog/consts.bro rename to scripts/base/protocols/syslog/consts.zeek diff --git a/scripts/base/protocols/syslog/main.bro b/scripts/base/protocols/syslog/main.zeek similarity index 100% rename from scripts/base/protocols/syslog/main.bro rename to scripts/base/protocols/syslog/main.zeek diff --git a/scripts/base/protocols/tunnels/__load__.bro b/scripts/base/protocols/tunnels/__load__.zeek similarity index 100% rename from scripts/base/protocols/tunnels/__load__.bro rename to scripts/base/protocols/tunnels/__load__.zeek diff --git a/scripts/base/protocols/xmpp/__load__.bro b/scripts/base/protocols/xmpp/__load__.zeek similarity index 100% rename from scripts/base/protocols/xmpp/__load__.bro rename to scripts/base/protocols/xmpp/__load__.zeek diff --git a/scripts/base/protocols/xmpp/main.bro b/scripts/base/protocols/xmpp/main.zeek similarity index 100% rename from scripts/base/protocols/xmpp/main.bro rename to scripts/base/protocols/xmpp/main.zeek diff --git a/scripts/base/utils/active-http.bro b/scripts/base/utils/active-http.zeek similarity index 100% rename from scripts/base/utils/active-http.bro rename to scripts/base/utils/active-http.zeek diff --git a/scripts/base/utils/addrs.bro b/scripts/base/utils/addrs.zeek similarity index 100% rename from scripts/base/utils/addrs.bro rename to scripts/base/utils/addrs.zeek diff --git a/scripts/base/utils/conn-ids.bro b/scripts/base/utils/conn-ids.zeek similarity index 100% rename from scripts/base/utils/conn-ids.bro rename to scripts/base/utils/conn-ids.zeek diff --git a/scripts/base/utils/dir.bro b/scripts/base/utils/dir.zeek similarity index 100% rename from scripts/base/utils/dir.bro rename to scripts/base/utils/dir.zeek diff --git a/scripts/base/utils/directions-and-hosts.bro b/scripts/base/utils/directions-and-hosts.zeek similarity index 100% rename from scripts/base/utils/directions-and-hosts.bro rename to scripts/base/utils/directions-and-hosts.zeek diff --git a/scripts/base/utils/email.bro b/scripts/base/utils/email.zeek similarity index 100% rename from scripts/base/utils/email.bro rename to scripts/base/utils/email.zeek diff --git a/scripts/base/utils/exec.bro b/scripts/base/utils/exec.zeek similarity index 100% rename from scripts/base/utils/exec.bro rename to scripts/base/utils/exec.zeek diff --git a/scripts/base/utils/files.bro b/scripts/base/utils/files.zeek similarity index 100% rename from scripts/base/utils/files.bro rename to scripts/base/utils/files.zeek diff --git a/scripts/base/utils/geoip-distance.bro b/scripts/base/utils/geoip-distance.zeek similarity index 100% rename from scripts/base/utils/geoip-distance.bro rename to scripts/base/utils/geoip-distance.zeek diff --git a/scripts/base/utils/hash_hrw.bro b/scripts/base/utils/hash_hrw.zeek similarity index 100% rename from scripts/base/utils/hash_hrw.bro rename to scripts/base/utils/hash_hrw.zeek diff --git a/scripts/base/utils/json.bro b/scripts/base/utils/json.zeek similarity index 100% rename from scripts/base/utils/json.bro rename to scripts/base/utils/json.zeek diff --git a/scripts/base/utils/numbers.bro b/scripts/base/utils/numbers.zeek similarity index 100% rename from scripts/base/utils/numbers.bro rename to scripts/base/utils/numbers.zeek diff --git a/scripts/base/utils/paths.bro b/scripts/base/utils/paths.zeek similarity index 100% rename from scripts/base/utils/paths.bro rename to scripts/base/utils/paths.zeek diff --git a/scripts/base/utils/patterns.bro b/scripts/base/utils/patterns.zeek similarity index 100% rename from scripts/base/utils/patterns.bro rename to scripts/base/utils/patterns.zeek diff --git a/scripts/base/utils/queue.bro b/scripts/base/utils/queue.zeek similarity index 100% rename from scripts/base/utils/queue.bro rename to scripts/base/utils/queue.zeek diff --git a/scripts/base/utils/site.bro b/scripts/base/utils/site.zeek similarity index 100% rename from scripts/base/utils/site.bro rename to scripts/base/utils/site.zeek diff --git a/scripts/base/utils/strings.bro b/scripts/base/utils/strings.zeek similarity index 100% rename from scripts/base/utils/strings.bro rename to scripts/base/utils/strings.zeek diff --git a/scripts/base/utils/thresholds.bro b/scripts/base/utils/thresholds.zeek similarity index 100% rename from scripts/base/utils/thresholds.bro rename to scripts/base/utils/thresholds.zeek diff --git a/scripts/base/utils/time.bro b/scripts/base/utils/time.zeek similarity index 100% rename from scripts/base/utils/time.bro rename to scripts/base/utils/time.zeek diff --git a/scripts/base/utils/urls.bro b/scripts/base/utils/urls.zeek similarity index 100% rename from scripts/base/utils/urls.bro rename to scripts/base/utils/urls.zeek diff --git a/scripts/broxygen/__load__.bro b/scripts/broxygen/__load__.bro deleted file mode 100644 index 5d4ac5ea03..0000000000 --- a/scripts/broxygen/__load__.bro +++ /dev/null @@ -1,17 +0,0 @@ -@load test-all-policy.bro - -# Scripts which are commented out in test-all-policy.bro. -@load protocols/ssl/notary.bro -@load frameworks/control/controllee.bro -@load frameworks/control/controller.bro -@load frameworks/files/extract-all-files.bro -@load policy/misc/dump-events.bro -@load policy/protocols/dhcp/deprecated_events.bro -@load policy/protocols/smb/__load__.bro - -@load ./example.bro - -event bro_init() - { - terminate(); - } diff --git a/scripts/broxygen/__load__.zeek b/scripts/broxygen/__load__.zeek new file mode 100644 index 0000000000..51e119a2c6 --- /dev/null +++ b/scripts/broxygen/__load__.zeek @@ -0,0 +1,17 @@ +@load test-all-policy.zeek + +# Scripts which are commented out in test-all-policy.zeek. +@load protocols/ssl/notary.zeek +@load frameworks/control/controllee.zeek +@load frameworks/control/controller.zeek +@load frameworks/files/extract-all-files.zeek +@load policy/misc/dump-events.zeek +@load policy/protocols/dhcp/deprecated_events.zeek +@load policy/protocols/smb/__load__.zeek + +@load ./example.zeek + +event bro_init() + { + terminate(); + } diff --git a/scripts/broxygen/example.bro b/scripts/broxygen/example.zeek similarity index 100% rename from scripts/broxygen/example.bro rename to scripts/broxygen/example.zeek diff --git a/scripts/policy/files/x509/log-ocsp.bro b/scripts/policy/files/x509/log-ocsp.zeek similarity index 100% rename from scripts/policy/files/x509/log-ocsp.bro rename to scripts/policy/files/x509/log-ocsp.zeek diff --git a/scripts/policy/frameworks/control/controllee.bro b/scripts/policy/frameworks/control/controllee.zeek similarity index 100% rename from scripts/policy/frameworks/control/controllee.bro rename to scripts/policy/frameworks/control/controllee.zeek diff --git a/scripts/policy/frameworks/control/controller.bro b/scripts/policy/frameworks/control/controller.zeek similarity index 100% rename from scripts/policy/frameworks/control/controller.bro rename to scripts/policy/frameworks/control/controller.zeek diff --git a/scripts/policy/frameworks/dpd/detect-protocols.bro b/scripts/policy/frameworks/dpd/detect-protocols.zeek similarity index 100% rename from scripts/policy/frameworks/dpd/detect-protocols.bro rename to scripts/policy/frameworks/dpd/detect-protocols.zeek diff --git a/scripts/policy/frameworks/dpd/packet-segment-logging.bro b/scripts/policy/frameworks/dpd/packet-segment-logging.zeek similarity index 100% rename from scripts/policy/frameworks/dpd/packet-segment-logging.bro rename to scripts/policy/frameworks/dpd/packet-segment-logging.zeek diff --git a/scripts/policy/frameworks/files/detect-MHR.bro b/scripts/policy/frameworks/files/detect-MHR.zeek similarity index 100% rename from scripts/policy/frameworks/files/detect-MHR.bro rename to scripts/policy/frameworks/files/detect-MHR.zeek diff --git a/scripts/policy/frameworks/files/entropy-test-all-files.bro b/scripts/policy/frameworks/files/entropy-test-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/entropy-test-all-files.bro rename to scripts/policy/frameworks/files/entropy-test-all-files.zeek diff --git a/scripts/policy/frameworks/files/extract-all-files.bro b/scripts/policy/frameworks/files/extract-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/extract-all-files.bro rename to scripts/policy/frameworks/files/extract-all-files.zeek diff --git a/scripts/policy/frameworks/files/hash-all-files.bro b/scripts/policy/frameworks/files/hash-all-files.zeek similarity index 100% rename from scripts/policy/frameworks/files/hash-all-files.bro rename to scripts/policy/frameworks/files/hash-all-files.zeek diff --git a/scripts/policy/frameworks/intel/do_expire.bro b/scripts/policy/frameworks/intel/do_expire.zeek similarity index 100% rename from scripts/policy/frameworks/intel/do_expire.bro rename to scripts/policy/frameworks/intel/do_expire.zeek diff --git a/scripts/policy/frameworks/intel/do_notice.bro b/scripts/policy/frameworks/intel/do_notice.zeek similarity index 100% rename from scripts/policy/frameworks/intel/do_notice.bro rename to scripts/policy/frameworks/intel/do_notice.zeek diff --git a/scripts/policy/frameworks/intel/removal.bro b/scripts/policy/frameworks/intel/removal.zeek similarity index 100% rename from scripts/policy/frameworks/intel/removal.bro rename to scripts/policy/frameworks/intel/removal.zeek diff --git a/scripts/policy/frameworks/intel/seen/__load__.bro b/scripts/policy/frameworks/intel/seen/__load__.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/__load__.bro rename to scripts/policy/frameworks/intel/seen/__load__.zeek diff --git a/scripts/policy/frameworks/intel/seen/conn-established.bro b/scripts/policy/frameworks/intel/seen/conn-established.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/conn-established.bro rename to scripts/policy/frameworks/intel/seen/conn-established.zeek diff --git a/scripts/policy/frameworks/intel/seen/dns.bro b/scripts/policy/frameworks/intel/seen/dns.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/dns.bro rename to scripts/policy/frameworks/intel/seen/dns.zeek diff --git a/scripts/policy/frameworks/intel/seen/file-hashes.bro b/scripts/policy/frameworks/intel/seen/file-hashes.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/file-hashes.bro rename to scripts/policy/frameworks/intel/seen/file-hashes.zeek diff --git a/scripts/policy/frameworks/intel/seen/file-names.bro b/scripts/policy/frameworks/intel/seen/file-names.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/file-names.bro rename to scripts/policy/frameworks/intel/seen/file-names.zeek diff --git a/scripts/policy/frameworks/intel/seen/http-headers.bro b/scripts/policy/frameworks/intel/seen/http-headers.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/http-headers.bro rename to scripts/policy/frameworks/intel/seen/http-headers.zeek diff --git a/scripts/policy/frameworks/intel/seen/http-url.bro b/scripts/policy/frameworks/intel/seen/http-url.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/http-url.bro rename to scripts/policy/frameworks/intel/seen/http-url.zeek diff --git a/scripts/policy/frameworks/intel/seen/pubkey-hashes.bro b/scripts/policy/frameworks/intel/seen/pubkey-hashes.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/pubkey-hashes.bro rename to scripts/policy/frameworks/intel/seen/pubkey-hashes.zeek diff --git a/scripts/policy/frameworks/intel/seen/smb-filenames.bro b/scripts/policy/frameworks/intel/seen/smb-filenames.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smb-filenames.bro rename to scripts/policy/frameworks/intel/seen/smb-filenames.zeek diff --git a/scripts/policy/frameworks/intel/seen/smtp-url-extraction.bro b/scripts/policy/frameworks/intel/seen/smtp-url-extraction.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smtp-url-extraction.bro rename to scripts/policy/frameworks/intel/seen/smtp-url-extraction.zeek diff --git a/scripts/policy/frameworks/intel/seen/smtp.bro b/scripts/policy/frameworks/intel/seen/smtp.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/smtp.bro rename to scripts/policy/frameworks/intel/seen/smtp.zeek diff --git a/scripts/policy/frameworks/intel/seen/ssl.bro b/scripts/policy/frameworks/intel/seen/ssl.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/ssl.bro rename to scripts/policy/frameworks/intel/seen/ssl.zeek diff --git a/scripts/policy/frameworks/intel/seen/where-locations.bro b/scripts/policy/frameworks/intel/seen/where-locations.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/where-locations.bro rename to scripts/policy/frameworks/intel/seen/where-locations.zeek diff --git a/scripts/policy/frameworks/intel/seen/x509.bro b/scripts/policy/frameworks/intel/seen/x509.zeek similarity index 100% rename from scripts/policy/frameworks/intel/seen/x509.bro rename to scripts/policy/frameworks/intel/seen/x509.zeek diff --git a/scripts/policy/frameworks/intel/whitelist.bro b/scripts/policy/frameworks/intel/whitelist.zeek similarity index 100% rename from scripts/policy/frameworks/intel/whitelist.bro rename to scripts/policy/frameworks/intel/whitelist.zeek diff --git a/scripts/policy/frameworks/notice/__load__.bro b/scripts/policy/frameworks/notice/__load__.zeek similarity index 100% rename from scripts/policy/frameworks/notice/__load__.bro rename to scripts/policy/frameworks/notice/__load__.zeek diff --git a/scripts/policy/frameworks/notice/extend-email/hostnames.bro b/scripts/policy/frameworks/notice/extend-email/hostnames.zeek similarity index 100% rename from scripts/policy/frameworks/notice/extend-email/hostnames.bro rename to scripts/policy/frameworks/notice/extend-email/hostnames.zeek diff --git a/scripts/policy/frameworks/packet-filter/shunt.bro b/scripts/policy/frameworks/packet-filter/shunt.zeek similarity index 100% rename from scripts/policy/frameworks/packet-filter/shunt.bro rename to scripts/policy/frameworks/packet-filter/shunt.zeek diff --git a/scripts/policy/frameworks/software/version-changes.bro b/scripts/policy/frameworks/software/version-changes.zeek similarity index 100% rename from scripts/policy/frameworks/software/version-changes.bro rename to scripts/policy/frameworks/software/version-changes.zeek diff --git a/scripts/policy/frameworks/software/vulnerable.bro b/scripts/policy/frameworks/software/vulnerable.zeek similarity index 100% rename from scripts/policy/frameworks/software/vulnerable.bro rename to scripts/policy/frameworks/software/vulnerable.zeek diff --git a/scripts/policy/frameworks/software/windows-version-detection.bro b/scripts/policy/frameworks/software/windows-version-detection.zeek similarity index 100% rename from scripts/policy/frameworks/software/windows-version-detection.bro rename to scripts/policy/frameworks/software/windows-version-detection.zeek diff --git a/scripts/policy/integration/barnyard2/__load__.bro b/scripts/policy/integration/barnyard2/__load__.