diff --git a/scripts/base/frameworks/file-analysis/main.bro b/scripts/base/frameworks/file-analysis/main.bro index 00ff5b4120..08597aa157 100644 --- a/scripts/base/frameworks/file-analysis/main.bro +++ b/scripts/base/frameworks/file-analysis/main.bro @@ -22,9 +22,7 @@ export { ## The default amount of time file analysis will wait for new file data ## before giving up. - ## TODO: what's a reasonable default? - #const default_timeout_interval: interval = 2 mins &redef; - const default_timeout_interval: interval = 10 sec &redef; + const default_timeout_interval: interval = 2 mins &redef; # Needed a forward declaration for event parameters... type Info: record {}; diff --git a/scripts/base/protocols/ftp/file-analysis.bro b/scripts/base/protocols/ftp/file-analysis.bro index c124c1bf25..68bde54e1d 100644 --- a/scripts/base/protocols/ftp/file-analysis.bro +++ b/scripts/base/protocols/ftp/file-analysis.bro @@ -5,6 +5,7 @@ redef FileAnalysis::service_handle_callbacks += { ["ftp-data"] = function(c: connection, is_orig: bool): string { + if ( is_orig ) return ""; return fmt("%s ftp-data: %s", c$start_time, id_string(c$id)); }, }; diff --git a/scripts/base/protocols/http/file-analysis.bro b/scripts/base/protocols/http/file-analysis.bro index a0390710a8..b1241b4107 100644 --- a/scripts/base/protocols/http/file-analysis.bro +++ b/scripts/base/protocols/http/file-analysis.bro @@ -10,8 +10,8 @@ function get_file_handle(c: connection, is_orig: bool): string if ( ! c?$http ) return ""; if ( c$http$range_request ) - return fmt("%s http(%s): %s: %s", c$start_time, is_orig, - c$id$orig_h, build_url(c$http)); + return fmt("http(%s): %s: %s", is_orig, c$id$orig_h, + build_url(c$http)); return fmt("%s http(%s, %s): %s", c$start_time, is_orig, c$http$trans_depth, id_string(c$id)); diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index 260c0e525a..a1771c8e77 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -74,7 +74,7 @@ export { ## Indicates if this request can assume 206 partial content in ## response. - range_request: bool &default=F; + range_request: bool &default=F; }; ## Structure to maintain state for an HTTP connection with multiple diff --git a/scripts/base/protocols/irc/file-analysis.bro b/scripts/base/protocols/irc/file-analysis.bro index dbb06da3ba..dc6b5e588a 100644 --- a/scripts/base/protocols/irc/file-analysis.bro +++ b/scripts/base/protocols/irc/file-analysis.bro @@ -5,6 +5,7 @@ redef FileAnalysis::service_handle_callbacks += { ["irc-dcc-data"] = function(c: connection, is_orig: bool): string { + if ( is_orig ) return ""; return fmt("%s irc-dcc-data: %s", c$start_time, id_string(c$id)); }, }; diff --git a/src/HTTP.cc b/src/HTTP.cc index 4ac6652ca1..7110e2d1fa 100644 --- a/src/HTTP.cc +++ b/src/HTTP.cc @@ -47,7 +47,8 @@ HTTP_Entity::HTTP_Entity(HTTP_Message *arg_message, MIME_Entity* parent_entity, zip = 0; is_partial_content = false; offset = 0; - content_size = -1; // unspecified + instance_length = -1; // unspecified + send_size = true; } void HTTP_Entity::EndOfData() @@ -282,27 +283,33 @@ void HTTP_Entity::SubmitData(int len, const char* buf) if ( deliver_body ) MIME_Entity::SubmitData(len, buf); + if ( send_size && ( encoding == GZIP || encoding == DEFLATE ) ) + // Auto-decompress in DeliverBody invalidates sizes derived from headers + send_size = false; + if ( is_partial_content ) { + if ( send_size && instance_length > 0 ) + file_mgr->SetSize(instance_length, + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig()); file_mgr->DataIn(reinterpret_cast(buf), len, offset, - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig()); + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig()); offset += len; - if ( content_size >= 0 ) - file_mgr->SetSize(content_size, - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig()); } else { - file_mgr->DataIn(reinterpret_cast(buf), len, - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig()); - if ( content_length >= 0 ) + if ( send_size && content_length > 0 ) file_mgr->SetSize(content_length, - http_message->MyHTTP_Analyzer()->Conn(), - http_message->IsOrig()); + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig()); + file_mgr->DataIn(reinterpret_cast(buf), len, + http_message->MyHTTP_Analyzer()->Conn(), + http_message->IsOrig()); } + + send_size = false; } void HTTP_Entity::SetPlainDelivery(int64_t length) @@ -333,9 +340,7 @@ void HTTP_Entity::SubmitHeader(MIME_Header* h) } // Figure out content-length for HTTP 206 Partial Content response - // that uses multipart/byteranges content-type. - else if ( strcasecmp_n(h->get_name(), "content-range") == 0 && Parent() && - Parent()->MIMEContentType() == CONTENT_TYPE_MULTIPART && + else if ( strcasecmp_n(h->get_name(), "content-range") == 0 && http_message->MyHTTP_Analyzer()->HTTP_ReplyCode() == 206 ) { data_chunk_t vt = h->get_value_token(); @@ -359,7 +364,7 @@ void HTTP_Entity::SubmitHeader(MIME_Header* h) } string byte_range_resp_spec = byte_range.substr(0, p); - string instance_length = byte_range.substr(p + 1); + string instance_length_str = byte_range.substr(p + 1); p = byte_range_resp_spec.find("-"); if ( p == string::npos ) @@ -374,7 +379,7 @@ void HTTP_Entity::SubmitHeader(MIME_Header* h) if ( DEBUG_http ) DEBUG_MSG("Parsed Content-Range: %s %s-%s/%s\n", byte_unit.c_str(), first_byte_pos.c_str(), last_byte_pos.c_str(), - instance_length.c_str()); + instance_length_str.c_str()); int64_t f, l; atoi_n(first_byte_pos.size(), first_byte_pos.c_str(), 0, 10, f); @@ -386,9 +391,13 @@ void HTTP_Entity::SubmitHeader(MIME_Header* h) if ( len > 0 ) { - if ( instance_length != "*" ) - atoi_n(instance_length.size(), instance_length.c_str(), 0, 10, - content_size); + if ( instance_length_str != "*" ) + { + if ( ! atoi_n(instance_length_str.size(), + instance_length_str.c_str(), 0, 10, + instance_length) ) + instance_length = 0; + } is_partial_content = true; offset = f; content_length = len; @@ -554,8 +563,11 @@ void HTTP_Message::Done(const int interrupted, const char* detail) GetAnalyzer()->ConnectionEvent(http_message_done, vl); } + if ( is_orig || MyHTTP_Analyzer()->HTTP_ReplyCode() != 206 ) + // multipart/byteranges may span multiple connections + file_mgr->EndOfFile(MyHTTP_Analyzer()->Conn(), is_orig); + MyHTTP_Analyzer()->HTTP_MessageDone(is_orig, this); - file_mgr->EndOfFile(MyHTTP_Analyzer()->Conn(), is_orig); delete_strings(buffers); @@ -620,8 +632,7 @@ void HTTP_Message::EndEntity(MIME_Entity* entity) // SubmitAllHeaders (through EndOfData). if ( entity == top_level ) Done(); - else if ( ! ( current_entity->MIMEContentType() == CONTENT_TYPE_MULTIPART && - MyHTTP_Analyzer()->HTTP_ReplyCode() == 206 ) ) + else if ( is_orig || MyHTTP_Analyzer()->HTTP_ReplyCode() != 206 ) file_mgr->EndOfFile(MyHTTP_Analyzer()->Conn(), is_orig); } @@ -884,7 +895,12 @@ void HTTP_Analyzer::Done() unanswered_requests.pop(); } - file_mgr->EndOfFile(Conn()); + file_mgr->EndOfFile(Conn(), true); + /* TODO: this might be nice to have, but reply code is cleared by now. + if ( HTTP_ReplyCode() != 206 ) + // multipart/byteranges may span multiple connections + file_mgr->EndOfFile(Conn(), false); + */ } void HTTP_Analyzer::DeliverStream(int len, const u_char* data, bool is_orig) diff --git a/src/HTTP.h b/src/HTTP.h index a65a93e417..81c7385825 100644 --- a/src/HTTP.h +++ b/src/HTTP.h @@ -57,7 +57,8 @@ protected: ZIP_Analyzer* zip; bool is_partial_content; uint64_t offset; - int64_t content_size; // total size of content specified by content-range + int64_t instance_length; // total length indicated by content-range + bool send_size; // whether to send size indication to FAF MIME_Entity* NewChildEntity() { return new HTTP_Entity(http_message, this, 1); } diff --git a/src/MIME.cc b/src/MIME.cc index 0ebded78c5..d5610c2bcb 100644 --- a/src/MIME.cc +++ b/src/MIME.cc @@ -1068,6 +1068,8 @@ void MIME_Mail::EndEntity(MIME_Entity* /* entity */) vl->append(analyzer->BuildConnVal()); analyzer->ConnectionEvent(mime_end_entity, vl); } + + file_mgr->EndOfFile(analyzer->Conn()); } void MIME_Mail::SubmitHeader(MIME_Header* h) diff --git a/src/file_analysis/Hash.cc b/src/file_analysis/Hash.cc index 28662559af..145974e8cc 100644 --- a/src/file_analysis/Hash.cc +++ b/src/file_analysis/Hash.cc @@ -6,7 +6,7 @@ using namespace file_analysis; Hash::Hash(RecordVal* args, Info* info, HashVal* hv, const char* field) - : Action(args, info), hash(hv) + : Action(args, info), hash(hv), fed(false) { using BifType::Record::FileAnalysis::ActionResults; if ( (result_field_idx = ActionResults->FieldOffset(field)) < 0 ) @@ -23,6 +23,9 @@ bool Hash::DeliverStream(const u_char* data, uint64 len) { if ( ! hash->IsValid() ) return false; + if ( ! fed ) + fed = len > 0; + hash->Feed(data, len); return true; } @@ -40,7 +43,7 @@ bool Hash::Undelivered(uint64 offset, uint64 len) void Hash::Finalize() { - if ( ! hash->IsValid() ) return; + if ( ! hash->IsValid() || ! fed ) return; StringVal* sv = hash->Get(); info->GetResults(args)->Assign(result_field_idx, sv); diff --git a/src/file_analysis/Hash.h b/src/file_analysis/Hash.h index 18c4166237..90345771ba 100644 --- a/src/file_analysis/Hash.h +++ b/src/file_analysis/Hash.h @@ -31,6 +31,7 @@ protected: void Finalize(); HashVal* hash; + bool fed; int result_field_idx; }; diff --git a/src/file_analysis/Info.cc b/src/file_analysis/Info.cc index d3a89fd825..0eda8d6104 100644 --- a/src/file_analysis/Info.cc +++ b/src/file_analysis/Info.cc @@ -97,7 +97,8 @@ Info::Info(const string& unique, Connection* conn) reinterpret_cast(hash)); uitoa_n(hash[0], id, sizeof(id), 62); - DBG_LOG(DBG_FILE_ANALYSIS, "Creating new Info object %s", id); + DBG_LOG(DBG_FILE_ANALYSIS, "Creating new Info object %s (%s)", id, + unique.c_str()); val = new RecordVal(BifType::Record::FileAnalysis::Info); val->Assign(file_id_idx, new StringVal(id)); diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.ftp/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.ftp/out new file mode 100644 index 0000000000..4492b5a867 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.ftp/out @@ -0,0 +1,20 @@ +FileAnalysis::TRIGGER_NEW +XRXY932iwza, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +The Nationa +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_EOF +XRXY932iwza, 16557, 0 +{ +arKYeMETxOg +} +{ +[orig_h=141.142.228.5, orig_p=50737/tcp, resp_h=141.142.192.162, resp_p=38141/tcp] +} +source: ftp-data +SHA1: 44586aed07cfe19cad25076af98f535585cd5797 +MD5: 7192a8075196267203adb3dfaa5c908d +SHA256: 202674eba48e832690a4475113acf8b16a3f6c82c04c94b36bb2c7ce457ac8d2 diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.ftp/thefile b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.ftp/thefile new file mode 100644 index 0000000000..ffa6b5b161 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.ftp/thefile @@ -0,0 +1,425 @@ +The National Center for Supercomputing Applications 1/28/92 +Anonymous FTP Server General Information + +This file contains information about the general structure, as well as +information on how to obtain files and documentation from the FTP server. +NCSA software and documentation can also be obtained through the the U.S. +Mail. Instructions are included for using this method as well. + +Information about the Software Development Group and NCSA software can be +found in the /ncsapubs directory in a file called TechResCatalog. + + +THE UNIVERSITY OF ILLINOIS GIVES NO WARRANTY, EXPRESSED OR IMPLIED, FOR THE +SOFTWARE AND/OR DOCUMENTATION PROVIDED, INCLUDING, WITHOUT LIMITATION, +WARRANTY OF MERCHANTABILITY AND WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE. + + +_____________________________________________________________ + +FTP INSTRUCTIONS + +Most NCSA Software is released into the public domain. That is, for these +programs, the public domain has all rights for future licensing, resale, +and publication of available packages. If you are connected to Internet +(NSFNET, ARPANET, MILNET, etc) you may download NCSA software and documentation and source code if it is available, at no charge from the anonymous file +transfer protocol (FTP) server at NCSA where you got this file. The procedure +you should follow to do so is presented below. If you have any questions +regarding this procedure or whether you are connected to Internet, consult your local system administration or network expert. + +1. Log on to a host at your site that is connected to the Internet and is + running software supporting the FTP command. + +2. Invoke FTP on most systems by entering the Internet address of the server. + Type the following at the shell (usually "%") prompt: + + % ftp ftp.ncsa.uiuc.edu + +3. Log in by entering anonymous for the name. + +4. Enter your local email address (login@host) for the password. + +5. Enter the following at the "ftp>" prompt to copy a text file from our + server to your local host: + + ftp> get filename + + where "filename" is the name of the file you want a copy of. For example, + to get a copy of this file from the server enter: + + ftp> get README.FIRST + + To get a copy of our