diff --git a/.clang-tidy b/.clang-tidy index 6ac1a8cfe7..21e5dc597e 100644 --- a/.clang-tidy +++ b/.clang-tidy @@ -1,4 +1,5 @@ Checks: '-*, bugprone-*, + -bugprone-easily-swappable-parameters, clang-analyzer-*, performance-*' diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml index 9b6a797702..140658eb05 100644 --- a/.github/workflows/coverity-scan.yml +++ b/.github/workflows/coverity-scan.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-20.04 steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 with: submodules: "recursive" diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 12cb66df6b..9e27d4fc8e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -28,7 +28,7 @@ jobs: TEST_TAG: zeek:latest CONFFLAGS: --generator=Ninja --build-type=Release steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 with: submodules: "recursive" @@ -77,7 +77,7 @@ jobs: fi - name: Login to DockerHub - uses: docker/login-action@v1 + uses: docker/login-action@v2 # Don't publish on forks. Also note that secrets for the login are not # available for pull requests, so trigger on pushes only. if: github.repository == 'zeek/zeek' && github.event_name == 'push' @@ -99,14 +99,14 @@ jobs: zeekurity/${{ steps.target.outputs.tag }} - name: Preserve image artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: ${{ env.IMAGE_NAME }} path: ${{ env.IMAGE_FILE }} retention-days: 1 - name: Preserve btest artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 if: failure() with: name: docker-btest @@ -122,7 +122,7 @@ jobs: # Grab the sources so we have access to btest. Could also use pip, but it # seems appealing to be using the in-tree version of btest. btest is in a # submodule; we check it out selectively to save time. - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 - name: Check out btest run: git submodule update --init ./auxil/btest @@ -144,7 +144,7 @@ jobs: echo "TESTSUITE_COMMIT=$(cat ./testing/external/commit-hash.zeek-testing-cluster)" >> $GITHUB_ENV - name: Retrieve cluster testsuite - uses: actions/checkout@v2 + uses: actions/checkout@v3.1.0 with: repository: zeek/zeek-testing-cluster path: testing/external/zeek-testing-cluster @@ -162,7 +162,7 @@ jobs: find testing/external/zeek-testing-cluster/.tmp -depth -execdir rename 's/[":<>|*?\r\n]/./g' "{}" \; - name: Preserve btest artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 if: failure() with: name: cluster-btest @@ -176,7 +176,7 @@ jobs: truncate -s0 ${{ env.IMAGE_FILE }} - name: Store truncated image artifact - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: ${{ env.IMAGE_NAME }} path: ${{ env.IMAGE_FILE }} diff --git a/.github/workflows/generate-docs.yml b/.github/workflows/generate-docs.yml index 6bf45e51e3..39f22a193e 100644 --- a/.github/workflows/generate-docs.yml +++ b/.github/workflows/generate-docs.yml @@ -24,12 +24,12 @@ jobs: # event, so we only need to authenticate in that case. Use # unauthenticated access otherwise so this action can e.g., also run from # clones. - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 if: github.event_name == 'schedule' with: submodules: "recursive" token: ${{ secrets.ZEEK_BOT_TOKEN }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3.1.0 if: github.event_name != 'schedule' with: submodules: "recursive" @@ -121,7 +121,7 @@ jobs: # Only send notifications for scheduled runs. Runs from pull requests # show failures in the Github UI. if: failure() && github.event_name == 'schedule' - uses: dawidd6/action-send-mail@v3.6.1 + uses: dawidd6/action-send-mail@v3.7.0 with: server_address: ${{secrets.SMTP_HOST}} server_port: ${{secrets.SMTP_PORT}} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 3e9e012b78..2c8a091925 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -9,6 +9,6 @@ jobs: pre-commit: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions/setup-python@v2 + - uses: actions/checkout@v3.1.0 + - uses: actions/setup-python@v4 - uses: pre-commit/action@v3.0.0 diff --git a/CHANGES b/CHANGES index d8e659de31..b3888f7c53 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,128 @@ +5.2.0-dev.90 | 2022-10-13 08:57:45 -0500 + + * ZAM maintenance for recent test suite changes (and fixups missed last time) (Vern Paxson, Corelight) + +5.2.0-dev.86 | 2022-10-12 15:56:23 -0500 + + * Update gen-zam and paraglob submodules for Coverity/clang-tidy fixes (Tim Wojtulewicz, Corelight) + + * Fix some compiler warnings in script_opt (Tim Wojtulewicz, Corelight) + + * Fix recent Coverity findings (Tim Wojtulewicz, Corelight) + + 1491334: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto& + 1498652: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto& + 1498745: AUTO_CAUSES_COPY due to a for loop using auto& instead of const auto& + +5.2.0-dev.82 | 2022-10-12 20:02:36 +0200 + + * Move API for disabling packet analyzers into component. (Robin Sommer) + + Before, that API was part of the analyzers themselves, which meant + we couldn't disable a packet analyzer before it had been + instantiated. That was different from protocol/file analyzers, + where we disable them through the corresponding component. + + * Suppress warning on an existing packet analyzer being remapped. (Robin Sommer) + +5.2.0-dev.79 | 2022-10-12 09:32:38 -0700 + + * smtp: Prevent script errors when smtp$entity is not set (Tim Wojtulewicz, Corelight) + + This is the same issue presented in 38e226bf75772dad8769fa4b5ae61fabb5fb34b9 but + for SMTP instead of HTTP. + +5.2.0-dev.77 | 2022-10-10 11:10:31 -0700 + + * Disable robust iteration for ordered dictionaries (Tim Wojtulewicz, Corelight) + + This also includes some minor commenting cleanup in that class + + * Add support for itertors with ordered dictionaries (Tim Wojtulewicz, Corelight) + + * Add equality, inequality, copy, and move operators to HashKey (Tim Wojtulewicz, Corelight) + + * Disable annoying bugprone-easily-swappable-parameters clang-tidy check [skip ci] (Tim Wojtulewicz, Corelight) + +5.2.0-dev.70 | 2022-10-06 14:18:18 -0700 + + * Remove stray `/` at the end of directory name. (Benjamin Bannier, Corelight) + + This variable is used to construct a path where the trailing `/` lead to + full paths like `/foo/spicy-plugin//spicyz`. + + * Remove commented out code. (Benjamin Bannier, Corelight) + + * Bump spicy-plugin to v1.3.19. (Benjamin Bannier, Corelight) + +5.2.0-dev.66 | 2022-10-06 14:15:01 -0700 + + * Update CT log list. (Johanna Amann, Corelight) + + This uses the v3 json as a source for the first time. The test needed + some updating because Google removed a couple more logs - in the future + this should hopefully not be neccessary anymore because I think v3 + should retain all logs. + + In theory this might be neat in 5.1. + +5.2.0-dev.51 | 2022-10-05 13:27:08 +0200 + + * analyzer: Add file_analyzer support to enable_analyzer()/disable_analyzer() (Arne Welzel, Corelight) + +5.2.0-dev.46 | 2022-10-03 09:45:05 -0700 + + * use dynamic rather than static initialization of globals for scripts compiled to C++ (Vern Paxson, Corelight) + + * safety checking for initializing scripts compiled to C++ (Vern Paxson, Corelight) + + * fixes for initializing scripts compiled to C++ (Vern Paxson, Corelight) + + * restructured tracking of initializations of globals for script compilation (Vern Paxson, Corelight) + +5.2.0-dev.40 | 2022-10-03 09:44:40 -0700 + + * http: Prevent script errors when http$current_entity is not set (Arne Welzel, Corelight) + + The current_entity tracking in HTTP assumes that client/server never + send HTTP entities at the same time. The attached pcap (generated + artificially) violates this and triggers: + + 1663698249.307259 expression error in <...>base/protocols/http/./entities.zeek, line 89: field value missing (HTTP::c$http$current_entity) + + For the http-no-crlf test, include weird.log as baseline. Now that weird is + @load'ed from http, it is actually created and seems to make sense + to btest-diff it, too. + +5.2.0-dev.38 | 2022-10-03 09:08:42 -0700 + + * Fix some Coverity issues in the recent ZAM updates (Tim Wojtulewicz, Corelight) + +5.2.0-dev.35 | 2022-09-30 16:40:22 -0700 + + * fixes for compiling "standalone" C++ scripts (Vern Paxson, Corelight) + +5.2.0-dev.33 | 2022-09-30 12:36:34 -0700 + + * fix for deprecated when's where the inner frame is larger than the outer frame (Vern Paxson, Corelight) + +5.2.0-dev.31 | 2022-09-30 10:03:00 +0200 + + * const: Deprecate tunnel-specific enable_* flags (Arne Welzel, Corelight) + + With packet analyzers being toggle-able at runtime these can go. + They hadn't been consistently implemented either (VXLAN, Geneve). + + * packet_analysis: Introduce PacketAnalyzer::__disable_analyzer() (Arne Welzel, Corelight) + + This adds machinery to the packet_analysis manager for disabling + and enabling packet analyzers and implements two low-level bifs + to use it. + + Extend Analyzer::enable_analyzer() and Analyzer::disable_analyzer() + to transparently work with packet analyzers, too. This also allows + to add packet analyzers to Analyzer::disabled_analyzers. + 5.2.0-dev.27 | 2022-09-28 10:34:28 +0200 * Bump `bifcl` and `doc` submodules. (Robin Sommer) diff --git a/CMakeLists.txt b/CMakeLists.txt index cef07543a8..846b65efd8 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -94,14 +94,14 @@ execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.sh "export ZEEKPATH=`${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "export ZEEK_PLUGIN_PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":${ZEEK_PLUGIN_PATH}\n" - "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin/\":$PATH\n" + "export PATH=\"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin\":$PATH\n" "export SPICY_PATH=\"`${CMAKE_CURRENT_BINARY_DIR}/spicy-path`\"\n" "export HILTI_CXX_INCLUDE_DIRS=\"`${CMAKE_CURRENT_BINARY_DIR}/hilti-cxx-include-dirs`\"\n") file(WRITE ${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev.csh "setenv ZEEKPATH `${CMAKE_CURRENT_BINARY_DIR}/zeek-path-dev`\n" "setenv ZEEK_PLUGIN_PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":${ZEEK_PLUGIN_PATH}\n" - "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin/\":$PATH\n" + "setenv PATH \"${CMAKE_CURRENT_BINARY_DIR}/src\":\"${CMAKE_CURRENT_BINARY_DIR}/auxil/spicy/spicy/bin\":\"${CMAKE_CURRENT_BINARY_DIR}/src/builtin-plugins/spicy-plugin/bin\":$PATH\n" "setenv SPICY_PATH \"`${CMAKE_CURRENT_BINARY_DIR}/spicy-path`\"\n" "setenv HILTI_CXX_INCLUDE_DIRS \"`${CMAKE_CURRENT_BINARY_DIR}/hilti-cxx-include-dirs`\"\n") @@ -444,8 +444,6 @@ if ( NOT DISABLE_SPICY ) set(SPICY_PLUGIN_PATH ${CMAKE_SOURCE_DIR}/auxil/spicy-plugin) endif () - # set(ZEEK_SPICY_PLUGIN_BUILD_LIBDIR ${CMAKE_BINARY_DIR}/auxil/spicy-plugin) - # set(ZEEK_SPICY_PLUGIN_BUILD_LIBDIR ${CMAKE_BINARY_DIR}/src/builtin-plugins/spicy-plugin) string(APPEND ZEEK_INCLUDE_PLUGINS ";${SPICY_PLUGIN_PATH}") endif () diff --git a/NEWS b/NEWS index b4541fb3ba..b31b1e62e3 100644 --- a/NEWS +++ b/NEWS @@ -6,6 +6,17 @@ release. For an exhaustive list of changes, see the ``CHANGES`` file Zeek 5.2.0 ========== +Breaking Changes +---------------- + +- Zeekctl now assigns network ports to workers starting at port 27760. This + fixes an issue where workers were starting up with ports within Linux's + ephemeral port range, and were potentiall failing to startup due the ports + already being in use. This change may require changes in firewall/routing + configurations between hosts in a Zeek cluster. This should not affect + clusters running on FreeBSD, as that OS uses a different range for ephemeral + ports. + New Functionality ----------------- @@ -22,6 +33,12 @@ New Functionality - File analyzers can now raise analyzer violations to the script-layer via the new ``AnalyzerViolation()`` method. +- Packet and file analyzers can now be disabled and enabled at runtime using + the ``Analyzer::enable_analyzer()`` and ``Analyzer::disable_analyzer()`` + wrappers. While initially for protocol analyzers only, these have + been extended to work for packet and file analyzers. This now allows to + leverage ``Analyzer::disabled_analyzers`` for these kinds of analyzers. + Changed