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/__load__.bro rename to scripts/policy/integration/barnyard2/__load__.zeek diff --git a/scripts/policy/integration/barnyard2/main.bro b/scripts/policy/integration/barnyard2/main.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/main.bro rename to scripts/policy/integration/barnyard2/main.zeek diff --git a/scripts/policy/integration/barnyard2/types.bro b/scripts/policy/integration/barnyard2/types.zeek similarity index 100% rename from scripts/policy/integration/barnyard2/types.bro rename to scripts/policy/integration/barnyard2/types.zeek diff --git a/scripts/policy/integration/collective-intel/__load__.bro b/scripts/policy/integration/collective-intel/__load__.zeek similarity index 100% rename from scripts/policy/integration/collective-intel/__load__.bro rename to scripts/policy/integration/collective-intel/__load__.zeek diff --git a/scripts/policy/integration/collective-intel/main.bro b/scripts/policy/integration/collective-intel/main.zeek similarity index 100% rename from scripts/policy/integration/collective-intel/main.bro rename to scripts/policy/integration/collective-intel/main.zeek diff --git a/scripts/policy/misc/capture-loss.bro b/scripts/policy/misc/capture-loss.zeek similarity index 100% rename from scripts/policy/misc/capture-loss.bro rename to scripts/policy/misc/capture-loss.zeek diff --git a/scripts/policy/misc/detect-traceroute/__load__.bro b/scripts/policy/misc/detect-traceroute/__load__.zeek similarity index 100% rename from scripts/policy/misc/detect-traceroute/__load__.bro rename to scripts/policy/misc/detect-traceroute/__load__.zeek diff --git a/scripts/policy/misc/detect-traceroute/main.bro b/scripts/policy/misc/detect-traceroute/main.zeek similarity index 100% rename from scripts/policy/misc/detect-traceroute/main.bro rename to scripts/policy/misc/detect-traceroute/main.zeek diff --git a/scripts/policy/misc/dump-events.bro b/scripts/policy/misc/dump-events.zeek similarity index 100% rename from scripts/policy/misc/dump-events.bro rename to scripts/policy/misc/dump-events.zeek diff --git a/scripts/policy/misc/load-balancing.bro b/scripts/policy/misc/load-balancing.zeek similarity index 100% rename from scripts/policy/misc/load-balancing.bro rename to scripts/policy/misc/load-balancing.zeek diff --git a/scripts/policy/misc/loaded-scripts.bro b/scripts/policy/misc/loaded-scripts.zeek similarity index 100% rename from scripts/policy/misc/loaded-scripts.bro rename to scripts/policy/misc/loaded-scripts.zeek diff --git a/scripts/policy/misc/profiling.bro b/scripts/policy/misc/profiling.zeek similarity index 100% rename from scripts/policy/misc/profiling.bro rename to scripts/policy/misc/profiling.zeek diff --git a/scripts/policy/misc/scan.bro b/scripts/policy/misc/scan.zeek similarity index 100% rename from scripts/policy/misc/scan.bro rename to scripts/policy/misc/scan.zeek diff --git a/scripts/policy/misc/stats.bro b/scripts/policy/misc/stats.zeek similarity index 100% rename from scripts/policy/misc/stats.bro rename to scripts/policy/misc/stats.zeek diff --git a/scripts/policy/misc/trim-trace-file.bro b/scripts/policy/misc/trim-trace-file.zeek similarity index 100% rename from scripts/policy/misc/trim-trace-file.bro rename to scripts/policy/misc/trim-trace-file.zeek diff --git a/scripts/policy/misc/weird-stats.bro b/scripts/policy/misc/weird-stats.zeek similarity index 100% rename from scripts/policy/misc/weird-stats.bro rename to scripts/policy/misc/weird-stats.zeek diff --git a/scripts/policy/protocols/conn/known-hosts.bro b/scripts/policy/protocols/conn/known-hosts.zeek similarity index 100% rename from scripts/policy/protocols/conn/known-hosts.bro rename to scripts/policy/protocols/conn/known-hosts.zeek diff --git a/scripts/policy/protocols/conn/known-services.bro b/scripts/policy/protocols/conn/known-services.zeek similarity index 100% rename from scripts/policy/protocols/conn/known-services.bro rename to scripts/policy/protocols/conn/known-services.zeek diff --git a/scripts/policy/protocols/conn/mac-logging.bro b/scripts/policy/protocols/conn/mac-logging.zeek similarity index 100% rename from scripts/policy/protocols/conn/mac-logging.bro rename to scripts/policy/protocols/conn/mac-logging.zeek diff --git a/scripts/policy/protocols/conn/vlan-logging.bro b/scripts/policy/protocols/conn/vlan-logging.zeek similarity index 100% rename from scripts/policy/protocols/conn/vlan-logging.bro rename to scripts/policy/protocols/conn/vlan-logging.zeek diff --git a/scripts/policy/protocols/conn/weirds.bro b/scripts/policy/protocols/conn/weirds.zeek similarity index 100% rename from scripts/policy/protocols/conn/weirds.bro rename to scripts/policy/protocols/conn/weirds.zeek diff --git a/scripts/policy/protocols/dhcp/deprecated_events.bro b/scripts/policy/protocols/dhcp/deprecated_events.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/deprecated_events.bro rename to scripts/policy/protocols/dhcp/deprecated_events.zeek diff --git a/scripts/policy/protocols/dhcp/msg-orig.bro b/scripts/policy/protocols/dhcp/msg-orig.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/msg-orig.bro rename to scripts/policy/protocols/dhcp/msg-orig.zeek diff --git a/scripts/policy/protocols/dhcp/software.bro b/scripts/policy/protocols/dhcp/software.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/software.bro rename to scripts/policy/protocols/dhcp/software.zeek diff --git a/scripts/policy/protocols/dhcp/sub-opts.bro b/scripts/policy/protocols/dhcp/sub-opts.zeek similarity index 100% rename from scripts/policy/protocols/dhcp/sub-opts.bro rename to scripts/policy/protocols/dhcp/sub-opts.zeek diff --git a/scripts/policy/protocols/dns/auth-addl.bro b/scripts/policy/protocols/dns/auth-addl.zeek similarity index 100% rename from scripts/policy/protocols/dns/auth-addl.bro rename to scripts/policy/protocols/dns/auth-addl.zeek diff --git a/scripts/policy/protocols/dns/detect-external-names.bro b/scripts/policy/protocols/dns/detect-external-names.zeek similarity index 100% rename from scripts/policy/protocols/dns/detect-external-names.bro rename to scripts/policy/protocols/dns/detect-external-names.zeek diff --git a/scripts/policy/protocols/ftp/detect-bruteforcing.bro b/scripts/policy/protocols/ftp/detect-bruteforcing.zeek similarity index 100% rename from scripts/policy/protocols/ftp/detect-bruteforcing.bro rename to scripts/policy/protocols/ftp/detect-bruteforcing.zeek diff --git a/scripts/policy/protocols/ftp/detect.bro b/scripts/policy/protocols/ftp/detect.zeek similarity index 100% rename from scripts/policy/protocols/ftp/detect.bro rename to scripts/policy/protocols/ftp/detect.zeek diff --git a/scripts/policy/protocols/ftp/software.bro b/scripts/policy/protocols/ftp/software.zeek similarity index 100% rename from scripts/policy/protocols/ftp/software.bro rename to scripts/policy/protocols/ftp/software.zeek diff --git a/scripts/policy/protocols/http/detect-sqli.bro b/scripts/policy/protocols/http/detect-sqli.zeek similarity index 100% rename from scripts/policy/protocols/http/detect-sqli.bro rename to scripts/policy/protocols/http/detect-sqli.zeek diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.zeek similarity index 100% rename from scripts/policy/protocols/http/detect-webapps.bro rename to scripts/policy/protocols/http/detect-webapps.zeek diff --git a/scripts/policy/protocols/http/header-names.bro b/scripts/policy/protocols/http/header-names.zeek similarity index 100% rename from scripts/policy/protocols/http/header-names.bro rename to scripts/policy/protocols/http/header-names.zeek diff --git a/scripts/policy/protocols/http/software-browser-plugins.bro b/scripts/policy/protocols/http/software-browser-plugins.zeek similarity index 100% rename from scripts/policy/protocols/http/software-browser-plugins.bro rename to scripts/policy/protocols/http/software-browser-plugins.zeek diff --git a/scripts/policy/protocols/http/software.bro b/scripts/policy/protocols/http/software.zeek similarity index 100% rename from scripts/policy/protocols/http/software.bro rename to scripts/policy/protocols/http/software.zeek diff --git a/scripts/policy/protocols/http/var-extraction-cookies.bro b/scripts/policy/protocols/http/var-extraction-cookies.zeek similarity index 100% rename from scripts/policy/protocols/http/var-extraction-cookies.bro rename to scripts/policy/protocols/http/var-extraction-cookies.zeek diff --git a/scripts/policy/protocols/http/var-extraction-uri.bro b/scripts/policy/protocols/http/var-extraction-uri.zeek similarity index 100% rename from scripts/policy/protocols/http/var-extraction-uri.bro rename to scripts/policy/protocols/http/var-extraction-uri.zeek diff --git a/scripts/policy/protocols/krb/ticket-logging.bro b/scripts/policy/protocols/krb/ticket-logging.zeek similarity index 100% rename from scripts/policy/protocols/krb/ticket-logging.bro rename to scripts/policy/protocols/krb/ticket-logging.zeek diff --git a/scripts/policy/protocols/modbus/known-masters-slaves.bro b/scripts/policy/protocols/modbus/known-masters-slaves.zeek similarity index 100% rename from scripts/policy/protocols/modbus/known-masters-slaves.bro rename to scripts/policy/protocols/modbus/known-masters-slaves.zeek diff --git a/scripts/policy/protocols/modbus/track-memmap.bro b/scripts/policy/protocols/modbus/track-memmap.zeek similarity index 100% rename from scripts/policy/protocols/modbus/track-memmap.bro rename to scripts/policy/protocols/modbus/track-memmap.zeek diff --git a/scripts/policy/protocols/mysql/software.bro b/scripts/policy/protocols/mysql/software.zeek similarity index 100% rename from scripts/policy/protocols/mysql/software.bro rename to scripts/policy/protocols/mysql/software.zeek diff --git a/scripts/policy/protocols/rdp/indicate_ssl.bro b/scripts/policy/protocols/rdp/indicate_ssl.zeek similarity index 100% rename from scripts/policy/protocols/rdp/indicate_ssl.bro rename to scripts/policy/protocols/rdp/indicate_ssl.zeek diff --git a/scripts/policy/protocols/smb/__load__.bro b/scripts/policy/protocols/smb/__load__.zeek similarity index 100% rename from scripts/policy/protocols/smb/__load__.bro rename to scripts/policy/protocols/smb/__load__.zeek diff --git a/scripts/policy/protocols/smb/log-cmds.bro b/scripts/policy/protocols/smb/log-cmds.zeek similarity index 100% rename from scripts/policy/protocols/smb/log-cmds.bro rename to scripts/policy/protocols/smb/log-cmds.zeek diff --git a/scripts/policy/protocols/smtp/blocklists.bro b/scripts/policy/protocols/smtp/blocklists.zeek similarity index 100% rename from scripts/policy/protocols/smtp/blocklists.bro rename to scripts/policy/protocols/smtp/blocklists.zeek diff --git a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro b/scripts/policy/protocols/smtp/detect-suspicious-orig.zeek similarity index 100% rename from scripts/policy/protocols/smtp/detect-suspicious-orig.bro rename to scripts/policy/protocols/smtp/detect-suspicious-orig.zeek diff --git a/scripts/policy/protocols/smtp/entities-excerpt.bro b/scripts/policy/protocols/smtp/entities-excerpt.zeek similarity index 100% rename from scripts/policy/protocols/smtp/entities-excerpt.bro rename to scripts/policy/protocols/smtp/entities-excerpt.zeek diff --git a/scripts/policy/protocols/smtp/software.bro b/scripts/policy/protocols/smtp/software.zeek similarity index 100% rename from scripts/policy/protocols/smtp/software.bro rename to scripts/policy/protocols/smtp/software.zeek diff --git a/scripts/policy/protocols/ssh/detect-bruteforcing.bro b/scripts/policy/protocols/ssh/detect-bruteforcing.zeek similarity index 100% rename from scripts/policy/protocols/ssh/detect-bruteforcing.bro rename to scripts/policy/protocols/ssh/detect-bruteforcing.zeek diff --git a/scripts/policy/protocols/ssh/geo-data.bro b/scripts/policy/protocols/ssh/geo-data.zeek similarity index 100% rename from scripts/policy/protocols/ssh/geo-data.bro rename to scripts/policy/protocols/ssh/geo-data.zeek diff --git a/scripts/policy/protocols/ssh/interesting-hostnames.bro b/scripts/policy/protocols/ssh/interesting-hostnames.zeek similarity index 100% rename from scripts/policy/protocols/ssh/interesting-hostnames.bro rename to scripts/policy/protocols/ssh/interesting-hostnames.zeek diff --git a/scripts/policy/protocols/ssh/software.bro b/scripts/policy/protocols/ssh/software.zeek similarity index 100% rename from scripts/policy/protocols/ssh/software.bro rename to scripts/policy/protocols/ssh/software.zeek diff --git a/scripts/policy/protocols/ssl/expiring-certs.bro b/scripts/policy/protocols/ssl/expiring-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/expiring-certs.bro rename to scripts/policy/protocols/ssl/expiring-certs.zeek diff --git a/scripts/policy/protocols/ssl/extract-certs-pem.bro b/scripts/policy/protocols/ssl/extract-certs-pem.zeek similarity index 100% rename from scripts/policy/protocols/ssl/extract-certs-pem.bro rename to scripts/policy/protocols/ssl/extract-certs-pem.zeek diff --git a/scripts/policy/protocols/ssl/heartbleed.bro b/scripts/policy/protocols/ssl/heartbleed.zeek similarity index 100% rename from scripts/policy/protocols/ssl/heartbleed.bro rename to scripts/policy/protocols/ssl/heartbleed.zeek diff --git a/scripts/policy/protocols/ssl/known-certs.bro b/scripts/policy/protocols/ssl/known-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/known-certs.bro rename to scripts/policy/protocols/ssl/known-certs.zeek diff --git a/scripts/policy/protocols/ssl/log-hostcerts-only.bro b/scripts/policy/protocols/ssl/log-hostcerts-only.zeek similarity index 100% rename from scripts/policy/protocols/ssl/log-hostcerts-only.bro rename to scripts/policy/protocols/ssl/log-hostcerts-only.zeek diff --git a/scripts/policy/protocols/ssl/notary.bro b/scripts/policy/protocols/ssl/notary.zeek similarity index 100% rename from scripts/policy/protocols/ssl/notary.bro rename to scripts/policy/protocols/ssl/notary.zeek diff --git a/scripts/policy/protocols/ssl/validate-certs.bro b/scripts/policy/protocols/ssl/validate-certs.