software brochure, enter: + + ftp> cd ncsapubs + get TechResCatalog + + NOTE: Some of the filenames on the server are rather long to aid in + identification. Some operating systems may have problems with names + this long. To change the name the file will have on your local + machine type the following at the "ftp>" prompt ("remoteName" is the + name of the file on the server and "localName" is the name you want + the file to have on your local machine): + + ftp> get remoteName localName + + Example: + + ftp> get TechResCatalog catalog.txt + + +6. For files that are not text files (almost everything else) you will need to + specify that you want to transfer binary files. Do this by typing the + following at the "ftp>" prompt: + + ftp> type binary + + You can now use the "get" command to download binary files. To switch back + to ASCII text transfers type: + + ftp> type ascii + +7. The "ls" and "cd" commands can be used at the "ftp>" prompt to list and + change directories as in the shell. + +8. Enter "quit" or "bye" to exit FTP and return to your local host. + + +_____________________________________________________________ + +FTP SOFTWARE BY MAIL + +To obtain an order form, send your request to the following address: + +FTP Archive Tapes +c/o Debbie Shirley +152 Computing Applications Building +605 East Springfield Avenue +Champaign, IL 61820 + +or call: +Debbie at (217) 244-4130 + + +_____________________________________________________________ + +VIRUS INFORMATION + +The Software Development Group at NCSA is very virus-conscious. We routinely +check our machines for viruses and recommend that you do so also. For the +Macintoshes we use Disinfectant. You can obtain a copy of Disinfectant from +the /Mac/Utilities directory. + +If you use Microsoft DOS or Windows you can find the latest virus scan from +the anonymous site oak.oakland.edu in the /SimTel/msdos/virus directory. + +_____________________________________________________________ + +GENERAL INFORMATION + + +DIRECTORY STRUCTURE + +The FTP server is organized as specified below: + + /Mac Macintosh software + /PC IBM PC software + /Unix Software for machines running UNIX or equivalent OS + /Unix/SGI Software that primarily runs on Silicon Graphics + machines only + /Visualization Software tools for data visualization. + /Web World Wide Web tools, including Mosaic, httpd, + and html editors. + /HDF Hierarchical Data Format applications and tools + /Samples Samples that can be used with most of NCSA software + tools + /Documentation Currently being constructed, check each application's + directory for documentation + /ncsapubs Information produced by the Publications group, + including Metacenter announcements, data link & access, + a software listing, start-up guides, and other + reference documents. + /misc Miscellaneous documentation and software + /incoming directory for contributions + /outgoing swap directory + +Information for a particular application can be found in the README file, +located in the same directory as the application. The README files contain +information on new features, known bugs, compile information, and other +important notes. + +All directories on the FTP server contain an INDEX file. These files outline +the hierarchical structure of the directory and (recursively) all files and +directories contained within it. The INDEX at the root level contains the +structure of the enire server listing all files and directories on it. The +INDEX file in each software directory contains additional information about +each file. The letter in parenthesis after the file name indicates how the +file should be downloaded: ascii (a), binary (b), or mac binary (m). + +The "misc" directories found in some software tool directories contain +supplementary code or other information. Refer to the README file in that +directory for a description of what is contained within the "misc" directory. + +The "contrib" directories contain contributed software. This directory usually +contains NCSA source that has been modified by people outside of NCSA as well +as binaries compiled on different platforms not available to the Software +Development Group. If you have modified NCSA software or would like to share +some code please contact the developer of the source so arrangemnts can be +made to upload it to the "incoming" directory. If you are downloading +software from the "contrib" directory please note that this software is not +supported by NCSA and has not been checked for viruses (see statement on +viruses above). NCSA may not be held responsible for anything resulting from +use of the contributed software. *** RUN AT YOUR OWN RISK *** + + +FILE NAMES + +All file names consist of the name of the tool, the version number, and one or +more extensions. The extensions identify what type of information is contained +in the file, and what format it is in. For example, here is a list of files in +the /Mac/DataScope directory: + + DataScope2.0.1.asc.tar.Z + DataScope2.0.1.src.sit.hqx + DataScope2.0.1.smp.sit.hqx + DataScope2.0.1.mac.sit.hqx + DataScope2.0.1.msw.sit.hqx + +The first three character extension indicates what type of data can be found in +that file (ASCII documentation, source, samples, etc.). The other extensions +indicate what format the files are in. The extensions ".tar" and ".sit" +indicate types of archives, and the ".Z" and ".hqx" indicate compression and +encoding schemes. (See below for instructions on extracting files that have +been archived and/or compressed.) Following are a list of extensions and their +meanings: + + .sn3 Sun 3 executables + .sn4 Sun 4 executables + .386 Sun 386i executables + .sgi Silicon Graphics Iris executables + .dgl Silicon Graphics Iris using DGL executables + .rs6 IBM RS6000 executables + .cv2 Convex 2 executables + .cv3 Convex 3 executables + .cr2 Cray 2 executables + .crY CrayYMP executables + .d31 DEC 3100 executables + .m88 Motorola 88k executables + .m68 Motorola 68k executables + .exe IBM PC executables + .mac Macintosh executables + .src source code + .smp sample files + .asc ASCII text documentation + .msw Microsoft Word documentation + .ps postscript documentation + .man formatted man page + .shar Bourne shell archive + .sit archive created by Macintosh application, StuffIt + .hqx encoded with Macintosh application, BinHex + .sea Self extracting Macintosh archive + .tar archive created with UNIX tar command + .Z compressed with UNIX compress command + +The files in the PC directory are the only exception to this naming convention. +In order to conform with the DOS convention of eight character file names and +one, three character extension, the names for PC files are slightly different. +Whenever possible the scheme outlined above is used, but the names are usually +abbreviated and all but one of the dots "." have been omitted. + + +_______________________________________________________________________________ +EXTRACTING ARCHIVED FILES + + +INSTRUCTIONS FOR MACINTOSH FILES + +If a file ends with the extension ".sit" it must be unstuffed with either the +shareware program StuffIt or the Public Domain program UnStuffIt. Files ending +with the ".hqx" must be decoded with BinHex. These programs can be found on +the FTP server in the /Mac/Utilities directory. Note that the BinHex program +must be downloaded with MacBinary enabled, and the StuffIt program must be +decoded before it can be used. Files downloaded from the server may be both +Stuffed (".sit" extension) and BinHexed (".hqx" extension). These files must +be first decoded and then unstuffed. + +To decode a file with the ".hqx" extension (a BinHexed file): + + 1. Download the file to your Macintosh. + 2. Start the application BinHex by double-clicking on it. + 3. From the "File" menu in BinHex, choose "UpLoad -> Application". + 4. Choose the ".hqx" file to be decoded and select "Open". + 5. The suggested file name will appear in a dialog box. + 6. Select "Save" to decode the file. + +To uncompress a file with the ".sit" extension (a Stuffed file): + + 1. Download the file to your Macintosh. + 2. Start the application Stuffit by double-clicking on it. + 3. From the "File" menu in Stuffit, choose "Open Archive...". + 4. Choose the ".sit" file to be unstuffed and select "Open". A window with + all the files contained in the stuffed file will appear. + 5. Choose "Select All" in the "Edit" menu to select all of the files. + 6. Click on the "Extract" box at the bottom of the window. + 7. Select "Save All" in the dialog box to save all the selected files in + the current directory. + + +INSTRUCTIONS FOR PC FILES + +Most IBM PC files are archived and compressed using the pkzip utility. +(If you do not have the pkzip utility on your PC, you may obtain it from the +FTP server by anonymous ftp. The file you need is called pkz110.exe and it +is located in /PC/Telnet/contributions. Set the ftp mode to binary and "get" +the file pkz110.exe. Then, on your PC, run PKZ110.EXE with no arguments and +several files will be self-extracted, including one called PKUNZIP.EXE. It +may then be convenient to copy PKUNZIP.EXE to the directory where you have +placed, or are going to place, your Telnet files.) +To extract these files, first download the file with the ".zip" extension to +your PC and then type the following at the DOS prompt: + + > pkunzip -d filename.zip + +where "filename" is the name of the file you want to unarchive. + + +INSTRUCTIONS FOR UNIX FILES + +Most files on the FTP server will be both tarred and compressed. For more +information on the "tar" and "compress" commands you can type "man tar" and +"man compress" at your shell prompt to see the online manual page for these +commands, or ask your system administrator for help. You should first +uncompress and then unarchive files ending in ".tar.Z" with the following +procedure. + +Files with the ".Z" extension have been compressed with the UNIX "compress" +command. To uncompress these files type the following at the shell prompt: + + % uncompress filename.Z + +where "filename.Z" is the name of the file ending with the ".Z" extension that +you wish to uncompress. + +Files with the ".tar" extension have been archived with the UNIX "tar" command. +To extract the files type the following at the shell prompt: + + % tar xf filename.tar + +Some files are archived using a shell archive utility and are indicated as such +with the ".shar" extension. To extract the files type the following at the +shell prompt: + + % sh filename.shar + + +_______________________________________________________________________________ +DOCUMENTATION + +NCSA offers users several documentation formats for its programs including +ASCII text, Microsoft Word, and postscript. If one of these formats does not +fit your needs, documentaion can be obtained through the mail at the following +address: + +Documentation Orders +c/o Debbie Shirley +152 Computing Applications Building +605 East Springfield Avenue +Champaign, IL 61820 + +or call: + +(217) 244-4130 + +Members of the Software Development Group within NCSA are currently working +on videotapes that demonstrate and also offer tutorials for NCSA programs. A +note will be posted here when these tapes are available for distribution. + + +ASCII FORMAT + +ASCII text files are provided for all software and are indicated with the +".asc" extension. Helpful figures and diagrams obviously cannot be included +in this form of documentation. We suggest you use the other forms of +documentation if possible. + + +MICROSOFT WORD FORMAT + +If you are a Macintosh user, please download documents with the ".msw" +extension. These files should also be stuffed and BinHexed (information on +extracting these files from the archive is contained earlier in this file). +The documents can be previewed and printed using the Microsoft Word +application. Word documents contain text, images, and formatting. + + +POSTSCRIPT FORMAT + +If you are a UNIX user and/or have access to a postscript printer, please +download files with the ".pos" extension. The documents can be previewed using +a poscript previewer or can be printed directly to a poscript printer using a +command like "lpr". + + +_______________________________________________________________________________ +BUG REPORTS AND SUPPORT + +The Software Development Group at NCSA is very interested in how the software +tools developed here are being used. Please send any comments or suggestions +you may have to the appropriate address. + +NOTE: This is a new kind of shareware. You share your science and +successes with us, and we can get more resources to share more +NCSA software with you. + +If you want to see more NCSA software, please send us a letter, + email or US Mail, telling us what you are doing with our software. +We need to know: + + (1) What science you are working on - an abstract of your + work would be fine. + + (2) How NCSA software has helped you, for example, by increasing + your productivity or