Functionality --------------------- @@ -36,6 +53,21 @@ Deprecated Functionality deprecated in favor of the more generic ``analyzer_confirmation_info`` and ``analyzer_violation_info`` events. +- The const values for toggling individual tunnel packet analyzers have + been deprecated in favor of using ``Analyzer::disable_analyzer()`` + directly. This affects: + + Tunnel::enable_ip + Tunnel::enable_ayiya + Tunnel::enable_teredo + Tunnel::enable_gtpv1 + Tunnel::enable_gre + + Setting these explicitly to F can be achieved by leveraging + ``Analyzers::disabled_analyzers``, for example: + + redef Analyzer::disabled_analyzers += { PacketAnalyzer::ANALYZER_GRE }; + Zeek 5.1.0 ========== diff --git a/VERSION b/VERSION index 818e23a7a7..55bc3fa2ec 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.2.0-dev.27 +5.2.0-dev.90 diff --git a/auxil/broker b/auxil/broker index 1933bd82d6..97f55a8466 160000 --- a/auxil/broker +++ b/auxil/broker @@ -1 +1 @@ -Subproject commit 1933bd82d6160ecff204624199de23c61f1244a2 +Subproject commit 97f55a8466428a247a177f9598506a235966bb04 diff --git a/auxil/gen-zam b/auxil/gen-zam index e05992ad95..e9743078bd 160000 --- a/auxil/gen-zam +++ b/auxil/gen-zam @@ -1 +1 @@ -Subproject commit e05992ad957d986e181d447e582bdf798e5ae496 +Subproject commit e9743078bdeefc6e133dbcf8ae602016611621a6 diff --git a/auxil/paraglob b/auxil/paraglob index 8dbff934df..5b9f8a110e 160000 --- a/auxil/paraglob +++ b/auxil/paraglob @@ -1 +1 @@ -Subproject commit 8dbff934dfbba1c2736152831c2cf45ee68f6fc3 +Subproject commit 5b9f8a110e6c4731e894cdf95c63706ae8ae3cee diff --git a/auxil/spicy-plugin b/auxil/spicy-plugin index ab743fb55a..a4a7072a66 160000 --- a/auxil/spicy-plugin +++ b/auxil/spicy-plugin @@ -1 +1 @@ -Subproject commit ab743fb55a3f45dc87c780f396e99b6227bbf25b +Subproject commit a4a7072a66488e148c0a7e2001476b1db88df355 diff --git a/auxil/zeek-aux b/auxil/zeek-aux index 6defd70332..bc0c06dd8d 160000 --- a/auxil/zeek-aux +++ b/auxil/zeek-aux @@ -1 +1 @@ -Subproject commit 6defd7033280783894a0b31582214ba3621dc290 +Subproject commit bc0c06dd8d7a7602f16c857faae2d3bb6c7052af diff --git a/auxil/zeekctl b/auxil/zeekctl index 495a4f6967..73c5d59a57 160000 --- a/auxil/zeekctl +++ b/auxil/zeekctl @@ -1 +1 @@ -Subproject commit 495a4f6967aedcea674141622506b2b43d8b18fd +Subproject commit 73c5d59a57be1d22db10a2b7b00a1d876ef688f2 diff --git a/doc b/doc index 410763bfb6..b68c7e8149 160000 --- a/doc +++ b/doc @@ -1 +1 @@ -Subproject commit 410763bfb654ed5be598dd82ecbbc169ef1ba63e +Subproject commit b68c7e814979c6ae9b13eda0b2c0faf009acf373 diff --git a/scripts/base/frameworks/analyzer/main.zeek b/scripts/base/frameworks/analyzer/main.zeek index 18a8c97c52..ad8d70fb1b 100644 --- a/scripts/base/frameworks/analyzer/main.zeek +++ b/scripts/base/frameworks/analyzer/main.zeek @@ -33,7 +33,7 @@ export { ## tag: The tag of the analyzer to enable. ## ## Returns: True if the analyzer was successfully enabled. - global enable_analyzer: function(tag: Analyzer::Tag) : bool; + global enable_analyzer: function(tag: AllAnalyzers::Tag) : bool; ## Disables an analyzer. Once disabled, the analyzer will not be used ## further for analysis of future connections. @@ -41,7 +41,7 @@ export { ## tag: The tag of the analyzer to disable. ## ## Returns: True if the analyzer was successfully disabled. - global disable_analyzer: function(tag: Analyzer::Tag) : bool; + global disable_analyzer: function(tag: AllAnalyzers::Tag) : bool; ## Registers a set of well-known ports for an analyzer. If a future ## connection on one of these ports is seen, the analyzer will be @@ -130,7 +130,7 @@ export { ## A set of analyzers to disable by default at startup. The default set ## contains legacy analyzers that are no longer supported. - global disabled_analyzers: set[Analyzer::Tag] = { + global disabled_analyzers: set[AllAnalyzers::Tag] = { ANALYZER_TCPSTATS, } &redef; @@ -142,6 +142,8 @@ export { } @load base/bif/analyzer.bif +@load base/bif/file_analysis.bif +@load base/bif/packet_analysis.bif event zeek_init() &priority=5 { @@ -152,13 +154,25 @@ event zeek_init() &priority=5 disable_analyzer(a); } -function enable_analyzer(tag: Analyzer::Tag) : bool +function enable_analyzer(tag: AllAnalyzers::Tag) : bool { + if ( is_packet_analyzer(tag) ) + return PacketAnalyzer::__enable_analyzer(tag); + + if ( is_file_analyzer(tag) ) + return Files::__enable_analyzer(tag); + return __enable_analyzer(tag); } -function disable_analyzer(tag: Analyzer::Tag) : bool +function disable_analyzer(tag: AllAnalyzers::Tag) : bool { + if ( is_packet_analyzer(tag) ) + return PacketAnalyzer::__disable_analyzer(tag); + + if ( is_file_analyzer(tag) ) + return Files::__disable_analyzer(tag); + return __disable_analyzer(tag); } diff --git a/scripts/base/init-bare.zeek b/scripts/base/init-bare.zeek index dd3b170073..43cd9edf74 100644 --- a/scripts/base/init-bare.zeek +++ b/scripts/base/init-bare.zeek @@ -5058,19 +5058,19 @@ export { const max_depth: count = 2 &redef; ## Toggle whether to do IPv{4,6}-in-IPv{4,6} decapsulation. - const enable_ip = T &redef; + const enable_ip = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers"; ## Toggle whether to do IPv{4,6}-in-AYIYA decapsulation. - const enable_ayiya = T &redef; + const enable_ayiya = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers"; ## Toggle whether to do IPv6-in-Teredo decapsulation. - const enable_teredo = T &redef; + const enable_teredo = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers"; ## Toggle whether to do GTPv1 decapsulation. - const enable_gtpv1 = T &redef; + const enable_gtpv1 = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers"; ## Toggle whether to do GRE decapsulation. - const enable_gre = T &redef; + const enable_gre = T &redef &deprecated="Remove in v6.1. Tunnel analyzers can be toggled with enable_analyzer()/disable_analyzer() or disabled through Analyzer::disabled_analyzers"; ## With this set, the Teredo analyzer waits until it sees both sides ## of a connection using a valid Teredo encapsulation before issuing diff --git a/scripts/base/protocols/http/entities.zeek b/scripts/base/protocols/http/entities.zeek index b0689c5478..4c0aae2d4b 100644 --- a/scripts/base/protocols/http/entities.zeek +++ b/scripts/base/protocols/http/entities.zeek @@ -1,6 +1,7 @@ ##! Analysis and logging for MIME entities found in HTTP sessions. @load base/frameworks/files +@load base/frameworks/notice/weird @load base/utils/strings @load base/utils/files @load ./main @@ -83,6 +84,19 @@ event http_begin_entity(c: connection, is_orig: bool) &priority=10 event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=3 { + if ( ! c$http?$current_entity ) + { + local weird = Weird::Info( + $ts=network_time(), + $name="missing_HTTP_entity", + $uid=c$uid, + $id=c$id, + $source="HTTP" + ); + Weird::weird(weird); + return; + } + if ( name == "CONTENT-DISPOSITION" && /[fF][iI][lL][eE][nN][aA][mM][eE]/ in value ) { diff --git a/scripts/base/protocols/smtp/entities.zeek b/scripts/base/protocols/smtp/entities.zeek index 4f6b6855f3..7bc43d7c2a 100644 --- a/scripts/base/protocols/smtp/entities.zeek +++ b/scripts/base/protocols/smtp/entities.zeek @@ -1,6 +1,7 @@ ##! Analysis and logging for MIME entities found in SMTP sessions. @load base/frameworks/files +@load base/frameworks/notice/weird @load base/utils/strings @load base/utils/files @load ./main @@ -48,6 +49,19 @@ event mime_one_header(c: connection, h: mime_header_rec) &priority=5 if ( ! c?$smtp ) return; + if ( ! c$smtp?$entity ) + { + local weird = Weird::Info( + $ts=network_time(), + $name="missing_SMTP_entity", + $uid=c$uid, + $id=c$id, + $source="SMTP" + ); + Weird::weird(weird); + return; + } + if ( h$name == "CONTENT-DISPOSITION" && /[fF][iI][lL][eE][nN][aA][mM][eE]/ in h$value ) c$smtp$entity$filename = extract_filename_from_content_disposition(h$value); diff --git a/scripts/base/protocols/ssl/ct-list.zeek b/scripts/base/protocols/ssl/ct-list.zeek index dc320d165d..2b38a9c99d 100644 --- a/scripts/base/protocols/ssl/ct-list.zeek +++ b/scripts/base/protocols/ssl/ct-list.zeek @@ -1,43 +1,44 @@ # # Do not edit this file. This file is automatically generated by gen-ct-list.pl -# File generated at Thu Apr 28 13:46:41 2022 -# File generated from https://www.gstatic.com/ct/log_list/log_list.json +# File generated at Thu Oct 6 13:17:02 2022 +# File generated from https://www.gstatic.com/ct/log_list/v3/log_list.json +# Source file generated at: 2022-10-05T12:55:24Z +# Source file version: 13.6 # @load base/protocols/ssl module SSL; redef ct_logs += { -["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"), -["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"), -["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"), -["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"), -["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"), -["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"), -["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"), -["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"), -["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"), -["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"), -["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"), -["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"), -["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"), -["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"), -["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"), -["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"), -["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"), -["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"), -["\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc"] = CTInfo($description="Symantec log", $operator="DigiCert", $url="ct.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76\x99\x08\x3d\x21\x14\x86"), -["\xbc\x78\xe1\xdf\xc5\xf6\x3c\x68\x46\x49\x33\x4d\xa1\x0f\xa1\x5f\x09\x79\x69\x20\x09\xc0\x81\xb4\xf3\xf6\x91\x7f\x3e\xd9\xb8\xa5"] = CTInfo($description="Symantec 'Vega' log", $operator="DigiCert", $url="vega.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xea\x95\x9e\x02\xff\xee\xf1\x33\x6d\x4b\x87\xbc\xcd\xfd\x19\x17\x62\xff\x94\xd3\xd0\x59\x07\x3f\x02\x2d\x1c\x90\xfe\xc8\x47\x30\x3b\xf1\xdd\x0d\xb8\x11\x0c\x5d\x1d\x86\xdd\xab\xd3\x2b\x46\x66\xfb\x6e\x65\xb7\x3b\xfd\x59\x68\xac\xdf\xa6\xf8\xce\xd2\x18\x4d"), -["\x15\x97\x04\x88\xd7\xb9\x97\xa0\x5b\xeb\x52\x51\x2a\xde\xe8\xd2\xe8\xb4\xa3\x16\x52\x64\x12\x1a\x9f\xab\xfb\xd5\xf8\x5a\xd9\x3f"] = CTInfo($description="Symantec 'Sirius' log", $operator="DigiCert", $url="sirius.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa3\x02\x64\x84\x22\xbb\x25\xec\x0d\xe3\xbc\xc2\xc9\x89\x7d\xdd\x45\xd0\xee\xe6\x15\x85\x8f\xd9\xe7\x17\x1b\x13\x80\xea\xed\xb2\x85\x37\xad\x6a\xc5\xd8\x25\x9d\xfa\xf4\xb4\xf3\x6e\x16\x28\x25\x37\xea\xa3\x37\x64\xb2\xc7\x0b\xfd\x51\xe5\xc1\x05\xf4\x0e\xb5"), -["\xcd\xb5\x17\x9b\x7f\xc1\xc0\x46\xfe\xea\x31\x13\x6a\x3f\x8f\x00\x2e\x61\x82\xfa\xf8\x89\x6f\xec\xc8\xb2\xf5\xb5\xab\x60\x49\x00"] = CTInfo($description="Certly.IO log", $operator="Certly", $url="log.certly.io/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x0b\x23\xcb\x85\x62\x98\x61\x48\x04\x73\xeb\x54\x5d\xf3\xd0\x07\x8c\x2d\x19\x2d\x8c\x36\xf5\xeb\x8f\x01\x42\x0a\x7c\x98\x26\x27\xc1\xb5\xdd\x92\x93\xb0\xae\xf8\x9b\x3d\x0c\xd8\x4c\x4e\x1d\xf9\x15\xfb\x47\x68\x7b\xba\x66\xb7\x25\x9c\xd0\x4a\xc2\x66\xdb\x48"), -["\x74\x61\xb4\xa0\x9c\xfb\x3d\x41\xd7\x51\x59\x57\x5b\x2e\x76\x49\xa4\x45\xa8\xd2\x77\x09\xb0\xcc\x56\x4a\x64\x82\xb7\xeb\x41\xa3"] = CTInfo($description="Izenpe log", $operator="Izenpe", $url="ct.izenpe.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x64\x39\x0c\x2d\xdc\x50\x18\xf8\x21\x00\xa2\x0e\xed\x2c\xea\x3e\x75\xba\x9f\x93\x64\x09\x00\x11\xc4\x11\x17\xab\x5c\xcf\x0f\x74\xac\xb5\x97\x90\x93\x00\x5b\xb8\xeb\xf7\x27\x3d\xd9\xb2\x0a\x81\x5f\x2f\x0d\x75\x38\x94\x37\x99\x1e\xf6\x07\x76\xe0\xee\xbe"), -["\x41\xb2\xdc\x2e\x89\xe6\x3c\xe4\xaf\x1b\xa7\xbb\x29\xbf\x68\xc6\xde\xe6\xf9\xf1\xcc\x04\x7e\x30\xdf\xfa\xe3\xb3\xba\x25\x92\x63"] = CTInfo($description="WoSign log", $operator="WoSign", $url="ctlog.wosign.