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-certs.bro rename to scripts/policy/protocols/ssl/validate-certs.zeek diff --git a/scripts/policy/protocols/ssl/validate-ocsp.bro b/scripts/policy/protocols/ssl/validate-ocsp.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-ocsp.bro rename to scripts/policy/protocols/ssl/validate-ocsp.zeek diff --git a/scripts/policy/protocols/ssl/validate-sct.bro b/scripts/policy/protocols/ssl/validate-sct.zeek similarity index 100% rename from scripts/policy/protocols/ssl/validate-sct.bro rename to scripts/policy/protocols/ssl/validate-sct.zeek diff --git a/scripts/policy/protocols/ssl/weak-keys.bro b/scripts/policy/protocols/ssl/weak-keys.zeek similarity index 100% rename from scripts/policy/protocols/ssl/weak-keys.bro rename to scripts/policy/protocols/ssl/weak-keys.zeek diff --git a/scripts/policy/tuning/__load__.bro b/scripts/policy/tuning/__load__.zeek similarity index 100% rename from scripts/policy/tuning/__load__.bro rename to scripts/policy/tuning/__load__.zeek diff --git a/scripts/policy/tuning/defaults/__load__.bro b/scripts/policy/tuning/defaults/__load__.zeek similarity index 100% rename from scripts/policy/tuning/defaults/__load__.bro rename to scripts/policy/tuning/defaults/__load__.zeek diff --git a/scripts/policy/tuning/defaults/extracted_file_limits.bro b/scripts/policy/tuning/defaults/extracted_file_limits.zeek similarity index 100% rename from scripts/policy/tuning/defaults/extracted_file_limits.bro rename to scripts/policy/tuning/defaults/extracted_file_limits.zeek diff --git a/scripts/policy/tuning/defaults/packet-fragments.bro b/scripts/policy/tuning/defaults/packet-fragments.zeek similarity index 100% rename from scripts/policy/tuning/defaults/packet-fragments.bro rename to scripts/policy/tuning/defaults/packet-fragments.zeek diff --git a/scripts/policy/tuning/defaults/warnings.bro b/scripts/policy/tuning/defaults/warnings.zeek similarity index 100% rename from scripts/policy/tuning/defaults/warnings.bro rename to scripts/policy/tuning/defaults/warnings.zeek diff --git a/scripts/policy/tuning/json-logs.bro b/scripts/policy/tuning/json-logs.zeek similarity index 100% rename from scripts/policy/tuning/json-logs.bro rename to scripts/policy/tuning/json-logs.zeek diff --git a/scripts/policy/tuning/track-all-assets.bro b/scripts/policy/tuning/track-all-assets.zeek similarity index 100% rename from scripts/policy/tuning/track-all-assets.bro rename to scripts/policy/tuning/track-all-assets.zeek diff --git a/scripts/site/local.bro b/scripts/site/local.zeek similarity index 100% rename from scripts/site/local.bro rename to scripts/site/local.zeek diff --git a/scripts/test-all-policy.bro b/scripts/test-all-policy.bro deleted file mode 100644 index be2efbbc19..0000000000 --- a/scripts/test-all-policy.bro +++ /dev/null @@ -1,113 +0,0 @@ -# This file loads ALL policy scripts that are part of the Bro distribution. -# -# This is rarely makes sense, and is for testing only. -# -# Note that we have a unit test that makes sure that all policy files shipped are -# actually loaded here. If we have files that are part of the distribution yet -# can't be loaded here, these must still be listed here with their load command -# commented out. - -# The base/ scripts are all loaded by default and not included here. - -# @load frameworks/control/controllee.bro -# @load frameworks/control/controller.bro -@load frameworks/dpd/detect-protocols.bro -@load frameworks/dpd/packet-segment-logging.bro -@load frameworks/intel/do_notice.bro -@load frameworks/intel/do_expire.bro -@load frameworks/intel/whitelist.bro -@load frameworks/intel/removal.bro -@load frameworks/intel/seen/__load__.bro -@load frameworks/intel/seen/conn-established.bro -@load frameworks/intel/seen/dns.bro -@load frameworks/intel/seen/file-hashes.bro -@load frameworks/intel/seen/file-names.bro -@load frameworks/intel/seen/http-headers.bro -@load frameworks/intel/seen/http-url.bro -@load frameworks/intel/seen/pubkey-hashes.bro -@load frameworks/intel/seen/smb-filenames.bro -@load frameworks/intel/seen/smtp-url-extraction.bro -@load frameworks/intel/seen/smtp.bro -@load frameworks/intel/seen/ssl.bro -@load frameworks/intel/seen/where-locations.bro -@load frameworks/intel/seen/x509.bro -@load frameworks/files/detect-MHR.bro -@load frameworks/files/entropy-test-all-files.bro -#@load frameworks/files/extract-all-files.bro -@load frameworks/files/hash-all-files.bro -@load frameworks/notice/__load__.bro -@load frameworks/notice/extend-email/hostnames.bro -@load files/x509/log-ocsp.bro -@load frameworks/packet-filter/shunt.bro -@load frameworks/software/version-changes.bro -@load frameworks/software/vulnerable.bro -@load frameworks/software/windows-version-detection.bro -@load integration/barnyard2/__load__.bro -@load integration/barnyard2/main.bro -@load integration/barnyard2/types.bro -@load integration/collective-intel/__load__.bro -@load integration/collective-intel/main.bro -@load misc/capture-loss.bro -@load misc/detect-traceroute/__load__.bro -@load misc/detect-traceroute/main.bro -# @load misc/dump-events.bro -@load misc/load-balancing.bro -@load misc/loaded-scripts.bro -@load misc/profiling.bro -@load misc/scan.bro -@load misc/stats.bro -@load misc/weird-stats.bro -@load misc/trim-trace-file.bro -@load protocols/conn/known-hosts.bro -@load protocols/conn/known-services.bro -@load protocols/conn/mac-logging.bro -@load protocols/conn/vlan-logging.bro -@load protocols/conn/weirds.bro -#@load protocols/dhcp/deprecated_events.bro -@load protocols/dhcp/msg-orig.bro -@load protocols/dhcp/software.bro -@load protocols/dhcp/sub-opts.bro -@load protocols/dns/auth-addl.bro -@load protocols/dns/detect-external-names.bro -@load protocols/ftp/detect-bruteforcing.bro -@load protocols/ftp/detect.bro -@load protocols/ftp/software.bro -@load protocols/http/detect-sqli.bro -@load protocols/http/detect-webapps.bro -@load protocols/http/header-names.bro -@load protocols/http/software-browser-plugins.bro -@load protocols/http/software.bro -@load protocols/http/var-extraction-cookies.bro -@load protocols/http/var-extraction-uri.bro -@load protocols/krb/ticket-logging.bro -@load protocols/modbus/known-masters-slaves.bro -@load protocols/modbus/track-memmap.bro -@load protocols/mysql/software.bro -@load protocols/rdp/indicate_ssl.bro -#@load protocols/smb/__load__.bro -@load protocols/smb/log-cmds.bro -@load protocols/smtp/blocklists.bro -@load protocols/smtp/detect-suspicious-orig.bro -@load protocols/smtp/entities-excerpt.bro -@load protocols/smtp/software.bro -@load protocols/ssh/detect-bruteforcing.bro -@load protocols/ssh/geo-data.bro -@load protocols/ssh/interesting-hostnames.bro -@load protocols/ssh/software.bro -@load protocols/ssl/expiring-certs.bro -@load protocols/ssl/extract-certs-pem.bro -@load protocols/ssl/heartbleed.bro -@load protocols/ssl/known-certs.bro -@load protocols/ssl/log-hostcerts-only.bro -#@load protocols/ssl/notary.bro -@load protocols/ssl/validate-certs.bro -@load protocols/ssl/validate-ocsp.bro -@load protocols/ssl/validate-sct.bro -@load protocols/ssl/weak-keys.bro -@load tuning/__load__.bro -@load tuning/defaults/__load__.bro -@load tuning/defaults/extracted_file_limits.bro -@load tuning/defaults/packet-fragments.bro -@load tuning/defaults/warnings.bro -@load tuning/json-logs.bro -@load tuning/track-all-assets.bro diff --git a/scripts/test-all-policy.zeek b/scripts/test-all-policy.zeek new file mode 100644 index 0000000000..26408b6d44 --- /dev/null +++ b/scripts/test-all-policy.zeek @@ -0,0 +1,113 @@ +# This file loads ALL policy scripts that are part of the Bro distribution. +# +# This is rarely makes sense, and is for testing only. +# +# Note that we have a unit test that makes sure that all policy files shipped are +# actually loaded here. If we have files that are part of the distribution yet +# can't be loaded here, these must still be listed here with their load command +# commented out. + +# The base/ scripts are all loaded by default and not included here. + +# @load frameworks/control/controllee.zeek +# @load frameworks/control/controller.zeek +@load frameworks/dpd/detect-protocols.zeek +@load frameworks/dpd/packet-segment-logging.zeek +@load frameworks/intel/do_notice.zeek +@load frameworks/intel/do_expire.zeek +@load frameworks/intel/whitelist.zeek +@load frameworks/intel/removal.zeek +@load frameworks/intel/seen/__load__.zeek +@load frameworks/intel/seen/conn-established.zeek +@load frameworks/intel/seen/dns.zeek +@load frameworks/intel/seen/file-hashes.zeek +@load frameworks/intel/seen/file-names.zeek +@load frameworks/intel/seen/http-headers.zeek +@load frameworks/intel/seen/http-url.zeek +@load frameworks/intel/seen/pubkey-hashes.zeek +@load frameworks/intel/seen/smb-filenames.zeek +@load frameworks/intel/seen/smtp-url-extraction.zeek +@load frameworks/intel/seen/smtp.zeek +@load frameworks/intel/seen/ssl.zeek +@load frameworks/intel/seen/where-locations.zeek +@load frameworks/intel/seen/x509.zeek +@load frameworks/files/detect-MHR.zeek +@load frameworks/files/entropy-test-all-files.zeek +#@load frameworks/files/extract-all-files.zeek +@load frameworks/files/hash-all-files.zeek +@load frameworks/notice/__load__.zeek +@load frameworks/notice/extend-email/hostnames.zeek +@load files/x509/log-ocsp.zeek +@load frameworks/packet-filter/shunt.zeek +@load frameworks/software/version-changes.zeek +@load frameworks/software/vulnerable.zeek +@load frameworks/software/windows-version-detection.zeek +@load integration/barnyard2/__load__.zeek +@load integration/barnyard2/main.zeek +@load integration/barnyard2/types.zeek +@load integration/collective-intel/__load__.zeek +@load integration/collective-intel/main.zeek +@load misc/capture-loss.zeek +@load misc/detect-traceroute/__load__.zeek +@load misc/detect-traceroute/main.zeek +# @load misc/dump-events.zeek +@load misc/load-balancing.zeek +@load misc/loaded-scripts.zeek +@load misc/profiling.zeek +@load misc/scan.zeek +@load misc/stats.zeek +@load misc/weird-stats.zeek +@load misc/trim-trace-file.zeek +@load protocols/conn/known-hosts.zeek +@load protocols/conn/known-services.zeek +@load protocols/conn/mac-logging.zeek +@load protocols/conn/vlan-logging.zeek +@load protocols/conn/weirds.zeek +#@load protocols/dhcp/deprecated_events.zeek +@load protocols/dhcp/msg-orig.zeek +@load protocols/dhcp/software.zeek +@load protocols/dhcp/sub-opts.zeek +@load protocols/dns/auth-addl.zeek +@load protocols/dns/detect-external-names.zeek +@load protocols/ftp/detect-bruteforcing.zeek +@load protocols/ftp/detect.zeek +@load protocols/ftp/software.zeek +@load protocols/http/detect-sqli.zeek +@load protocols/http/detect-webapps.zeek +@load protocols/http/header-names.zeek +@load protocols/http/software-browser-plugins.zeek +@load protocols/http/software.zeek +@load protocols/http/var-extraction-cookies.zeek +@load protocols/http/var-extraction-uri.zeek +@load protocols/krb/ticket-logging.zeek +@load protocols/modbus/known-masters-slaves.zeek +@load protocols/modbus/track-memmap.zeek +@load protocols/mysql/software.zeek +@load protocols/rdp/indicate_ssl.zeek +#@load protocols/smb/__load__.zeek +@load protocols/smb/log-cmds.zeek +@load protocols/smtp/blocklists.zeek +@load protocols/smtp/detect-suspicious-orig.zeek +@load protocols/smtp/entities-excerpt.zeek +@load protocols/smtp/software.zeek +@load protocols/ssh/detect-bruteforcing.zeek +@load protocols/ssh/geo-data.zeek +@load protocols/ssh/interesting-hostnames.zeek +@load protocols/ssh/software.zeek +@load protocols/ssl/expiring-certs.zeek +@load protocols/ssl/extract-certs-pem.zeek +@load protocols/ssl/heartbleed.zeek +@load protocols/ssl/known-certs.zeek +@load protocols/ssl/log-hostcerts-only.zeek +#@load protocols/ssl/notary.zeek +@load protocols/ssl/validate-certs.zeek +@load protocols/ssl/validate-ocsp.zeek +@load protocols/ssl/validate-sct.zeek +@load protocols/ssl/weak-keys.zeek +@load tuning/__load__.zeek +@load tuning/defaults/__load__.zeek +@load tuning/defaults/extracted_file_limits.zeek +@load tuning/defaults/packet-fragments.zeek +@load tuning/defaults/warnings.zeek +@load tuning/json-logs.zeek +@load tuning/track-all-assets.zeek diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index f3dfd42d85..35fb70f5de 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -385,17 +385,17 @@ add_dependencies(generate_outputs_stage2b generate_outputs_stage1) add_custom_target(generate_outputs) add_dependencies(generate_outputs generate_outputs_stage2a generate_outputs_stage2b) -# Build __load__.bro files for standard *.bif.bro. +# Build __load__.zeek files for standard *.bif.zeek. bro_bif_create_loader(bif_loader "${bro_BASE_BIF_SCRIPTS}") add_dependencies(bif_loader ${bro_SUBDIRS}) add_dependencies(bro bif_loader) -# Build __load__.bro files for plugins/*.bif.bro. +# Build __load__.zeek files for plugins/*.bif.zeek. bro_bif_create_loader(bif_loader_plugins "${bro_PLUGIN_BIF_SCRIPTS}") add_dependencies(bif_loader_plugins ${bro_SUBDIRS}) add_dependencies(bro bif_loader_plugins) -# Install *.bif.bro. +# Install *.bif.zeek. install(DIRECTORY ${CMAKE_BINARY_DIR}/scripts/base/bif DESTINATION ${BRO_SCRIPT_INSTALL_PATH}/base) # Create plugin directory at install time. diff --git a/src/Type.cc b/src/Type.cc index 77a5ac6d16..741f1cfc0f 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1510,7 +1510,7 @@ void EnumType::CheckAndAddName(const string& module_name, const char* name, else { // We allow double-definitions if matching exactly. This is so that - // we can define an enum both in a *.bif and *.bro for avoiding + // we can define an enum both in a *.bif and *.zeek for avoiding // cyclic dependencies. string fullname = make_full_var_name(module_name.c_str(), name); if ( id->Name() != fullname diff --git a/src/broxygen/ScriptInfo.cc b/src/broxygen/ScriptInfo.cc index da6ba6b44a..7ecf212a44 100644 --- a/src/broxygen/ScriptInfo.cc +++ b/src/broxygen/ScriptInfo.cc @@ -253,12 +253,12 @@ void ScriptInfo::DoInitPostScript() // The following enum types are automatically created internally in Bro, // so just manually associating them with scripts for now. - if ( name == "base/frameworks/input/main.bro" ) + if ( name == "base/frameworks/input/main.zeek" ) { auto id = global_scope()->Lookup("Input::Reader"); types.push_back(new IdentifierInfo(id, this)); } - else if ( name == "base/frameworks/logging/main.bro" ) + else if ( name == "base/frameworks/logging/main.zeek" ) { auto id = global_scope()->Lookup("Log::Writer"); types.push_back(new IdentifierInfo(id, this)); diff --git a/src/broxygen/ScriptInfo.h b/src/broxygen/ScriptInfo.h index d7328ef7c8..dd43e15a4e 100644 --- a/src/broxygen/ScriptInfo.h +++ b/src/broxygen/ScriptInfo.h @@ -77,7 +77,7 @@ public: { redefs.insert(info); } /** - * @return Whether the script is a package loader (i.e. "__load__.bro"). + * @return Whether the script is a package loader (i.e. "__load__.zeek"). */ bool IsPkgLoader() const { return is_pkg_loader; } diff --git a/src/broxygen/Target.h b/src/broxygen/Target.h index 9a5a23107c..7f18697eaf 100644 --- a/src/broxygen/Target.h +++ b/src/broxygen/Target.h @@ -41,7 +41,7 @@ struct TargetFile { /** * A Broxygen target abstract base class. A target is generally any portion of * documentation that Bro can build. It's identified by a type (e.g. script, - * identifier, package), a pattern (e.g. "example.bro", "HTTP::Info"), and + * identifier, package), a pattern (e.g. "example.zeek", "HTTP::Info"), and * a path to an output file. */ class Target { diff --git a/src/broxygen/broxygen.bif b/src/broxygen/broxygen.bif index d1b3028edc..4b2f5653b2 100644 --- a/src/broxygen/broxygen.bif +++ b/src/broxygen/broxygen.bif @@ -35,7 +35,7 @@ function get_identifier_comments%(name: string%): string ## ## name: the name of a Bro script. It must be a relative path to where ## it is located within a particular component of BROPATH and use -## the same file name extension/suffix as the actual file (e.g. ".bro"). +## the same file name extension/suffix as the actual file (e.g. ".zeek"). ## ## Returns: summary comments associated with script with *name*. If ## *name* is not a known script, an empty string is returned. diff --git a/src/const.bif b/src/const.bif index 6d60ac707b..9da5950259 100644 --- a/src/const.bif +++ b/src/const.bif @@ -1,6 +1,6 @@ ##! Declaration of various scripting-layer constants that the Bro core uses ##! internally. Documentation and default values for the scripting-layer -##! variables themselves are found in :doc:`/scripts/base/init-bare.bro`. +##! variables themselves are found in :doc:`/scripts/base/init-bare.zeek`. const ignore_keep_alive_rexmit: bool; const skip_http_data: bool; diff --git a/src/main.cc b/src/main.cc index 473f3a72e7..782c49edde 100644 --- a/src/main.cc +++ b/src/main.cc @@ -823,11 +823,11 @@ int main(int argc, char** argv) broxygen_mgr = new broxygen::Manager(broxygen_config, bro_argv[0]); - add_essential_input_file("base/init-bare.bro"); - add_essential_input_file("base/init-frameworks-and-bifs.bro"); + add_essential_input_file("base/init-bare.zeek"); + add_essential_input_file("base/init-frameworks-and-bifs.zeek"); if ( ! bare_mode ) - add_input_file("base/init-default.bro"); + add_input_file("base/init-default.zeek"); plugin_mgr->SearchDynamicPlugins(bro_plugin_path()); diff --git a/src/plugin/Manager.cc b/src/plugin/Manager.cc index e098d955c1..47f7ba1ed9 100644 --- a/src/plugin/Manager.cc +++ b/src/plugin/Manager.cc @@ -185,7 +185,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ string init; - // First load {scripts}/__preload__.bro automatically. + // First load {scripts}/__preload__.zeek automatically. for (const string& ext : script_extensions) { init = dir + "scripts/__preload__" + ext; @@ -198,7 +198,7 @@ bool Manager::ActivateDynamicPluginInternal(const std::string& name, bool ok_if_ } } - // Load {bif,scripts}/__load__.bro automatically. + // Load {bif,scripts}/__load__.zeek automatically. for (const string& ext : script_extensions) { init = dir + "lib/bif/__load__" + ext; diff --git a/src/reporter.bif b/src/reporter.bif index 4a58e2728b..038182574e 100644 --- a/src/reporter.bif +++ b/src/reporter.bif @@ -4,7 +4,7 @@ ##! If event handlers do exist, it's assumed they take care of determining ##! how/where to output the messages. ##! -##! See :doc:`/scripts/base/frameworks/reporter/main.bro` for a convenient +##! See :doc:`/scripts/base/frameworks/reporter/main.zeek` for a convenient ##! reporter message logging framework. module Reporter; diff --git a/src/scan.l b/src/scan.l index 4da18b125f..fb8ca20f8e 100644 --- a/src/scan.l +++ b/src/scan.l @@ -923,7 +923,7 @@ int yywrap() if ( ! did_builtin_init && file_stack.length() == 1 ) { // ### This is a gross hack - we know that the first file - // we parse is init-bare.bro, and after it it's safe to initialize + // we parse is init-bare.zeek, and after it it's safe to initialize // the built-ins. Furthermore, we want to initialize the // built-in's *right* after parsing bro.init, so that other // source files can use built-in's when initializing globals. @@ -961,7 +961,7 @@ int yywrap() // prefixed and flattened version of the loaded file in BROPATH. The // flattening involves taking the path in BROPATH in which the // scanned file lives and replacing '/' path separators with a '.' If - // the scanned file is "__load__.bro", that part of the flattened + // the scanned file is "__load__.zeek", that part of the flattened // file name is discarded. If the prefix is non-empty, it gets placed // in front of the flattened path, separated with another '.' std::list::iterator it; diff --git a/src/types.bif b/src/types.bif index babccb0f0d..79f5780f52 100644 --- a/src/types.bif +++ b/src/types.bif @@ -141,7 +141,7 @@ enum createmode_t %{ %} # Declare record types that we want to access from the event engine. These are -# defined in init-bare.bro. +# defined in init-bare.zeek. type info_t: record; type fattr_t: record; type sattr_t: record; diff --git a/src/util.h b/src/util.h index bd1566080f..b63b74a3f7 100644 --- a/src/util.h +++ b/src/util.h @@ -309,7 +309,7 @@ std::string implode_string_vector(const std::vector& v, /** * Flatten a script name by replacing '/' path separators with '.'. - * @param file A path to a Bro script. If it is a __load__.bro, that part + * @param file A path to a Bro script. If it is a __load__.zeek, that part * is discarded when constructing the flattened the name. * @param prefix A string to prepend to the flattened script name. * @return The flattened script name. From 4e0c1997a0f34901fc93efb93f215d9f3d3ce852 Mon Sep 17 00:00:00 2001 From: Daniel Thayer Date: Thu, 11 Apr 2019 23:32:58 -0500 Subject: [PATCH 7/7] Update tests and baselines due to renaming all scripts --- .../btest/Baseline/core.load-prefixes/output | 4 +- .../Baseline/core.pcap.filter-error/output | 2 +- .../canonified_loaded_scripts.log | 346 ++++----- .../Baseline/coverage.bare-mode-errors/errors | 36 +- .../canonified_loaded_scripts.log | 734 +++++++++--------- .../coverage.init-default/missing_loads | 20 +- .../Baseline/doc.broxygen.all_scripts/.stderr | 20 +- .../Baseline/doc.broxygen.example/example.rst | 6 +- .../Baseline/doc.broxygen.package/test.rst | 4 +- .../doc.broxygen.script_index/test.rst | 4 +- .../doc.broxygen.script_summary/test.rst | 2 +- .../language.index-assignment-invalid/out | 2 +- .../output | 2 +- .../out1 | 2 +- .../scripts.base.misc.version/.stderr | 8 +- testing/btest/core/ip-broken-header.bro | 2 +- testing/btest/core/load-prefixes.bro | 10 +- .../btest/coverage/bare-load-baseline.test | 2 +- testing/btest/coverage/bare-mode-errors.test | 2 +- testing/btest/coverage/find-bro-logs.test | 2 +- testing/btest/coverage/init-default.test | 16 +- testing/btest/coverage/test-all-policy.test | 14 +- testing/btest/doc/broxygen/example.bro | 4 +- testing/btest/doc/broxygen/script_summary.bro | 2 +- .../logging/ascii-json-optional.bro | 2 +- .../scripts/base/protocols/modbus/policy.bro | 4 +- .../base/protocols/ssl/cve-2015-3194.test | 2 +- .../base/protocols/ssl/keyexchange.test | 2 +- .../btest/scripts/policy/misc/dump-events.bro | 6 +- .../btest/scripts/policy/misc/weird-stats.bro | 2 +- .../protocols/ssl/validate-certs-no-cache.bro | 2 +- .../policy/protocols/ssl/validate-certs.bro | 2 +- .../policy/protocols/ssl/validate-sct.bro | 2 +- 33 files changed, 635 insertions(+), 635 deletions(-) diff --git a/testing/btest/Baseline/core.load-prefixes/output b/testing/btest/Baseline/core.load-prefixes/output index 2969d774cf..05e54cb3b9 100644 --- a/testing/btest/Baseline/core.load-prefixes/output +++ b/testing/btest/Baseline/core.load-prefixes/output @@ -1,4 +1,4 @@ -loaded lcl2.base.utils.site.bro -loaded lcl.base.utils.site.bro +loaded lcl2.base.utils.site.zeek +loaded lcl.base.utils.site.zeek loaded lcl2.base.protocols.http.bro loaded lcl.base.protocols.http.zeek diff --git a/testing/btest/Baseline/core.pcap.filter-error/output b/testing/btest/Baseline/core.pcap.filter-error/output index 82804bb483..f52fdf7e0a 100644 --- a/testing/btest/Baseline/core.pcap.filter-error/output +++ b/testing/btest/Baseline/core.pcap.filter-error/output @@ -1,3 +1,3 @@ -fatal error in /home/robin/bro/master/scripts/base/frameworks/packet-filter/./main.bro, line 282: Bad pcap filter 'kaputt' +fatal error in /home/robin/bro/master/scripts/base/frameworks/packet-filter/./main.zeek, line 282: Bad pcap filter 'kaputt' ---- error, cannot compile BPF filter "kaputt, too" diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 4eeaa4b07b..f533fd8be2 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -6,177 +6,177 @@ #open 2018-06-08-16-37-15 #fields name #types string -scripts/base/init-bare.bro - build/scripts/base/bif/const.bif.bro - build/scripts/base/bif/types.bif.bro - build/scripts/base/bif/bro.bif.bro - build/scripts/base/bif/stats.bif.bro - build/scripts/base/bif/reporter.bif.bro - build/scripts/base/bif/strings.bif.bro - build/scripts/base/bif/option.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro - build/scripts/base/bif/event.bif.bro -scripts/base/init-frameworks-and-bifs.bro - scripts/base/frameworks/logging/__load__.bro - scripts/base/frameworks/logging/main.bro - build/scripts/base/bif/logging.bif.bro - scripts/base/frameworks/logging/postprocessors/__load__.bro - scripts/base/frameworks/logging/postprocessors/scp.bro - scripts/base/frameworks/logging/postprocessors/sftp.bro - scripts/base/frameworks/logging/writers/ascii.bro - scripts/base/frameworks/logging/writers/sqlite.bro - scripts/base/frameworks/logging/writers/none.bro - scripts/base/frameworks/broker/__load__.bro - scripts/base/frameworks/broker/main.bro - build/scripts/base/bif/comm.bif.bro - build/scripts/base/bif/messaging.bif.bro - scripts/base/frameworks/broker/store.bro - build/scripts/base/bif/data.bif.bro - build/scripts/base/bif/store.bif.bro - scripts/base/frameworks/broker/log.bro - scripts/base/frameworks/input/__load__.bro - scripts/base/frameworks/input/main.bro - build/scripts/base/bif/input.bif.bro - scripts/base/frameworks/input/readers/ascii.bro - scripts/base/frameworks/input/readers/raw.bro - scripts/base/frameworks/input/readers/benchmark.bro - scripts/base/frameworks/input/readers/binary.bro - scripts/base/frameworks/input/readers/config.bro - scripts/base/frameworks/input/readers/sqlite.bro - scripts/base/frameworks/analyzer/__load__.bro - scripts/base/frameworks/analyzer/main.bro - scripts/base/frameworks/packet-filter/utils.bro - build/scripts/base/bif/analyzer.bif.bro - scripts/base/frameworks/files/__load__.bro - scripts/base/frameworks/files/main.bro - build/scripts/base/bif/file_analysis.bif.bro - scripts/base/utils/site.bro - scripts/base/utils/patterns.bro - scripts/base/frameworks/files/magic/__load__.bro - build/scripts/base/bif/__load__.bro - build/scripts/base/bif/broxygen.bif.bro - build/scripts/base/bif/pcap.bif.bro - build/scripts/base/bif/bloom-filter.bif.bro - build/scripts/base/bif/cardinality-counter.bif.bro - build/scripts/base/bif/top-k.bif.bro - build/scripts/base/bif/plugins/__load__.bro - build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.bro - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro - build/scripts/base/bif/plugins/Bro_File.events.bif.bro - build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro - build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro - build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro - build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro - build/scripts/base/bif/plugins/Bro_RFB.events.bif.bro - build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro - build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.bro - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro - build/scripts/base/bif/plugins/Bro_PE.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.events.bif.bro - build/scripts/base/bif/plugins/Bro_X509.