Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/robin/bump-spicy'

Browse source 
* origin/topic/robin/bump-spicy:
  Bump Spicy to current `main`.
This commit is contained in:
Robin Sommer 2024-01-29 10:30:06 +01:00
commit 5c3bb6cd97
No known key found for this signature in database
GPG key ID: D8187293B3FFE5D0
12 changed files with 17 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGES
View file

@ -1,3 +1,7 @@
6.2.0-dev.483 | 2024-01-29 10:30:06 +0100
* Bump Spicy to current `main`. (Robin Sommer, Corelight)
6.2.0-dev.481 | 2024-01-26 17:13:53 -0800 6.2.0-dev.481 | 2024-01-26 17:13:53 -0800
* Move GeoIP availability test in btests to `zeek-config --have-geoip` (Christian Kreibich, Corelight) * Move GeoIP availability test in btests to `zeek-config --have-geoip` (Christian Kreibich, Corelight)

2
VERSION
View file

@ -1 +1 @@
6.2.0-dev.481 6.2.0-dev.483

2
auxil/spicy

@ -1 +1 @@
Subproject commit 8d081af33ba787b610f671846476d9522d7858b3 Subproject commit daa2e3ce48a92dcf6662df724a8bb1c8d5f8df4b

2
testing/btest/Baseline/scripts.base.protocols.quic.vector-max-size-crash/analyzer.log.cut
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
ts uid cause analyzer_kind analyzer_name failure_reason ts uid cause analyzer_kind analyzer_name failure_reason
1693925959.000001 CHhAvVGS1DHFjwGM9 violation protocol QUIC unhandled QUIC version 0x10010000 (<...>/QUIC.spicy:<line>:<column>) 1693925959.000001 CHhAvVGS1DHFjwGM9 violation protocol QUIC unhandled QUIC version 0x10010000 (<...>/QUIC.spicy:<location>)

2
testing/btest/Baseline/spicy.event-args/output
View file

@ -1,3 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
Error message: failed to match regular expression (<...>/test.spicy:7:15) Error message: failed to match regular expression (<...>/test.spicy:7:15-7:22)
Error message: n/a Error message: n/a

4
testing/btest/Baseline/spicy.export-type-fail/output
View file

@ -1,6 +1,6 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[error] unknown type 'NOT_SCOPED' exported [error] unknown type 'NOT_SCOPED' exported
[error] unknown type 'Test::DOES_NOT_EXIST' exported [error] unknown type 'Test::DOES_NOT_EXIST' exported
[error] <...>/foo.spicy:1:13-5:3: cannot export Spicy type 'Test::X': type is self-recursive [error] <...>/foo.spicy:3:1-5:2: cannot export Spicy type 'Test::X': type is self-recursive
[error] <...>/foo.spicy:9:3-13:3: cannot export Spicy type 'Test::Z': can only convert tuple types with all-named fields to Zeek [error] <...>/foo.spicy:11:1-13:2: cannot export Spicy type 'Test::Z': can only convert tuple types with all-named fields to Zeek
[error] <Spicy Plugin for Zeek>: aborting after errors [error] <Spicy Plugin for Zeek>: aborting after errors

4
testing/btest/Baseline/spicy.export-type-with-fields-fail/output
View file

@ -1,4 +1,4 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
[error] <...>/foo.spicy:1:13-5:3: type 'Test::A' does not have field 'does_not_exist' [error] <...>/foo.spicy:3:1-5:2: type 'Test::A' does not have field 'does_not_exist'
[error] <...>/foo.spicy:1:13-5:3: type 'Test::A' does not have field 'does_not_exist' [error] <...>/foo.spicy:3:1-5:2: type 'Test::A' does not have field 'does_not_exist'
[error] <Spicy Plugin for Zeek>: aborting after errors [error] <Spicy Plugin for Zeek>: aborting after errors