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x11\x88\x7b\x2d\x66\xcb\xae\x8f\x4d\x30\x66\x27\x19\x25\x22\x93\x21\x46\xb4\x2f\x01\xd3\xc6\xf9\x2b\xd5\xc8\xba\x73\x9b\x06\xa2\xf0\x8a\x02\x9c\xd0\x6b\x46\x18\x30\x85\xba\xe9\x24\x8b\x0e\xd1\x5b\x70\x28\x0c\x7e\xf1\x3a\x45\x7f\x5a\xf3\x82\x42\x60\x31"), -["\xac\x3b\x9a\xed\x7f\xa9\x67\x47\x57\x15\x9e\x6d\x7d\x57\x56\x72\xf9\xd9\x81\x00\x94\x1e\x9b\xde\xff\xec\xa1\x31\x3b\x75\x78\x2d"] = CTInfo($description="Venafi log", $operator="Venafi", $url="ctlog.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1\x02\x03\x01\x00\x01"), -["\xa5\x77\xac\x9c\xed\x75\x48\xdd\x8f\x02\x5b\x67\xa2\x41\x08\x9d\xf8\x6e\x0f\x47\x6e\xc2\x03\xc2\xec\xbe\xdb\x18\x5f\x28\x26\x38"] = CTInfo($description="CNNIC CT log", $operator="CNNIC", $url="ctserver.cnnic.cn/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xbf\xb5\x08\x61\x9a\x29\x32\x04\xd3\x25\x63\xe9\xd8\x85\xe1\x86\xe0\x1f\xd6\x5e\x9a\xf7\x33\x3b\x80\x1b\xe7\xb6\x3e\x5f\x2d\xa1\x66\xf6\x95\x4a\x84\xa6\x21\x56\x79\xe8\xf7\x85\xee\x5d\xe3\x7c\x12\xc0\xe0\x89\x22\x09\x22\x3e\xba\x16\x95\x06\xbd\xa8\xb9\xb1\xa9\xb2\x7a\xd6\x61\x2e\x87\x11\xb9\x78\x40\x89\x75\xdb\x0c\xdc\x90\xe0\xa4\x79\xd6\xd5\x5e\x6e\xd1\x2a\xdb\x34\xf4\x99\x3f\x65\x89\x3b\x46\xc2\x29\x2c\x15\x07\x1c\xc9\x4b\x1a\x54\xf8\x6c\x1e\xaf\x60\x27\x62\x0a\x65\xd5\x9a\xb9\x50\x36\x16\x6e\x71\xf6\x1f\x01\xf7\x12\xa7\xfc\xbf\xf6\x21\xa3\x29\x90\x86\x2d\x77\xde\xbb\x4c\xd4\xcf\xfd\xd2\xcf\x82\x2c\x4d\xd4\xf2\xc2\x2d\xac\xa9\xbe\xea\xc3\x19\x25\x43\xb2\xe5\x9a\x6c\x0d\xc5\x1c\xa5\x8b\xf7\x3f\x30\xaf\xb9\x01\x91\xb7\x69\x12\x12\xe5\x83\x61\xfe\x34\x00\xbe\xf6\x71\x8a\xc7\xeb\x50\x92\xe8\x59\xfe\x15\x91\xeb\x96\x97\xf8\x23\x54\x3f\x2d\x8e\x07\xdf\xee\xda\xb3\x4f\xc8\x3c\x9d\x6f\xdf\x3c\x2c\x43\x57\xa1\x47\x0c\x91\x04\xf4\x75\x4d\xda\x89\x81\xa4\x14\x06\x34\xb9\x98\xc3\xda\xf1\xfd\xed\x33\x36\xd3\x16\x2d\x35\x02\x03\x01\x00\x01"), -["\x34\xbb\x6a\xd6\xc3\xdf\x9c\x03\xee\xa8\xa4\x99\xff\x78\x91\x48\x6c\x9d\x5e\x5c\xac\x92\xd0\x1f\x7b\xfd\x1b\xce\x19\xdb\x48\xef"] = CTInfo($description="StartCom log", $operator="StartCom", $url="ct.startssl.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xf3\x59\xf3\xf6\x05\x18\xd3\xdb\xb2\xed\x46\x7e\xcf\xc8\x11\xb5\x57\xb1\xa8\xd6\x4c\xe6\x9f\xb7\x4a\x1a\x14\x86\x43\xa9\x48\xb0\xcb\x5a\x3f\x3c\x4a\xca\xdf\xc4\x82\x14\x55\x9a\xf8\xf7\x8e\x40\x55\xdc\xf4\xd2\xaf\xea\x75\x74\xfb\x4e\x7f\x60\x86\x2e\x51"), -["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"), -["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"), -["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"), -["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"), -["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"), -["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"), +["\x29\x79\xbe\xf0\x9e\x39\x39\x21\xf0\x56\x73\x9f\x63\xa5\x77\xe5\xbe\x57\x7d\x9c\x60\x0a\xf8\xf9\x4d\x5d\x26\x5c\x25\x5d\xc7\x84"] = CTInfo($description="Google 'Argon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x78\x83\xdc\xe9\xf1\xa6\xb8\x18\x3a\x00\x99\x2f\xff\x3e\xcd\x15\xc9\x26\x1e\xf7\xff\x3a\xa9\xa3\x72\x16\x49\xeb\x09\xb6\xa8\xdd\xb4\xd2\x47\x91\x0e\x0d\xf9\xd9\xd5\xa9\x8b\xb0\x87\x9d\x25\x79\xd4\x1a\x50\x60\x08\xf5\x09\x06\x39\x26\xe4\x40\xc2\xba\xc3\xc2"), +["\xe8\x3e\xd0\xda\x3e\xf5\x06\x35\x32\xe7\x57\x28\xbc\x89\x6b\xc9\x03\xd3\xcb\xd1\x11\x6b\xec\xeb\x69\xe1\x77\x7d\x6d\x06\xbd\x6e"] = CTInfo($description="Google 'Argon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/argon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd0\x90\x8f\x64\x52\x4e\x42\xac\x84\xb6\x2e\x4c\xf2\x3d\x77\x00\xb3\x77\x08\x05\x47\xaa\x45\x4c\xe3\x2c\x8e\x70\xa5\x82\xbb\x6c\xb2\x7b\x9c\x98\x7a\xa0\xe9\x11\x76\x28\x00\xb2\x20\xb4\xcd\xd3\x98\x7b\x4d\x96\x27\xe6\xb7\xee\x22\x6a\xd1\xb0\x2e\x91\x77\x78"), +["\xee\xcd\xd0\x64\xd5\xdb\x1a\xce\xc5\x5c\xb7\x9d\xb4\xcd\x13\xa2\x32\x87\x46\x7c\xbc\xec\xde\xc3\x51\x48\x59\x46\x71\x1f\xb5\x9b"] = CTInfo($description="Google 'Argon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/us1/argon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\xb9\x6c\xa9\xcb\x69\x94\xc5\x5c\xe6\xb6\xa6\x03\xbb\xd2\xb8\xdc\x54\x43\x17\x28\x99\x0c\x06\x01\x50\x1d\x9d\x64\xc0\x59\x46\x2b\xdc\xc8\x03\x1d\x05\xb4\x2d\xa8\x09\xf7\x99\x41\xed\x04\xfb\xe5\x57\xba\x26\x04\xf6\x11\x52\xce\x14\x65\x3b\x2f\x76\x2b\xc0"), +["\x46\xa5\x55\xeb\x75\xfa\x91\x20\x30\xb5\xa2\x89\x69\xf4\xf3\x7d\x11\x2c\x41\x74\xbe\xfd\x49\xb8\x85\xab\xf2\xfc\x70\xfe\x6d\x47"] = CTInfo($description="Google 'Xenon2022' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf9\x64\xbd\x15\x2c\x40\x62\x50\x95\x13\x38\x3c\xc7\x21\xb0\x3a\xb9\x8f\xa2\x7a\x15\xd7\x89\xd6\x8e\x31\x13\x00\x87\x59\xbc\xbb\xee\x90\xfc\xc8\x58\x13\x0a\xbf\xab\x43\x36\x54\x23\xa4\x81\xcd\xad\x47\x14\xb7\x58\xa0\x44\xfa\x6a\xa0\xa0\xd7\xc3\x63\x1e\x2b"), +["\xad\xf7\xbe\xfa\x7c\xff\x10\xc8\x8b\x9d\x3d\x9c\x1e\x3e\x18\x6a\xb4\x67\x29\x5d\xcf\xb1\x0c\x24\xca\x85\x86\x34\xeb\xdc\x82\x8a"] = CTInfo($description="Google 'Xenon2023' log", $operator="Google", $url="https://ct.googleapis.com/logs/xenon2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x72\x16\x3e\x0b\xef\xef\xce\x3e\x60\xdd\x95\xcb\x63\x7a\xb9\xa9\x8d\x4a\x6f\x6c\xdc\x61\x80\xa6\x45\x5e\x2f\x83\xac\x94\xf3\x85\x88\xd0\xa5\x74\xd0\x7b\x8e\xff\xc5\xee\x42\xa2\xf0\x2d\x93\xe3\xc2\xd0\xb2\x99\xe2\xe1\x42\xe9\xd2\xc6\x00\x27\x69\x74\xae\xce"), +["\x76\xff\x88\x3f\x0a\xb6\xfb\x95\x51\xc2\x61\xcc\xf5\x87\xba\x34\xb4\xa4\xcd\xbb\x29\xdc\x68\x42\x0a\x9f\xe6\x67\x4c\x5a\x3a\x74"] = CTInfo($description="Google 'Xenon2024' log", $operator="Google", $url="https://ct.googleapis.com/logs/eu1/xenon2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb9\x60\xe0\x34\x1e\x35\xe4\x65\x00\x93\x4f\x90\x09\xbd\x5a\xec\x44\xdd\x8c\x0f\xce\xed\x11\x3e\x2a\x59\x46\x9a\x31\xb6\xc7\x99\xf7\xdc\xef\x3d\xcd\x8f\x86\xc2\x35\xa5\x3e\xdc\x29\xba\xbb\xf2\x54\xe2\xa8\x0c\x83\x08\x51\x06\xde\x21\x6d\x36\x50\x8e\x38\x4d"), +["\x29\x3c\x51\x96\x54\xc8\x39\x65\xba\xaa\x50\xfc\x58\x07\xd4\xb7\x6f\xbf\x58\x7a\x29\x72\xdc\xa4\xc3\x0c\xf4\xe5\x45\x47\xf4\x78"] = CTInfo($description="Google 'Icarus' log", $operator="Google", $url="https://ct.googleapis.com/icarus/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x4e\xd2\xbc\xbf\xb3\x08\x0a\xf7\xb9\xea\xa4\xc7\x1c\x38\x61\x04\xeb\x95\xe0\x89\x54\x68\x44\xb1\x66\xbc\x82\x7e\x4f\x50\x6c\x6f\x5c\xa3\xf0\xaa\x3e\xf4\xec\x80\xf0\xdb\x0a\x9a\x7a\xa0\x5b\x72\x00\x7c\x25\x0e\x19\xef\xaf\xb2\x62\x8d\x74\x43\xf4\x26\xf6\x14"), +["\xa4\xb9\x09\x90\xb4\x18\x58\x14\x87\xbb\x13\xa2\xcc\x67\x70\x0a\x3c\x35\x98\x04\xf9\x1b\xdf\xb8\xe3\x77\xcd\x0e\xc8\x0d\xdc\x10"] = CTInfo($description="Google 'Pilot' log", $operator="Google", $url="https://ct.googleapis.com/pilot/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\xa8\x4b\x12\x29\x80\xa3\x3d\xad\xd3\x5a\x77\xb8\xcc\xe2\x88\xb3\xa5\xfd\xf1\xd3\x0c\xcd\x18\x0c\xe8\x41\x46\xe8\x81\x01\x1b\x15\xe1\x4b\xf1\x1b\x62\xdd\x36\x0a\x08\x18\xba\xed\x0b\x35\x84\xd0\x9e\x40\x3c\x2d\x9e\x9b\x82\x65\xbd\x1f\x04\x10\x41\x4c\xa0"), +["\xee\x4b\xbd\xb7\x75\xce\x60\xba\xe1\x42\x69\x1f\xab\xe1\x9e\x66\xa3\x0f\x7e\x5f\xb0\x72\xd8\x83\x00\xc4\x7b\x89\x7a\xa8\xfd\xcb"] = CTInfo($description="Google 'Rocketeer' log", $operator="Google", $url="https://ct.googleapis.com/rocketeer/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x20\x5b\x18\xc8\x3c\xc1\x8b\xb3\x31\x08\x00\xbf\xa0\x90\x57\x2b\xb7\x47\x8c\x6f\xb5\x68\xb0\x8e\x90\x78\xe9\xa0\x73\xea\x4f\x28\x21\x2e\x9c\xc0\xf4\x16\x1b\xaa\xf9\xd5\xd7\xa9\x80\xc3\x4e\x2f\x52\x3c\x98\x01\x25\x46\x24\x25\x28\x23\x77\x2d\x05\xc2\x40\x7a"), +["\xbb\xd9\xdf\xbc\x1f\x8a\x71\xb5\x93\x94\x23\x97\xaa\x92\x7b\x47\x38\x57\x95\x0a\xab\x52\xe8\x1a\x90\x96\x64\x36\x8e\x1e\xd1\x85"] = CTInfo($description="Google 'Skydiver' log", $operator="Google", $url="https://ct.googleapis.com/skydiver/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x12\x6c\x86\x0e\xf6\x17\xb1\x12\x6c\x37\x25\xd2\xad\x87\x3d\x0e\x31\xec\x21\xad\xb1\xcd\xbe\x14\x47\xb6\x71\x56\x85\x7a\x9a\xb7\x3d\x89\x90\x7b\xc6\x32\x3a\xf8\xda\xce\x8b\x01\xfe\x3f\xfc\x71\x91\x19\x8e\x14\x6e\x89\x7a\x5d\xb4\xab\x7e\xe1\x4e\x1e\x7c\xac"), +["\x41\xc8\xca\xb1\xdf\x22\x46\x4a\x10\xc6\xa1\x3a\x09\x42\x87\x5e\x4e\x31\x8b\x1b\x03\xeb\xeb\x4b\xc7\x68\xf0\x90\x62\x96\x06\xf6"] = CTInfo($description="Cloudflare 'Nimbus2022' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x48\xb2\x47\x4e\x50\x32\x72\x62\x4a\x0d\x0c\x48\xbf\xad\x29\x64\x6f\x20\xdf\x79\x52\x63\x16\x29\x0a\x2e\x60\xb5\xe2\x3a\x1c\xb7\xaf\x59\xb1\x55\x09\xdb\x59\xc7\xe9\xbd\x6f\xed\x0b\xaf\x05\x96\x97\xff\x3b\x9a\x43\x4d\xeb\x11\x34\x33\x8a\xe7\xac\x83\xc0\xff"), +["\x7a\x32\x8c\x54\xd8\xb7\x2d\xb6\x20\xea\x38\xe0\x52\x1e\xe9\x84\x16\x70\x32\x13\x85\x4d\x3b\xd2\x2b\xc1\x3a\x57\xa3\x52\xeb\x52"] = CTInfo($description="Cloudflare 'Nimbus2023' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8b\xff\x2d\x92\x18\xcb\x46\x9d\x12\x5e\xb9\x59\x75\x3c\xcd\x91\x37\x7a\x1e\xa9\x9c\x99\x78\x83\x27\x3d\xdf\x01\xd5\x8b\x80\xe8\x63\x9a\xfe\x26\xa2\x1b\xd1\x87\x05\xee\x97\xd6\xe0\x5b\x43\x83\x81\x1c\x02\xf5\x41\x80\x80\x7f\xef\xa4\x61\xcf\xbc\x84\xb5\xa8"), +["\xda\xb6\xbf\x6b\x3f\xb5\xb6\x22\x9f\x9b\xc2\xbb\x5c\x6b\xe8\x70\x91\x71\x6c\xbb\x51\x84\x85\x34\xbd\xa4\x3d\x30\x48\xd7\xfb\xab"] = CTInfo($description="Cloudflare 'Nimbus2024' Log", $operator="Cloudflare", $url="https://ct.cloudflare.com/logs/nimbus2024/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x77\xb1\x9b\x7b\x8f\xe6\x8b\x35\xfe\x3a\x92\x29\x2d\xac\x8a\x8d\x51\x8a\x25\xfc\x93\xb6\xd7\xa0\x8b\x29\x37\x71\x1d\x33\xca\xcc\x33\xea\x28\xb9\x1f\xe2\xac\xc3\xa9\x5d\xdd\x97\xbe\xf6\x9e\x94\x25\xdd\x36\x81\xd1\xeb\x5d\x29\xc3\x2b\x44\xf1\x5b\xca\x15\x48"), +["\x56\x14\x06\x9a\x2f\xd7\xc2\xec\xd3\xf5\xe1\xbd\x44\xb2\x3e\xc7\x46\x76\xb9\xbc\x99\x11\x5c\xc0\xef\x94\x98\x55\xd6\x89\xd0\xdd"] = CTInfo($description="DigiCert Log Server", $operator="DigiCert", $url="https://ct1.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x02\x46\xc5\xbe\x1b\xbb\x82\x40\x16\xe8\xc1\xd2\xac\x19\x69\x13\x59\xf8\xf8\x70\x85\x46\x40\xb9\x38\xb0\x23\x82\xa8\x64\x4c\x7f\xbf\xbb\x34\x9f\x4a\x5f\x28\x8a\xcf\x19\xc4\x00\xf6\x36\x06\x93\x65\xed\x4c\xf5\xa9\x21\x62\x5a\xd8\x91\xeb\x38\x24\x40\xac\xe8"), +["\x87\x75\xbf\xe7\x59\x7c\xf8\x8c\x43\x99\x5f\xbd\xf3\x6e\xff\x56\x8d\x47\x56\x36\xff\x4a\xb5\x60\xc1\xb4\xea\xff\x5e\xa0\x83\x0f"] = CTInfo($description="DigiCert Log Server 2", $operator="DigiCert", $url="https://ct2.digicert-ct.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xcc\x5d\x39\x2f\x66\xb8\x4c\x7f\xc1\x2e\x03\xa1\x34\xa3\xe8\x8a\x86\x02\xae\x4a\x11\xc6\xf7\x26\x6a\x37\x9b\xf0\x38\xf8\x5d\x09\x8d\x63\xe8\x31\x6b\x86\x66\xcf\x79\xb3\x25\x3c\x1e\xdf\x78\xb4\xa8\xc5\x69\xfa\xb7\xf0\x82\x79\x62\x43\xf6\xcc\xfe\x81\x66\x84"), +["\x22\x45\x45\x07\x59\x55\x24\x56\x96\x3f\xa1\x2f\xf1\xf7\x6d\x86\xe0\x23\x26\x63\xad\xc0\x4b\x7f\x5d\xc6\x83\x5c\x6e\xe2\x0f\x02"] = CTInfo($description="DigiCert Yeti2022 Log", $operator="DigiCert", $url="https://yeti2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x9f\xf8\xd8\x1d\xde\xfb\x5b\x51\xb5\xfb\x5d\xf5\xb5\xde\x66\x11\xb0\x9d\x5f\xfd\x6f\xfc\xa8\x98\x5b\x98\x4f\x2d\xc3\x91\x3a\xfb\xfe\xc4\x0f\x0d\xc3\x60\x43\x8c\x1e\xf2\xf9\x11\xb2\xba\xd0\xf6\xbc\xa5\xd2\xb6\x9f\xf9\x5c\x87\xa2\x7d\xfc\xd4\x7d\xd6\x13\x26"), +["\x35\xcf\x19\x1b\xbf\xb1\x6c\x57\xbf\x0f\xad\x4c\x6d\x42\xcb\xbb\xb6\x27\x20\x26\x51\xea\x3f\xe1\x2a\xef\xa8\x03\xc3\x3b\xd6\x4c"] = CTInfo($description="DigiCert Yeti2023 Log", $operator="DigiCert", $url="https://yeti2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x7d\x0d\x03\xb1\xd5\x98\x8a\xdc\xf0\x15\x3b\xc6\xdc\x5e\x0d\x6e\x3f\x0d\xbf\x95\xc8\x55\x8c\xd0\xa6\x4c\x96\xb1\x4e\x27\xb9\x26\x25\x99\xcc\x2b\x02\x9e\xa6\xd3\xdd\x9f\xb1\xd5\xc4\xc3\xac\x35\x04\x07\x87\x97\x36\xaa\xad\x28\x0d\x7f\x2b\xd9\x68\x9f\x72\xd1"), +["\x48\xb0\xe3\x6b\xda\xa6\x47\x34\x0f\xe5\x6a\x02\xfa\x9d\x30\xeb\x1c\x52\x01\xcb\x56\xdd\x2c\x81\xd9\xbb\xbf\xab\x39\xd8\x84\x73"] = CTInfo($description="DigiCert Yeti2024 Log", $operator="DigiCert", $url="https://yeti2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x57\xb8\xc1\x6f\x30\xa4\x7f\x2e\xe4\xf0\xd0\xd9\x60\x62\x13\x95\xe3\x7a\xe3\x4e\x53\xc3\xb3\xb8\x73\x85\xc1\x18\x0d\x23\x0e\x58\x84\xd2\x78\xef\x9b\xb3\x1e\x2c\x1a\xde\xc1\x8f\x81\x1b\x19\x44\x58\xb7\x00\x77\x60\x20\x1a\x72\xd8\x82\xde\xae\x9e\xb1\xc6\x4b"), +["\x7d\x59\x1e\x12\xe1\x78\x2a\x7b\x1c\x61\x67\x7c\x5e\xfd\xf8\xd0\x87\x5c\x14\xa0\x4e\x95\x9e\xb9\x03\x2f\xd9\x0e\x8c\x2e\x79\xb8"] = CTInfo($description="DigiCert Yeti2025 Log", $operator="DigiCert", $url="https://yeti2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xdf\x95\x00\x5e\x10\xc1\x01\xf7\x37\xe3\x10\x74\xd1\xff\xb2\xca\x90\xed\x32\x99\x5f\x0c\x39\xfe\xa1\xd1\x13\x11\xac\xd1\xb3\x73\x93\x20\xc2\x13\x3c\x4c\xb5\x7a\x52\x86\x86\x3d\xe3\x95\x24\x7c\xd8\x91\x98\x48\x3b\xf0\xf0\xdf\x21\xf1\xb0\x81\x5a\x59\x25\x43"), +["\x51\xa3\xb0\xf5\xfd\x01\x79\x9c\x56\x6d\xb8\x37\x78\x8f\x0c\xa4\x7a\xcc\x1b\x27\xcb\xf7\x9e\x88\x42\x9a\x0d\xfe\xd4\x8b\x05\xe5"] = CTInfo($description="DigiCert Nessie2022 Log", $operator="DigiCert", $url="https://nessie2022.