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro -scripts/policy/misc/loaded-scripts.bro - scripts/base/utils/paths.bro +scripts/base/init-bare.zeek + build/scripts/base/bif/const.bif.zeek + build/scripts/base/bif/types.bif.zeek + build/scripts/base/bif/bro.bif.zeek + build/scripts/base/bif/stats.bif.zeek + build/scripts/base/bif/reporter.bif.zeek + build/scripts/base/bif/strings.bif.zeek + build/scripts/base/bif/option.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/event.bif.zeek +scripts/base/init-frameworks-and-bifs.zeek + scripts/base/frameworks/logging/__load__.zeek + scripts/base/frameworks/logging/main.zeek + build/scripts/base/bif/logging.bif.zeek + scripts/base/frameworks/logging/postprocessors/__load__.zeek + scripts/base/frameworks/logging/postprocessors/scp.zeek + scripts/base/frameworks/logging/postprocessors/sftp.zeek + scripts/base/frameworks/logging/writers/ascii.zeek + scripts/base/frameworks/logging/writers/sqlite.zeek + scripts/base/frameworks/logging/writers/none.zeek + scripts/base/frameworks/broker/__load__.zeek + scripts/base/frameworks/broker/main.zeek + build/scripts/base/bif/comm.bif.zeek + build/scripts/base/bif/messaging.bif.zeek + scripts/base/frameworks/broker/store.zeek + build/scripts/base/bif/data.bif.zeek + build/scripts/base/bif/store.bif.zeek + scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/input/__load__.zeek + scripts/base/frameworks/input/main.zeek + build/scripts/base/bif/input.bif.zeek + scripts/base/frameworks/input/readers/ascii.zeek + scripts/base/frameworks/input/readers/raw.zeek + scripts/base/frameworks/input/readers/benchmark.zeek + scripts/base/frameworks/input/readers/binary.zeek + scripts/base/frameworks/input/readers/config.zeek + scripts/base/frameworks/input/readers/sqlite.zeek + scripts/base/frameworks/analyzer/__load__.zeek + scripts/base/frameworks/analyzer/main.zeek + scripts/base/frameworks/packet-filter/utils.zeek + build/scripts/base/bif/analyzer.bif.zeek + scripts/base/frameworks/files/__load__.zeek + scripts/base/frameworks/files/main.zeek + build/scripts/base/bif/file_analysis.bif.zeek + scripts/base/utils/site.zeek + scripts/base/utils/patterns.zeek + scripts/base/frameworks/files/magic/__load__.zeek + build/scripts/base/bif/__load__.zeek + build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/pcap.bif.zeek + build/scripts/base/bif/bloom-filter.bif.zeek + build/scripts/base/bif/cardinality-counter.bif.zeek + build/scripts/base/bif/top-k.bif.zeek + build/scripts/base/bif/plugins/__load__.zeek + build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_File.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek +scripts/policy/misc/loaded-scripts.zeek + scripts/base/utils/paths.zeek #close 2018-06-08-16-37-15 diff --git a/testing/btest/Baseline/coverage.bare-mode-errors/errors b/testing/btest/Baseline/coverage.bare-mode-errors/errors index e11a4ca00f..68129bbab6 100644 --- a/testing/btest/Baseline/coverage.bare-mode-errors/errors +++ b/testing/btest/Baseline/coverage.bare-mode-errors/errors @@ -1,18 +1,18 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead" -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/testing/btest/../../scripts//broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/testing/btest/../../scripts//policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from command line arguments "Use '@load base/protocols/smb' instead" diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index eaca1c489a..45185bed09 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -6,371 +6,371 @@ #open 2018-09-05-20-33-08 #fields name #types string -scripts/base/init-bare.bro - build/scripts/base/bif/const.bif.bro - build/scripts/base/bif/types.bif.bro - build/scripts/base/bif/bro.bif.bro - build/scripts/base/bif/stats.bif.bro - build/scripts/base/bif/reporter.bif.bro - build/scripts/base/bif/strings.bif.bro - build/scripts/base/bif/option.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.types.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.types.bif.bro - build/scripts/base/bif/event.bif.bro -scripts/base/init-frameworks-and-bifs.bro - scripts/base/frameworks/logging/__load__.bro - scripts/base/frameworks/logging/main.bro - build/scripts/base/bif/logging.bif.bro - scripts/base/frameworks/logging/postprocessors/__load__.bro - scripts/base/frameworks/logging/postprocessors/scp.bro - scripts/base/frameworks/logging/postprocessors/sftp.bro - scripts/base/frameworks/logging/writers/ascii.bro - scripts/base/frameworks/logging/writers/sqlite.bro - scripts/base/frameworks/logging/writers/none.bro - scripts/base/frameworks/broker/__load__.bro - scripts/base/frameworks/broker/main.bro - build/scripts/base/bif/comm.bif.bro - build/scripts/base/bif/messaging.bif.bro - scripts/base/frameworks/broker/store.bro - build/scripts/base/bif/data.bif.bro - build/scripts/base/bif/store.bif.bro - scripts/base/frameworks/broker/log.bro - scripts/base/frameworks/input/__load__.bro - scripts/base/frameworks/input/main.bro - build/scripts/base/bif/input.bif.bro - scripts/base/frameworks/input/readers/ascii.bro - scripts/base/frameworks/input/readers/raw.bro - scripts/base/frameworks/input/readers/benchmark.bro - scripts/base/frameworks/input/readers/binary.bro - scripts/base/frameworks/input/readers/config.bro - scripts/base/frameworks/input/readers/sqlite.bro - scripts/base/frameworks/analyzer/__load__.bro - scripts/base/frameworks/analyzer/main.bro - scripts/base/frameworks/packet-filter/utils.bro - build/scripts/base/bif/analyzer.bif.bro - scripts/base/frameworks/files/__load__.bro - scripts/base/frameworks/files/main.bro - build/scripts/base/bif/file_analysis.bif.bro - scripts/base/utils/site.bro - scripts/base/utils/patterns.bro - scripts/base/frameworks/files/magic/__load__.bro - build/scripts/base/bif/__load__.bro - build/scripts/base/bif/broxygen.bif.bro - build/scripts/base/bif/pcap.bif.bro - build/scripts/base/bif/bloom-filter.bif.bro - build/scripts/base/bif/cardinality-counter.bif.bro - build/scripts/base/bif/top-k.bif.bro - build/scripts/base/bif/plugins/__load__.bro - build/scripts/base/bif/plugins/Bro_ARP.events.bif.bro - build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.bro - build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.bro - build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.bro - build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_DHCP.types.bif.bro - build/scripts/base/bif/plugins/Bro_DNP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_DNS.events.bif.bro - build/scripts/base/bif/plugins/Bro_File.events.bif.bro - build/scripts/base/bif/plugins/Bro_Finger.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.bro - build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.bro - build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_ICMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_Ident.events.bif.bro - build/scripts/base/bif/plugins/Bro_IMAP.events.bif.bro - build/scripts/base/bif/plugins/Bro_InterConn.events.bif.bro - build/scripts/base/bif/plugins/Bro_IRC.events.bif.bro - build/scripts/base/bif/plugins/Bro_KRB.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.events.bif.bro - build/scripts/base/bif/plugins/Bro_Login.functions.bif.bro - build/scripts/base/bif/plugins/Bro_MIME.events.bif.bro - build/scripts/base/bif/plugins/Bro_Modbus.events.bif.bro - build/scripts/base/bif/plugins/Bro_MySQL.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_NCP.consts.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.bro - build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.types.bif.bro - build/scripts/base/bif/plugins/Bro_NTLM.events.bif.bro - build/scripts/base/bif/plugins/Bro_NTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_POP3.events.bif.bro - build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_RDP.types.bif.bro - build/scripts/base/bif/plugins/Bro_RFB.events.bif.bro - build/scripts/base/bif/plugins/Bro_RPC.events.bif.bro - build/scripts/base/bif/plugins/Bro_SIP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SNMP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.consts.bif.bro - build/scripts/base/bif/plugins/Bro_SMB.types.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.events.bif.bro - build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSH.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.types.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.events.bif.bro - build/scripts/base/bif/plugins/Bro_SSL.functions.bif.bro - build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.bro - build/scripts/base/bif/plugins/Bro_Syslog.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.events.bif.bro - build/scripts/base/bif/plugins/Bro_TCP.functions.bif.bro - build/scripts/base/bif/plugins/Bro_Teredo.events.bif.bro - build/scripts/base/bif/plugins/Bro_UDP.events.bif.bro - build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.bro - build/scripts/base/bif/plugins/Bro_XMPP.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.bro - build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.bro - build/scripts/base/bif/plugins/Bro_FileHash.events.bif.bro - build/scripts/base/bif/plugins/Bro_PE.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.events.bif.bro - build/scripts/base/bif/plugins/Bro_Unified2.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.events.bif.bro - build/scripts/base/bif/plugins/Bro_X509.types.bif.bro - build/scripts/base/bif/plugins/Bro_X509.functions.bif.bro - build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro - build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.bro - build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.bro - build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro - build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro - build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.bro - build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.bro -scripts/base/init-default.bro - scripts/base/utils/active-http.bro - scripts/base/utils/exec.bro - scripts/base/utils/addrs.bro - scripts/base/utils/conn-ids.bro - scripts/base/utils/dir.bro - scripts/base/frameworks/reporter/__load__.bro - scripts/base/frameworks/reporter/main.bro - scripts/base/utils/paths.bro - scripts/base/utils/directions-and-hosts.bro - scripts/base/utils/email.bro - scripts/base/utils/files.bro - scripts/base/utils/geoip-distance.bro - scripts/base/utils/hash_hrw.bro - scripts/base/utils/numbers.bro - scripts/base/utils/queue.bro - scripts/base/utils/strings.bro - scripts/base/utils/thresholds.bro - scripts/base/utils/time.bro - scripts/base/utils/urls.bro - scripts/base/frameworks/notice/__load__.bro - scripts/base/frameworks/notice/main.bro - scripts/base/frameworks/cluster/__load__.bro - scripts/base/frameworks/cluster/main.bro - scripts/base/frameworks/control/__load__.bro - scripts/base/frameworks/control/main.bro - scripts/base/frameworks/cluster/pools.bro - scripts/base/frameworks/notice/weird.bro - scripts/base/frameworks/notice/actions/drop.bro - scripts/base/frameworks/netcontrol/__load__.bro - scripts/base/frameworks/netcontrol/types.bro - scripts/base/frameworks/netcontrol/main.bro - scripts/base/frameworks/netcontrol/plugin.bro - scripts/base/frameworks/netcontrol/plugins/__load__.bro - scripts/base/frameworks/netcontrol/plugins/debug.bro - scripts/base/frameworks/netcontrol/plugins/openflow.bro - scripts/base/frameworks/openflow/__load__.bro - scripts/base/frameworks/openflow/consts.bro - scripts/base/frameworks/openflow/types.bro - scripts/base/frameworks/openflow/main.bro - scripts/base/frameworks/openflow/plugins/__load__.bro - scripts/base/frameworks/openflow/plugins/ryu.bro - scripts/base/utils/json.bro - scripts/base/frameworks/openflow/plugins/log.bro - scripts/base/frameworks/openflow/plugins/broker.bro - scripts/base/frameworks/openflow/non-cluster.bro - scripts/base/frameworks/netcontrol/plugins/packetfilter.bro - scripts/base/frameworks/netcontrol/plugins/broker.bro - scripts/base/frameworks/netcontrol/plugins/acld.bro - scripts/base/frameworks/netcontrol/drop.bro - scripts/base/frameworks/netcontrol/shunt.bro - scripts/base/frameworks/netcontrol/catch-and-release.bro - scripts/base/frameworks/netcontrol/non-cluster.bro - scripts/base/frameworks/notice/actions/email_admin.bro - scripts/base/frameworks/notice/actions/page.bro - scripts/base/frameworks/notice/actions/add-geodata.bro - scripts/base/frameworks/notice/actions/pp-alarms.bro - scripts/base/frameworks/dpd/__load__.bro - scripts/base/frameworks/dpd/main.bro - scripts/base/frameworks/signatures/__load__.bro - scripts/base/frameworks/signatures/main.bro - scripts/base/frameworks/packet-filter/__load__.bro - scripts/base/frameworks/packet-filter/main.bro - scripts/base/frameworks/packet-filter/netstats.bro - scripts/base/frameworks/software/__load__.bro - scripts/base/frameworks/software/main.bro - scripts/base/frameworks/intel/__load__.bro - scripts/base/frameworks/intel/main.bro - scripts/base/frameworks/intel/files.bro - scripts/base/frameworks/intel/input.bro - scripts/base/frameworks/config/__load__.bro - scripts/base/frameworks/config/main.bro - scripts/base/frameworks/config/input.bro - scripts/base/frameworks/config/weird.bro - scripts/base/frameworks/sumstats/__load__.bro - scripts/base/frameworks/sumstats/main.bro - scripts/base/frameworks/sumstats/plugins/__load__.bro - scripts/base/frameworks/sumstats/plugins/average.bro - scripts/base/frameworks/sumstats/plugins/hll_unique.bro - scripts/base/frameworks/sumstats/plugins/last.bro - scripts/base/frameworks/sumstats/plugins/max.bro - scripts/base/frameworks/sumstats/plugins/min.bro - scripts/base/frameworks/sumstats/plugins/sample.bro - scripts/base/frameworks/sumstats/plugins/std-dev.bro - scripts/base/frameworks/sumstats/plugins/variance.bro - scripts/base/frameworks/sumstats/plugins/sum.bro - scripts/base/frameworks/sumstats/plugins/topk.bro - scripts/base/frameworks/sumstats/plugins/unique.bro - scripts/base/frameworks/sumstats/non-cluster.bro - scripts/base/frameworks/tunnels/__load__.bro - scripts/base/frameworks/tunnels/main.bro - scripts/base/protocols/conn/__load__.bro - scripts/base/protocols/conn/main.bro - scripts/base/protocols/conn/contents.bro - scripts/base/protocols/conn/inactivity.bro - scripts/base/protocols/conn/polling.bro - scripts/base/protocols/conn/thresholds.bro - scripts/base/protocols/dce-rpc/__load__.bro - scripts/base/protocols/dce-rpc/consts.bro - scripts/base/protocols/dce-rpc/main.bro - scripts/base/protocols/dhcp/__load__.bro - scripts/base/protocols/dhcp/consts.bro - scripts/base/protocols/dhcp/main.bro - scripts/base/protocols/dnp3/__load__.bro - scripts/base/protocols/dnp3/main.bro - scripts/base/protocols/dnp3/consts.bro - scripts/base/protocols/dns/__load__.bro - scripts/base/protocols/dns/consts.bro - scripts/base/protocols/dns/main.bro - scripts/base/protocols/ftp/__load__.bro - scripts/base/protocols/ftp/utils-commands.bro - scripts/base/protocols/ftp/info.bro - scripts/base/protocols/ftp/main.bro - scripts/base/protocols/ftp/utils.bro - scripts/base/protocols/ftp/files.bro - scripts/base/protocols/ftp/gridftp.bro - scripts/base/protocols/ssl/__load__.bro - scripts/base/protocols/ssl/consts.bro - scripts/base/protocols/ssl/main.bro - scripts/base/protocols/ssl/mozilla-ca-list.bro - scripts/base/protocols/ssl/ct-list.bro - scripts/base/protocols/ssl/files.bro - scripts/base/files/x509/__load__.bro - scripts/base/files/x509/main.bro - scripts/base/files/hash/__load__.bro - scripts/base/files/hash/main.bro - scripts/base/protocols/http/__load__.bro - scripts/base/protocols/http/main.bro - scripts/base/protocols/http/entities.bro - scripts/base/protocols/http/utils.bro - scripts/base/protocols/http/files.bro - scripts/base/protocols/imap/__load__.bro - scripts/base/protocols/imap/main.bro - scripts/base/protocols/irc/__load__.bro - scripts/base/protocols/irc/main.bro - scripts/base/protocols/irc/dcc-send.bro - scripts/base/protocols/irc/files.bro - scripts/base/protocols/krb/__load__.bro - scripts/base/protocols/krb/main.bro - scripts/base/protocols/krb/consts.bro - scripts/base/protocols/krb/files.bro - scripts/base/protocols/modbus/__load__.bro - scripts/base/protocols/modbus/consts.bro - scripts/base/protocols/modbus/main.bro - scripts/base/protocols/mysql/__load__.bro - scripts/base/protocols/mysql/main.bro - scripts/base/protocols/mysql/consts.bro - scripts/base/protocols/ntlm/__load__.bro - scripts/base/protocols/ntlm/main.bro - scripts/base/protocols/pop3/__load__.bro - scripts/base/protocols/radius/__load__.bro - scripts/base/protocols/radius/main.bro - scripts/base/protocols/radius/consts.bro - scripts/base/protocols/rdp/__load__.bro - scripts/base/protocols/rdp/consts.bro - scripts/base/protocols/rdp/main.bro - scripts/base/protocols/rfb/__load__.bro - scripts/base/protocols/rfb/main.bro - scripts/base/protocols/sip/__load__.bro - scripts/base/protocols/sip/main.bro - scripts/base/protocols/snmp/__load__.bro - scripts/base/protocols/snmp/main.bro - scripts/base/protocols/smb/__load__.bro - scripts/base/protocols/smb/consts.bro - scripts/base/protocols/smb/const-dos-error.bro - scripts/base/protocols/smb/const-nt-status.bro - scripts/base/protocols/smb/main.bro - scripts/base/protocols/smb/smb1-main.bro - scripts/base/protocols/smb/smb2-main.bro - scripts/base/protocols/smb/files.bro - scripts/base/protocols/smtp/__load__.bro - scripts/base/protocols/smtp/main.bro - scripts/base/protocols/smtp/entities.bro - scripts/base/protocols/smtp/files.bro - scripts/base/protocols/socks/__load__.bro - scripts/base/protocols/socks/consts.bro - scripts/base/protocols/socks/main.bro - scripts/base/protocols/ssh/__load__.bro - scripts/base/protocols/ssh/main.bro - scripts/base/protocols/syslog/__load__.bro - scripts/base/protocols/syslog/consts.bro - scripts/base/protocols/syslog/main.bro - scripts/base/protocols/tunnels/__load__.bro - scripts/base/protocols/xmpp/__load__.bro - scripts/base/protocols/xmpp/main.bro - scripts/base/files/pe/__load__.bro - scripts/base/files/pe/consts.bro - scripts/base/files/pe/main.bro - scripts/base/files/extract/__load__.bro - scripts/base/files/extract/main.bro - scripts/base/files/unified2/__load__.bro - scripts/base/files/unified2/main.bro - scripts/base/misc/find-checksum-offloading.bro - scripts/base/misc/find-filtered-trace.bro - scripts/base/misc/version.bro -scripts/policy/misc/loaded-scripts.bro +scripts/base/init-bare.zeek + build/scripts/base/bif/const.bif.zeek + build/scripts/base/bif/types.bif.zeek + build/scripts/base/bif/bro.bif.zeek + build/scripts/base/bif/stats.bif.zeek + build/scripts/base/bif/reporter.bif.zeek + build/scripts/base/bif/strings.bif.zeek + build/scripts/base/bif/option.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.types.bif.zeek + build/scripts/base/bif/event.bif.zeek +scripts/base/init-frameworks-and-bifs.zeek + scripts/base/frameworks/logging/__load__.zeek + scripts/base/frameworks/logging/main.zeek + build/scripts/base/bif/logging.bif.zeek + scripts/base/frameworks/logging/postprocessors/__load__.zeek + scripts/base/frameworks/logging/postprocessors/scp.zeek + scripts/base/frameworks/logging/postprocessors/sftp.zeek + scripts/base/frameworks/logging/writers/ascii.zeek + scripts/base/frameworks/logging/writers/sqlite.zeek + scripts/base/frameworks/logging/writers/none.zeek + scripts/base/frameworks/broker/__load__.zeek + scripts/base/frameworks/broker/main.zeek + build/scripts/base/bif/comm.bif.zeek + build/scripts/base/bif/messaging.bif.zeek + scripts/base/frameworks/broker/store.zeek + build/scripts/base/bif/data.bif.zeek + build/scripts/base/bif/store.bif.zeek + scripts/base/frameworks/broker/log.zeek + scripts/base/frameworks/input/__load__.zeek + scripts/base/frameworks/input/main.zeek + build/scripts/base/bif/input.bif.zeek + scripts/base/frameworks/input/readers/ascii.zeek + scripts/base/frameworks/input/readers/raw.zeek + scripts/base/frameworks/input/readers/benchmark.zeek + scripts/base/frameworks/input/readers/binary.zeek + scripts/base/frameworks/input/readers/config.zeek + scripts/base/frameworks/input/readers/sqlite.zeek + scripts/base/frameworks/analyzer/__load__.zeek + scripts/base/frameworks/analyzer/main.zeek + scripts/base/frameworks/packet-filter/utils.zeek + build/scripts/base/bif/analyzer.bif.zeek + scripts/base/frameworks/files/__load__.zeek + scripts/base/frameworks/files/main.zeek + build/scripts/base/bif/file_analysis.bif.zeek + scripts/base/utils/site.zeek + scripts/base/utils/patterns.zeek + scripts/base/frameworks/files/magic/__load__.zeek + build/scripts/base/bif/__load__.zeek + build/scripts/base/bif/broxygen.bif.zeek + build/scripts/base/bif/pcap.bif.zeek + build/scripts/base/bif/bloom-filter.bif.zeek + build/scripts/base/bif/cardinality-counter.bif.zeek + build/scripts/base/bif/top-k.bif.zeek + build/scripts/base/bif/plugins/__load__.zeek + build/scripts/base/bif/plugins/Bro_ARP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BackDoor.events.bif.zeek + build/scripts/base/bif/plugins/Bro_BitTorrent.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.events.bif.zeek + build/scripts/base/bif/plugins/Bro_ConnSize.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DCE_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DHCP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_DNP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_DNS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_File.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Finger.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Gnutella.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GSSAPI.events.bif.zeek + build/scripts/base/bif/plugins/Bro_GTPv1.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_HTTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_ICMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Ident.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IMAP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_InterConn.events.bif.zeek + build/scripts/base/bif/plugins/Bro_IRC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_KRB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Login.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_MIME.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Modbus.events.bif.zeek + build/scripts/base/bif/plugins/Bro_MySQL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NCP.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NetBIOS.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.types.bif.zeek + build/scripts/base/bif/plugins/Bro_NTLM.events.bif.zeek + build/scripts/base/bif/plugins/Bro_NTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_POP3.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RADIUS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RDP.types.bif.zeek + build/scripts/base/bif/plugins/Bro_RFB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_RPC.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SIP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SNMP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_transaction2_secondary.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb1_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_close.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_create.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_read.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_write.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_com_transform_header.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.smb2_events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.consts.bif.zeek + build/scripts/base/bif/plugins/Bro_SMB.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SMTP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SOCKS.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSH.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.types.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.events.bif.zeek + build/scripts/base/bif/plugins/Bro_SSL.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_SteppingStone.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Syslog.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_TCP.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_Teredo.events.bif.zeek + build/scripts/base/bif/plugins/Bro_UDP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_VXLAN.events.bif.zeek + build/scripts/base/bif/plugins/Bro_XMPP.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileEntropy.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.events.bif.zeek + build/scripts/base/bif/plugins/Bro_FileExtract.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_FileHash.events.bif.zeek + build/scripts/base/bif/plugins/Bro_PE.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.events.bif.zeek + build/scripts/base/bif/plugins/Bro_Unified2.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.events.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.types.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.functions.bif.zeek + build/scripts/base/bif/plugins/Bro_X509.ocsp_events.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiReader.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.zeek + build/scripts/base/bif/plugins/Bro_BinaryReader.binary.bif.zeek + build/scripts/base/bif/plugins/Bro_ConfigReader.config.bif.zeek + build/scripts/base/bif/plugins/Bro_RawReader.raw.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.zeek + build/scripts/base/bif/plugins/Bro_AsciiWriter.ascii.bif.zeek + build/scripts/base/bif/plugins/Bro_NoneWriter.none.bif.zeek + build/scripts/base/bif/plugins/Bro_SQLiteWriter.sqlite.bif.zeek +scripts/base/init-default.zeek + scripts/base/utils/active-http.zeek + scripts/base/utils/exec.zeek + scripts/base/utils/addrs.zeek + scripts/base/utils/conn-ids.zeek + scripts/base/utils/dir.zeek + scripts/base/frameworks/reporter/__load__.zeek + scripts/base/frameworks/reporter/main.zeek + scripts/base/utils/paths.zeek + scripts/base/utils/directions-and-hosts.zeek + scripts/base/utils/email.zeek + scripts/base/utils/files.zeek + scripts/base/utils/geoip-distance.zeek + scripts/base/utils/hash_hrw.zeek + scripts/base/utils/numbers.zeek + scripts/base/utils/queue.zeek + scripts/base/utils/strings.zeek + scripts/base/utils/thresholds.zeek + scripts/base/utils/time.zeek + scripts/base/utils/urls.zeek + scripts/base/frameworks/notice/__load__.zeek + scripts/base/frameworks/notice/main.zeek + scripts/base/frameworks/cluster/__load__.zeek + scripts/base/frameworks/cluster/main.zeek + scripts/base/frameworks/control/__load__.zeek + scripts/base/frameworks/control/main.zeek + scripts/base/frameworks/cluster/pools.zeek + scripts/base/frameworks/notice/weird.zeek + scripts/base/frameworks/notice/actions/drop.zeek + scripts/base/frameworks/netcontrol/__load__.zeek + scripts/base/frameworks/netcontrol/types.zeek + scripts/base/frameworks/netcontrol/main.zeek + scripts/base/frameworks/netcontrol/plugin.zeek + scripts/base/frameworks/netcontrol/plugins/__load__.zeek + scripts/base/frameworks/netcontrol/plugins/debug.zeek + scripts/base/frameworks/netcontrol/plugins/openflow.zeek + scripts/base/frameworks/openflow/__load__.zeek + scripts/base/frameworks/openflow/consts.zeek + scripts/base/frameworks/openflow/types.zeek + scripts/base/frameworks/openflow/main.zeek + scripts/base/frameworks/openflow/plugins/__load__.zeek + scripts/base/frameworks/openflow/plugins/ryu.zeek + scripts/base/utils/json.zeek + scripts/base/frameworks/openflow/plugins/log.zeek + scripts/base/frameworks/openflow/plugins/broker.zeek + scripts/base/frameworks/openflow/non-cluster.zeek + scripts/base/frameworks/netcontrol/plugins/packetfilter.zeek + scripts/base/frameworks/netcontrol/plugins/broker.zeek + scripts/base/frameworks/netcontrol/plugins/acld.zeek + scripts/base/frameworks/netcontrol/drop.zeek + scripts/base/frameworks/netcontrol/shunt.zeek + scripts/base/frameworks/netcontrol/catch-and-release.zeek + scripts/base/frameworks/netcontrol/non-cluster.zeek + scripts/base/frameworks/notice/actions/email_admin.zeek + scripts/base/frameworks/notice/actions/page.zeek + scripts/base/frameworks/notice/actions/add-geodata.zeek + scripts/base/frameworks/notice/actions/pp-alarms.zeek + scripts/base/frameworks/dpd/__load__.zeek + scripts/base/frameworks/dpd/main.zeek + scripts/base/frameworks/signatures/__load__.zeek + scripts/base/frameworks/signatures/main.zeek + scripts/base/frameworks/packet-filter/__load__.zeek + scripts/base/frameworks/packet-filter/main.zeek + scripts/base/frameworks/packet-filter/netstats.zeek + scripts/base/frameworks/software/__load__.zeek + scripts/base/frameworks/software/main.zeek + scripts/base/frameworks/intel/__load__.zeek + scripts/base/frameworks/intel/main.zeek + scripts/base/frameworks/intel/files.zeek + scripts/base/frameworks/intel/input.zeek + scripts/base/frameworks/config/__load__.zeek + scripts/base/frameworks/config/main.zeek + scripts/base/frameworks/config/input.zeek + scripts/base/frameworks/config/weird.zeek + scripts/base/frameworks/sumstats/__load__.zeek + scripts/base/frameworks/sumstats/main.zeek + scripts/base/frameworks/sumstats/plugins/__load__.zeek + scripts/base/frameworks/sumstats/plugins/average.zeek + scripts/base/frameworks/sumstats/plugins/hll_unique.zeek + scripts/base/frameworks/sumstats/plugins/last.zeek + scripts/base/frameworks/sumstats/plugins/max.zeek + scripts/base/frameworks/sumstats/plugins/min.zeek + scripts/base/frameworks/sumstats/plugins/sample.zeek + scripts/base/frameworks/sumstats/plugins/std-dev.zeek + scripts/base/frameworks/sumstats/plugins/variance.zeek + scripts/base/frameworks/sumstats/plugins/sum.zeek + scripts/base/frameworks/sumstats/plugins/topk.zeek + scripts/base/frameworks/sumstats/plugins/unique.zeek + scripts/base/frameworks/sumstats/non-cluster.zeek + scripts/base/frameworks/tunnels/__load__.zeek + scripts/base/frameworks/tunnels/main.zeek + scripts/base/protocols/conn/__load__.zeek + scripts/base/protocols/conn/main.zeek + scripts/base/protocols/conn/contents.zeek + scripts/base/protocols/conn/inactivity.zeek + scripts/base/protocols/conn/polling.zeek + scripts/base/protocols/conn/thresholds.zeek + scripts/base/protocols/dce-rpc/__load__.zeek + scripts/base/protocols/dce-rpc/consts.zeek + scripts/base/protocols/dce-rpc/main.zeek + scripts/base/protocols/dhcp/__load__.zeek + scripts/base/protocols/dhcp/consts.zeek + scripts/base/protocols/dhcp/main.zeek + scripts/base/protocols/dnp3/__load__.zeek + scripts/base/protocols/dnp3/main.zeek + scripts/base/protocols/dnp3/consts.zeek + scripts/base/protocols/dns/__load__.zeek + scripts/base/protocols/dns/consts.zeek + scripts/base/protocols/dns/main.zeek + scripts/base/protocols/ftp/__load__.zeek + scripts/base/protocols/ftp/utils-commands.zeek + scripts/base/protocols/ftp/info.zeek + scripts/base/protocols/ftp/main.zeek + scripts/base/protocols/ftp/utils.zeek + scripts/base/protocols/ftp/files.zeek + scripts/base/protocols/ftp/gridftp.zeek + scripts/base/protocols/ssl/__load__.zeek + scripts/base/protocols/ssl/consts.zeek + scripts/base/protocols/ssl/main.zeek + scripts/base/protocols/ssl/mozilla-ca-list.zeek + scripts/base/protocols/ssl/ct-list.zeek + scripts/base/protocols/ssl/files.zeek + scripts/base/files/x509/__load__.zeek + scripts/base/files/x509/main.zeek + scripts/base/files/hash/__load__.zeek + scripts/base/files/hash/main.zeek + scripts/base/protocols/http/__load__.zeek + scripts/base/protocols/http/main.zeek + scripts/base/protocols/http/entities.zeek + scripts/base/protocols/http/utils.zeek + scripts/base/protocols/http/files.zeek + scripts/base/protocols/imap/__load__.zeek + scripts/base/protocols/imap/main.zeek + scripts/base/protocols/irc/__load__.zeek + scripts/base/protocols/irc/main.zeek + scripts/base/protocols/irc/dcc-send.zeek + scripts/base/protocols/irc/files.zeek + scripts/base/protocols/krb/__load__.zeek + scripts/base/protocols/krb/main.zeek + scripts/base/protocols/krb/consts.zeek + scripts/base/protocols/krb/files.zeek + scripts/base/protocols/modbus/__load__.zeek + scripts/base/protocols/modbus/consts.zeek + scripts/base/protocols/modbus/main.zeek + scripts/base/protocols/mysql/__load__.zeek + scripts/base/protocols/mysql/main.zeek + scripts/base/protocols/mysql/consts.zeek + scripts/base/protocols/ntlm/__load__.zeek + scripts/base/protocols/ntlm/main.zeek + scripts/base/protocols/pop3/__load__.zeek + scripts/base/protocols/radius/__load__.zeek + scripts/base/protocols/radius/main.zeek + scripts/base/protocols/radius/consts.zeek + scripts/base/protocols/rdp/__load__.zeek + scripts/base/protocols/rdp/consts.zeek + scripts/base/protocols/rdp/main.zeek + scripts/base/protocols/rfb/__load__.zeek + scripts/base/protocols/rfb/main.zeek + scripts/base/protocols/sip/__load__.zeek + scripts/base/protocols/sip/main.zeek + scripts/base/protocols/snmp/__load__.zeek + scripts/base/protocols/snmp/main.zeek + scripts/base/protocols/smb/__load__.zeek + scripts/base/protocols/smb/consts.zeek + scripts/base/protocols/smb/const-dos-error.zeek + scripts/base/protocols/smb/const-nt-status.zeek + scripts/base/protocols/smb/main.zeek + scripts/base/protocols/smb/smb1-main.zeek + scripts/base/protocols/smb/smb2-main.zeek + scripts/base/protocols/smb/files.zeek + scripts/base/protocols/smtp/__load__.zeek + scripts/base/protocols/smtp/main.zeek + scripts/base/protocols/smtp/entities.zeek + scripts/base/protocols/smtp/files.zeek + scripts/base/protocols/socks/__load__.zeek + scripts/base/protocols/socks/consts.zeek + scripts/base/protocols/socks/main.zeek + scripts/base/protocols/ssh/__load__.zeek + scripts/base/protocols/ssh/main.zeek + scripts/base/protocols/syslog/__load__.zeek + scripts/base/protocols/syslog/consts.zeek + scripts/base/protocols/syslog/main.zeek + scripts/base/protocols/tunnels/__load__.zeek + scripts/base/protocols/xmpp/__load__.zeek + scripts/base/protocols/xmpp/main.zeek + scripts/base/files/pe/__load__.zeek + scripts/base/files/pe/consts.zeek + scripts/base/files/pe/main.zeek + scripts/base/files/extract/__load__.zeek + scripts/base/files/extract/main.zeek + scripts/base/files/unified2/__load__.zeek + scripts/base/files/unified2/main.zeek + scripts/base/misc/find-checksum-offloading.zeek + scripts/base/misc/find-filtered-trace.zeek + scripts/base/misc/version.zeek +scripts/policy/misc/loaded-scripts.zeek #close 2018-09-05-20-33-08 diff --git a/testing/btest/Baseline/coverage.init-default/missing_loads b/testing/btest/Baseline/coverage.init-default/missing_loads index 31966f11c1..893a603972 100644 --- a/testing/btest/Baseline/coverage.init-default/missing_loads +++ b/testing/btest/Baseline/coverage.init-default/missing_loads @@ -1,10 +1,10 @@ --./frameworks/cluster/nodes/logger.bro --./frameworks/cluster/nodes/manager.bro --./frameworks/cluster/nodes/proxy.bro --./frameworks/cluster/nodes/worker.bro --./frameworks/cluster/setup-connections.bro --./frameworks/intel/cluster.bro --./frameworks/netcontrol/cluster.bro --./frameworks/openflow/cluster.bro --./frameworks/packet-filter/cluster.bro --./frameworks/sumstats/cluster.bro +-./frameworks/cluster/nodes/logger.zeek +-./frameworks/cluster/nodes/manager.zeek +-./frameworks/cluster/nodes/proxy.zeek +-./frameworks/cluster/nodes/worker.zeek +-./frameworks/cluster/setup-connections.zeek +-./frameworks/intel/cluster.zeek +-./frameworks/netcontrol/cluster.zeek +-./frameworks/openflow/cluster.zeek +-./frameworks/packet-filter/cluster.zeek +-./frameworks/sumstats/cluster.zeek diff --git a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr b/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr index da6c357abf..177214239c 100644 --- a/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr +++ b/testing/btest/Baseline/doc.broxygen.all_scripts/.stderr @@ -1,11 +1,11 @@ -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 245: deprecated (dhcp_discover) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 248: deprecated (dhcp_offer) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 251: deprecated (dhcp_request) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 254: deprecated (dhcp_decline) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 257: deprecated (dhcp_ack) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 260: deprecated (dhcp_nak) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 263: deprecated (dhcp_release) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.bro, line 266: deprecated (dhcp_inform) -warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.bro, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.bro:10 "Use '@load base/protocols/smb' instead" -error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.bro, line 22: The '' control command is unknown. +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 245: deprecated (dhcp_discover) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 248: deprecated (dhcp_offer) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 251: deprecated (dhcp_request) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 254: deprecated (dhcp_decline) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 257: deprecated (dhcp_ack) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 260: deprecated (dhcp_nak) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 263: deprecated (dhcp_release) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/dhcp/deprecated_events.zeek, line 266: deprecated (dhcp_inform) +warning in /Users/jon/projects/bro/bro/scripts/policy/protocols/smb/__load__.zeek, line 1: deprecated script loaded from /Users/jon/projects/bro/bro/scripts/broxygen/__load__.zeek:10 "Use '@load base/protocols/smb' instead" +error in /Users/jon/projects/bro/bro/scripts/policy/frameworks/control/controller.zeek, line 22: The '' control command is unknown. , line 1: received termination signal diff --git a/testing/btest/Baseline/doc.broxygen.example/example.rst b/testing/btest/Baseline/doc.broxygen.example/example.rst index d729ab85ee..e012c20051 100644 --- a/testing/btest/Baseline/doc.broxygen.example/example.rst +++ b/testing/btest/Baseline/doc.broxygen.example/example.rst @@ -1,7 +1,7 @@ :tocdepth: 3 -broxygen/example.bro -==================== +broxygen/example.zeek +===================== .. bro:namespace:: BroxygenExample This is an example script that demonstrates Broxygen-style @@ -27,7 +27,7 @@ And a custom directive does the equivalent references: .. bro:see:: BroxygenExample::a_var BroxygenExample::ONE SSH::Info :Namespace: BroxygenExample -:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.bro ` +:Imports: :doc:`base/frameworks/notice `, :doc:`base/protocols/http `, :doc:`policy/frameworks/software/vulnerable.zeek ` Summary ~~~~~~~ diff --git a/testing/btest/Baseline/doc.broxygen.package/test.rst b/testing/btest/Baseline/doc.broxygen.package/test.rst index b96de2148b..7c1f32dd44 100644 --- a/testing/btest/Baseline/doc.broxygen.package/test.rst +++ b/testing/btest/Baseline/doc.broxygen.package/test.rst @@ -8,10 +8,10 @@ reference documentation for all Bro scripts (i.e. "Broxygen"). Its only purpose is to provide an easy way to load all known Bro scripts plus any extra scripts needed or used by the documentation process. -:doc:`/scripts/broxygen/__load__.bro` +:doc:`/scripts/broxygen/__load__.zeek` -:doc:`/scripts/broxygen/example.bro` +:doc:`/scripts/broxygen/example.zeek` This is an example script that demonstrates Broxygen-style documentation. It generally will make most sense when viewing diff --git a/testing/btest/Baseline/doc.broxygen.script_index/test.rst b/testing/btest/Baseline/doc.broxygen.script_index/test.rst index dda280facf..30d849c2e0 100644 --- a/testing/btest/Baseline/doc.broxygen.script_index/test.rst +++ b/testing/btest/Baseline/doc.broxygen.script_index/test.rst @@ -1,5 +1,5 @@ .. toctree:: :maxdepth: 1 - broxygen/__load__.bro - broxygen/example.bro + broxygen/__load__.zeek + broxygen/example.zeek diff --git a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst b/testing/btest/Baseline/doc.broxygen.script_summary/test.rst index 125a579c81..509f2c9286 100644 --- a/testing/btest/Baseline/doc.broxygen.script_summary/test.rst +++ b/testing/btest/Baseline/doc.broxygen.script_summary/test.rst @@ -1,4 +1,4 @@ -:doc:`/scripts/broxygen/example.bro` +:doc:`/scripts/broxygen/example.zeek` This is an example script that demonstrates Broxygen-style documentation. It generally will make most sense when viewing the script's raw source code and comparing to the HTML-rendered diff --git a/testing/btest/Baseline/language.index-assignment-invalid/out b/testing/btest/Baseline/language.index-assignment-invalid/out index 3972a9f10e..44e82d16f6 100644 --- a/testing/btest/Baseline/language.index-assignment-invalid/out +++ b/testing/btest/Baseline/language.index-assignment-invalid/out @@ -1,4 +1,4 @@ -runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.bro, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=], expression: Queue::ret[Queue::j], call stack: +runtime error in /home/jon/pro/zeek/zeek/scripts/base/utils/queue.zeek, line 152: vector index assignment failed for invalid type 'myrec', value: [a=T, b=hi, c=], expression: Queue::ret[Queue::j], call stack: #0 Queue::get_vector([initialized=T, vals={[2] = test,[6] = jkl;,[4] = asdf,[1] = goodbye,[5] = 3,[0] = hello,[3] = [a=T, b=hi, c=]}, settings=[max_len=], top=7, bottom=0, size=0], [hello, goodbye, test]) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:19 #1 bar(55) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:27 #2 foo(hi, 13) at /home/jon/pro/zeek/zeek/testing/btest/.tmp/language.index-assignment-invalid/index-assignment-invalid.bro:39 diff --git a/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output b/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output index 90d390518f..c6dec0f9aa 100644 --- a/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output +++ b/testing/btest/Baseline/scripts.base.frameworks.intel.remove-non-existing/output @@ -6,6 +6,6 @@ #open 2019-03-24-20-20-10 #fields ts level message location #types time enum string string -0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/jgras/devel/zeek/scripts/base/frameworks/intel/./main.bro, lines 563-564 +0.000000 Reporter::INFO Tried to remove non-existing item '192.168.1.1' (Intel::ADDR). /home/jgras/devel/zeek/scripts/base/frameworks/intel/./main.zeek, lines 563-564 0.000000 Reporter::INFO received termination signal (empty) #close 2019-03-24-20-20-10 diff --git a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 index c2f791ba82..2f84ca097a 100644 --- a/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 +++ b/testing/btest/Baseline/scripts.base.misc.find-filtered-trace/out1 @@ -1 +1 @@ -1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.bro, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. +1389719059.311687 warning in /Users/jsiwek/Projects/bro/bro/scripts/base/misc/find-filtered-trace.zeek, line 48: The analyzed trace file was determined to contain only TCP control packets, which may indicate it's been pre-filtered. By default, Bro reports the missing segments for this type of trace, but the 'detect_filtered_trace' option may be toggled if that's not desired. diff --git a/testing/btest/Baseline/scripts.base.misc.version/.stderr b/testing/btest/Baseline/scripts.base.misc.version/.stderr index bfae6163df..28da0b203a 100644 --- a/testing/btest/Baseline/scripts.base.misc.version/.stderr +++ b/testing/btest/Baseline/scripts.base.misc.version/.stderr @@ -1,4 +1,4 @@ -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 1 cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 12.5 cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string 1.12-beta-drunk cannot be parsed -error in /home/robin/bro/master/scripts/base/misc/version.bro, line 54: Version string JustARandomString cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 1 cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 12.5 cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string 1.12-beta-drunk cannot be parsed +error in /home/robin/bro/master/scripts/base/misc/version.zeek, line 54: Version string JustARandomString cannot be parsed diff --git a/testing/btest/core/ip-broken-header.bro b/testing/btest/core/ip-broken-header.bro index 426e7a7bc0..a539628829 100644 --- a/testing/btest/core/ip-broken-header.bro +++ b/testing/btest/core/ip-broken-header.bro @@ -4,4 +4,4 @@ # @TEST-EXEC: gunzip -c $TRACES/trunc/mpls-6in6-broken.pcap.gz | bro -C -b -r - %INPUT # @TEST-EXEC: btest-diff weird.log -@load base/frameworks/notice/weird.bro +@load base/frameworks/notice/weird diff --git a/testing/btest/core/load-prefixes.bro b/testing/btest/core/load-prefixes.bro index 5d064c0d36..5147bd0250 100644 --- a/testing/btest/core/load-prefixes.bro +++ b/testing/btest/core/load-prefixes.bro @@ -8,14 +8,14 @@ @prefixes += lcl2 @TEST-END-FILE -# Since base/utils/site.bro is a script, only a script with the original file +# Since base/utils/site.zeek is a script, only a script with the original file # extension can be loaded here. -@TEST-START-FILE lcl.base.utils.site.bro -print "loaded lcl.base.utils.site.bro"; +@TEST-START-FILE lcl.base.utils.site.zeek +print "loaded lcl.base.utils.site.zeek"; @TEST-END-FILE -@TEST-START-FILE lcl2.base.utils.site.bro -print "loaded lcl2.base.utils.site.bro"; +@TEST-START-FILE lcl2.base.utils.site.zeek +print "loaded lcl2.base.utils.site.zeek"; @TEST-END-FILE # For a script package like base/protocols/http/, either of the recognized diff --git a/testing/btest/coverage/bare-load-baseline.test b/testing/btest/coverage/bare-load-baseline.test index e518e703fb..98ce72e4b8 100644 --- a/testing/btest/coverage/bare-load-baseline.test +++ b/testing/btest/coverage/bare-load-baseline.test @@ -1,6 +1,6 @@ # This test is meant to cover whether the set of scripts that get loaded by # default in bare mode matches a baseline of known defaults. The baseline -# should only need updating if something new is @load'd from init-bare.bro +# should only need updating if something new is @load'd from init-bare.zeek # (or from an @load'd descendent of it). # # As the output has absolute paths in it, we need to remove the common diff --git a/testing/btest/coverage/bare-mode-errors.test b/testing/btest/coverage/bare-mode-errors.test index 2310b66b4b..6f5e6983f6 100644 --- a/testing/btest/coverage/bare-mode-errors.test +++ b/testing/btest/coverage/bare-mode-errors.test @@ -5,5 +5,5 @@ # when writing a new bro scripts. # # @TEST-EXEC: test -d $DIST/scripts -# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.bro`; do bro -b --parse-only $script >>errors 2>&1; done +# @TEST-EXEC: for script in `find $DIST/scripts/ -name \*\.zeek`; do bro -b --parse-only $script >>errors 2>&1; done # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-abspath | $SCRIPTS/diff-sort" btest-diff errors diff --git a/testing/btest/coverage/find-bro-logs.test b/testing/btest/coverage/find-bro-logs.test index e7bcf0578f..ee0e45262b 100644 --- a/testing/btest/coverage/find-bro-logs.test +++ b/testing/btest/coverage/find-bro-logs.test @@ -28,7 +28,7 @@ def find_scripts(): for r, d, f in os.walk(scriptdir): for fname in f: - if fname.endswith(".bro"): + if fname.endswith(".zeek") or fname.endswith(".bro"): scripts.append(os.path.join(r, fname)) return scripts diff --git a/testing/btest/coverage/init-default.test b/testing/btest/coverage/init-default.test index 537b5ca77d..edc0012ef1 100644 --- a/testing/btest/coverage/init-default.test +++ b/testing/btest/coverage/init-default.test @@ -1,19 +1,19 @@ -# Makes sure that all base/* scripts are loaded by default via init-default.bro; -# and that all scripts loaded there in there actually exist. +# Makes sure that all base/* scripts are loaded by default via +# init-default.zeek; and that all scripts loaded there actually exist. # # This test will fail if a new bro script is added under the scripts/base/ -# directory and it is not also added as an @load in base/init-default.bro. +# directory and it is not also added as an @load in base/init-default.zeek. # In some cases, a script in base is loaded based on the bro configuration # (e.g. cluster operation), and in such cases, the missing_loads baseline # can be adjusted to tolerate that. #@TEST-EXEC: test -d $DIST/scripts/base -#@TEST-EXEC: test -e $DIST/scripts/base/init-default.bro -#@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.bro' ) | sort >"all scripts found" +#@TEST-EXEC: test -e $DIST/scripts/base/init-default.zeek +#@TEST-EXEC: ( cd $DIST/scripts/base && find . -name '*.zeek' ) | sort >"all scripts found" #@TEST-EXEC: bro misc/loaded-scripts #@TEST-EXEC: (test -L $BUILD && basename $(readlink $BUILD) || basename $BUILD) >buildprefix -#@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.bro|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp +#@TEST-EXEC: cat loaded_scripts.log | egrep -v "/build/scripts/|$(cat buildprefix)/scripts/|/loaded-scripts.zeek|#" | sed 's#/./#/#g' >loaded_scripts.log.tmp #@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed -e ':a' -e '$!N' -e 's/^\(.*\).*\n\1.*/\1/' -e 'ta' >prefix -#@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed "s#`cat prefix`#./#g" | sort >init-default.bro -#@TEST-EXEC: diff -u "all scripts found" init-default.bro | egrep "^-[^-]" > missing_loads +#@TEST-EXEC: cat loaded_scripts.log.tmp | sed 's/ //g' | sed "s#`cat prefix`#./#g" | sort >init-default.zeek +#@TEST-EXEC: diff -u "all scripts found" init-default.zeek | egrep "^-[^-]" > missing_loads #@TEST-EXEC: btest-diff missing_loads diff --git a/testing/btest/coverage/test-all-policy.test b/testing/btest/coverage/test-all-policy.test index 3a545a02af..61e4297f83 100644 --- a/testing/btest/coverage/test-all-policy.test +++ b/testing/btest/coverage/test-all-policy.test @@ -1,12 +1,12 @@ # Makes sure that all policy/* scripts are loaded in -# scripts/test-all-policy.bro and that all scripts loaded there actually exist. +# scripts/test-all-policy.zeek and that all scripts loaded there actually exist. # # This test will fail if new bro scripts are added to the scripts/policy/ -# directory. Correcting that just involves updating scripts/test-all-policy.bro -# to @load the new bro scripts. +# directory. Correcting that just involves updating +# scripts/test-all-policy.zeek to @load the new bro scripts. -@TEST-EXEC: test -e $DIST/scripts/test-all-policy.bro +@TEST-EXEC: test -e $DIST/scripts/test-all-policy.zeek @TEST-EXEC: test -d $DIST/scripts -@TEST-EXEC: ( cd $DIST/scripts/policy && find . -name '*.bro' ) | sort >"all scripts found" -@TEST-EXEC: cat $DIST/scripts/test-all-policy.bro | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all-policy.bro -@TEST-EXEC: diff -u "all scripts found" test-all-policy.bro 1>&2 +@TEST-EXEC: ( cd $DIST/scripts/policy && find . -name '*.zeek' ) | sort >"all scripts found" +@TEST-EXEC: cat $DIST/scripts/test-all-policy.zeek | grep '@load' | sed 'sm^\( *# *\)\{0,\}@load *m./mg' | sort >test-all-policy.zeek +@TEST-EXEC: diff -u "all scripts found" test-all-policy.zeek 1>&2 diff --git a/testing/btest/doc/broxygen/example.bro b/testing/btest/doc/broxygen/example.bro index 22a6fc7418..7a7d30c92a 100644 --- a/testing/btest/doc/broxygen/example.bro +++ b/testing/btest/doc/broxygen/example.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-diff example.rst @TEST-START-FILE broxygen.config -script broxygen/example.bro example.rst +script broxygen/example.zeek example.rst @TEST-END-FILE -@load broxygen/example.bro +@load broxygen/example diff --git a/testing/btest/doc/broxygen/script_summary.bro b/testing/btest/doc/broxygen/script_summary.bro index a517a08072..6ea5e95576 100644 --- a/testing/btest/doc/broxygen/script_summary.bro +++ b/testing/btest/doc/broxygen/script_summary.bro @@ -3,7 +3,7 @@ # @TEST-EXEC: btest-diff test.rst @TEST-START-FILE broxygen.config -script_summary broxygen/example.bro test.rst +script_summary broxygen/example.zeek test.rst @TEST-END-FILE @load broxygen diff --git a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro index c26683a338..e33f353d8b 100644 --- a/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro +++ b/testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: bro -b %INPUT # @TEST-EXEC: btest-diff testing.log -@load tuning/json-logs.bro +@load tuning/json-logs module testing; diff --git a/testing/btest/scripts/base/protocols/modbus/policy.bro b/testing/btest/scripts/base/protocols/modbus/policy.bro index b28ebd3b4b..8d5b356698 100644 --- a/testing/btest/scripts/base/protocols/modbus/policy.bro +++ b/testing/btest/scripts/base/protocols/modbus/policy.bro @@ -5,5 +5,5 @@ # @TEST-EXEC: btest-diff known_modbus.log # -@load protocols/modbus/known-masters-slaves.bro -@load protocols/modbus/track-memmap.bro +@load protocols/modbus/known-masters-slaves +@load protocols/modbus/track-memmap diff --git a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test index d2aa7b536f..878d2a3064 100644 --- a/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test +++ b/testing/btest/scripts/base/protocols/ssl/cve-2015-3194.test @@ -3,4 +3,4 @@ # @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT # @TEST-EXEC: btest-diff ssl.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/base/protocols/ssl/keyexchange.test b/testing/btest/scripts/base/protocols/ssl/keyexchange.test index 6e1106ece7..9c65ea5dda 100644 --- a/testing/btest/scripts/base/protocols/ssl/keyexchange.test +++ b/testing/btest/scripts/base/protocols/ssl/keyexchange.test @@ -16,7 +16,7 @@ @load base/protocols/ssl @load base/files/x509 -@load protocols/ssl/extract-certs-pem.bro +@load protocols/ssl/extract-certs-pem module SSL; diff --git a/testing/btest/scripts/policy/misc/dump-events.bro b/testing/btest/scripts/policy/misc/dump-events.bro index 33c9c97534..d318266787 100644 --- a/testing/btest/scripts/policy/misc/dump-events.bro +++ b/testing/btest/scripts/policy/misc/dump-events.bro @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT >all-events.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT DumpEvents::include_args=F >all-events-no-args.log -# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events.bro %INPUT DumpEvents::include=/smtp_/ >smtp-events.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT >all-events.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include_args=F >all-events-no-args.log +# @TEST-EXEC: bro -r $TRACES/smtp.trace policy/misc/dump-events %INPUT DumpEvents::include=/smtp_/ >smtp-events.log # # @TEST-EXEC: btest-diff all-events.log # @TEST-EXEC: btest-diff all-events-no-args.log diff --git a/testing/btest/scripts/policy/misc/weird-stats.bro b/testing/btest/scripts/policy/misc/weird-stats.bro index b26fce8e47..d5b83e3c05 100644 --- a/testing/btest/scripts/policy/misc/weird-stats.bro +++ b/testing/btest/scripts/policy/misc/weird-stats.bro @@ -2,7 +2,7 @@ # @TEST-EXEC: btest-bg-wait 20 # @TEST-EXEC: btest-diff bro/weird_stats.log -@load misc/weird-stats.bro +@load misc/weird-stats redef exit_only_after_terminate = T; redef WeirdStats::weird_stat_interval = 5sec; diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro index 4a3ec44468..712e333037 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro @@ -1,6 +1,6 @@ # @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs redef SSL::ssl_cache_intermediate_ca = F; diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro index 9a00919643..03803fe2fa 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-certs.bro @@ -4,4 +4,4 @@ # @TEST-EXEC: cat ssl.log >> ssl-all.log # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log -@load protocols/ssl/validate-certs.bro +@load protocols/ssl/validate-certs diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro b/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro index 0e6065f937..8dbd358e17 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.bro @@ -5,7 +5,7 @@ # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log -@load protocols/ssl/validate-sct.bro +@load protocols/ssl/validate-sct module SSL;