allowing you to do things you could + not do before. + +We encourage you to cite the use of any NCSA software you have used in +your publications. A bibliography of your work would be extremely +helpful. + + +NCSA Telnet for the Macintosh: Please allow ***time*** for a response. + +Bug reports, questions, suggestions may be sent to the addresses below. + + mactelnet@ncsa.uiuc.edu (Internet) + +NCSA Telnet for PCs: Please allow ***time*** for a response. + +Bug reports, questions, suggestions may be sent to: + pctelnet@ncsa.uiuc.edu (Internet) + +All other NCSA software: + +Bug reports should be emailed to the adresses below. Be sure to check the +BUGS NOTES section of the README file before sending email. +Please allow ***time*** for a response. + + bugs@ncsa.uiuc.edu (Internet) + + +Questions regarding NCSA developed software tools may be sent to the address +below. Please allow ***time*** for a response. + + softdev@ncsa.uiuc.edu (Internet) +_______________________________________________________________________________ +COPYRIGHTS AND TRADEMARKS + +Apple +Motorola +Digital Equipment Corp. +Silicon Graphics Inc. +International Business Machines +Sun Microsystems +UNIX +StuffIt +Microsoft diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/KPVibShQgUc-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/KPVibShQgUc-file new file mode 100644 index 0000000000..e68dee74e6 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/KPVibShQgUc-file @@ -0,0 +1,159 @@ + +0.26 | 2012-08-24 15:10:04 -0700 + + * Fixing update-changes, which could pick the wrong control file. (Robin Sommer) + + * Fixing GPG signing script. (Robin Sommer) + +0.25 | 2012-08-01 13:55:46 -0500 + + * Fix configure script to exit with non-zero status on error (Jon Siwek) + +0.24 | 2012-07-05 12:50:43 -0700 + + * Raise minimum required CMake version to 2.6.3 (Jon Siwek) + + * Adding script to delete old fully-merged branches. (Robin Sommer) + +0.23-2 | 2012-01-25 13:24:01 -0800 + + * Fix a bro-cut error message. (Daniel Thayer) + +0.23 | 2012-01-11 12:16:11 -0800 + + * Tweaks to release scripts, plus a new one for signing files. + (Robin Sommer) + +0.22 | 2012-01-10 16:45:19 -0800 + + * Tweaks for OpenBSD support. (Jon Siwek) + + * bro-cut extensions and fixes. (Robin Sommer) + + - If no field names are given on the command line, we now pass through + all fields. Adresses #657. + + - Removing some GNUism from awk script. Addresses #653. + + - Added option for time output in UTC. Addresses #668. + + - Added output field separator option -F. Addresses #649. + + - Fixing option -c: only some header lines were passed through + rather than all. (Robin Sommer) + + * Fix parallel make portability. (Jon Siwek) + +0.21-9 | 2011-11-07 05:44:14 -0800 + + * Fixing compiler warnings. Addresses #388. (Jon Siwek) + +0.21-2 | 2011-11-02 18:12:13 -0700 + + * Fix for misnaming temp file in update-changes script. (Robin Sommer) + +0.21-1 | 2011-11-02 18:10:39 -0700 + + * Little fix for make-release script, which could pick out the wrong + tag. (Robin Sommer) + +0.21 | 2011-10-27 17:40:45 -0700 + + * Fixing bro-cut's usage message and argument error handling. (Robin Sommer) + + * Bugfix in update-changes script. (Robin Sommer) + + * update-changes now ignores commits it did itself. (Robin Sommer) + + * Fix a bug in the update-changes script. (Robin Sommer) + + * bro-cut now always installs to $prefix/bin by `make install`. (Jon Siwek) + + * Options to adjust time format for bro-cut. (Robin Sommer) + + The default with -d is now ISO format. The new option "-D " + specifies a custom strftime()-style format string. Alternatively, + the environment variable BRO_CUT_TIMEFMT can set the format as + well. + + * bro-cut now understands the field separator header. (Robin Sommer) + + * Renaming options -h/-H -> -c/-C, and doing some general cleanup. + +0.2 | 2011-10-25 19:53:57 -0700 + + * Adding support for replacing version string in a setup.py. (Robin + Sommer) + + * Change generated root cert DN indices format for RFC2253 + compliance. (Jon Siwek) + + * New tool devel-tools/check-release to run before making releases. + (Robin Sommer) + + * devel-tools/update-changes gets a new option -a to amend to + previous commit if possible. Default is now not to (used to be the + opposite). (Robin Sommer) + + * Change Mozilla trust root generation to index certs by subject DN. (Jon Siwek) + + * Change distclean to only remove build dir. (Jon Siwek) + + * Make dist now cleans the copied source (Jon Siwek) + + * Small tweak to make-release for forced git-clean. (Jon Siwek) + + * Fix to not let updates scripts loose their executable permissions. + (Robin Sommer) + + * devel-tools/update-changes now looks for a 'release' tag to + idenfify the stable version, and 'beta' for the beta versions. + (Robin Sommer). + + * Distribution cleanup. (Robin Sommer) + + * New script devel-tools/make-release to create source tar balls. + (Robin Sommer) + + * Removing bdcat. With the new log format, this isn't very useful + anymore. (Robin Sommer) + + * Adding script that shows all pending git fastpath commits. (Robin + Sommer) + + * Script to measure CPU time by loading an increasing set of + scripts. (Robin Sommer) + + * extract-conn script now deals wit *.gz files. (Robin Sommer) + + * Tiny update to output a valid CA list file for SSL cert + validation. (Seth Hall) + + * Adding "install-aux" target. Addresses #622. (Jon Siwek) + + * Distribution cleanup. (Jon Siwek and Robin Sommer) + + * FindPCAP now links against thread library when necessary (e.g. + PF_RING's libpcap) (Jon Siwek) + + * Install binaries with an RPATH (Jon Siwek) + + * Workaround for FreeBSD CMake port missing debug flags (Jon Siwek) + + * Rewrite of the update-changes script. (Robin Sommer) + +0.1-1 | 2011-06-14 21:12:41 -0700 + + * Add a script for generating Mozilla's CA list for the SSL analyzer. + (Seth Hall) + +0.1 | 2011-04-01 16:28:22 -0700 + + * Converting build process to CMake. (Jon Siwek) + + * Removing cf/hf/ca-* from distribution. The README has a note where + to find them now. (Robin Sommer) + + * General cleanup. (Robin Sommer) + + * Initial import of bro/aux from SVN r7088. (Jon Siwek) diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/LMA6EHLacYc-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/LMA6EHLacYc-file new file mode 100644 index 0000000000..c8435ed950 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/LMA6EHLacYc-file @@ -0,0 +1,11 @@ +{ + "origin": "10.224.189.238", + "headers": { + "Host": "httpbin.org", + "Connection": "close", + "Accept": "*/*", + "User-Agent": "curl/7.29.0" + }, + "gzipped": true, + "method": "GET" +} \ No newline at end of file diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get-gzip.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get-gzip.out new file mode 100644 index 0000000000..e7df070a03 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get-gzip.out @@ -0,0 +1,20 @@ +FileAnalysis::TRIGGER_NEW +LMA6EHLacYc, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +{^J "origin +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_EOF +LMA6EHLacYc, 197, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=141.142.228.5, orig_p=50153/tcp, resp_h=54.243.118.187, resp_p=80/tcp] +} +source: HTTP +SHA1: e351b8c693c3353716787c02e2923f4d12ebbb31 +MD5: 5baba7eea57bc8a42a92c817ed566d72 +SHA256: 202b775be087f5af98e95120e42769a9b3488f84c5aa79c4f4c1093d348f849c diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get.out new file mode 100644 index 0000000000..301d6dd6a7 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.get/get.out @@ -0,0 +1,21 @@ +FileAnalysis::TRIGGER_NEW +KPVibShQgUc, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +^J0.26 | 201 +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_DONE +KPVibShQgUc, 4705, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=141.142.228.5, orig_p=59856/tcp, resp_h=192.150.187.43, resp_p=80/tcp] +} +total bytes: 4705 +source: HTTP +SHA1: 1dd7ac0398df6cbc0696445a91ec681facf4dc47 +MD5: 397168fd09991a0e712254df7bc639ac +SHA256: 4e7c7ef0984119447e743e3ec77e1de52713e345cde03fe7df753a35849bed18 diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out new file mode 100644 index 0000000000..6ce550d39a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.out @@ -0,0 +1,14 @@ +FileAnalysis::TRIGGER_NEW +uj9AtyGOiZ8, 0, 0 +FileAnalysis::TRIGGER_DONE +uj9AtyGOiZ8, 555523, 0 +{ +UWkUyAuUGXf, +arKYeMETxOg +} +{ +[orig_h=10.101.84.70, orig_p=10978/tcp, resp_h=129.174.93.161, resp_p=80/tcp], +[orig_h=10.101.84.70, orig_p=10977/tcp, resp_h=129.174.93.161, resp_p=80/tcp] +} +total bytes: 555523 +source: HTTP diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.size b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.size new file mode 100644 index 0000000000..7abf924cb4 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/a.size @@ -0,0 +1 @@ + 555523 uj9AtyGOiZ8-file0 diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out new file mode 100644 index 0000000000..0d4d863157 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.out @@ -0,0 +1,25 @@ +FileAnalysis::TRIGGER_NEW +ns7As4DOZcj, 0, 0 +FileAnalysis::TRIGGER_DONE +ns7As4DOZcj, 1022920, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=192.168.72.14, orig_p=3254/tcp, resp_h=65.54.95.206, resp_p=80/tcp] +} +total bytes: 1022920 +source: HTTP +FileAnalysis::TRIGGER_NEW +ns7As4DOZcj, 0, 0 +FileAnalysis::TRIGGER_TIMEOUT +FileAnalysis::TRIGGER_EOF +ns7As4DOZcj, 206024, 0 +{ +arKYeMETxOg +} +{ +[orig_h=192.168.72.14, orig_p=3257/tcp, resp_h=65.54.95.14, resp_p=80/tcp] +} +total bytes: 1022920 +source: HTTP diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.size b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.size new file mode 100644 index 0000000000..9be08e4aab --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/b.size @@ -0,0 +1 @@ + 1022920 ns7As4DOZcj-file0 diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out new file mode 100644 index 0000000000..730a6feae8 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.out @@ -0,0 +1,14 @@ +FileAnalysis::TRIGGER_NEW +MHMkq2nFxej, 0, 0 +FileAnalysis::TRIGGER_DONE +MHMkq2nFxej, 498702, 0 +{ +UWkUyAuUGXf, +arKYeMETxOg +} +{ +[orig_h=10.45.179.94, orig_p=19950/tcp, resp_h=129.174.93.170, resp_p=80/tcp], +[orig_h=10.45.179.94, orig_p=19953/tcp, resp_h=129.174.93.170, resp_p=80/tcp] +} +total bytes: 498668 +source: HTTP diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.size b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.size new file mode 100644 index 0000000000..fbb418c3d3 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.partial-content/c.size @@ -0,0 +1 @@ + 498668 MHMkq2nFxej-file0 diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/Ac8PLL9KL49-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/Ac8PLL9KL49-file new file mode 100644 index 0000000000..cdaf76ed70 Binary files /dev/null and b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/Ac8PLL9KL49-file differ diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/NV2MvAX0Is4-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/NV2MvAX0Is4-file new file mode 100644 index 0000000000..1383a33f48 Binary files /dev/null and b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/NV2MvAX0Is4-file differ diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/WLJWC1FMBq9-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/WLJWC1FMBq9-file new file mode 100644 index 0000000000..41e217d6c9 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/WLJWC1FMBq9-file @@ -0,0 +1,636 @@ +//-- Google Analytics Urchin Module +//-- Copyright 2007 Google, All Rights Reserved. + +//-- Urchin On Demand Settings ONLY +var _uacct=""; // set up the Urchin Account +var _userv=0; // service mode (0=local,1=remote,2=both) + +//-- UTM User Settings +var _ufsc=1; // set client info flag (1=on|0=off) +var _udn="auto"; // (auto|none|domain) set the domain name for cookies +var _uhash="on"; // (on|off) unique domain hash for cookies +var _utimeout="1800"; // set the inactive session timeout in seconds +var _ugifpath="/images/__utm.gif"; // set the web path to the __utm.gif file +var _utsp="|"; // transaction field separator +var _uflash=1; // set flash version detect option (1=on|0=off) +var _utitle=1; // set the document title detect option (1=on|0=off) +var _ulink=0; // enable linker functionality (1=on|0=off) +var _uanchor=0; // enable use of anchors for campaign (1=on|0=off) +var _utcp="/"; // the cookie path for tracking +var _usample=100; // The sampling % of visitors to track (1-100). + +//-- UTM Campaign Tracking Settings +var _uctm=1; // set campaign tracking module (1=on|0=off) +var _ucto="15768000"; // set timeout in seconds (6 month default) +var _uccn="utm_campaign"; // name +var _ucmd="utm_medium"; // medium (cpc|cpm|link|email|organic) +var _ucsr="utm_source"; // source +var _uctr="utm_term"; // term/keyword +var _ucct="utm_content"; // content +var _ucid="utm_id"; // id number +var _ucno="utm_nooverride"; // don't override + +//-- Auto/Organic Sources and Keywords +var _uOsr=new Array(); +var _uOkw=new Array(); +_uOsr[0]="google"; _uOkw[0]="q"; +_uOsr[1]="yahoo"; _uOkw[1]="p"; +_uOsr[2]="msn"; _uOkw[2]="q"; +_uOsr[3]="aol"; _uOkw[3]="query"; +_uOsr[4]="aol"; _uOkw[4]="encquery"; +_uOsr[5]="lycos"; _uOkw[5]="query"; +_uOsr[6]="ask"; _uOkw[6]="q"; +_uOsr[7]="altavista"; _uOkw[7]="q"; +_uOsr[8]="netscape"; _uOkw[8]="query"; +_uOsr[9]="cnn"; _uOkw[9]="query"; +_uOsr[10]="looksmart"; _uOkw[10]="qt"; +_uOsr[11]="about"; _uOkw[11]="terms"; +_uOsr[12]="mamma"; _uOkw[12]="query"; +_uOsr[13]="alltheweb"; _uOkw[13]="q"; +_uOsr[14]="gigablast"; _uOkw[14]="q"; +_uOsr[15]="voila"; _uOkw[15]="rdata"; +_uOsr[16]="virgilio"; _uOkw[16]="qs"; +_uOsr[17]="live"; _uOkw[17]="q"; +_uOsr[18]="baidu"; _uOkw[18]="wd"; +_uOsr[19]="alice"; _uOkw[19]="qs"; +_uOsr[20]="yandex"; _uOkw[20]="text"; +_uOsr[21]="najdi"; _uOkw[21]="q"; +_uOsr[22]="aol"; _uOkw[22]="q"; +_uOsr[23]="club-internet"; _uOkw[23]="q"; +_uOsr[24]="mama"; _uOkw[24]="query"; +_uOsr[25]="seznam"; _uOkw[25]="q"; +_uOsr[26]="search"; _uOkw[26]="q"; +_uOsr[27]="szukaj"; _uOkw[27]="szukaj"; +_uOsr[28]="szukaj"; _uOkw[28]="qt"; +_uOsr[29]="netsprint"; _uOkw[29]="q"; +_uOsr[30]="google.interia"; _uOkw[30]="q"; +_uOsr[31]="szukacz"; _uOkw[31]="q"; +_uOsr[32]="yam"; _uOkw[32]="k"; +_uOsr[33]="pchome"; _uOkw[33]="q"; + + +//-- Auto/Organic Keywords to Ignore +var _uOno=new Array(); +//_uOno[0]="urchin"; +//_uOno[1]="urchin.com"; +//_uOno[2]="www.urchin.com"; + +//-- Referral domains to Ignore +var _uRno=new Array(); +//_uRno[0]=".urchin.com"; + +//-- **** Don't modify below this point *** +var _uff,_udh,_udt,_ubl=0,_udo="",_uu,_ufns=0,_uns=0,_ur="-",_ufno=0,_ust=0,_ubd=document,_udl=_ubd.location,_udlh="",_uwv="1"; +var _ugifpath2="http://www.google-analytics.com/__utm.gif"; +if (_udl.hash) _udlh=_udl.href.substring(_udl.href.indexOf('#')); +if (_udl.protocol=="https:") _ugifpath2="https://ssl.google-analytics.com/__utm.gif"; +if (!_utcp || _utcp=="") _utcp="/"; +function urchinTracker(page) { + if (_udl.protocol=="file:") return; + if (_uff && (!page || page=="")) return; + var a,b,c,xx,v,z,k,x="",s="",f=0; + var nx=" expires="+_uNx()+";"; + var dc=_ubd.cookie; + _udh=_uDomain(); + if (!_uVG()) return; + _uu=Math.round(Math.random()*2147483647); + _udt=new Date(); + _ust=Math.round(_udt.getTime()/1000); + a=dc.indexOf("__utma="+_udh); + b=dc.indexOf("__utmb="+_udh); + c=dc.indexOf("__utmc="+_udh); + if (_udn && _udn!="") { _udo=" domain="+_udn+";"; } + if (_utimeout && _utimeout!="") { + x=new Date(_udt.getTime()+(_utimeout*1000)); + x=" expires="+x.toGMTString()+";"; + } + if (_ulink) { + if (_uanchor && _udlh && _udlh!="") s=_udlh+"&"; + s+=_udl.search; + if(s && s!="" && s.indexOf("__utma=")>=0) { + if (!(_uIN(a=_uGC(s,"__utma=","&")))) a="-"; + if (!(_uIN(b=_uGC(s,"__utmb=","&")))) b="-"; + if (!(_uIN(c=_uGC(s,"__utmc=","&")))) c="-"; + v=_uGC(s,"__utmv=","&"); + z=_uGC(s,"__utmz=","&"); + k=_uGC(s,"__utmk=","&"); + xx=_uGC(s,"__utmx=","&"); + if ((k*1) != ((_uHash(a+b+c+xx+z+v)*1)+(_udh*1))) {_ubl=1;a="-";b="-";c="-";xx="-";z="-";v="-";} + if (a!="-" && b!="-" && c!="-") f=1; + else if(a!="-") f=2; + } + } + if(f==1) { + _ubd.cookie="__utma="+a+"; path="+_utcp+";"+nx+_udo; + _ubd.cookie="__utmb="+b+"; path="+_utcp+";"+x+_udo; + _ubd.cookie="__utmc="+c+"; path="+_utcp+";"+_udo; + } else if (f==2) { + a=_uFixA(s,"&",_ust); + _ubd.cookie="__utma="+a+"; path="+_utcp+";"+nx+_udo; + _ubd.cookie="__utmb="+_udh+"; path="+_utcp+";"+x+_udo; + _ubd.cookie="__utmc="+_udh+"; path="+_utcp+";"+_udo; + _ufns=1; + } else if (a>=0 && b>=0 && c>=0) { + _ubd.cookie="__utmb="+_udh+"; path="+_utcp+";"+x+_udo; + } else { + if (a>=0) a=_uFixA(_ubd.cookie,";",_ust); + else a=_udh+"."+_uu+"."+_ust+"."+_ust+"."+_ust+".1"; + _ubd.cookie="__utma="+a+"; path="+_utcp+";"+nx+_udo; + _ubd.cookie="__utmb="+_udh+"; path="+_utcp+";"+x+_udo; + _ubd.cookie="__utmc="+_udh+"; path="+_utcp+";"+_udo; + _ufns=1; + } + if (_ulink && xx && xx!="" && xx!="-") { + xx=_uUES(xx); + if (xx.indexOf(";")==-1) _ubd.cookie="__utmx="+xx+"; path="+_utcp+";"+nx+_udo; + } + if (_ulink && v && v!="" && v!="-") { + v=_uUES(v); + if (v.indexOf(";")==-1) _ubd.cookie="__utmv="+v+"; path="+_utcp+";"+nx+_udo; + } + _uInfo(page); + _ufns=0; + _ufno=0; + if (!page || page=="") _uff=1; +} +function _uInfo(page) { + var p,s="",dm="",pg=_udl.pathname+_udl.search; + if (page && page!="") pg=_uES(page,1); + _ur=_ubd.referrer; + if (!_ur || _ur=="") { _ur="-"; } + else { + dm=_ubd.domain; + if(_utcp && _utcp!="/") dm+=_utcp; + p=_ur.indexOf(dm); + if ((p>=0) && (p<=8)) { _ur="0"; } + if (_ur.indexOf("[")==0 && _ur.lastIndexOf("]")==(_ur.length-1)) { _ur="-"; } + } + s+="&utmn="+_uu; + if (_ufsc) s+=_uBInfo(); + if (_uctm) s+=_uCInfo(); + if (_utitle && _ubd.title && _ubd.title!="") s+="&utmdt="+_uES(_ubd.title); + if (_udl.hostname && _udl.hostname!="") s+="&utmhn="+_uES(_udl.hostname); + s+="&utmr="+_ur; + s+="&utmp="+pg; + if ((_userv==0 || _userv==2) && _uSP()) { + var i=new Image(1,1); + i.src=_ugifpath+"?"+"utmwv="+_uwv+s; + i.onload=function() {_uVoid();} + } + if ((_userv==1 || _userv==2) && _uSP()) { + var i2=new Image(1,1); + i2.src=_ugifpath2+"?"+"utmwv="+_uwv+s+"&utmac="+_uacct+"&utmcc="+_uGCS(); + i2.onload=function() { _uVoid(); } + } + return; +} +function _uVoid() { return; } +function _uCInfo() { + if (!_ucto || _ucto=="") { _ucto="15768000"; } + if (!_uVG()) return; + var c="",t="-",t2="-",t3="-",o=0,cs=0,cn=0,i=0,z="-",s=""; + if (_uanchor && _udlh && _udlh!="") s=_udlh+"&"; + s+=_udl.search; + var x=new Date(_udt.getTime()+(_ucto*1000)); + var dc=_ubd.cookie; + x=" expires="+x.toGMTString()+";"; + if (_ulink && !_ubl) { + z=_uUES(_uGC(s,"__utmz=","&")); + if (z!="-" && z.indexOf(";")==-1) { _ubd.cookie="__utmz="+z+"; path="+_utcp+";"+x+_udo; return ""; } + } + z=dc.indexOf("__utmz="+_udh); + if (z>-1) { z=_uGC(dc,"__utmz="+_udh,";"); } + else { z="-"; } + t=_uGC(s,_ucid+"=","&"); + t2=_uGC(s,_ucsr+"=","&"); + t3=_uGC(s,"gclid=","&"); + if ((t!="-" && t!="") || (t2!="-" && t2!="") || (t3!="-" && t3!="")) { + if (t!="-" && t!="") c+="utmcid="+_uEC(t); + if (t2!="-" && t2!="") { if (c != "") c+="|"; c+="utmcsr="+_uEC(t2); } + if (t3!="-" && t3!="") { if (c != "") c+="|"; c+="utmgclid="+_uEC(t3); } + t=_uGC(s,_uccn+"=","&"); + if (t!="-" && t!="") c+="|utmccn="+_uEC(t); + else c+="|utmccn=(not+set)"; + t=_uGC(s,_ucmd+"=","&"); + if (t!="-" && t!="") c+="|utmcmd="+_uEC(t); + else c+="|utmcmd=(not+set)"; + t=_uGC(s,_uctr+"=","&"); + if (t!="-" && t!="") c+="|utmctr="+_uEC(t); + else { t=_uOrg(1); if (t!="-" && t!="") c+="|utmctr="+_uEC(t); } + t=_uGC(s,_ucct+"=","&"); + if (t!="-" && t!="") c+="|utmcct="+_uEC(t); + t=_uGC(s,_ucno+"=","&"); + if (t=="1") o=1; + if (z!="-" && o==1) return ""; + } + if (c=="-" || c=="") { c=_uOrg(); if (z!="-" && _ufno==1) return ""; } + if (c=="-" || c=="") { if (_ufns==1) c=_uRef(); if (z!="-" && _ufno==1) return ""; } + if (c=="-" || c=="") { + if (z=="-" && _ufns==1) { c="utmccn=(direct)|utmcsr=(direct)|utmcmd=(none)"; } + if (c=="-" || c=="") return ""; + } + if (z!="-") { + i=z.indexOf("."); + if (i>-1) i=z.indexOf(".",i+1); + if (i>-1) i=z.indexOf(".",i+1); + if (i>-1) i=z.indexOf(".",i+1); + t=z.substring(i+1,z.length); + if (t.toLowerCase()==c.toLowerCase()) cs=1; + t=z.substring(0,i); + if ((i=t.lastIndexOf(".")) > -1) { + t=t.substring(i+1,t.length); + cn=(t*1); + } + } + if (cs==0 || _ufns==1) { + t=_uGC(dc,"__utma="+_udh,";"); + if ((i=t.lastIndexOf(".")) > 9) { + _uns=t.substring(i+1,t.length); + _uns=(_uns*1); + } + cn++; + if (_uns==0) _uns=1; + _ubd.cookie="__utmz="+_udh+"."+_ust+"."+_uns+"."+cn+"."+c+"; path="+_utcp+"; "+x+_udo; + } + if (cs==0 || _ufns==1) return "&utmcn=1"; + else return "&utmcr=1"; +} +function _uRef() { + if (_ur=="0" || _ur=="" || _ur=="-") return ""; + var i=0,h,k,n; + if ((i=_ur.indexOf("://"))<0) return ""; + h=_ur.substring(i+3,_ur.length); + if (h.indexOf("/") > -1) { + k=h.substring(h.indexOf("/"),h.length); + if (k.indexOf("?") > -1) k=k.substring(0,k.indexOf("?")); + h=h.substring(0,h.indexOf("/")); + } + h=h.toLowerCase(); + n=h; + if ((i=n.indexOf(":")) > -1) n=n.substring(0,i); + for (var ii=0;ii<_uRno.length;ii++) { + if ((i=n.indexOf(_uRno[ii].toLowerCase())) > -1 && n.length==(i+_uRno[ii].length)) { _ufno=1; break; } + } + if (h.indexOf("www.")==0) h=h.substring(4,h.length); + return "utmccn=(referral)|utmcsr="+_uEC(h)+"|"+"utmcct="+_uEC(k)+"|utmcmd=referral"; +} +function _uOrg(t) { + if (_ur=="0" || _ur=="" || _ur=="-") return ""; + var i=0,h,k; + if ((i=_ur.indexOf("://")) < 0) return ""; + h=_ur.substring(i+3,_ur.length); + if (h.indexOf("/") > -1) { + h=h.substring(0,h.indexOf("/")); + } + for (var ii=0;ii<_uOsr.length;ii++) { + if (h.toLowerCase().indexOf(_uOsr[ii].toLowerCase()) > -1) { + if ((i=_ur.indexOf("?"+_uOkw[ii]+"=")) > -1 || (i=_ur.indexOf("&"+_uOkw[ii]+"=")) > -1) { + k=_ur.substring(i+_uOkw[ii].length+2,_ur.length); + if ((i=k.indexOf("&")) > -1) k=k.substring(0,i); + for (var yy=0;yy<_uOno.length;yy++) { + if (_uOno[yy].toLowerCase()==k.toLowerCase()) { _ufno=1; break; } + } + if (t) return _uEC(k); + else return "utmccn=(organic)|utmcsr="+_uEC(_uOsr[ii])+"|"+"utmctr="+_uEC(k)+"|utmcmd=organic"; + } + } + } + return ""; +} +function _uBInfo() { + var sr="-",sc="-",ul="-",fl="-",cs="-",je=1; + var n=navigator; + if (self.screen) { + sr=screen.width+"x"+screen.height; + sc=screen.colorDepth+"-bit"; + } else if (self.java) { + var j=java.awt.Toolkit.getDefaultToolkit(); + var s=j.getScreenSize(); + sr=s.width+"x"+s.height; + } + if (n.language) { ul=n.language.toLowerCase(); } + else if (n.browserLanguage) { ul=n.browserLanguage.toLowerCase(); } + je=n.javaEnabled()?1:0; + if (_uflash) fl=_uFlash(); + if (_ubd.characterSet) cs=_uES(_ubd.characterSet); + else if (_ubd.charset) cs=_uES(_ubd.charset); + return "&utmcs="+cs+"&utmsr="+sr+"&utmsc="+sc+"&utmul="+ul+"&utmje="+je+"&utmfl="+fl; +} +function __utmSetTrans() { + var e; + if (_ubd.getElementById) e=_ubd.getElementById("utmtrans"); + else if (_ubd.utmform && _ubd.utmform.utmtrans) e=_ubd.utmform.utmtrans; + if (!e) return; + var l=e.value.split("UTM:"); + var i,i2,c; + if (_userv==0 || _userv==2) i=new Array(); + if (_userv==1 || _userv==2) { i2=new Array(); c=_uGCS(); } + + for (var ii=0;ii=2;ii--) { + try { + var fl=eval("new ActiveXObject('ShockwaveFlash.ShockwaveFlash."+ii+"');"); + if (fl) { f=ii + '.0'; break; } + } + catch(e) {} + } + } + return f; +} +function __utmLinker(l,h) { + if (!_ulink) return; + var p,k,a="-",b="-",c="-",x="-",z="-",v="-"; + var dc=_ubd.cookie; + if (!l || l=="") return; + var iq = l.indexOf("?"); + var ih = l.indexOf("#"); + if (dc) { + a=_uES(_uGC(dc,"__utma="+_udh,";")); + b=_uES(_uGC(dc,"__utmb="+_udh,";")); + c=_uES(_uGC(dc,"__utmc="+_udh,";")); + x=_uES(_uGC(dc,"__utmx="+_udh,";")); + z=_uES(_uGC(dc,"__utmz="+_udh,";")); + v=_uES(_uGC(dc,"__utmv="+_udh,";")); + k=(_uHash(a+b+c+x+z+v)*1)+(_udh*1); + p="__utma="+a+"&__utmb="+b+"&__utmc="+c+"&__utmx="+x+"&__utmz="+z+"&__utmv="+v+"&__utmk="+k; + } + if (p) { + if (h && ih>-1) return; + if (h) { _udl.href=l+"#"+p; } + else { + if (iq==-1 && ih==-1) _udl.href=l+"?"+p; + else if (ih==-1) _udl.href=l+"&"+p; + else if (iq==-1) _udl.href=l.substring(0,ih-1)+"?"+p+l.substring(ih); + else _udl.href=l.substring(0,ih-1)+"&"+p+l.substring(ih); + } + } else { _udl.href=l; } +} +function __utmLinkPost(f,h) { + if (!_ulink) return; + var p,k,a="-",b="-",c="-",x="-",z="-",v="-"; + var dc=_ubd.cookie; + if (!f || !f.action) return; + var iq = f.action.indexOf("?"); + var ih = f.action.indexOf("#"); + if (dc) { + a=_uES(_uGC(dc,"__utma="+_udh,";")); + b=_uES(_uGC(dc,"__utmb="+_udh,";")); + c=_uES(_uGC(dc,"__utmc="+_udh,";")); + x=_uES(_uGC(dc,"__utmx="+_udh,";")); + z=_uES(_uGC(dc,"__utmz="+_udh,";")); + v=_uES(_uGC(dc,"__utmv="+_udh,";")); + k=(_uHash(a+b+c+x+z+v)*1)+(_udh*1); + p="__utma="+a+"&__utmb="+b+"&__utmc="+c+"&__utmx="+x+"&__utmz="+z+"&__utmv="+v+"&__utmk="+k; + } + if (p) { + if (h && ih>-1) return; + if (h) { f.action+="#"+p; } + else { + if (iq==-1 && ih==-1) f.action+="?"+p; + else if (ih==-1) f.action+="&"+p; + else if (iq==-1) f.action=f.action.substring(0,ih-1)+"?"+p+f.action.substring(ih); + else f.action=f.action.substring(0,ih-1)+"&"+p+f.action.substring(ih); + } + } + return; +} +function __utmSetVar(v) { + if (!v || v=="") return; + if (!_udo || _udo == "") { + _udh=_uDomain(); + if (_udn && _udn!="") { _udo=" domain="+_udn+";"; } + } + if (!_uVG()) return; + var r=Math.round(Math.random() * 2147483647); + _ubd.cookie="__utmv="+_udh+"."+_uES(v)+"; path="+_utcp+"; expires="+_uNx()+";"+_udo; + var s="&utmt=var&utmn="+r; + if ((_userv==0 || _userv==2) && _uSP()) { + var i=new Image(1,1); + i.src=_ugifpath+"?"+"utmwv="+_uwv+s; + i.onload=function() { _uVoid(); } + } + if ((_userv==1 || _userv==2) && _uSP()) { + var i2=new Image(1,1); + i2.src=_ugifpath2+"?"