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x27\x24\xdd\x68\x03\x28\xcb\xfe\x63\xbe\x0e\x11\x47\x4d\x7d\x17\x68\xa1\x11\x5d\x4c\x71\xc9\x41\x28\xc7\xb6\xa2\x4b\x97\xec\xc0\xaf\xfc\x2f\x3b\xbf\xe9\xf1\xb1\xfc\xf5\x01\xff\xa9\xfb\x49\x40\x0c\x63\x24\x98\xd7\x79\x2e\xa6\x55\xab\x16\xc6\xbe\x51\xd8\x71"), +["\xb3\x73\x77\x07\xe1\x84\x50\xf8\x63\x86\xd6\x05\xa9\xdc\x11\x09\x4a\x79\x2d\xb1\x67\x0c\x0b\x87\xdc\xf0\x03\x0e\x79\x36\xa5\x9a"] = CTInfo($description="DigiCert Nessie2023 Log", $operator="DigiCert", $url="https://nessie2023.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x11\x7b\xbc\x89\x0c\x12\x09\x14\x9f\xd8\x26\xc8\x4c\x6a\x54\xa4\x1b\x45\x56\xdf\x3e\x23\x42\x14\xd1\xdd\x42\xdf\xa2\xdf\x7b\x5f\x9f\x6f\x07\x5a\x23\x46\x79\x16\x4b\x5f\x33\x67\xc1\xa0\x8d\x5b\x5c\x17\x75\xf2\x4d\xa0\x80\xa1\x98\x1a\x07\x59\x06\x02\xca\x4e"), +["\x73\xd9\x9e\x89\x1b\x4c\x96\x78\xa0\x20\x7d\x47\x9d\xe6\xb2\xc6\x1c\xd0\x51\x5e\x71\x19\x2a\x8c\x6b\x80\x10\x7a\xc1\x77\x72\xb5"] = CTInfo($description="DigiCert Nessie2024 Log", $operator="DigiCert", $url="https://nessie2024.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x2d\xfc\xa2\x7b\x36\xbf\x56\x91\xe9\xfe\x3f\xe8\x3d\xfc\xc3\xa7\xe0\x61\x52\xea\x2c\xe9\x05\xa3\x9f\x27\x17\x81\x05\x70\x6b\x81\x61\x44\x8a\xf8\x3b\x10\x80\x42\xed\x03\x2f\x00\x50\x21\xfc\x41\x54\x84\xa3\x54\xd5\x2e\xb2\x7a\x16\x4b\x2a\x1f\x2b\x66\x04\x2b"), +["\xe6\xd2\x31\x63\x40\x77\x8c\xc1\x10\x41\x06\xd7\x71\xb9\xce\xc1\xd2\x40\xf6\x96\x84\x86\xfb\xba\x87\x32\x1d\xfd\x1e\x37\x8e\x50"] = CTInfo($description="DigiCert Nessie2025 Log", $operator="DigiCert", $url="https://nessie2025.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\xf0\xf0\xa7\x8b\x81\x2e\x09\x39\x3b\x9f\x42\xda\x38\x44\x5f\xb4\xcc\xed\x36\xbb\xd8\x43\x7f\x16\x49\x57\x87\x04\x7f\xa5\x01\x34\xf7\xe8\x68\x3f\xb7\x78\x1f\x60\x66\x2d\x67\x9a\x75\x80\xb7\x53\xa7\x85\xd5\xbc\xab\x47\x06\x55\xdb\xb5\xdf\x88\xa1\x6f\x38"), +["\x05\x9c\x01\xd3\x20\xe0\x07\x84\x13\x95\x80\x49\x8d\x11\x7c\x90\x32\x66\xaf\xaf\x72\x50\xb5\xaf\x3b\x46\xa4\x3e\x11\x84\x0d\x4a"] = CTInfo($description="DigiCert Yeti2022-2 Log", $operator="DigiCert", $url="https://yeti2022-2.ct.digicert.com/log/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x1d\x69\x5e\x3f\x0a\xf2\x71\x77\xcd\x9d\x5d\xc3\x34\x49\x00\xee\x60\x77\xe1\x72\x76\x74\xa8\x7c\x5c\x7d\x09\xf2\x32\x1d\x05\x7e\x2e\xfe\x5b\x31\xd5\x3a\xfd\x73\x34\x6e\x49\x14\x4e\x50\x58\x96\x5a\xc4\xc7\xf4\xbe\x05\x64\xa4\xf7\xd7\xe5\xb1\x6d\x33\x0c\xc3"), +["\x55\x81\xd4\xc2\x16\x90\x36\x01\x4a\xea\x0b\x9b\x57\x3c\x53\xf0\xc0\xe4\x38\x78\x70\x25\x08\x17\x2f\xa3\xaa\x1d\x07\x13\xd3\x0c"] = CTInfo($description="Sectigo 'Sabre' CT log", $operator="Sectigo", $url="https://sabre.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xf2\x6f\xd2\x89\x0f\x3f\xc5\xf8\x87\x1e\xab\x65\xb3\xd9\xbb\x17\x23\x8c\x06\x0e\x09\x55\x96\x3d\x0a\x08\xa2\xc5\x71\xb3\xd1\xa9\x2f\x28\x3e\x83\x10\xbf\x12\xd0\x44\x66\x15\xef\x54\xe1\x98\x80\xd0\xce\x24\x6d\x3e\x67\x9a\xe9\x37\x23\xce\x52\x93\x86\xda\x80"), +["\x6f\x53\x76\xac\x31\xf0\x31\x19\xd8\x99\x00\xa4\x51\x15\xff\x77\x15\x1c\x11\xd9\x02\xc1\x00\x29\x06\x8d\xb2\x08\x9a\x37\xd9\x13"] = CTInfo($description="Sectigo 'Mammoth' CT log", $operator="Sectigo", $url="https://mammoth.ct.comodo.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xef\xe4\x7d\x74\x2e\x15\x15\xb6\xe9\xbb\x23\x8b\xfb\x2c\xb5\xe1\xc7\x80\x98\x47\xfb\x40\x69\x68\xfc\x49\xad\x61\x4e\x83\x47\x3c\x1a\xb7\x8d\xdf\xff\x7b\x30\xb4\xba\xff\x2f\xcb\xa0\x14\xe3\xad\xd5\x85\x3f\x44\x59\x8c\x8c\x60\x8b\xd7\xb8\xb1\xbf\xae\x8c\x67"), +["\xdf\xa5\x5e\xab\x68\x82\x4f\x1f\x6c\xad\xee\xb8\x5f\x4e\x3e\x5a\xea\xcd\xa2\x12\xa4\x6a\x5e\x8e\x3b\x12\xc0\x20\x44\x5c\x2a\x73"] = CTInfo($description="Let's Encrypt 'Oak2022' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x86\x3c\xb1\x0d\x52\x23\x5a\xde\x6e\xf6\xc0\x7f\xa3\x64\xbc\xad\xc1\x89\xda\x97\x59\x4c\x60\x3c\xf8\x8a\x57\x84\x8f\xed\xbc\xa0\x63\x12\x51\x84\xe6\xbd\xdd\x7b\x8c\x80\x7d\xe3\x8f\x86\xa4\xea\xa9\xcf\xa8\xee\xf3\xe0\x5e\x70\xe0\xbb\xf6\xbd\xfc\x1f\x91\x2e"), +["\xb7\x3e\xfb\x24\xdf\x9c\x4d\xba\x75\xf2\x39\xc5\xba\x58\xf4\x6c\x5d\xfc\x42\xcf\x7a\x9f\x35\xc4\x9e\x1d\x09\x81\x25\xed\xb4\x99"] = CTInfo($description="Let's Encrypt 'Oak2023' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xb3\x3d\x0e\x78\xbe\xe3\xad\x5c\x44\x5c\x9b\xbe\xa3\x84\x16\x41\x82\xca\xca\x89\x17\x1e\x23\xce\x38\xa5\x54\x2f\x7f\xd3\x34\x51\x6a\xb9\x5c\xc3\x49\xea\xfb\x91\x9d\xe0\x8a\x3c\x73\x06\x9f\x7c\x65\x38\x11\x80\xc4\x9a\x5a\x00\xa6\x67\xc3\x83\xef\x89\x85\x51"), +["\x3b\x53\x77\x75\x3e\x2d\xb9\x80\x4e\x8b\x30\x5b\x06\xfe\x40\x3b\x67\xd8\x4f\xc3\xf4\xc7\xbd\x00\x0d\x2d\x72\x6f\xe1\xfa\xd4\x17"] = CTInfo($description="Let's Encrypt 'Oak2024H1' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h1/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x56\x43\xd7\x7e\x7b\xd4\x72\xb7\xba\xa9\x51\xbd\x36\x93\xb7\xe9\xb5\x92\x0f\xea\x5e\xb7\x45\xa3\x92\xfd\xc9\xa5\x3c\x80\xac\x1a\x20\xef\x25\x2f\xb8\xe1\x20\xf7\xa8\x3a\x2e\x07\x8d\xe6\xeb\xa4\xe2\x7d\x24\x63\x9f\x46\xbf\x94\x73\x52\x8d\x96\xae\xa9\x26\xfd"), +["\x3f\x17\x4b\x4f\xd7\x22\x47\x58\x94\x1d\x65\x1c\x84\xbe\x0d\x12\xed\x90\x37\x7f\x1f\x85\x6a\xeb\xc1\xbf\x28\x85\xec\xf8\x64\x6e"] = CTInfo($description="Let's Encrypt 'Oak2024H2' log", $operator="Let's Encrypt", $url="https://oak.ct.letsencrypt.org/2024h2/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\x73\xd6\x53\x47\xe9\xf3\xc9\xd5\x7c\x16\xc2\xd6\x8f\x70\x65\xfa\xf2\x51\x36\xa9\x13\x80\x2f\xed\xf9\x94\xd3\x5a\x8b\xe8\x4f\x33\xcf\xc3\xd3\x89\xd4\x5f\x5a\x66\x89\xba\x20\x1f\x71\xcb\xca\xbb\x9f\x9f\xf3\x5c\x2d\x1e\xa3\x81\x59\xaf\x92\xb3\x6d\x30\x68"), +["\xc3\x65\xf9\xb3\x65\x4f\x32\x83\xc7\x9d\xa9\x8e\x93\xd7\x41\x8f\x5b\xab\x7b\xe3\x25\x2c\x98\xe1\xd2\xf0\x4b\xb9\xeb\x42\x7d\x23"] = CTInfo($description="Trust Asia Log2022", $operator="TrustAsia", $url="https://ct.trustasia.com/log2022/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xbb\x52\xf2\x16\xcf\x92\x0b\xce\x79\xe6\x54\x6d\xc2\x37\x53\xa4\xf5\xf9\x3a\xa9\xb3\x05\xec\x1d\xbd\x16\xec\x30\xac\x2e\xf8\x79\x62\x35\x15\x8e\x1a\xd8\x16\x2e\xe4\x48\x6b\xf6\xc6\x13\xf1\x96\x2e\x5c\x10\xfe\x19\x1e\xa8\x18\xb8\x0f\x2d\xc3\xa4\x86\x51\x97"), +["\xe8\x7e\xa7\x66\x0b\xc2\x6c\xf6\x00\x2e\xf5\x72\x5d\x3f\xe0\xe3\x31\xb9\x39\x3b\xb9\x2f\xbf\x58\xeb\x3b\x90\x49\xda\xf5\x43\x5a"] = CTInfo($description="Trust Asia Log2023", $operator="TrustAsia", $url="https://ct.trustasia.com/log2023/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xa4\x11\x52\xdb\x17\x41\x4e\x90\xd4\x56\x51\x12\x30\x52\xf8\x9b\x03\xcf\x4c\x9f\xf8\x2e\x38\xb5\xf1\x5a\xba\xfa\x38\xb9\xd2\x8f\x1a\x81\xda\x95\xcc\x33\xec\x21\x28\x66\xc6\x56\x3e\x60\x36\x21\x20\xd9\xd4\xac\x5d\xfa\x5c\x19\xa1\x05\x7d\xfe\x20\x23\xfc\xf5"), }; diff --git a/src/3rdparty b/src/3rdparty index 76eb27d2f5..3ce86be0c0 160000 --- a/src/3rdparty +++ b/src/3rdparty @@ -1 +1 @@ -Subproject commit 76eb27d2f5bea28e8e60ed0a4a29fc1ec2ec6b4e +Subproject commit 3ce86be0c0588fbe26178d1da9683ff75cb5e982 diff --git a/src/Dict.cc b/src/Dict.cc index 8fc2bede4f..a1540787dd 100644 --- a/src/Dict.cc +++ b/src/Dict.cc @@ -246,6 +246,96 @@ TEST_CASE("dict robust iteration") delete key3; } +TEST_CASE("dict ordered iteration") + { + PDict dict(DictOrder::ORDERED); + + // These key values are specifically contrived to be inserted + // into the dictionary in a different order by default. + uint32_t val = 15; + uint32_t key_val = 5; + auto key = std::make_unique(key_val); + + uint32_t val2 = 10; + uint32_t key_val2 = 25; + auto key2 = std::make_unique(key_val2); + + uint32_t val3 = 30; + uint32_t key_val3 = 45; + auto key3 = std::make_unique(key_val3); + + uint32_t val4 = 20; + uint32_t key_val4 = 35; + auto key4 = std::make_unique(key_val4); + + // Only insert the first three to start with so we can test the order + // being the same after a later insertion. + dict.Insert(key.get(), &val); + dict.Insert(key2.get(), &val2); + dict.Insert(key3.get(), &val3); + + int count = 0; + + for ( const auto& entry : dict ) + { + auto* v = static_cast(entry.value); + uint32_t k = *(uint32_t*)entry.GetKey(); + + // The keys should be returned in the same order we inserted + // them, which is 5, 25, 45. + if ( count == 0 ) + CHECK(k == 5); + else if ( count == 1 ) + CHECK(k == 25); + else if ( count == 2 ) + CHECK(k == 45); + + count++; + } + + dict.Insert(key4.get(), &val4); + count = 0; + + for ( const auto& entry : dict ) + { + auto* v = static_cast(entry.value); + uint32_t k = *(uint32_t*)entry.GetKey(); + + // The keys should be returned in the same order we inserted + // them, which is 5, 25, 45, 35. + if ( count == 0 ) + CHECK(k == 5); + else if ( count == 1 ) + CHECK(k == 25); + else if ( count == 2 ) + CHECK(k == 45); + else if ( count == 3 ) + CHECK(k == 35); + + count++; + } + + dict.Remove(key2.get()); + count = 0; + + for ( const auto& entry : dict ) + { + auto* v = static_cast(entry.value); + uint32_t k = *(uint32_t*)entry.GetKey(); + + // The keys should be returned in the same order we inserted + // them, which is 5, 45, 35. + if ( count == 0 ) + CHECK(k == 5); + else if ( count == 1 ) + CHECK(k == 45); + else if ( count == 2 ) + CHECK(k == 35); + + count++; + } + } + class DictTestDummy { public: diff --git a/src/Dict.h b/src/Dict.h index 88e7afecde..04c95b510d 100644 --- a/src/Dict.h +++ b/src/Dict.h @@ -174,6 +174,8 @@ public: bool operator!=(const DictEntry& r) const { return ! Equal(r.GetKey(), r.key_size, r.hash); } }; +using DictEntryVec = std::vector; + } // namespace detail template class DictIterator @@ -209,6 +211,8 @@ public: dict = that.dict; curr = that.curr; end = that.end; + ordered_iter = that.ordered_iter; + dict->IncrIters(); } @@ -226,6 +230,8 @@ public: dict = that.dict; curr = that.curr; end = that.end; + ordered_iter = that.ordered_iter; + dict->IncrIters(); return *this; @@ -245,6 +251,7 @@ public: dict = that.dict; curr = that.curr; end = that.end; + ordered_iter = that.ordered_iter; that.dict = nullptr; } @@ -263,25 +270,64 @@ public: dict = that.dict; curr = that.curr; end = that.end; + ordered_iter = that.ordered_iter; that.dict = nullptr; return *this; } - reference operator*() { return *curr; } - reference operator*() const { return *curr; } - pointer operator->() { return curr; } - pointer operator->() const { return curr; } + reference operator*() + { + if ( dict->IsOrdered() ) + { + // TODO: how does this work if ordered_iter == end(). LookupEntry will return a nullptr, + // which the dereference will fail on. That's undefined behavior, correct? Is that any + // different than if the unordered version returns a dereference of it's end? + auto e = dict->LookupEntry(*ordered_iter); + return *e; + } + + return *curr; + } + reference operator*() const + { + if ( dict->IsOrdered() ) + { + auto e = dict->LookupEntry(*ordered_iter); + return *e; + } + + return *curr; + } + pointer operator->() + { + if ( dict->IsOrdered() ) + return dict->LookupEntry(*ordered_iter); + + return curr; + } + pointer operator->() const + { + if ( dict->IsOrdered() ) + return dict->LookupEntry(*ordered_iter); + + return curr; + } DictIterator& operator++() { - // The non-robust case is easy. Just advanced the current position forward until you find - // one isn't empty and isn't the end. - do + if ( dict->IsOrdered() ) + ++ordered_iter; + else { - ++curr; - } while ( curr != end && curr->Empty() ); + // The non-robust case is easy. Just advance the current position forward until you + // find one isn't empty and isn't the end. + do + { + ++curr; + } while ( curr != end && curr->Empty() ); + } return *this; } @@ -293,7 +339,17 @@ public: return temp; } - bool operator==(const DictIterator& that) const { return curr == that.curr; } + bool operator==(const DictIterator& that) const + { + if ( dict != that.dict ) + return false; + + if ( dict->IsOrdered() ) + return ordered_iter == that.ordered_iter; + + return curr == that.curr; + } + bool operator!