mirror of
https://github.com/zeek/zeek.git
synced 2025-10-07 00:58:19 +00:00
Fix some test canonifiers in scripts/policy/protocols/ssl
This commit is contained in:
Daniel Thayer
parent
d3f513fc80
commit
4788e4e715
5 changed files with 18 additions and 13 deletions
|
|
@ -9,7 +9,7 @@
|
||||||
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
|
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
|
||||||
# @TEST-EXEC: btest-bg-wait 20
|
# @TEST-EXEC: btest-bg-wait 20
|
||||||
# @TEST-EXEC: cat manager-1/ssl*.log > ssl.log
|
# @TEST-EXEC: cat manager-1/ssl*.log > ssl.log
|
||||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-file-ids btest-diff ssl.log
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log
|
||||||
#
|
#
|
||||||
|
|
||||||
redef Log::default_rotation_interval = 0secs;
|
redef Log::default_rotation_interval = 0secs;
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
|
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
|
||||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log
|
||||||
|
|
||||||
@load protocols/ssl/validate-certs.bro
|
@load protocols/ssl/validate-certs.bro
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,6 @@
|
||||||
# @TEST-EXEC: cat ssl.log > ssl-all.log
|
# @TEST-EXEC: cat ssl.log > ssl-all.log
|
||||||
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
|
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
|
||||||
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
||||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-all.log
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log
|
||||||
|
|
||||||
@load protocols/ssl/validate-certs.bro
|
@load protocols/ssl/validate-certs.bro
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,10 @@
|
||||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
|
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
|
||||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log
|
||||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
|
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
|
||||||
# @TEST-EXEC: mv ssl.log ssl-twimg.log
|
# @TEST-EXEC: mv ssl.log ssl-twimg.log
|
||||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-twimg.log
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log
|
||||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT
|
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT
|
||||||
# @TEST-EXEC: mv ssl.log ssl-digicert.log
|
# @TEST-EXEC: mv ssl.log ssl-digicert.log
|
||||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-digicert.log
|
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log
|
||||||
|
|
||||||
@load protocols/ssl/validate-ocsp
|
@load protocols/ssl/validate-ocsp
|
||||||
|
|
|
||||||
|
|
@ -25,43 +25,48 @@ BEGIN { FS="\t"; OFS="\t"; s_col = -1; i_col = -1; is_col = -1; cs_col = -1; ci_
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
s_col >= 0 {
|
/^#/ {
|
||||||
|
print;
|
||||||
|
next;
|
||||||
|
}
|
||||||
|
|
||||||
|
s_col > 0 {
|
||||||
if ( $s_col != "-" )
|
if ( $s_col != "-" )
|
||||||
# Mark that it's set, but ignore content.
|
# Mark that it's set, but ignore content.
|
||||||
$s_col = "+";
|
$s_col = "+";
|
||||||
}
|
}
|
||||||
|
|
||||||
i_col >= 0 {
|
i_col > 0 {
|
||||||
if ( $i_col != "-" )
|
if ( $i_col != "-" )
|
||||||
# Mark that it's set, but ignore content.
|
# Mark that it's set, but ignore content.
|
||||||
$i_col = "+";
|
$i_col = "+";
|
||||||
}
|
}
|
||||||
|
|
||||||
is_col >= 0 {
|
is_col > 0 {
|
||||||
if ( $is_col != "-" )
|
if ( $is_col != "-" )
|
||||||
# Mark that it's set, but ignore content.
|
# Mark that it's set, but ignore content.
|
||||||
$is_col = "+";
|
$is_col = "+";
|
||||||
}
|
}
|
||||||
|
|
||||||
cs_col >= 0 {
|
cs_col > 0 {
|
||||||
if ( $cs_col != "-" )
|
if ( $cs_col != "-" )
|
||||||
# Mark that it's set, but ignore content.
|
# Mark that it's set, but ignore content.
|
||||||
$cs_col = "+";
|
$cs_col = "+";
|
||||||
}
|
}
|
||||||
|
|
||||||
ci_col >= 0 {
|
ci_col > 0 {
|
||||||
if ( $ci_col != "-" )
|
if ( $ci_col != "-" )
|
||||||
# Mark that it's set, but ignore content.
|
# Mark that it's set, but ignore content.
|
||||||
$ci_col = "+";
|
$ci_col = "+";
|
||||||
}
|
}
|
||||||
|
|
||||||
cert_subj_col >= 0 {
|
cert_subj_col > 0 {
|
||||||
if ( $cert_subj_col != "-" )
|
if ( $cert_subj_col != "-" )
|
||||||
# Mark that it's set, but ignore content.
|
# Mark that it's set, but ignore content.
|
||||||
$cert_subj_col = "+";
|
$cert_subj_col = "+";
|
||||||
}
|
}
|
||||||
|
|
||||||
cert_issuer_col >= 0 {
|
cert_issuer_col > 0 {
|
||||||
if ( $cert_issuer_col != "-" )
|
if ( $cert_issuer_col != "-" )
|
||||||
# Mark that it's set, but ignore content.
|
# Mark that it's set, but ignore content.
|
||||||
$cert_issuer_col = "+";
|
$cert_issuer_col = "+";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue