Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-06 00:28:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

FileAnalysis: add unit tests covering current protocol integration.

Browse source 
And had to make various fixes/refinements after scrutinizing results.
This commit is contained in:
Jon Siwek 2013-03-19 15:50:05 -05:00
parent b30211c178
commit 59ed5c75f1
72 changed files with 2605 additions and 53 deletions
Download patch file Download diff file Expand all files Collapse all files

2
testing/btest/scripts/base/protocols/conn/contents-default-extract.test
View file

@ -1,3 +1,3 @@
# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ipv6-ftp.trace "Conn::default_extract=T"
# @TEST-EXEC: bro -f "tcp port 21" -r $TRACES/ftp/ipv6.trace "Conn::default_extract=T"
# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_orig.dat
# @TEST-EXEC: btest-diff contents_[2001:470:1f11:81f:c999:d94:aa7c:2e3e]:49185-[2001:470:4867:99::21]:21_resp.dat

4
testing/btest/scripts/base/protocols/conn/polling.test
View file

@ -1,6 +1,6 @@
# @TEST-EXEC: bro -b -r $TRACES/http-100-continue.trace %INPUT >out1
# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT >out1
# @TEST-EXEC: btest-diff out1
# @TEST-EXEC: bro -b -r $TRACES/http-100-continue.trace %INPUT stop_cnt=2 >out2
# @TEST-EXEC: bro -b -r $TRACES/http/100-continue.trace %INPUT stop_cnt=2 >out2
# @TEST-EXEC: btest-diff out2
@load base/protocols/conn

2
testing/btest/scripts/base/protocols/ftp/ftp-ipv4.bro
View file

@ -1,6 +1,6 @@
# This tests both active and passive FTP over IPv4.
#
# @TEST-EXEC: bro -r $TRACES/ftp-ipv4.trace
# @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ftp.log

2
testing/btest/scripts/base/protocols/ftp/ftp-ipv6.bro
View file

@ -1,6 +1,6 @@
# This tests both active and passive FTP over IPv6.
#
# @TEST-EXEC: bro -r $TRACES/ipv6-ftp.trace
# @TEST-EXEC: bro -r $TRACES/ftp/ipv6.trace
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff ftp.log

2
testing/btest/scripts/base/protocols/http/100-continue.bro
View file

@ -3,7 +3,7 @@
# a given request. The http scripts should also be able log such replies
# in a way that correlates the final response with the request.
#
# @TEST-EXEC: bro -r $TRACES/http-100-continue.trace %INPUT
# @TEST-EXEC: bro -r $TRACES/http/100-continue.trace %INPUT
# @TEST-EXEC: test ! -f weird.log
# @TEST-EXEC: btest-diff http.log

2
testing/btest/scripts/base/protocols/http/http-header-crlf.bro
View file

@ -2,7 +2,7 @@
# it gets confused whether it's in a header or not; it shouldn't report
# the http_no_crlf_in_header_list wierd.
#
# @TEST-EXEC: bro -r $TRACES/http-byteranges.trace %INPUT
# @TEST-EXEC: bro -r $TRACES/http/byteranges.trace %INPUT
# @TEST-EXEC: test ! -f weird.log
# The base analysis scripts are loaded by default.

2
testing/btest/scripts/base/protocols/http/http-methods.bro
View file

@ -1,6 +1,6 @@
# This tests that the HTTP analyzer handles strange HTTP methods properly.
#
# @TEST-EXEC: bro -r $TRACES/http-methods.trace %INPUT
# @TEST-EXEC: bro -r $TRACES/http/methods.trace %INPUT
# @TEST-EXEC: btest-diff weird.log
# @TEST-EXEC: btest-diff http.log

2
testing/btest/scripts/base/protocols/http/http-mime-and-md5.bro
View file

@ -2,7 +2,7 @@
# will normalize mime types other than the target type to prevent sensitivity
# to varying versions of libmagic.
# @TEST-EXEC: bro -r $TRACES/http-pipelined-requests.trace %INPUT > output
# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output
# @TEST-EXEC: btest-diff http.log
redef HTTP::generate_md5 += /image\/png/;

2
testing/btest/scripts/base/protocols/http/http-pipelining.bro
View file

@ -1,4 +1,4 @@
# @TEST-EXEC: bro -r $TRACES/http-pipelined-requests.trace %INPUT > output
# @TEST-EXEC: bro -r $TRACES/http/pipelined-requests.trace %INPUT > output
# @TEST-EXEC: btest-diff http.log
# mime type is irrelevant to this test, so filter it out