=(const DictIterator& that) const { return ! (*this == that); } private: @@ -302,10 +358,21 @@ private: DictIterator(const Dictionary* d, detail::DictEntry* begin, detail::DictEntry* end) : curr(begin), end(end) { + // Cast away the constness so that the number of iterators can be modified in the + // dictionary. This does violate the constness guarantees of const-begin()/end() and + // cbegin()/cend(), but we're not modifying the actual data in the collection, just a + // counter in the wrapper of the collection. + dict = const_cast*>(d); + // Make sure that we're starting on a non-empty element. while ( curr != end && curr->Empty() ) ++curr; + dict->IncrIters(); + } + + DictIterator(const Dictionary* d, detail::DictEntryVec::iterator iter) : ordered_iter(iter) + { // Cast away the constness so that the number of iterators can be modified in the // dictionary. This does violate the constness guarantees of const-begin()/end() and // cbegin()/cend(), but we're not modifying the actual data in the collection, just a @@ -317,6 +384,7 @@ private: Dictionary* dict = nullptr; detail::DictEntry* curr = nullptr; detail::DictEntry* end = nullptr; + detail::DictEntryVec::iterator ordered_iter; }; template class RobustDictIterator @@ -473,7 +541,7 @@ public: } if ( ordering == ORDERED ) - order = new std::vector>; + order = std::make_unique>(); } ~Dictionary() { Clear(); } @@ -490,12 +558,10 @@ public: T* Lookup(const void* key, int key_size, detail::hash_t h) const { - // Look up possibly modifies the entry. Why? if the entry is found but not positioned - // according to the current dict (so it's before SizeUp), it will be moved to the right - // position so next lookup is fast. - Dictionary* d = const_cast(this); - int position = d->LookupIndex(key, key_size, h); - return position >= 0 ? table[position].value : nullptr; + if ( auto e = LookupEntry(key, key_size, h) ) + return e->value; + + return nullptr; } T* Lookup(const char* key) const @@ -541,13 +607,6 @@ public: if ( ! copy_key ) delete[](char*) key; - if ( order ) - { // set new v to order too. - auto it = std::find(order->begin(), order->end(), table[position]); - ASSERT(it != order->end()); - it->value = val; - } - if ( iterators && ! iterators->empty() ) // need to set new v for iterators too. for ( auto c : *iterators ) @@ -575,12 +634,15 @@ public: "Dictionary::Insert() possibly caused iterator invalidation"); } + // Do this before the actual insertion since creating the DictEntry is going to delete + // the key data. We need a copy of it first. + if ( order ) + order->emplace_back(detail::HashKey{key, static_cast(key_size), hash}); + // Allocate memory for key if necesary. Key is updated to reflect internal key if // necessary. detail::DictEntry entry(key, key_size, hash, val, insert_distance, copy_key); InsertRelocateAndAdjust(entry, insert_position); - if ( order ) - order->push_back(entry); num_entries++; cum_entries++; @@ -651,7 +713,16 @@ public: ASSERT(num_entries >= 0); // e is about to be invalid. remove it from all references. if ( order ) - order->erase(std::remove(order->begin(), order->end(), entry), order->end()); + { + for ( auto it = order->begin(); it != order->end(); ++it ) + { + if ( it->Equal(key, key_size, hash) ) + { + it = order->erase(it); + break; + } + } + } T* v = entry.value; entry.Clear(); @@ -699,10 +770,13 @@ public: { if ( ! order || n < 0 || n >= Length() ) return nullptr; - detail::DictEntry entry = (*order)[n]; - key = entry.GetKey(); - key_size = entry.key_size; - return entry.value; + + auto& hk = order->at(n); + auto entry = Lookup(&hk); + + key = hk.Key(); + key_size = hk.Size(); + return entry; } T* NthEntry(int n, const char*& key) const @@ -731,10 +805,8 @@ public: } if ( order ) - { - delete order; - order = nullptr; - } + order.reset(); + if ( iterators ) { delete iterators; @@ -935,12 +1007,48 @@ public: using reverse_iterator = std::reverse_iterator; using const_reverse_iterator = std::reverse_iterator; - iterator begin() { return {this, table, table + Capacity()}; } - iterator end() { return {this, table + Capacity(), table + Capacity()}; } - const_iterator begin() const { return {this, table, table + Capacity()}; } - const_iterator end() const { return {this, table + Capacity(), table + Capacity()}; } - const_iterator cbegin() { return {this, table, table + Capacity()}; } - const_iterator cend() { return {this, table + Capacity(), table + Capacity()}; } + iterator begin() + { + if ( IsOrdered() ) + return {this, order->begin()}; + + return {this, table, table + Capacity()}; + } + iterator end() + { + if ( IsOrdered() ) + return {this, order->end()}; + + return {this, table + Capacity(), table + Capacity()}; + } + const_iterator begin() const + { + if ( IsOrdered() ) + return {this, order->begin()}; + + return {this, table, table + Capacity()}; + } + const_iterator end() const + { + if ( IsOrdered() ) + return {this, order->end()}; + + return {this, table + Capacity(), table + Capacity()}; + } + const_iterator cbegin() + { + if ( IsOrdered() ) + return {this, order->begin()}; + + return {this, table, table + Capacity()}; + } + const_iterator cend() + { + if ( IsOrdered() ) + return {this, order->end()}; + + return {this, table + Capacity(), table + Capacity()}; + } RobustDictIterator begin_robust() { return MakeRobustIterator(); } RobustDictIterator end_robust() { return RobustDictIterator(); } @@ -1424,6 +1532,35 @@ private: // previous log2_buckets. } + /** + * Retrieves a pointer to a full DictEntry in the table based on a hash key. + * + * @param key the key to lookup. + * @return A pointer to the entry or a nullptr if no entry has a matching key. + */ + detail::DictEntry* LookupEntry(const detail::HashKey& key) + { + return LookupEntry(key.Key(), key.Size(), key.Hash()); + } + + /** + * Retrieves a pointer to a full DictEntry in the table based on key data. + * + * @param key the key to lookup + * @param key_size the size of the key data + * @param h a hash of the key data. + * @return A pointer to the entry or a nullptr if no entry has a matching key. + */ + detail::DictEntry* LookupEntry(const void* key, int key_size, detail::hash_t h) const + { + // Look up possibly modifies the entry. Why? if the entry is found but not positioned + // according to the current dict (so it's before SizeUp), it will be moved to the right + // position so next lookup is fast. + Dictionary* d = const_cast(this); + int position = d->LookupIndex(key, key_size, h); + return position >= 0 ? &(table[position]) : nullptr; + } + bool HaveOnlyRobustIterators() const { return (num_iterators == 0) || ((iterators ? iterators->size() : 0) == num_iterators); @@ -1431,6 +1568,10 @@ private: RobustDictIterator MakeRobustIterator() { + if ( IsOrdered() ) + reporter->InternalError( + "RobustIterators are not currently supported for ordered dictionaries"); + if ( ! iterators ) iterators = new std::vector*>; @@ -1439,15 +1580,17 @@ private: detail::DictEntry GetNextRobustIteration(RobustDictIterator* iter) { - // If there are any inserted entries, return them first. - // That keeps the list small and helps avoiding searching - // a large list when deleting an entry. + // If there's no table in the dictionary, then the iterator needs to be + // cleaned up because it's not pointing at anything. if ( ! table ) { iter->Complete(); return detail::DictEntry(nullptr); // end of iteration } + // If there are any inserted entries, return them first. + // That keeps the list small and helps avoiding searching + // a large list when deleting an entry. if ( iter->inserted && ! iter->inserted->empty() ) { // Return the last one. Order doesn't matter, @@ -1457,6 +1600,7 @@ private: return e; } + // First iteration. if ( iter->next < 0 ) iter->next = Next(-1); @@ -1536,8 +1680,10 @@ private: detail::DictEntry* table = nullptr; std::vector*>* iterators = nullptr; - // Order means the order of insertion. means no deletion until exit. will be inefficient. - std::vector>* order = nullptr; + // Ordered dictionaries keep the order based on some criteria, by default the order of + // insertion. We only store a copy of the keys here for memory savings and for safety + // around reallocs and such. + std::unique_ptr order; }; template using PDict = Dictionary; diff --git a/src/Hash.cc b/src/Hash.cc index 9e07af5041..9229655800 100644 --- a/src/Hash.cc +++ b/src/Hash.cc @@ -8,6 +8,7 @@ #include #include +#include "zeek/3rdparty/doctest.h" #include "zeek/DebugLogger.h" #include "zeek/Desc.h" #include "zeek/Reporter.h" @@ -184,6 +185,29 @@ HashKey::HashKey(const void* arg_key, size_t arg_size, hash_t arg_hash, bool /* key = (char*)arg_key; } +HashKey::HashKey(const HashKey& other) : HashKey(other.key, other.size, other.hash) { } + +HashKey::HashKey(HashKey&& other) noexcept + { + hash = other.hash; + size = other.size; + write_size = other.write_size; + read_size = other.read_size; + + is_our_dynamic = other.is_our_dynamic; + key = other.key; + + other.size = 0; + other.is_our_dynamic = false; + other.key = nullptr; + } + +HashKey::~HashKey() + { + if ( is_our_dynamic ) + delete[] reinterpret_cast(key); + } + hash_t HashKey::Hash() const { if ( hash == 0 ) @@ -543,4 +567,115 @@ void HashKey::EnsureReadSpace(size_t n) const n, size - read_size); } +bool HashKey::operator==(const HashKey& other) const + { + // Quick exit for the same object. + if ( this == &other ) + return true; + + return Equal(other.key, other.size, other.hash); + } + +bool HashKey::operator!=(const HashKey& other) const + { + // Quick exit for different objects. + if ( this != &other ) + return true; + + return ! Equal(other.key, other.size, other.hash); + } + +bool HashKey::Equal(const void* other_key, size_t other_size, hash_t other_hash) const + { + // If the key memory is the same just return true. + if ( key == other_key && size == other_size ) + return true; + + // If either key is nullptr, return false. If they were both nullptr, it + // would have fallen in to the above block already. + if ( key == nullptr || other_key == nullptr ) + return false; + + return (hash == other_hash) && (size == other_size) && (memcmp(key, other_key, size) == 0); + } + +HashKey& HashKey::operator=(const HashKey& other) + { + if ( this == &other ) + return *this; + + if ( is_our_dynamic && IsAllocated() ) + delete[] key; + + hash = other.hash; + size = other.size; + is_our_dynamic = true; + write_size = other.write_size; + read_size = other.read_size; + + key = CopyKey(other.key, other.size); + + return *this; + } + +HashKey& HashKey::operator=(HashKey&& other) noexcept + { + if ( this == &other ) + return *this; + + hash = other.hash; + size = other.size; + write_size = other.write_size; + read_size = other.read_size; + + if ( is_our_dynamic && IsAllocated() ) + delete[] key; + + is_our_dynamic = other.is_our_dynamic; + key = other.key; + + other.size = 0; + other.is_our_dynamic = false; + other.key = nullptr; + + return *this; + } + +TEST_SUITE_BEGIN("Hash"); + +TEST_CASE("equality") + { + HashKey h1(12345); + HashKey h2(12345); + HashKey h3(67890); + + CHECK(h1 == h2); + CHECK(h1 != h3); + } + +TEST_CASE("copy assignment") + { + HashKey h1(12345); + HashKey h2 = h1; + HashKey h3{h1}; + + CHECK(h1 == h2); + CHECK(h1 == h3); + } + +TEST_CASE("move assignment") + { + HashKey h1(12345); + HashKey h2(12345); + HashKey h3(12345); + + HashKey h4 = std::move(h2); + HashKey h5{h3}; + + CHECK(h1 == h4); + CHECK(h1 == h5); + } + +TEST_SUITE_END(); + } // namespace zeek::detail diff --git a/src/Hash.h b/src/Hash.h index ad3e50245d..4f70ce1219 100644 --- a/src/Hash.h +++ b/src/Hash.h @@ -255,11 +255,14 @@ public: // function from the one above; its value is not used. HashKey(const void* key, size_t size, hash_t hash, bool dont_copy); - ~HashKey() - { - if ( is_our_dynamic ) - delete[](char*) key; - } + // Copy constructor. Always copies the key. + HashKey(const HashKey& other); + + // Move constructor. Takes ownership of the key. + HashKey(HashKey&& other) noexcept; + + // Destructor + ~HashKey(); // Hands over the key to the caller. This means that if the // key is our dynamic, we give it to the caller and mark it @@ -343,6 +346,17 @@ public: void Describe(ODesc* d) const; + bool operator==(const HashKey& other) const; + bool operator!