2
testing/btest/Baseline/spicy.parse-error/dpd.log
View file

@ -7,5 +7,5 @@
#open XXXX-XX-XX-XX-XX-XX #open XXXX-XX-XX-XX-XX-XX
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
#types time string addr port addr port enum string string #types time string addr port addr port enum string string
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.186.169 49244 131.159.14.23 22 tcp SPICY_SSH failed to match regular expression (<...>/test.spicy:9:15) [SSH-2.0-OpenSSH_3.8.1p1\x0a] XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.186.169 49244 131.159.14.23 22 tcp SPICY_SSH failed to match regular expression (<...>/test.spicy:9:15-9:22) [SSH-2.0-OpenSSH_3.8.1p1\x0a]
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/spicy.ssh-banner/analyzer.log
View file

@ -8,5 +8,5 @@
#fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data #fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data
#types time string string string string string addr port addr port string string #types time string string string string string addr port addr port string string
XXXXXXXXXX.XXXXXX violation protocol SPICY_SSH CHhAvVGS1DHFjwGM9 - 141.142.228.5 53595 54.243.55.129 80 kaputt - XXXXXXXXXX.XXXXXX violation protocol SPICY_SSH CHhAvVGS1DHFjwGM9 - 141.142.228.5 53595 54.243.55.129 80 kaputt -
XXXXXXXXXX.XXXXXX violation protocol SPICY_SSH CHhAvVGS1DHFjwGM9 - 141.142.228.5 53595 54.243.55.129 80 failed to match regular expression (<...>/ssh.spicy:7:15) POST /post HTTP/1.1\x0d\x0aUser-Agent: curl/7. XXXXXXXXXX.XXXXXX violation protocol SPICY_SSH CHhAvVGS1DHFjwGM9 - 141.142.228.5 53595 54.243.55.129 80 failed to match regular expression (<...>/ssh.spicy:7:15-7:20) POST /post HTTP/1.1\x0d\x0aUser-Agent: curl/7.
#close XXXX-XX-XX-XX-XX-XX #close XXXX-XX-XX-XX-XX-XX

2
testing/btest/Baseline/spicy.ssh-banner/output
View file

@ -6,5 +6,5 @@ SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, res
SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1 SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1
confirm, Analyzer::ANALYZER_SPICY_SSH confirm, Analyzer::ANALYZER_SPICY_SSH
=== violation === violation
violation, Analyzer::ANALYZER_SPICY_SSH, failed to match regular expression (<...>/ssh.spicy:7:15) violation, Analyzer::ANALYZER_SPICY_SSH, failed to match regular expression (<...>/ssh.spicy:7:15-7:20)
violation, Analyzer::ANALYZER_SPICY_SSH, kaputt violation, Analyzer::ANALYZER_SPICY_SSH, kaputt

2
testing/btest/scripts/base/protocols/quic/vector-max-size-crash.zeek
View file

@ -8,7 +8,7 @@
# @TEST-EXEC: btest-diff out # @TEST-EXEC: btest-diff out
# @TEST-EXEC: btest-diff quic.log # @TEST-EXEC: btest-diff quic.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER='sed -r "s/\((.+)\.spicy:[0-9]+:[0-9]+\)/(\1.spicy:<line>:<column>)/g" | $SCRIPTS/diff-remove-abspath' btest-diff analyzer.log.cut # @TEST-EXEC: TEST_DIFF_CANONIFIER='sed -E "s/\((.+)\.spicy:[0-9]+:[0-9]+(-[0-9]+:[0-9]+)?\)/(\1.spicy:<location>)/g" | $SCRIPTS/diff-remove-abspath' btest-diff analyzer.log.cut
event QUIC::unhandled_version(c: connection, is_orig: bool, version: count, dcid: string, scid: string) event QUIC::unhandled_version(c: connection, is_orig: bool, version: count, dcid: string, scid: string)
{ {

2
testing/external/commit-hash.zeek-testing-private vendored
View file

@ -1 +1 @@
0fdc6e2b2f2930c0edf3c83c36f6aa789b0bff30 7693d38d870e7157bf78e7e14f0b2c0c3e871c62