+"utmwv="+_uwv+s+"&utmac="+_uacct+"&utmcc="+_uGCS(); + i2.onload=function() { _uVoid(); } + } +} +function _uGCS() { + var t,c="",dc=_ubd.cookie; + if ((t=_uGC(dc,"__utma="+_udh,";"))!="-") c+=_uES("__utma="+t+";+"); + if ((t=_uGC(dc,"__utmb="+_udh,";"))!="-") c+=_uES("__utmb="+t+";+"); + if ((t=_uGC(dc,"__utmc="+_udh,";"))!="-") c+=_uES("__utmc="+t+";+"); + if ((t=_uGC(dc,"__utmx="+_udh,";"))!="-") c+=_uES("__utmx="+t+";+"); + if ((t=_uGC(dc,"__utmz="+_udh,";"))!="-") c+=_uES("__utmz="+t+";+"); + if ((t=_uGC(dc,"__utmv="+_udh,";"))!="-") c+=_uES("__utmv="+t+";"); + if (c.charAt(c.length-1)=="+") c=c.substring(0,c.length-1); + return c; +} +function _uGC(l,n,s) { + if (!l || l=="" || !n || n=="" || !s || s=="") return "-"; + var i,i2,i3,c="-"; + i=l.indexOf(n); + i3=n.indexOf("=")+1; + if (i > -1) { + i2=l.indexOf(s,i); if (i2 < 0) { i2=l.length; } + c=l.substring((i+i3),i2); + } + return c; +} +function _uDomain() { + if (!_udn || _udn=="" || _udn=="none") { _udn=""; return 1; } + if (_udn=="auto") { + var d=_ubd.domain; + if (d.substring(0,4)=="www.") { + d=d.substring(4,d.length); + } + _udn=d; + } + _udn = _udn.toLowerCase(); + if (_uhash=="off") return 1; + return _uHash(_udn); +} +function _uHash(d) { + if (!d || d=="") return 1; + var h=0,g=0; + for (var i=d.length-1;i>=0;i--) { + var c=parseInt(d.charCodeAt(i)); + h=((h << 6) & 0xfffffff) + c + (c << 14); + if ((g=h & 0xfe00000)!=0) h=(h ^ (g >> 21)); + } + return h; +} +function _uFixA(c,s,t) { + if (!c || c=="" || !s || s=="" || !t || t=="") return "-"; + var a=_uGC(c,"__utma="+_udh,s); + var lt=0,i=0; + if ((i=a.lastIndexOf(".")) > 9) { + _uns=a.substring(i+1,a.length); + _uns=(_uns*1)+1; + a=a.substring(0,i); + if ((i=a.lastIndexOf(".")) > 7) { + lt=a.substring(i+1,a.length); + a=a.substring(0,i); + } + if ((i=a.lastIndexOf(".")) > 5) { + a=a.substring(0,i); + } + a+="."+lt+"."+t+"."+_uns; + } + return a; +} +function _uTrim(s) { + if (!s || s=="") return ""; + while ((s.charAt(0)==' ') || (s.charAt(0)=='\n') || (s.charAt(0,1)=='\r')) s=s.substring(1,s.length); + while ((s.charAt(s.length-1)==' ') || (s.charAt(s.length-1)=='\n') || (s.charAt(s.length-1)=='\r')) s=s.substring(0,s.length-1); + return s; +} +function _uEC(s) { + var n=""; + if (!s || s=="") return ""; + for (var i=0;i0) r=a.substring(i+1,i2); else return ""; + if ((i=a.indexOf(".",i2+1))>0) t=a.substring(i2+1,i); else return ""; + if (f) { + return r; + } else { + var c=new Array('A','B','C','D','E','F','G','H','J','K','L','M','N','P','R','S','T','U','V','W','X','Y','Z','1','2','3','4','5','6','7','8','9'); + return c[r>>28&m]+c[r>>23&m]+c[r>>18&m]+c[r>>13&m]+"-"+c[r>>8&m]+c[r>>3&m]+c[((r&7)<<2)+(t>>30&3)]+c[t>>25&m]+c[t>>20&m]+"-"+c[t>>15&m]+c[t>>10&m]+c[t>>5&m]+c[t&m]; + } +} +function _uIN(n) { + if (!n) return false; + for (var i=0;i"9") && (c!=".")) return false; + } + return true; +} +function _uES(s,u) { + if (typeof(encodeURIComponent) == 'function') { + if (u) return encodeURI(s); + else return encodeURIComponent(s); + } else { + return escape(s); + } +} +function _uUES(s) { + if (typeof(decodeURIComponent) == 'function') { + return decodeURIComponent(s); + } else { + return unescape(s); + } +} +function _uVG() { + if((_udn.indexOf("www.google.") == 0 || _udn.indexOf(".google.") == 0 || _udn.indexOf("google.") == 0) && _utcp=='/' && _udn.indexOf("google.org")==-1) { + return false; + } + return true; +} +function _uSP() { + var s=100; + if (_usample) s=_usample; + if(s>=100 || s<=0) return true; + return ((__utmVisitorCode(1)%10000)<(s*100)); +} +function urchinPathCopy(p){ + var d=document,nx,tx,sx,i,c,cs,t,h,o; + cs=new Array("a","b","c","v","x","z"); + h=_uDomain(); if (_udn && _udn!="") o=" domain="+_udn+";"; + nx=_uNx()+";"; + tx=new Date(); tx.setTime(tx.getTime()+(_utimeout*1000)); + tx=tx.toGMTString()+";"; + sx=new Date(); sx.setTime(sx.getTime()+(_ucto*1000)); + sx=sx.toGMTString()+";"; + for (i=0;i<6;i++){ + t=" expires="; + if (i==1) t+=tx; else if (i==2) t=""; else if (i==5) t+=sx; else t+=nx; + c=_uGC(d.cookie,"__utm"+cs[i]+"="+h,";"); + if (c!="-") d.cookie="__utm"+cs[i]+"="+c+"; path="+p+";"+t+o; + } +} +function _uCO() { + if (!_utk || _utk=="" || _utk.length<10) return; + var d='www.google.com'; + if (_utk.charAt(0)=='!') d='analytics.corp.google.com'; + _ubd.cookie="GASO="+_utk+"; path="+_utcp+";"+_udo; + var sc=document.createElement('script'); + sc.type='text/javascript'; + sc.id="_gasojs"; + sc.src='https://'+d+'/analytics/reporting/overlay_js?gaso='+_utk+'&'+Math.random(); + document.getElementsByTagName('head')[0].appendChild(sc); +} +function _uGT() { + var h=location.hash, a; + if (h && h!="" && h.indexOf("#gaso=")==0) { + a=_uGC(h,"gaso=","&"); + } else { + a=_uGC(_ubd.cookie,"GASO=",";"); + } + return a; +} +var _utk=_uGT(); +if (_utk && _utk!="" && _utk.length>10) { + if (window.addEventListener) { + window.addEventListener('load', _uCO, false); + } else if (window.attachEvent) { + window.attachEvent('onload', _uCO); + } +} + +function _uNx() { + return (new Date((new Date()).getTime()+63072000000)).toGMTString(); +} diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/YLndcRpw5Ge-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/YLndcRpw5Ge-file new file mode 100644 index 0000000000..f98abd969e Binary files /dev/null and b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/YLndcRpw5Ge-file differ diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/Z3kT1FyLnfk-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/Z3kT1FyLnfk-file new file mode 100644 index 0000000000..4c2be686a9 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/Z3kT1FyLnfk-file @@ -0,0 +1,63 @@ +/* +************************************************* + +MOZILLA.ORG +Enhanced Screen Styles +(Only applicable if JavaScript is enabled) + +Created by the friendly folks at Happy Cog +http://www.happycog.com/ + +************************************************* +*/ + + +#quick-search label { position:absolute; left: 48px; top:14px; text-transform:uppercase; font-weight:bold; color:#dddfe0; font-size: 85%; /* 14px x 0.85 = 12px */} + + +/* community feed */ +#community-sub .rows li.over { background-color: #f5f6f6; } +#community-sub { position:relative; z-index:200; } + + +/* project carousel */ +.project-carousel { background:#CBCCCC url(/images/template/screen/bg_project_carousel.png) repeat-y right top; margin-right:-461px; padding:6px 0 6px 6px; position:relative; } +.project-carousel .pagination { position:absolute; right:471px; top:1em; padding-right:47px; } +.project-carousel .prev, .project-carousel .next { width:18px; height:21px; float:left; overflow:hidden; background:transparent url(/images/template/widgets/carousel-arrows.png) no-repeat 0 -21px; text-indent:-999px; position:absolute; top:0; right:0; } +.project-carousel .prev:hover, .project-carousel .next:hover { border-bottom:none; } + .project-carousel .prev { width:19px; right:18px; } + .project-carousel .next { background-position:-18px -21px; width:19px; } + .project-carousel .next.disabled { background-position:-18px top; } + .project-carousel .prev.disabled { background-position:left top; } +.projects-wrap { background: #dee0e1 url(/images/template/screen/bg_projects.png) repeat-y right center; height:14em; } + .projects-wrap .projects-fade-left { background:transparent url(/images/template/widgets/carousel-fade.png) repeat-y 0 0; position:absolute; padding:0 0 0 20px; height:10em; z-index:100; } + .projects-wrap .projects-fade-right { background:transparent url(/images/template/widgets/carousel-fade.png) repeat-y 0 100%; position:absolute; padding:0 0 0 20px; height:10em; z-index:100; } +.projects { background:none; height:10em; margin:0 451px 0 0; overflow:hidden; padding:2em 0; position:relative; } +.project { overflow:visible; height:auto; margin:0; } +.project-first { padding-left:20px; } + +/* project carousel */ +#home #sub { position:relative; } + +/* browser specific css */ +.projects { + border-radius:0; + -moz-border-radius:0; + -webkit-border-radius:0; +} +.projects-wrap { + border-radius:10px; + -moz-border-radius:10px; + -webkit-border-radius:10px; + + border-top-right-radius:0; + -moz-border-top-right-radius:0; + -webkit-border-top-right-radius:0; + + border-bottom-right-radius:0; + -moz-border-bottom-right-radius:0; + -webkit-border-bottom-right-radius:0; +} + +/* debug */ +/*#sub { display:none; }*/ diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/out new file mode 100644 index 0000000000..d400550396 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.pipeline/out @@ -0,0 +1,103 @@ +FileAnalysis::TRIGGER_NEW +Z3kT1FyLnfk, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +/*^J******** +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_EOF +Z3kT1FyLnfk, 2675, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp] +} +source: HTTP +SHA1: 0e42ae17eea9b074981bd3a34535ad3a22d02706 +MD5: b932c3310ce47e158d1a5a42e0b01279 +SHA256: 5b037a2c5e36f56e63a3012c73e46a04b27741d8ff8f8b62c832fb681fc60f42 +FileAnalysis::TRIGGER_NEW +WLJWC1FMBq9, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +//-- Google +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_EOF +WLJWC1FMBq9, 21421, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp] +} +source: HTTP +SHA1: 8f241117afaa8ca5f41dc059e66d75c283dcc983 +MD5: e732f7bf1d7cb4eedcb1661697d7bc8c +SHA256: 6a509fd05aa7c8fa05080198894bb19e638554ffcee0e0b3d7bc8ff54afee1da +FileAnalysis::TRIGGER_NEW +Ac8PLL9KL49, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +GIF89a^D\0^D\0\xb3 +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_DONE +Ac8PLL9KL49, 94, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp] +} +total bytes: 94 +source: HTTP +SHA1: 81f5f056ce5e97d940854bb0c48017b45dd9f15e +MD5: d903de7e30db1691d3130ba5eae6b9a7 +SHA256: 6fb22aa9d780ea63bd7a2e12b92b16fcbf1c4874f1d3e11309a5ba984433c315 +FileAnalysis::TRIGGER_NEW +NV2MvAX0Is4, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +\x89PNG^M^J^Z^J\0\0\0 +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_DONE +NV2MvAX0Is4, 2349, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp] +} +total bytes: 2349 +source: HTTP +SHA1: 560eab5a0177246827a94042dd103916d8765ac7 +MD5: e0029eea80812e9a8e57b8d05d52938a +SHA256: e0b4500c1fd1d675da4137461cbe64d3c8489f4180d194e47683b20e7fb876f4 +FileAnalysis::TRIGGER_NEW +YLndcRpw5Ge, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +\x89PNG^M^J^Z^J\0\0\0 +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_DONE +YLndcRpw5Ge, 27579, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp] +} +total bytes: 27579 +source: HTTP +SHA1: ee2b41bdef85de14ef332da14fc392f110b84249 +MD5: 30aa926344f58019d047e85ba049ca1e +SHA256: eb482bda230a215b90aedbfe1eee72b8193608df76a319aaf11fb85511579a1e diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/LkolCF6OeHh-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/LkolCF6OeHh-file new file mode 100644 index 0000000000..c62a7ee379 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/LkolCF6OeHh-file @@ -0,0 +1,17 @@ +{ + "origin": "10.142.133.148", + "files": {}, + "form": null, + "url": "http://httpbin.org/post", + "args": {}, + "headers": { + "Content-Length": "11", + "Connection": "close", + "Accept": "*/*", + "User-Agent": "curl/7.29.0", + "Host": "httpbin.org", + "Content-Type": "application/x-www-form-urlencoded" + }, + "json": null, + "data": "hello world" +} \ No newline at end of file diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/WDJLxTGN0m8-file b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/WDJLxTGN0m8-file new file mode 100644 index 0000000000..95d09f2b10 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/WDJLxTGN0m8-file @@ -0,0 +1 @@ +hello world \ No newline at end of file diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/out new file mode 100644 index 0000000000..5dc60d1930 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.post/out @@ -0,0 +1,42 @@ +FileAnalysis::TRIGGER_NEW +WDJLxTGN0m8, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +hello world +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_DONE +WDJLxTGN0m8, 11, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=141.142.228.5, orig_p=53595/tcp, resp_h=54.243.55.129, resp_p=80/tcp] +} +total bytes: 11 +source: HTTP +SHA1: 2aae6c35c94fcfb415dbe95f408b9ce91ee846ed +MD5: 5eb63bbbe01eeed093cb22bb8f5acdc3 +SHA256: b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9 +FileAnalysis::TRIGGER_NEW +LkolCF6OeHh, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +{^J "origin +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_DONE +LkolCF6OeHh, 366, 0 +{ +UWkUyAuUGXf +} +{ +[orig_h=141.142.228.5, orig_p=53595/tcp, resp_h=54.243.55.129, resp_p=80/tcp] +} +total bytes: 366 +source: HTTP +SHA1: 6a1582672c203210c6d18d700322060b676365e7 +MD5: c9337794df612aeaa901dcf9fa446bca +SHA256: 8eb24c16df7cb45cb6a1790b0d26ad2571f754228d0ac111b3ac59adbfecbeb8 diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/out new file mode 100644 index 0000000000..0934a9c980 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/out @@ -0,0 +1,20 @@ +FileAnalysis::TRIGGER_NEW +6w2n1vAlfzk, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +PK^C^D^T\0\0\0^H\0\xae +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_EOF +6w2n1vAlfzk, 42208, 0 +{ +arKYeMETxOg +} +{ +[orig_h=192.168.1.77, orig_p=57655/tcp, resp_h=209.197.168.151, resp_p=1024/tcp] +} +source: irc-dcc-data +SHA1: 8abe0239263fd7326eb803d4465cf494f8bea218 +MD5: 8c0803242f549c2780cb88b9a9215c65 +SHA256: e4f0b0b9d7580e7a22dc1093c8db4df7d0115a4f3b03cc2875cc69705f0d0204 diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/thefile b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/thefile new file mode 100644 index 0000000000..d4ec9e374b Binary files /dev/null and b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.irc/thefile differ diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/out b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/out new file mode 100644 index 0000000000..2234bba1d7 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/out @@ -0,0 +1,60 @@ +FileAnalysis::TRIGGER_NEW +wBZuaIADU0b, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER +Hello^M^J^M^J ^M +FileAnalysis::TRIGGER_TYPE +file type is set +mime type is set +FileAnalysis::TRIGGER_EOF +wBZuaIADU0b, 79, 0 +{ +arKYeMETxOg +} +{ +[orig_h=10.10.1.4, orig_p=1470/tcp, resp_h=74.53.140.153, resp_p=25/tcp] +} +source: SMTP +SHA1: b7e497be8a9f5e2c4b6980fceb015360f98f4a13 +MD5: 92bca2e6cdcde73647125da7dccbdd07 +SHA256: 785a8a044d1454ec88837108f443bbb30cc4f529393ffd57118261036bfe59f5 +FileAnalysis::TRIGGER_NEW +i3lOtWMsCWb, 0, 0 +FileAnalysis::TRIGGER_BOF +FileAnalysis::TRIGGER_BOF_BUFFER + + + + + + + + + + + +
+ +

Hello

+ +

 

+ +

I send u smtp pcap file

+ +

Find the attachment

+ +

 

+ +

GPS

+ +
+ + + + + diff --git a/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/thefile2 b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/thefile2 new file mode 100644 index 0000000000..9eb3055735 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.file-analysis.smtp/thefile2 @@ -0,0 +1,264 @@ +Version 4.9.9.1 +* Many bug fixes +* Improved editor + +Version 4.9.9.0 +* Support for latest Mingw compiler system builds +* Bug fixes + +Version 4.9.8.9 +* New code tooltip display +* Improved Indent/Unindent and Remove Comment +* Improved automatic indent +* Added support for the "interface" keyword +* WebUpdate should now report installation problems from PackMan +* New splash screen and association icons +* Improved installer +* Many bug fixes + +Version 4.9.8.7 +* Added support for GCC > 3.2 +* Debug variables are now resent during next debug session +* Watched Variables not in correct context are now kept and updated when it is needed +* Added new compiler/linker options: 20 + - Strip executable + - Generate instructions for a specific machine (i386, i486, i586, i686, pentium, pentium-mmx, pentiumpro, pentium2, pentium3, pentium4, 20 + k6, k6-2, k6-3, athlon, athlon-tbird, athlon-4, athlon-xp, athlon-mp, winchip-c6, winchip2, k8, c3 and c3-2) + - Enable use of processor specific built-in functions (mmmx, sse, sse2, pni, 3dnow) +* "Default" button in Compiler Options is back +* Error messages parsing improved +* Bug fixes + +Version 4.9.8.5 +* Added the possibility to modify the value of a variable during debugging (right click on a watch variable and select "Modify value") +* During Dev-C++ First Time COnfiguration window, users can now choose between using or not class browser and code completion features. +* Many bug fixes + +Version 4.9.8.4 +* Added the possibility to specify an include directory for the code completion cache to be created at Dev-C++ first startup +* Improved code completion cache +* WebUpdate will now backup downloaded DevPaks in Dev-C++\Packages directory, and Dev-C++ executable in devcpp.exe.BACKUP +* Big speed up in function parameters listing while editing +* Bug fixes + +Version 4.9.8.3 +* On Dev-C++ first time configuration dialog, a code completion cache of all the standard 20 + include files can now be generated. +* Improved WebUpdate module +* Many bug fixes + +Version 4.9.8.2 +* New debug feature for DLLs: attach to a running process +* New project option: Use custom Makefile. 20 +* New WebUpdater module. +* Allow user to specify an alternate configuration file in Environment Options 20 + (still can be overriden by using "-c" command line parameter). +* Lots of bug fixes. + +Version 4.9.8.1 +* When creating a DLL, the created static lib respects now the project-defined output directory + +Version 4.9.8.0 +* Changed position of compiler/linker parameters in Project Options. +* Improved help file +* Bug fixes + +Version 4.9.7.9 +* Resource errors are now reported in the Resource sheet +* Many bug fixes + +Version 4.9.7.8 +* Made whole bottom report control floating instead of only debug output. +* Many bug fixes + +Version 4.9.7.7 +* Printing settings are now saved +* New environment options : "watch variable under mouse" and "Report watch errors" +* Bug fixes + +Version 4.9.7.6 +* Debug variable browser +* Added possibility to include in a Template the Project's directories (include, libs and ressources) +* Changed tint of Class browser pictures colors to match the New Look style +* Bug fixes + +Version 4.9.7.5 +* Bug fixes + +Version 4.9.7.4 +* When compiling with debugging symbols, an extra definition is passed to the + compiler: -D__DEBUG__ +* Each project creates a _private.h file containing version + information definitions +* When compiling the current file only, no dependency checks are performed +* ~300% Speed-up in class parser +* Added "External programs" in Tools/Environment Options (for units "Open with") +* Added "Open with" in project units context menu +* Added "Classes" toolbar +* Fixed pre-compilation dependency checks to work correctly +* Added new file menu entry: Save Project As +* Bug-fix for double quotes in devcpp.cfg file read by vUpdate +* Other bug fixes + +Version 4.9.7.3 +* When adding debugging symbols on request, remove "-s" option from linker +* Compiling progress window +* Environment options : "Show progress window" and "Auto-close progress window" +* Bug fixes + +Version 4.9.7.2 +* Bug fixes + +Version 4.9.7.1 +* "Build priority" per-unit +* "Include file in linking process" per-unit +* New feature: compile current file only +* Separated C++ compiler options from C compiler options in Makefile (see bug report #654744) +* Separated C++ include dirs from C include dirs in Makefile (see bug report #654744) +* Necessary UI changes in Project Options +* Added display of project filename, project output and a summary of the project files in Project Options General tab. +* Fixed the "compiler-dirs-with-spaces" bug that crept-in in 4.9.7.0 +* Multi-select files in project-view (when "double-click to open" is configured in Environment Settings) +* Resource files are treated as ordinary files now +* Updates in "Project Options/Files" code +* MSVC import now creates the folders structure of the original VC project +* Bug fixes + +Version 4.9.7.0 +* Allow customizing of per-unit compile command in projects +* Added two new macros: and +* Added support for macros in the "default source code" (Tools/Editor Options/Code) +* Separated layout info from project file. It is now kept in a different file + (the same filename as the project's but with extension ".layout"). If you + have your project under CVS control, you ''ll know why this had to happen... +* Compiler settings per-project +* Compiler set per-project +* Implemented new compiler settings framework +* "Compile as C++" per-unit +* "Include file in compilation process" per-unit +* Project version info (creates the relevant VERSIONINFO struct in the private + resource) +* Support XP Themes (creates the CommonControls 6.0 manifest file and includes + it in the private resource) +* Added CVS "login" and "logout" commands +* Project manager and debugging window (in Debug tab) can now be trasnformed into floating windows. +* Added "Add Library" button in Project Options +* Bug fixes + +Version 4.9.6.9 +* Implemented search in help files for the word at cursor (context sensitive help) +* Implemented "compiler sets" infrastructure to switch between different compilers easily (e.g. gcc-2.95 and gcc-3.2) +* Added "Files" tab in CVS form to allow selection of more than one file for + the requested CVS action + 20 +Version 4.9.6.8 +* support for DLL application hosting, for debugging and executing DLLs under Dev-C++. +* New class browser option: "Show inherited members" +* Added support for the '::' member access operator in code-completion +* Added *working* function arguments hint +* Added bracket highlighting. When the caret is on a bracket, that bracket and + its counterpart are highlighted +* Nested folders in project view + +Version 4.9.6.7 +* XP Theme support +* Added CVS commands "Add" and "Remove" +* Added configuration option for "Templates Directory" in "Environment Options" +* Code-completion updates +* Bug fixes + +Version 4.9.6.6 +* Editor colors are initialized properly on Dev-C++ first-run +* Added doxygen-style comments in NewClass, NewMemberFunction and NewMemberVariable wizards +* Added file's date/time stamp in File/Properties window +* Current windows listing in Window menu +* Bug fixes + +Version 4.9.6.5 +* CVS support +* Window list (in Window menu) +* bug fixes + +version 4.9.6.4 +* added ENTER key for opening file in project browser, DEL to delete from the project. +* bug fixes + +version 4.9.6.3 +* Bug fixes + +version 4.9.6.2 +* Bug fixes + +version 4.9.6.1 +* New "Abort compilation" button +* Bug fixes +* Now checks for vRoach existance when sending a crash report + +Version 4.9.5.5 +* New option in Editor Options: Show editor hints. User can disable the hints + displayed in the editor when the mouse moves over a word. Since this was the + cause of many errors (although it should be fixed by now), we are giving the + user the option to disable this feature. +* New option in Editor Options (code-completion): Use code-completion cache. + Well, it adds caching to code-completion. Depending on the cache size, + the program may take a bit longer to start-up, but provides very fast + code-completion and the user has all the commands (belonging to the files + he added in the cache) at his fingertips. If, for example, the user adds + "windows.h", he gets all the WinAPI! If he adds "wx/wx.h", he gets all of + wxWindows! You get the picture... +* Removed "Only show classes from current file" option in class browser settings. + It used to be a checkbox, allowing only two states (on or off), but there is + a third relevant option now: "Project classes" so it didn't fit the purpose... + The user can define this in the class browser's context menu under "View mode". +* Fixed the dreaded "Clock skew detected" compiler warning! +* Fixed many class browser bugs, including some that had to do with class folders. + +Version 4.9.5.4 +* Under NT, 2000 and XP, user application data directory will be used to store config files (i.e : C:\Documents and Settings\Username\Local Settings\Application Data) + +Version 4.9.5.3 +* Added ExceptionsAnalyzer. If the devcpp.map file is in the devcpp.exe directory + then we even get a stack trace in the bug report! +* Added new WebUpdate module (inactive temporarily). +* Added new code for code-completion caching of files (disabled - work in progress). + +Version 4.9.5.2 +* Added new option in class-browser: Use colors + (available when right-clicking the class-browser + and selecting "View mode"). +* Dev-C++ now traps access violation of your programs (and of itself too ;) + +Version 4.9.5.1 +* Implemented the "File/Export/Project to HTML" function. +* Added "Tip of the day" system. +* When running a source file in explorer, don't spawn new instance. + Instead open the file in an already launched Dev-C++. +* Class-parser speed-up (50% to 85% improvement timed!!!) +* Many code-completion updates. Now takes into account context, + class inheritance and visibility (shows items only from files + #included directly or indirectly)! +* Caching of result set of code-completion for speed-up. +* New option "Execution/Parameters" (and "Debug/Parameters"). + +Version 4.9.5.0 (5.0 beta 5): +* CPU Window (still in development) +* ToDo list +* Backtrace in debugging +* Run to cursor +* Folders in Project and Class Browser +* Send custom commands to GDB +* Makefile can now be customized. +* Modified the behaviour of the -c param : 20 + -c +* Saving of custom syntax parameter group +* Possibility of changing compilers and tools filename. +* Many bug fixes + + +Version 4.9.4.1 (5.0 beta 4.1): + +* back to gcc 2.95.3 +* Profiling support +* new update/packages checker (vUpdate) +* Lots of bugfixes + diff --git a/testing/btest/Traces/ftp-ipv4.trace b/testing/btest/Traces/ftp/ipv4.trace similarity index 100% rename from testing/btest/Traces/ftp-ipv4.trace rename to testing/btest/Traces/ftp/ipv4.trace diff --git a/testing/btest/Traces/ipv6-ftp.trace b/testing/btest/Traces/ftp/ipv6.trace similarity index 100% rename from testing/btest/Traces/ipv6-ftp.trace rename to testing/btest/Traces/ftp/ipv6.trace diff --git a/testing/btest/Traces/ftp/retr.trace b/testing/btest/Traces/ftp/retr.trace new file mode 100644 index 0000000000..a63ec5e153 Binary files /dev/null and b/testing/btest/Traces/ftp/retr.trace differ diff --git a/testing/btest/Traces/http-100-continue.trace b/testing/btest/Traces/http/100-continue.trace similarity index 100% rename from testing/btest/Traces/http-100-continue.trace rename to testing/btest/Traces/http/100-continue.trace diff --git a/testing/btest/Traces/http/206_example_a.pcap b/testing/btest/Traces/http/206_example_a.pcap new file mode 100644 index 0000000000..ca134bf701 Binary files /dev/null and b/testing/btest/Traces/http/206_example_a.pcap differ diff --git a/testing/btest/Traces/http/206_example_b.pcap b/testing/btest/Traces/http/206_example_b.pcap new file mode 100644 index 0000000000..2752452587 Binary files /dev/null and b/testing/btest/Traces/http/206_example_b.pcap differ diff --git a/testing/btest/Traces/http/206_example_c.pcap b/testing/btest/Traces/http/206_example_c.pcap new file mode 100644 index 0000000000..990de43a79 Binary files /dev/null and b/testing/btest/Traces/http/206_example_c.pcap differ diff --git a/testing/btest/Traces/http-byteranges.trace b/testing/btest/Traces/http/byteranges.trace similarity index 100% rename from testing/btest/Traces/http-byteranges.trace rename to testing/btest/Traces/http/byteranges.trace diff --git a/testing/btest/Traces/http/get-gzip.trace b/testing/btest/Traces/http/get-gzip.trace new file mode 100644 index 0000000000..8e228e4125 Binary files /dev/null and b/testing/btest/Traces/http/get-gzip.trace differ diff --git a/testing/btest/Traces/http/get.trace b/testing/btest/Traces/http/get.trace new file mode 100644 index 0000000000..f098e04ae6 Binary files /dev/null and b/testing/btest/Traces/http/get.trace differ diff --git a/testing/btest/Traces/http-methods.trace b/testing/btest/Traces/http/methods.trace similarity index 100% rename from testing/btest/Traces/http-methods.trace rename to testing/btest/Traces/http/methods.trace diff --git a/testing/btest/Traces/http-pipelined-requests.trace b/testing/btest/Traces/http/pipelined-requests.trace similarity index 100% rename from testing/btest/Traces/http-pipelined-requests.trace rename to testing/btest/Traces/http/pipelined-requests.trace diff --git a/testing/btest/Traces/http/post.trace b/testing/btest/Traces/http/post.trace new file mode 100644 index 0000000000..91a8ffce17 Binary files /dev/null and b/testing/btest/Traces/http/post.trace differ diff --git a/testing/btest/core/ipv6-flow-labels.test b/testing/btest/core/ipv6-flow-labels.test index b4e60cb0a4..2265cd55d4 100644 --- a/testing/btest/core/ipv6-flow-labels.test +++ b/testing/btest/core/ipv6-flow-labels.test @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -b -r $TRACES/ipv6-ftp.trace %INPUT >output +# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >output # @TEST-EXEC: btest-diff output function print_connection(c: connection, event_name: string) diff --git a/testing/btest/core/leaks/vector-val-bifs.test b/testing/btest/core/leaks/vector-val-bifs.test index d42e273bc5..775f06e987 100644 --- a/testing/btest/core/leaks/vector-val-bifs.test +++ b/testing/btest/core/leaks/vector-val-bifs.test @@ -8,7 +8,7 @@ # assuming that it didn't automatically Ref the VectorType argument and thus # leaked that memeory. # -# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/ftp-ipv4.trace %INPUT >output +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/ftp/ipv4.trace %INPUT >output # @TEST-EXEC: btest-diff output function myfunc(aa: interval, bb: interval): int diff --git a/testing/btest/scripts/base/frameworks/file-analysis/ftp.bro b/testing/btest/scripts/base/frameworks/file-analysis/ftp.bro new file mode 100644 index 0000000000..153eeb186c --- /dev/null +++ b/testing/btest/scripts/base/frameworks/file-analysis/ftp.bro @@ -0,0 +1,68 @@ +# @TEST-EXEC: bro -r $TRACES/ftp/retr.trace %INPUT >out +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff thefile + +global actions: set[FileAnalysis::ActionArgs]; + +hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info) + { + print trig; + + switch ( trig ) { + case FileAnalysis::TRIGGER_NEW: + print info$file_id, info$seen_bytes, info$missing_bytes; + + if ( info$source == "ftp-data" ) + { + for ( act in actions ) + FileAnalysis::add_action(info$file_id, act); + } + break; + + case FileAnalysis::TRIGGER_BOF_BUFFER: + if ( info?$bof_buffer ) + print info$bof_buffer[0:10]; + break; + + case FileAnalysis::TRIGGER_TYPE: + # not actually printing the values due to libmagic variances + if ( info?$file_type ) + print "file type is set"; + if ( info?$mime_type ) + print "mime type is set"; + break; + + case FileAnalysis::TRIGGER_EOF: + print info$file_id, info$seen_bytes, info$missing_bytes; + print info$conn_uids; + print info$conn_ids; + + if ( info?$total_bytes ) + print "total bytes: " + fmt("%s", info$total_bytes); + if ( info?$source ) + print "source: " + info$source; + + for ( act in info$actions ) + switch ( act$act ) { + case FileAnalysis::ACTION_MD5: + print fmt("MD5: %s", info$actions[act]$md5); + break; + case FileAnalysis::ACTION_SHA1: + print fmt("SHA1: %s", info$actions[act]$sha1); + break; + case FileAnalysis::ACTION_SHA256: + print fmt("SHA256: %s", info$actions[act]$sha256); + break; + } + break; + } + } + +event bro_init() + { + add actions[[$act=FileAnalysis::ACTION_EXTRACT, + $extract_filename="thefile"]]; + add actions[[$act=FileAnalysis::ACTION_MD5]]; + add actions[[$act=FileAnalysis::ACTION_SHA1]]; + add actions[[$act=FileAnalysis::ACTION_SHA256]]; + } diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/get.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/get.bro new file mode 100644 index 0000000000..1f7c5e0363 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/get.bro @@ -0,0 +1,76 @@ +# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT >get.out +# @TEST-EXEC: bro -r $TRACES/http/get-gzip.trace %INPUT >get-gzip.out +# @TEST-EXEC: btest-diff get.out +# @TEST-EXEC: btest-diff get-gzip.out +# @TEST-EXEC: btest-diff KPVibShQgUc-file +# @TEST-EXEC: btest-diff LMA6EHLacYc-file + +global actions: set[FileAnalysis::ActionArgs]; + +hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info) + { + print trig; + + switch ( trig ) { + case FileAnalysis::TRIGGER_NEW: + print info$file_id, info$seen_bytes, info$missing_bytes; + + if ( info$source == "HTTP" ) + { + for ( act in actions ) + FileAnalysis::add_action(info$file_id, act); + local filename: string = fmt("%s-file", info$file_id); + FileAnalysis::add_action(info$file_id, + [$act=FileAnalysis::ACTION_EXTRACT, + $extract_filename=filename]); + } + break; + + case FileAnalysis::TRIGGER_BOF_BUFFER: + if ( info?$bof_buffer ) + print info$bof_buffer[0:10]; + break; + + case FileAnalysis::TRIGGER_TYPE: + # not actually printing the values due to libmagic variances + if ( info?$file_type ) + print "file type is set"; + if ( info?$mime_type ) + print "mime type is set"; + break; + + case FileAnalysis::TRIGGER_EOF: + fallthrough; + case FileAnalysis::TRIGGER_DONE: + + print info$file_id, info$seen_bytes, info$missing_bytes; + print info$conn_uids; + print info$conn_ids; + + if ( info?$total_bytes ) + print "total bytes: " + fmt("%s", info$total_bytes); + if ( info?$source ) + print "source: " + info$source; + + for ( act in info$actions ) + switch ( act$act ) { + case FileAnalysis::ACTION_MD5: + print fmt("MD5: %s", info$actions[act]$md5); + break; + case FileAnalysis::ACTION_SHA1: + print fmt("SHA1: %s", info$actions[act]$sha1); + break; + case FileAnalysis::ACTION_SHA256: + print fmt("SHA256: %s", info$actions[act]$sha256); + break; + } + break; + } + } + +event bro_init() + { + add actions[[$act=FileAnalysis::ACTION_MD5]]; + add actions[[$act=FileAnalysis::ACTION_SHA1]]; + add actions[[$act=FileAnalysis::ACTION_SHA256]]; + } diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro new file mode 100644 index 0000000000..aed7bd1778 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/partial-content.bro @@ -0,0 +1,89 @@ +# @TEST-EXEC: bro -r $TRACES/http/206_example_a.pcap %INPUT >a.out +# @TEST-EXEC: btest-diff a.out +# @TEST-EXEC: wc -c uj9AtyGOiZ8-file0 >a.size +# @TEST-EXEC: btest-diff a.size + +# @TEST-EXEC: bro -r $TRACES/http/206_example_b.pcap %INPUT >b.out +# @TEST-EXEC: btest-diff b.out +# @TEST-EXEC: wc -c ns7As4DOZcj-file0 >b.size +# @TEST-EXEC: btest-diff b.size + +# @TEST-EXEC: bro -r $TRACES/http/206_example_c.pcap %INPUT >c.out +# @TEST-EXEC: btest-diff c.out +# @TEST-EXEC: wc -c MHMkq2nFxej-file0 >c.size +# @TEST-EXEC: btest-diff c.size + +global actions: set[FileAnalysis::ActionArgs]; +global cnt: count = 0; + +hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info) + { + print trig; + + switch ( trig ) { + case FileAnalysis::TRIGGER_NEW: + print info$file_id, info$seen_bytes, info$missing_bytes; + + if ( info$source == "HTTP" ) + { + for ( act in actions ) + FileAnalysis::add_action(info$file_id, act); + local filename: string = fmt("%s-file%d", info$file_id, cnt); + ++cnt; + FileAnalysis::add_action(info$file_id, + [$act=FileAnalysis::ACTION_EXTRACT, + $extract_filename=filename]); + } + break; + + case FileAnalysis::TRIGGER_BOF_BUFFER: + if ( info?$bof_buffer ) + print info$bof_buffer[0:10]; + break; + + case FileAnalysis::TRIGGER_TYPE: + # not actually printing the values due to libmagic variances + if ( info?$file_type ) + print "file type is set"; + if ( info?$mime_type ) + print "mime type is set"; + break; + + case FileAnalysis::TRIGGER_EOF: + fallthrough; + case FileAnalysis::TRIGGER_DONE: + + print info$file_id, info$seen_bytes, info$missing_bytes; + print info$conn_uids; + print info$conn_ids; + + if ( info?$total_bytes ) + print "total bytes: " + fmt("%s", info$total_bytes); + if ( info?$source ) + print "source: " + info$source; + + for ( act in info$actions ) + switch ( act$act ) { + case FileAnalysis::ACTION_MD5: + if ( info$actions[act]?$md5 ) + print fmt("MD5: %s", info$actions[act]$md5); + break; + case FileAnalysis::ACTION_SHA1: + if ( info$actions[act]?$sha1 ) + print fmt("SHA1: %s", info$actions[act]$sha1); + break; + case FileAnalysis::ACTION_SHA256: + if ( info$actions[act]?$sha256 ) + print fmt("SHA256: %s", info$actions[act]$sha256); + break; + } + break; + } + } + +event bro_init() + { + add actions[[$act=FileAnalysis::ACTION_MD5]]; + add actions[[$act=FileAnalysis::ACTION_SHA1]]; + add actions[[$act=FileAnalysis::ACTION_SHA256]]; + } diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro new file mode 100644 index 0000000000..6ca05188b8 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/pipeline.bro @@ -0,0 +1,77 @@ +# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT >out +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff Z3kT1FyLnfk-file +# @TEST-EXEC: btest-diff WLJWC1FMBq9-file +# @TEST-EXEC: btest-diff Ac8PLL9KL49-file +# @TEST-EXEC: btest-diff NV2MvAX0Is4-file +# @TEST-EXEC: btest-diff YLndcRpw5Ge-file + +global actions: set[FileAnalysis::ActionArgs]; + +hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info) + { + print trig; + + switch ( trig ) { + case FileAnalysis::TRIGGER_NEW: + print info$file_id, info$seen_bytes, info$missing_bytes; + + if ( info$source == "HTTP" ) + { + for ( act in actions ) + FileAnalysis::add_action(info$file_id, act); + local filename: string = fmt("%s-file", info$file_id); + FileAnalysis::add_action(info$file_id, + [$act=FileAnalysis::ACTION_EXTRACT, + $extract_filename=filename]); + } + break; + + case FileAnalysis::TRIGGER_BOF_BUFFER: + if ( info?$bof_buffer ) + print info$bof_buffer[0:10]; + break; + + case FileAnalysis::TRIGGER_TYPE: + # not actually printing the values due to libmagic variances + if ( info?$file_type ) + print "file type is set"; + if ( info?$mime_type ) + print "mime type is set"; + break; + + case FileAnalysis::TRIGGER_EOF: + fallthrough; + case FileAnalysis::TRIGGER_DONE: + + print info$file_id, info$seen_bytes, info$missing_bytes; + print info$conn_uids; + print info$conn_ids; + + if ( info?$total_bytes ) + print "total bytes: " + fmt("%s", info$total_bytes); + if ( info?$source ) + print "source: " + info$source; + + for ( act in info$actions ) + switch ( act$act ) { + case FileAnalysis::ACTION_MD5: + print fmt("MD5: %s", info$actions[act]$md5); + break; + case FileAnalysis::ACTION_SHA1: + print fmt("SHA1: %s", info$actions[act]$sha1); + break; + case FileAnalysis::ACTION_SHA256: + print fmt("SHA256: %s", info$actions[act]$sha256); + break; + } + break; + } + } + +event bro_init() + { + add actions[[$act=FileAnalysis::ACTION_MD5]]; + add actions[[$act=FileAnalysis::ACTION_SHA1]]; + add actions[[$act=FileAnalysis::ACTION_SHA256]]; + } diff --git a/testing/btest/scripts/base/frameworks/file-analysis/http/post.bro b/testing/btest/scripts/base/frameworks/file-analysis/http/post.bro new file mode 100644 index 0000000000..4807edcd3f --- /dev/null +++ b/testing/btest/scripts/base/frameworks/file-analysis/http/post.bro @@ -0,0 +1,74 @@ +# @TEST-EXEC: bro -r $TRACES/http/post.trace %INPUT >out +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff WDJLxTGN0m8-file +# @TEST-EXEC: btest-diff LkolCF6OeHh-file + +global actions: set[FileAnalysis::ActionArgs]; + +hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info) + { + print trig; + + switch ( trig ) { + case FileAnalysis::TRIGGER_NEW: + print info$file_id, info$seen_bytes, info$missing_bytes; + + if ( info$source == "HTTP" ) + { + for ( act in actions ) + FileAnalysis::add_action(info$file_id, act); + local filename: string = fmt("%s-file", info$file_id); + FileAnalysis::add_action(info$file_id, + [$act=FileAnalysis::ACTION_EXTRACT, + $extract_filename=filename]); + } + break; + + case FileAnalysis::TRIGGER_BOF_BUFFER: + if ( info?$bof_buffer ) + print info$bof_buffer[0:10]; + break; + + case FileAnalysis::TRIGGER_TYPE: + # not actually printing the values due to libmagic variances + if ( info?$file_type ) + print "file type is set"; + if ( info?$mime_type ) + print "mime type is set"; + break; + + case FileAnalysis::TRIGGER_EOF: + fallthrough; + case FileAnalysis::TRIGGER_DONE: + + print info$file_id, info$seen_bytes, info$missing_bytes; + print info$conn_uids; + print info$conn_ids; + + if ( info?$total_bytes ) + print "total bytes: " + fmt("%s", info$total_bytes); + if ( info?$source ) + print "source: " + info$source; + + for ( act in info$actions ) + switch ( act$act ) { + case FileAnalysis::ACTION_MD5: + print fmt("MD5: %s", info$actions[act]$md5); + break; + case FileAnalysis::ACTION_SHA1: + print fmt("SHA1: %s", info$actions[act]$sha1); + break; + case FileAnalysis::ACTION_SHA256: + print fmt("SHA256: %s", info$actions[act]$sha256); + break; + } + break; + } + } + +event bro_init() + { + add actions[[$act=FileAnalysis::ACTION_MD5]]; + add actions[[$act=FileAnalysis::ACTION_SHA1]]; + add actions[[$act=FileAnalysis::ACTION_SHA256]]; + } diff --git a/testing/btest/scripts/base/frameworks/file-analysis/irc.bro b/testing/btest/scripts/base/frameworks/file-analysis/irc.bro new file mode 100644 index 0000000000..344a2ad6ab --- /dev/null +++ b/testing/btest/scripts/base/frameworks/file-analysis/irc.bro @@ -0,0 +1,68 @@ +# @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT >out +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff thefile + +global actions: set[FileAnalysis::ActionArgs]; + +hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info) + { + print trig; + + switch ( trig ) { + case FileAnalysis::TRIGGER_NEW: + print info$file_id, info$seen_bytes, info$missing_bytes; + + if ( info$source == "irc-dcc-data" ) + { + for ( act in actions ) + FileAnalysis::add_action(info$file_id, act); + } + break; + + case FileAnalysis::TRIGGER_BOF_BUFFER: + if ( info?$bof_buffer ) + print info$bof_buffer[0:10]; + break; + + case FileAnalysis::TRIGGER_TYPE: + # not actually printing the values due to libmagic variances + if ( info?$file_type ) + print "file type is set"; + if ( info?$mime_type ) + print "mime type is set"; + break; + + case FileAnalysis::TRIGGER_EOF: + print info$file_id, info$seen_bytes, info$missing_bytes; + print info$conn_uids; + print info$conn_ids; + + if ( info?$total_bytes ) + print "total bytes: " + fmt("%s", info$total_bytes); + if ( info?$source ) + print "source: " + info$source; + + for ( act in info$actions ) + switch ( act$act ) { + case FileAnalysis::ACTION_MD5: + print fmt("MD5: %s", info$actions[act]$md5); + break; + case FileAnalysis::ACTION_SHA1: + print fmt("SHA1: %s", info$actions[act]$sha1); + break; + case FileAnalysis::ACTION_SHA256: + print fmt("SHA256: %s", info$actions[act]$sha256); + break; + } + break; + } + } + +event bro_init() + { + add actions[[$act=FileAnalysis::ACTION_EXTRACT, + $extract_filename="thefile"]]; + add actions[[$act=FileAnalysis::ACTION_MD5]]; + add actions[[$act=FileAnalysis::ACTION_SHA1]]; + add actions[[$act=FileAnalysis::ACTION_SHA256]]; + } diff --git a/testing/btest/scripts/base/frameworks/file-analysis/smtp.bro b/testing/btest/scripts/base/frameworks/file-analysis/smtp.bro new file mode 100644 index 0000000000..48a97f4174 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/file-analysis/smtp.bro @@ -0,0 +1,74 @@ +# @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT >out +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff thefile0 +# @TEST-EXEC: btest-diff thefile1 +# @TEST-EXEC: btest-diff thefile2 + +global actions: set[FileAnalysis::ActionArgs]; +global cnt: count = 0; + +hook FileAnalysis::policy(trig: FileAnalysis::Trigger, info: FileAnalysis::Info) + { + print trig; + + switch ( trig ) { + case FileAnalysis::TRIGGER_NEW: + print info$file_id, info$seen_bytes, info$missing_bytes; + + if ( info$source == "SMTP" ) + { + for ( act in actions ) + FileAnalysis::add_action(info$file_id, act); + local filename: string = fmt("thefile%d", cnt); + ++cnt; + FileAnalysis::add_action(info$file_id, + [$act=FileAnalysis::ACTION_EXTRACT, + $extract_filename=filename]); + } + break; + + case FileAnalysis::TRIGGER_BOF_BUFFER: + if ( info?$bof_buffer ) + print info$bof_buffer[0:10]; + break; + + case FileAnalysis::TRIGGER_TYPE: + # not actually printing the values due to libmagic variances + if ( info?$file_type ) + print "file type is set"; + if ( info?$mime_type ) + print "mime type is set"; + break; + + case FileAnalysis::TRIGGER_EOF: + print info$file_id, info$seen_bytes, info$missing_bytes; + print info$conn_uids; + print info$conn_ids; + + if ( info?$total_bytes ) + print "total bytes: " + fmt("%s", info$total_bytes); + if ( info?$source ) + print "source: " + info$source; + + for ( act in info$actions ) + switch ( act$act ) { + case FileAnalysis::ACTION_MD5: + print fmt("MD5: %s", info$actions[act]$md5); + break; + case FileAnalysis::ACTION_SHA1: + print fmt("SHA1: %s", info$actions[act]$sha1); + break; + case FileAnalysis::ACTION_SHA256: + print fmt("SHA256: %s", info$actions[act]$sha256); + break; + } + break; + } + } + +event bro_init() + { + add actions[[$act=FileAnalysis::ACTION_MD5]]; + add actions[[$act=FileAnalysis::ACTION_SHA1]]; + add actions[[$act=FileAnalysis::ACTION_SHA256]]; + } diff --git a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test index 82f46b62c8..b53081826c 100644 --- a/testing/btest/scripts/base/protocols/conn/contents-default-extract.test +++ b/testing/btest/scripts/base/protocols/conn/contents-default-extract.test @@ -1,3 +1,3 @@ -# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ipv6-ftp.trace "Conn::default_extract=T" +# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T" # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat # @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat diff --git a/testing/btest/scripts/base/protocols/conn/polling.test b/testing/btest/scripts/base/protocols/conn/polling.test index a6fbc35f66..f855326e77 100644 --- a/testing/btest/scripts/base/protocols/conn/polling.test +++ b/testing/btest/scripts/base/protocols/conn/polling.test @@ -1,6 +1,6 @@ -# @TEST-EXEC: bro -b -r $TRACES/http-100-continue.trace %INPUT >out1 +# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT >out1 # @TEST-EXEC: btest-diff out1 -# @TEST-EXEC: bro -b -r $TRACES/http-100-continue.trace %INPUT stop_cnt=2 >out2 +# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2 # @TEST-EXEC: btest-diff out2 @load base/protocols/conn diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro index 5cb8b808d5..cb58d4af8a 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv4. # -# @TEST-EXEC: bro -r $TRACES/ftp-ipv4.trace +# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.bro b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.bro index 7ce31808c9..87dfa7e052 100644 --- a/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.bro +++ b/testing/btest/scripts/base/protocols/ftp/ftp-ipv6.bro @@ -1,6 +1,6 @@ # This tests both active and passive FTP over IPv6. # -# @TEST-EXEC: bro -r $TRACES/ipv6-ftp.trace +# @TEST-EXEC: bro -r $TRACES/ftp/ipv6.trace # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff ftp.log diff --git a/testing/btest/scripts/base/protocols/http/100-continue.bro b/testing/btest/scripts/base/protocols/http/100-continue.bro index d1d34c1abe..ed9e4970fe 100644 --- a/testing/btest/scripts/base/protocols/http/100-continue.bro +++ b/testing/btest/scripts/base/protocols/http/100-continue.bro @@ -3,7 +3,7 @@ # a given request. The http scripts should also be able log such replies # in a way that correlates the final response with the request. # -# @TEST-EXEC: bro -r $TRACES/http-100-continue.trace %INPUT +# @TEST-EXEC: bro -r $TRACES/http/100-continue.trace %INPUT # @TEST-EXEC: test ! -f weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-header-crlf.bro b/testing/btest/scripts/base/protocols/http/http-header-crlf.bro index 06081d94e5..c9ba7afba3 100644 --- a/testing/btest/scripts/base/protocols/http/http-header-crlf.bro +++ b/testing/btest/scripts/base/protocols/http/http-header-crlf.bro @@ -2,7 +2,7 @@ # it gets confused whether it's in a header or not; it shouldn't report # the http_no_crlf_in_header_list wierd. # -# @TEST-EXEC: bro -r $TRACES/http-byteranges.trace %INPUT +# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace %INPUT # @TEST-EXEC: test ! -f weird.log # The base analysis scripts are loaded by default. diff --git a/testing/btest/scripts/base/protocols/http/http-methods.bro b/testing/btest/scripts/base/protocols/http/http-methods.bro index 59045c1cc5..5ab89bbe4d 100644 --- a/testing/btest/scripts/base/protocols/http/http-methods.bro +++ b/testing/btest/scripts/base/protocols/http/http-methods.bro @@ -1,6 +1,6 @@ # This tests that the HTTP analyzer handles strange HTTP methods properly. # -# @TEST-EXEC: bro -r $TRACES/http-methods.trace %INPUT +# @TEST-EXEC: bro -r $TRACES/http/methods.trace %INPUT # @TEST-EXEC: btest-diff weird.log # @TEST-EXEC: btest-diff http.log diff --git a/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro b/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro index dd01e62413..c6bf4899f5 100644 --- a/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro +++ b/testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro @@ -2,7 +2,7 @@ # will normalize mime types other than the target type to prevent sensitivity # to varying versions of libmagic. -# @TEST-EXEC: bro -r $TRACES/http-pipelined-requests.trace %INPUT > output +# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output # @TEST-EXEC: btest-diff http.log redef HTTP::generate_md5 += /image\/png/; diff --git a/testing/btest/scripts/base/protocols/http/http-pipelining.bro b/testing/btest/scripts/base/protocols/http/http-pipelining.bro index 9875683269..bb392b1c4b 100644 --- a/testing/btest/scripts/base/protocols/http/http-pipelining.bro +++ b/testing/btest/scripts/base/protocols/http/http-pipelining.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/http-pipelined-requests.trace %INPUT > output +# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output # @TEST-EXEC: btest-diff http.log # mime type is irrelevant to this test, so filter it out diff --git a/testing/btest/signatures/bad-eval-condition.bro b/testing/btest/signatures/bad-eval-condition.bro index 34997b1124..2b3fef76fe 100644 --- a/testing/btest/signatures/bad-eval-condition.bro +++ b/testing/btest/signatures/bad-eval-condition.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC-FAIL: bro -r $TRACES/ftp-ipv4.trace %INPUT +# @TEST-EXEC-FAIL: bro -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff .stderr @load-sigs blah.sig diff --git a/testing/btest/signatures/dpd.bro b/testing/btest/signatures/dpd.bro index d6ae02cb50..a302603bd2 100644 --- a/testing/btest/signatures/dpd.bro +++ b/testing/btest/signatures/dpd.bro @@ -1,7 +1,7 @@ -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp-ipv4.trace %INPUT >dpd-ipv4.out -# @TEST-EXEC: bro -b -s myftp -r $TRACES/ipv6-ftp.trace %INPUT >dpd-ipv6.out -# @TEST-EXEC: bro -b -r $TRACES/ftp-ipv4.trace %INPUT >nosig-ipv4.out -# @TEST-EXEC: bro -b -r $TRACES/ipv6-ftp.trace %INPUT >nosig-ipv6.out +# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv4.trace %INPUT >dpd-ipv4.out +# @TEST-EXEC: bro -b -s myftp -r $TRACES/ftp/ipv6.trace %INPUT >dpd-ipv6.out +# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv4.trace %INPUT >nosig-ipv4.out +# @TEST-EXEC: bro -b -r $TRACES/ftp/ipv6.trace %INPUT >nosig-ipv6.out # @TEST-EXEC: btest-diff dpd-ipv4.out # @TEST-EXEC: btest-diff dpd-ipv6.out # @TEST-EXEC: btest-diff nosig-ipv4.out diff --git a/testing/btest/signatures/eval-condition.bro b/testing/btest/signatures/eval-condition.bro index f3f1171da6..a14003b691 100644 --- a/testing/btest/signatures/eval-condition.bro +++ b/testing/btest/signatures/eval-condition.bro @@ -1,4 +1,4 @@ -# @TEST-EXEC: bro -r $TRACES/ftp-ipv4.trace %INPUT +# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT # @TEST-EXEC: btest-diff conn.log @load-sigs blah.sig