=(const HashKey& other) const; + + bool Equal(const void* other_key, size_t other_size, hash_t other_hash) const; + + // Copy operator. Always copies the key. + HashKey& operator=(const HashKey& other); + + // Move operator. Takes ownership of the key. + HashKey& operator=(HashKey&& other) noexcept; + protected: char* CopyKey(const char* key, size_t size) const; diff --git a/src/ID.cc b/src/ID.cc index acd4597e80..2df52b2520 100644 --- a/src/ID.cc +++ b/src/ID.cc @@ -680,11 +680,6 @@ std::vector ID::GetOptionHandlers() const return v; } -void IDOptInfo::AddInitExpr(ExprPtr init_expr) - { - init_exprs.emplace_back(std::move(init_expr)); - } - } // namespace detail } // namespace zeek diff --git a/src/Scope.cc b/src/Scope.cc index 896d84707d..d4a2d5f1b5 100644 --- a/src/Scope.cc +++ b/src/Scope.cc @@ -190,6 +190,20 @@ ScopePtr pop_scope() return old_top; } +void merge_top_scope() + { + if ( scopes.size() < 2 ) + reporter->InternalError("scope merge underflow"); + + auto t = pop_scope(); + + for ( const auto& v : t->OrderedVars() ) + { + v->SetOffset(top_scope->Length()); + top_scope->Insert(v->Name(), v); + } + } + ScopePtr current_scope() { return top_scope; diff --git a/src/Scope.h b/src/Scope.h index 9b751d2003..dc890b342a 100644 --- a/src/Scope.h +++ b/src/Scope.h @@ -92,6 +92,11 @@ extern void push_existing_scope(ScopePtr scope); // Returns the one popped off. extern ScopePtr pop_scope(); + +// Merges the elements of the current scope with the one surrounding it, +// popping it in the process. +extern void merge_top_scope(); + extern ScopePtr current_scope(); extern ScopePtr global_scope(); diff --git a/src/Stmt.cc b/src/Stmt.cc index 0d6a6dfe10..6f49fc79ec 100644 --- a/src/Stmt.cc +++ b/src/Stmt.cc @@ -1893,7 +1893,7 @@ void WhenInfo::Build(StmtPtr ws) { if ( IsDeprecatedSemantics(ws) ) { - pop_scope(); + merge_top_scope(); return; } diff --git a/src/Type.cc b/src/Type.cc index 60eedfe24f..910453792a 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -278,6 +278,15 @@ detail::TraversalCode Type::Traverse(detail::TraversalCallback* cb) const HANDLE_TC_TYPE_POST(tc); } +void TypeList::CheckPure() + { + if ( pure_type ) + return; + + if ( ! types.empty() && AllMatch(types[0], false) ) + pure_type = types[0]; + } + bool TypeList::AllMatch(const Type* t, bool is_init) const { for ( const auto& type : types ) diff --git a/src/Type.h b/src/Type.h index 2b7f4d3a29..0e34e83c48 100644 --- a/src/Type.h +++ b/src/Type.h @@ -339,6 +339,10 @@ public: // is not pure or is empty. const TypePtr& GetPureType() const { return pure_type; } + // Retrospectively instantiates an underlying pure type, if in + // fact each element has the same type. + void CheckPure(); + // True if all of the types match t, false otherwise. If // is_init is true, then the matching is done in the context // of an initialization. diff --git a/src/Var.cc b/src/Var.cc index 9a3b9bd9ac..c4e13c7d74 100644 --- a/src/Var.cc +++ b/src/Var.cc @@ -17,6 +17,7 @@ #include "zeek/Traverse.h" #include "zeek/Val.h" #include "zeek/module_util.h" +#include "zeek/script_opt/IDOptInfo.h" #include "zeek/script_opt/StmtOptInfo.h" #include "zeek/script_opt/UsageAnalyzer.h" @@ -117,12 +118,12 @@ static bool add_prototype(const IDPtr& id, Type* t, std::vector* attrs, return true; } -static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init) +static ExprPtr initialize_var(const IDPtr& id, InitClass c, ExprPtr init) { if ( ! id->HasVal() ) { if ( c == INIT_REMOVE ) - return; + return nullptr; bool no_init = ! init; @@ -134,7 +135,7 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init) auto& t = id->GetType(); if ( ! IsAggr(t) ) - return; + return nullptr; ValPtr init_val; @@ -147,7 +148,7 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init) catch ( InterpreterException& ) { id->Error("initialization failed"); - return; + return nullptr; } } @@ -157,11 +158,11 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init) else if ( t->Tag() == TYPE_VECTOR ) init_val = make_intrusive(cast_intrusive(t)); - id->SetVal(init_val); - return; + init = make_intrusive(init_val); + c = INIT_FULL; } - if ( c == INIT_EXTRA ) + else if ( c == INIT_EXTRA ) c = INIT_FULL; } @@ -177,19 +178,12 @@ static void initialize_var(const IDPtr& id, InitClass c, ExprPtr init) assignment = make_intrusive(lhs, init); else // This can happen due to error propagation. - return; + return nullptr; if ( assignment->IsError() ) - return; + return nullptr; - try - { - (void)assignment->Eval(nullptr); - } - catch ( InterpreterException& ) - { - id->Error("initialization failed"); - } + return assignment; } static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init, @@ -347,11 +341,29 @@ static void make_var(const IDPtr& id, TypePtr t, InitClass c, ExprPtr init, if ( init && ((c == INIT_EXTRA && id->GetAttr(ATTR_ADD_FUNC)) || (c == INIT_REMOVE && id->GetAttr(ATTR_DEL_FUNC))) ) + { // Just apply the function. id->SetVal(init, c); + id->GetOptInfo()->AddInitExpr(init, c); + } else if ( dt != VAR_REDEF || init || ! attr ) - initialize_var(id, c, init); + { + auto init_expr = initialize_var(id, c, init); + if ( init_expr ) + { + id->GetOptInfo()->AddInitExpr(init_expr); + + try + { + (void)init_expr->Eval(nullptr); + } + catch ( InterpreterException& ) + { + id->Error("initialization failed"); + } + } + } } if ( dt == VAR_CONST ) diff --git a/src/packet_analysis/Analyzer.cc b/src/packet_analysis/Analyzer.cc index 0161b26ca5..afd21ec40f 100644 --- a/src/packet_analysis/Analyzer.cc +++ b/src/packet_analysis/Analyzer.cc @@ -107,6 +107,14 @@ bool Analyzer::ForwardPacket(size_t len, const uint8_t* data, Packet* packet, return false; } + if ( ! inner_analyzer->IsEnabled() ) + { + DBG_LOG(DBG_PACKET_ANALYSIS, + "Analysis in %s found disabled next layer analyzer %s for identifier %#x", + GetAnalyzerName(), inner_analyzer->GetAnalyzerName(), identifier); + return false; + } + DBG_LOG(DBG_PACKET_ANALYSIS, "Analysis in %s succeeded, next layer identifier is %#x.", GetAnalyzerName(), identifier); return inner_analyzer->AnalyzePacket(len, data, packet); diff --git a/src/packet_analysis/Analyzer.h b/src/packet_analysis/Analyzer.h index b3b36bafc9..69a13a2174 100644 --- a/src/packet_analysis/Analyzer.h +++ b/src/packet_analysis/Analyzer.h @@ -71,6 +71,13 @@ public: */ bool IsAnalyzer(const char* name); + /** + * Return whether this analyzer is enabled or not. + * + * @return true if the analyzer is enabled, else false. + */ + bool IsEnabled() const { return enabled; } + /** * Analyzes the given packet. A common case is that the analyzed protocol * encapsulates another protocol, which can be determined by an identifier @@ -187,6 +194,7 @@ public: void Weird(const char* name, Packet* packet = nullptr, const char* addl = "") const; protected: + friend class Component; friend class Manager; /** @@ -207,6 +215,14 @@ protected: */ AnalyzerPtr LoadAnalyzer(const std::string& name); + /** + * Enable or disable this analyzer. This is meant for internal use by + * manager and component. + * + * @param value The new enabled value. + */ + void SetEnabled(bool value) { enabled = value; } + /** * Returns the module name corresponding to the analyzer, i.e. its script-land * namespace. Configuration values for the analyzer are expected in this module. @@ -258,6 +274,7 @@ private: zeek::Tag tag; Dispatcher dispatcher; AnalyzerPtr default_analyzer = nullptr; + bool enabled = true; /** * Flag for whether to report unknown protocols in ForwardPacket. diff --git a/src/packet_analysis/Component.cc b/src/packet_analysis/Component.cc index 8ca945238a..589cd72908 100644 --- a/src/packet_analysis/Component.cc +++ b/src/packet_analysis/Component.cc @@ -3,6 +3,7 @@ #include "zeek/packet_analysis/Component.h" #include "zeek/Desc.h" +#include "zeek/packet_analysis/Analyzer.h" #include "zeek/packet_analysis/Manager.h" using namespace zeek::packet_analysis; @@ -21,11 +22,23 @@ void Component::Initialize() packet_mgr->RegisterComponent(this, "ANALYZER_"); } +void Component::SetEnabled(bool arg_enabled) + { + enabled = arg_enabled; + + // If we already have instantiated an analyzer, update its state. + if ( auto analyzer = packet_mgr->GetAnalyzer(Tag().AsVal().get()) ) + analyzer->SetEnabled(enabled); + } + void Component::DoDescribe(ODesc* d) const { if ( factory ) { d->Add("ANALYZER_"); d->Add(CanonicalName()); + d->Add(", "); } + + d->Add(enabled ? "enabled" : "disabled"); } diff --git a/src/packet_analysis/Component.h b/src/packet_analysis/Component.h index 8bab2cd896..5d97985b75 100644 --- a/src/packet_analysis/Component.h +++ b/src/packet_analysis/Component.h @@ -36,6 +36,20 @@ public: */ factory_callback Factory() const { return factory; } + /** + * Returns true if the analyzer is currently enabled and hence + * available for use. + */ + bool Enabled() const { return enabled; } + + /** + * Enables or disables this analyzer. + * + * @param arg_enabled True to enabled, false to disable. + * + */ + void SetEnabled(bool arg_enabled); + protected: /** * Overriden from plugin::Component. @@ -44,6 +58,7 @@ protected: private: factory_callback factory; // The analyzer's factory callback. + bool enabled = true; // True if the analyzer is enabled. }; } diff --git a/src/packet_analysis/Dispatcher.cc b/src/packet_analysis/Dispatcher.cc index d06d8ec706..8c21254bb9 100644 --- a/src/packet_analysis/Dispatcher.cc +++ b/src/packet_analysis/Dispatcher.cc @@ -52,10 +52,6 @@ void Dispatcher::Register(uint32_t identifier, AnalyzerPtr analyzer) } int64_t index = identifier - lowest_identifier; - if ( table[index] != nullptr ) - reporter->InternalWarning("Overwriting packet analyzer mapping %#8" PRIx64 " => %s with %s", - index + lowest_identifier, table[index]->GetAnalyzerName(), - analyzer->GetAnalyzerName()); table[index] = std::move(analyzer); } diff --git a/src/packet_analysis/Manager.cc b/src/packet_analysis/Manager.cc index 74cb92010a..8d1ca2e4e6 100644 --- a/src/packet_analysis/Manager.cc +++ b/src/packet_analysis/Manager.cc @@ -30,7 +30,10 @@ void Manager::InitPostScript(const std::string& unprocessed_output_file) for ( const auto& analyzerComponent : GetComponents() ) { if ( AnalyzerPtr newAnalyzer = InstantiateAnalyzer(analyzerComponent->Tag()) ) + { + newAnalyzer->SetEnabled(analyzerComponent->Enabled()); analyzers.emplace(analyzerComponent->Name(), newAnalyzer); + } } // Initialize all analyzers @@ -88,6 +91,22 @@ AnalyzerPtr Manager::GetAnalyzer(const std::string& name) return analyzer_it->second; } +bool Manager::EnableAnalyzer(EnumVal* tag) + { + Component* c = Lookup(tag); + c->SetEnabled(true); + + return true; + } + +bool Manager::DisableAnalyzer(EnumVal* tag) + { + Component* c = Lookup(tag); + c->SetEnabled(false); + + return true; + } + void Manager::ProcessPacket(Packet* packet) { #ifdef DEBUG diff --git a/src/packet_analysis/Manager.h b/src/packet_analysis/Manager.h index 1ae50c2ef2..10f3eee88e 100644 --- a/src/packet_analysis/Manager.h +++ b/src/packet_analysis/Manager.h @@ -82,6 +82,46 @@ public: */ AnalyzerPtr GetAnalyzer(const std::string& name); + /** + * Enables an analyzer type. Only enabled analyzers will participate + * in packet processing. + * + * @param tag The analyzer's tag. + * + * @return True if successful. + */ + bool EnableAnalyzer(zeek::EnumVal* tag); + + /** + * Enables an analyzer type. Only enabled analyzers will participate + * in packet processing. + * + * @param tag The analyzer's tag. + * + * @return True if successful. + */ + bool EnableAnalyzer(const zeek::Tag& tag) { return EnableAnalyzer(tag.AsVal().get()); } + + /** + * Disables an analyzer type. Disabled analyzers will not participate + * in packet processing. + * + * @param tag The packet analyzer's tag. + * + * @return True if successful. + */ + bool DisableAnalyzer(zeek::EnumVal* tag); + + /** + * Disables an analyzer type. Disabled analyzers will not participate + * in packet processing. + * + * @param tag The packet analyzer's tag. + * + * @return True if successful. + */ + bool DisableAnalyzer(const zeek::Tag& tag) { return DisableAnalyzer(tag.AsVal().get()); }; + /** * Processes a packet by applying the configured packet analyzers. * diff --git a/src/packet_analysis/packet_analysis.bif b/src/packet_analysis/packet_analysis.bif index c3f6e18194..c90e2665c9 100644 --- a/src/packet_analysis/packet_analysis.bif +++ b/src/packet_analysis/packet_analysis.bif @@ -77,3 +77,17 @@ function register_protocol_detection%(parent: PacketAnalyzer::Tag, child: Packet parent_analyzer->RegisterProtocolDetection(child_analyzer); return zeek::val_mgr->True(); %} + +## Internal function to disable a packet analyzer. +function PacketAnalyzer::__disable_analyzer%(id: PacketAnalyzer::Tag%) : bool + %{ + bool result = zeek::packet_mgr->DisableAnalyzer(id->AsEnumVal()); + return zeek::val_mgr->Bool(result); + %} + +## Internal function to enable a packet analyzer. +function PacketAnalyzer::__enable_analyzer%(id: PacketAnalyzer::Tag%) : bool + %{ + bool result = zeek::packet_mgr->EnableAnalyzer(id->AsEnumVal()); + return zeek::val_mgr->Bool(result); + %} diff --git a/src/parse.y b/src/parse.y index 3e98d60944..5735c7beaf 100644 --- a/src/parse.y +++ b/src/parse.y @@ -102,7 +102,6 @@ #include "zeek/zeekygen/Manager.h" #include "zeek/module_util.h" #include "zeek/IntrusivePtr.h" -#include "zeek/script_opt/IDOptInfo.h" extern const char* filename; // Absolute path of file currently being parsed. extern const char* last_filename; // Absolute path of last file parsed. @@ -321,8 +320,6 @@ static void build_global(ID* id, Type* t, InitClass ic, Expr* e, add_global(id_ptr, std::move(t_ptr), ic, e_ptr, std::move(attrs_ptr), dt); - id->GetOptInfo()->AddInitExpr(e_ptr); - if ( dt == VAR_REDEF ) zeekygen_mgr->Redef(id, ::filename, ic, std::move(e_ptr)); else @@ -342,8 +339,6 @@ static StmtPtr build_local(ID* id, Type* t, InitClass ic, Expr* e, auto init = add_local(std::move(id_ptr), std::move(t_ptr), ic, e_ptr, std::move(attrs_ptr), dt); - id->GetOptInfo()->AddInitExpr(std::move(e_ptr)); - if ( do_coverage ) script_coverage_mgr.AddStmt(init.get()); diff --git a/src/script_opt/CPP/Attrs.cc b/src/script_opt/CPP/Attrs.cc index 437270a7d4..c4ba3345b6 100644 --- a/src/script_opt/CPP/Attrs.cc +++ b/src/script_opt/CPP/Attrs.cc @@ -18,7 +18,7 @@ shared_ptr CPPCompile::RegisterAttributes(const AttributesPtr& att if ( pa != processed_attrs.end() ) return pa->second; - attributes.AddKey(attrs); + attributes.AddKey(attrs, pfs.HashAttrs(attrs)); // The cast is just so we can make an IntrusivePtr. auto a_rep = const_cast(attributes.GetRep(attrs)); @@ -49,7 +49,7 @@ shared_ptr CPPCompile::RegisterAttr(const AttrPtr& attr) const auto& e = a->GetExpr(); if ( e && ! IsSimpleInitExpr(e) ) - init_exprs.AddKey(e); + init_exprs.AddKey(e, p_hash(e)); auto gi = make_shared(this, attr); attr_info->AddInstance(gi); diff --git a/src/script_opt/CPP/Compile.h b/src/script_opt/CPP/Compile.h index bb75a5fba3..afdb636531 100644 --- a/src/script_opt/CPP/Compile.h +++ b/src/script_opt/CPP/Compile.h @@ -1015,6 +1015,10 @@ private: // Generate code to initialize indirect references to constants. void InitializeConsts(); + // Generate code to initialize globals (using dynamic statements + // rather than constants). + void InitializeGlobals(); + // Generate the initialization hook for this set of compiled code. void GenInitHook(); diff --git a/src/script_opt/CPP/Driver.cc b/src/script_opt/CPP/Driver.cc index c470617d8b..09e9205685 100644 --- a/src/script_opt/CPP/Driver.cc +++ b/src/script_opt/CPP/Driver.cc @@ -5,6 +5,7 @@ #include #include "zeek/script_opt/CPP/Compile.h" +#include "zeek/script_opt/IDOptInfo.h" extern std::unordered_set files_with_conditionals; @@ -310,6 +311,9 @@ void CPPCompile::RegisterCompiledBody(const string& f) void CPPCompile::GenEpilog() { + NL(); + InitializeGlobals(); + NL(); for ( const auto& ii : init_infos ) GenInitExpr(ii.second); @@ -449,7 +453,7 @@ void CPPCompile::GenFinishInit() NL(); int max_cohort = 0; - for ( auto gi : all_global_info ) + for ( const auto& gi : all_global_info ) max_cohort = std::max(max_cohort, gi->MaxCohort()); for ( auto c = 0; c <= max_cohort; ++c ) @@ -468,6 +472,9 @@ void CPPCompile::GenFinishInit() NL(); Emit("load_BiFs__CPP();"); + NL(); + Emit("init_globals__CPP();"); + EndBlock(); } diff --git a/src/script_opt/CPP/Inits.cc b/src/script_opt/CPP/Inits.cc index 376fc93ea3..9845e70363 100644 --- a/src/script_opt/CPP/Inits.cc +++ b/src/script_opt/CPP/Inits.cc @@ -188,6 +188,50 @@ void CPPCompile::InitializeConsts() EndBlock(true); } +void CPPCompile::InitializeGlobals() + { + Emit("static void init_globals__CPP()"); + StartBlock(); + + Emit("Frame* f__CPP = nullptr;"); + NL(); + + for ( const auto& ginit : IDOptInfo::GetGlobalInitExprs() ) + { + auto g = ginit.Id(); + if ( pfs.Globals().count(g) == 0 ) + continue; + + auto ic = ginit.IC(); + auto& init = ginit.Init(); + + if ( ic == INIT_NONE ) + { + IDPtr gid = {NewRef{}, const_cast(g)}; + auto gn = make_intrusive(make_intrusive(gid)); + auto ae = make_intrusive(gn, init, true); + Emit(GenExpr(ae.get(), GEN_NATIVE, true) + ";"); + } + + else + { + // This branch occurs for += or -= initializations that + // use associated functions. + string ics; + if ( ic == INIT_EXTRA ) + ics = "INIT_EXTRA"; + else if ( ic == INIT_REMOVE ) + ics = "INIT_REMOVE"; + else + reporter->FatalError("bad initialization class in CPPCompile::InitializeGlobals()"); + + Emit("%s->SetValue(%s, %s);", globals[g->Name()], GenExpr(init, GEN_NATIVE, true), ics); + } + } + + EndBlock(); + } + void CPPCompile::GenInitHook() { NL(); diff --git a/src/script_opt/CPP/InitsInfo.cc b/src/script_opt/CPP/InitsInfo.cc index ba423e10fc..a4cca821f0 100644 --- a/src/script_opt/CPP/InitsInfo.cc +++ b/src/script_opt/CPP/InitsInfo.cc @@ -339,16 +339,7 @@ GlobalInitInfo::GlobalInitInfo(CPPCompile* c, const ID* g, string _CPP_name) attrs = -1; exported = g->IsExport(); - - auto v = g->GetVal(); - if ( v && gt->Tag() == TYPE_OPAQUE ) - { - reporter->Error("cannot compile to C++ global \"%s\" initialized to opaque value", - g->Name()); - v = nullptr; - } - - val = ValElem(c, v); + val = ValElem(c, nullptr); // empty because we initialize dynamically } void GlobalInitInfo::InitializerVals(std::vector& ivs) const @@ -439,6 +430,9 @@ ListTypeInfo::ListTypeInfo(CPPCompile* _c, TypePtr _t) if ( gi ) init_cohort = max(init_cohort, gi->InitCohort()); } + + if ( ! types.empty() ) + ++init_cohort; } void ListTypeInfo::AddInitializerVals(std::vector& ivs) const diff --git a/src/script_opt/CPP/README.md b/src/script_opt/CPP/README.md index f34dbd079e..9f8d8645cd 100644 --- a/src/script_opt/CPP/README.md +++ b/src/script_opt/CPP/README.md @@ -173,9 +173,6 @@ as currently done, to instead be in a pseudo-event handler. code requires initializing a global variable that specifies extend fields in an extensible record (i.e., fields added using `redef`). -* The compiler will not compile bodies that include "when" statements -This is fairly involved to fix. - * If a lambda generates an event that is not otherwise referred to, that event will not be registered upon instantiating the lambda. This is not particularly difficult to fix. diff --git a/src/script_opt/CPP/RuntimeInits.cc b/src/script_opt/CPP/RuntimeInits.cc index 2aa68670bc..dc06c12d3e 100644 --- a/src/script_opt/CPP/RuntimeInits.cc +++ b/src/script_opt/CPP/RuntimeInits.cc @@ -377,6 +377,8 @@ TypePtr CPP_TypeInits::BuildTypeList(InitsManager* im, ValElemVec& init_vals, in while ( iv_it != iv_end ) tl->Append(im->Types(*(iv_it++))); + tl->CheckPure(); + return tl; } @@ -485,11 +487,10 @@ void CPP_GlobalInit::Generate(InitsManager* im, std::vector& /* inits_vec global = lookup_global__CPP(name, im->Types(type), exported); if ( ! global->HasVal() && val >= 0 ) - { global->SetVal(im->ConstVals(val)); - if ( attrs >= 0 ) - global->SetAttrs(im->Attributes(attrs)); - } + + if ( attrs >= 0 ) + global->SetAttrs(im->Attributes(attrs)); } void generate_indices_set(int* inits, std::vector>& indices_set) diff --git a/src/script_opt/CPP/RuntimeInits.h b/src/script_opt/CPP/RuntimeInits.h index 031208a1ce..eeca75341d 100644 --- a/src/script_opt/CPP/RuntimeInits.h +++ b/src/script_opt/CPP/RuntimeInits.h @@ -66,12 +66,41 @@ public: // Accessors for the sundry initialization vectors, each retrieving // a specific element identified by an index/offset. const std::vector& Indices(int offset) const { return indices[offset]; } - const char* Strings(int offset) const { return strings[offset]; } - const p_hash_type Hashes(int offset) const { return hashes[offset]; } - const TypePtr& Types(int offset) const { return types[offset]; } - const AttributesPtr& Attributes(int offset) const { return attributes[offset]; } - const AttrPtr& Attrs(int offset) const { return attrs[offset]; } - const CallExprPtr& CallExprs(int offset) const { return call_exprs[offset]; } + const char* Strings(int offset) const + { + ASSERT(offset >= 0 && offset < static_cast(strings.size())); + ASSERT(strings[offset]); + return strings[offset]; + } + const p_hash_type Hashes(int offset) const + { + ASSERT(offset >= 0 && offset < static_cast(hashes.size())); + return hashes[offset]; + } + const TypePtr& Types(int offset) const + { + ASSERT(offset >= 0 && offset < static_cast(types.size())); + ASSERT(types[offset]); + return types[offset]; + } + const AttributesPtr& Attributes(int offset) const + { + ASSERT(offset >= 0 && offset < static_cast(attributes.size())); + ASSERT(attributes[offset]); + return attributes[offset]; + } + const AttrPtr& Attrs(int offset) const + { + ASSERT(offset >= 0 && offset < static_cast(attrs.size())); + ASSERT(attrs[offset]); + return attrs[offset]; + } + const CallExprPtr& CallExprs(int offset) const + { + ASSERT(offset >= 0 && offset < static_cast(call_exprs.size())); + ASSERT(call_exprs[offset]); + return call_exprs[offset]; + } private: std::vector& const_vals; diff --git a/src/script_opt/CPP/maint/README b/src/script_opt/CPP/maint/README index f72aa90a18..e3ec4577fa 100644 --- a/src/script_opt/CPP/maint/README +++ b/src/script_opt/CPP/maint/README @@ -15,7 +15,7 @@ The maintenance workflow: to check in updates to the list of how the compiler currently fares on various btests (see end of this doc): - Fri Sep 16 16:13:49 PDT 2022 + Thu Sep 29 14:49:49 PDT 2022 2. Run "find-test-files.sh" to generate a list (to stdout) of all of the possible Zeek source files found in the test suite. @@ -74,18 +74,11 @@ These BTests won't successfully run due to the indicated issue: Database Of Known Issues (keep sorted) ../testing/btest/bifs/table_values.zeek bad-constructor -../testing/btest/core/global_opaque_val.zeek opaque ../testing/btest/language/alternate-event-hook-prototypes.zeek deprecated -../testing/btest/language/global-init-calls-bif.zeek opaque ../testing/btest/language/redef-same-prefixtable-idx.zeek deprecated ../testing/btest/language/table-redef.zeek deprecated ../testing/btest/language/when-aggregates.zeek bad-when ../testing/btest/scripts/base/protocols/krb/smb2_krb.test skipped ../testing/btest/scripts/base/protocols/krb/smb2_krb_nokeytab.test skipped ../testing/btest/scripts/base/utils/active-http.test test-glitch -../testing/btest/scripts/policy/frameworks/telemetry/log-prefixes.zeek opaque -../testing/btest/scripts/policy/frameworks/telemetry/log.zeek opaque ../testing/btest/scripts/policy/misc/dump-events.zeek skipped -../testing/btest/telemetry/counter.zeek opaque -../testing/btest/telemetry/gauge.zeek opaque -../testing/btest/telemetry/histogram.zeek opaque diff --git a/src/script_opt/IDOptInfo.cc b/src/script_opt/IDOptInfo.cc index 69718683ab..bf100cf784 100644 --- a/src/script_opt/IDOptInfo.cc +++ b/src/script_opt/IDOptInfo.cc @@ -51,6 +51,8 @@ void IDDefRegion::Dump() const printf("\n"); } +std::vector IDOptInfo::global_init_exprs; + void IDOptInfo::Clear() { static bool did_init = false; @@ -69,6 +71,17 @@ void IDOptInfo::Clear() tracing = trace_ID && util::streq(trace_ID, my_id->Name()); } +void IDOptInfo::AddInitExpr(ExprPtr init_expr, InitClass ic) + { + if ( ! init_expr ) + return; + + if ( my_id->IsGlobal() ) + global_init_exprs.emplace_back(IDInitInfo(my_id, init_expr, ic)); + + init_exprs.emplace_back(std::move(init_expr)); + } + void IDOptInfo::DefinedAfter(const Stmt* s, const ExprPtr& e, const std::vector& conf_blocks, zeek_uint_t conf_start) { diff --git a/src/script_opt/IDOptInfo.h b/src/script_opt/IDOptInfo.h index 6bf8718a68..a55f5791a8 100644 --- a/src/script_opt/IDOptInfo.h +++ b/src/script_opt/IDOptInfo.h @@ -105,6 +105,24 @@ protected: ExprPtr def_expr; }; +// Class tracking information associated with a (global) identifier's +// (re-)initialization. + +class IDInitInfo + { +public: + IDInitInfo(const ID* _id, ExprPtr _init, InitClass _ic) : id(_id), init(_init), ic(_ic) { } + + const ID* Id() const { return id; } + const ExprPtr& Init() const { return init; } + InitClass IC() const { return ic; } + +private: + const ID* id; + ExprPtr init; + InitClass ic; + }; + // Class tracking optimization information associated with identifiers. class IDOptInfo @@ -118,11 +136,19 @@ public: void Clear(); // Used to track expressions employed when explicitly initializing - // the identifier. These are needed by compile-to-C++ script - // optimization. They're not used by ZAM optimization. - void AddInitExpr(ExprPtr init_expr); + // the (global) identifier. These are needed by compile-to-C++ script + // optimization, and for tracking variable usage. An initialization + // class other than INIT_NONE indicates that initialization should + // be done with the ExprPtr form of ID::SetVal. + void AddInitExpr(ExprPtr init_expr, InitClass ic = INIT_NONE); + + // Returns the initialization expressions for this identifier. const std::vector& GetInitExprs() const { return init_exprs; } + // Returns a list of the initialization expressions seen for all + // globals, ordered by when they were processed. + static auto& GetGlobalInitExprs() { return global_init_exprs; } + // Associated constant expression, if any. This is only set // for identifiers that are aliases for a constant (i.e., there // are no other assignments to them). @@ -224,6 +250,9 @@ private: // one of the earlier instances rather than the last one. std::vector init_exprs; + // Tracks initializations of globals in the order they're seen. + static std::vector global_init_exprs; + // If non-nil, a constant that this identifier always holds // once initially defined. const ConstExpr* const_expr = nullptr; @@ -256,8 +285,12 @@ private: // Whether the identifier is a temporary variable. bool is_temp = false; - // Only needed for debugging purposes. + // Associated identifier, to enable tracking of initialization + // expressions for globals (for C++ compilation), and for debugging + // output. const ID* my_id; + + // Only needed for debugging purposes. bool tracing = false; // Track whether we've already generated usage errors. diff --git a/src/script_opt/ProfileFunc.cc b/src/script_opt/ProfileFunc.cc index a6057eb4e3..74f2ab28c8 100644 --- a/src/script_opt/ProfileFunc.cc +++ b/src/script_opt/ProfileFunc.cc @@ -917,7 +917,10 @@ p_hash_type ProfileFuncs::HashAttrs(const AttributesPtr& Attrs) // can vary in structure due to compilation of elements. We // do though enforce consistency for their types. if ( e ) + { h = merge_p_hashes(h, HashType(e->GetType())); + h = merge_p_hashes(h, p_hash(e.get())); + } } return h; diff --git a/src/script_opt/ScriptOpt.cc b/src/script_opt/ScriptOpt.cc index d020dfa631..966dd13ff8 100644 --- a/src/script_opt/ScriptOpt.cc +++ b/src/script_opt/ScriptOpt.cc @@ -412,7 +412,7 @@ static void use_CPP() } } - if ( num_used == 0 ) + if ( num_used == 0 && standalone_activations.empty() ) reporter->FatalError("no C++ functions found to use"); // Now that we've loaded all of the compiled scripts diff --git a/src/script_opt/ZAM/BuiltIn.cc b/src/script_opt/ZAM/BuiltIn.cc index 7cf0794d0a..8df4c6ce1c 100644 --- a/src/script_opt/ZAM/BuiltIn.cc +++ b/src/script_opt/ZAM/BuiltIn.cc @@ -313,25 +313,25 @@ ZInstAux* ZAMCompiler::BuildCatAux(const ExprPList& args) switch ( t->Tag() ) { - TYPE_BOOL: - TYPE_INT: - TYPE_COUNT: - TYPE_DOUBLE: - TYPE_TIME: - TYPE_ENUM: - TYPE_PORT: - TYPE_ADDR: - TYPE_SUBNET: - ca = std::make_unique(t); - break; + case TYPE_BOOL: + case TYPE_INT: + case TYPE_COUNT: + case TYPE_DOUBLE: + case TYPE_TIME: + case TYPE_ENUM: + case TYPE_PORT: + case TYPE_ADDR: + case TYPE_SUBNET: + ca = std::make_unique(t); + break; - TYPE_STRING: - ca = std::make_unique(); - break; + case TYPE_STRING: + ca = std::make_unique(); + break; - TYPE_PATTERN: - ca = std::make_unique(); - break; + case TYPE_PATTERN: + ca = std::make_unique(); + break; default: ca = std::make_unique(t); diff --git a/src/script_opt/ZAM/BuiltInSupport.cc b/src/script_opt/ZAM/BuiltInSupport.cc index 7e26a3ff6c..463e7e4e9b 100644 --- a/src/script_opt/ZAM/BuiltInSupport.cc +++ b/src/script_opt/ZAM/BuiltInSupport.cc @@ -12,43 +12,43 @@ FixedCatArg::FixedCatArg(const TypePtr& _t) : t(_t) { switch ( t->Tag() ) { - TYPE_BOOL: - max_size = 1; - break; + case TYPE_BOOL: + max_size = 1; + break; - TYPE_INT: - max_size = 20; // sufficient for 64 bits - break; + case TYPE_INT: + max_size = 20; // sufficient for 64 bits + break; - TYPE_COUNT: - max_size = 20; // sufficient for 64 bits - break; + case TYPE_COUNT: + max_size = 20; // sufficient for 64 bits + break; - TYPE_DOUBLE: - TYPE_TIME: - max_size = 32; // from modp_dtoa2 documentatino - break; + case TYPE_DOUBLE: + case TYPE_TIME: + max_size = 32; // from modp_dtoa2 documentatino + break; - TYPE_ENUM: - { - size_t n = 0; - for ( auto e : t->AsEnumType()->Names() ) - n += e.first.size(); - max_size = n; - break; - } + case TYPE_ENUM: + { + size_t n = 0; + for ( const auto& e : t->AsEnumType()->Names() ) + n += e.first.size(); + max_size = n; + break; + } - TYPE_PORT: - max_size = 5 + 1 + 7; // + / + "unknown - break; + case TYPE_PORT: + max_size = 5 + 1 + 7; // + / + "unknown + break; - TYPE_ADDR: - max_size = 39; // for IPv6 - break; + case TYPE_ADDR: + max_size = 39; // for IPv6 + break; - TYPE_SUBNET: - max_size = 39 + 1 + 3; // for IPv6 + / + <3-digits> - break; + case TYPE_SUBNET: + max_size = 39 + 1 + 3; // for IPv6 + / + <3-digits> + break; default: reporter->InternalError("bad type in FixedCatArg constructor"); @@ -64,85 +64,85 @@ void FixedCatArg::RenderInto(ZVal* zframe, int slot, char*& res) switch ( t->Tag() ) { - TYPE_BOOL: - *(res++) = z.AsInt() ? 'T' : 'F'; - break; + case TYPE_BOOL: + *(res++) = z.AsInt() ? 'T' : 'F'; + break; - TYPE_INT: - n = modp_litoa10(z.AsInt(), res); - res += n; - break; + case TYPE_INT: + n = modp_litoa10(z.AsInt(), res); + res += n; + break; - TYPE_COUNT: - n = modp_ulitoa10(z.AsCount(), res); - res += n; - break; + case TYPE_COUNT: + n = modp_ulitoa10(z.AsCount(), res); + res += n; + break; - TYPE_DOUBLE: - TYPE_TIME: - n = modp_dtoa2(z.AsDouble(), res, 6); - res += n; - break; + case TYPE_DOUBLE: + case TYPE_TIME: + n = modp_dtoa2(z.AsDouble(), res, 6); + res += n; + break; - TYPE_PATTERN: - text = z.AsPattern()->AsPattern()->PatternText(); - *(res++) = '/'; - strcpy(res, text); - res += strlen(text); - *(res++) = '/'; - break; + case TYPE_PATTERN: + text = z.AsPattern()->AsPattern()->PatternText(); + *(res++) = '/'; + strcpy(res, text); + res += strlen(text); + *(res++) = '/'; + break; - TYPE_ENUM: - text = t->AsEnumType()->Lookup(z.AsInt()); - strcpy(res, text); - res += strlen(text); - break; + case TYPE_ENUM: + text = t->AsEnumType()->Lookup(z.AsInt()); + strcpy(res, text); + res += strlen(text); + break; - TYPE_PORT: - { - uint32_t full_p = static_cast(z.AsCount()); - zeek_uint_t p = full_p & ~PORT_SPACE_MASK; - n = modp_ulitoa10(p, res); - res += n; - - if ( (full_p & TCP_PORT_MASK) == TCP_PORT_MASK ) + case TYPE_PORT: { - strcpy(res, "/tcp"); - res += 4; + uint32_t full_p = static_cast(z.AsCount()); + zeek_uint_t p = full_p & ~PORT_SPACE_MASK; + n = modp_ulitoa10(p, res); + res += n; + + if ( (full_p & TCP_PORT_MASK) == TCP_PORT_MASK ) + { + strcpy(res, "/tcp"); + res += 4; + } + + else if ( (full_p & UDP_PORT_MASK) == UDP_PORT_MASK ) + { + strcpy(res, "/udp"); + res += 4; + } + + else if ( (full_p & ICMP_PORT_MASK) == ICMP_PORT_MASK ) + { + strcpy(res, "/icmp"); + res += 5; + } + + else + { + strcpy(res, "/unknown"); + res += 8; + } + + break; } - else if ( (full_p & UDP_PORT_MASK) == UDP_PORT_MASK ) - { - strcpy(res, "/udp"); - res += 4; - } + case TYPE_ADDR: + str = z.AsAddr()->Get().AsString(); + strcpy(res, str.c_str()); + res += strlen(str.c_str()); + break; - else if ( (full_p & ICMP_PORT_MASK) == ICMP_PORT_MASK ) - { - strcpy(res, "/icmp"); - res += 5; - } - - else - { - strcpy(res, "/unknown"); - res += 8; - } - - break; - } - - TYPE_ADDR: - str = z.AsAddr()->Get().AsString(); - strcpy(res, str.c_str()); - res += strlen(str.c_str()); - break; - - TYPE_SUBNET: - str = z.AsSubNet()->Get().AsString(); - strcpy(res, str.c_str()); - res += strlen(str.c_str()); - break; + case TYPE_SUBNET: + str = z.AsSubNet()->Get().AsString(); + strcpy(res, str.c_str()); + res += strlen(str.c_str()); + break; default: reporter->InternalError("bad type in FixedCatArg::RenderInto"); diff --git a/src/script_opt/ZAM/BuiltInSupport.h b/src/script_opt/ZAM/BuiltInSupport.h index a3193eaa89..9fbf6f1b1d 100644 --- a/src/script_opt/ZAM/BuiltInSupport.h +++ b/src/script_opt/ZAM/BuiltInSupport.h @@ -88,7 +88,7 @@ public: protected: size_t ComputeMaxSize(ZVal* zframe, int slot) override; - const char* text; + const char* text = nullptr; size_t n = 0; }; diff --git a/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout new file mode 100644 index 0000000000..315fb7c87f --- /dev/null +++ b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout @@ -0,0 +1,5 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3 +analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3 +analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3, SSH-2.0-mod_sftp/0.9.7 +analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code [SSH-2.0-mod_sftp/0.9.7], [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3 diff --git a/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout new file mode 100644 index 0000000000..286fc6c502 --- /dev/null +++ b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout @@ -0,0 +1,5 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 +analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 +analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 +analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 diff --git a/testing/btest/Baseline.zam/core.file-analyzer-violation/.stdout b/testing/btest/Baseline.zam/core.file-analyzer-violation/.stdout new file mode 100644 index 0000000000..b1466fcc53 --- /dev/null +++ b/testing/btest/Baseline.zam/core.file-analyzer-violation/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +AllAnalyzers::FILES_ANALYZER_PE, Binpac exception: binpac exception: &enforce violation : DOS_Header:AddressOfNewExeHeader, FKPuH630Tmj6UQUMP7, {\x0aPE\x0a} diff --git a/testing/btest/Baseline.zam/core.file-analyzer-violation/files.log b/testing/btest/Baseline.zam/core.file-analyzer-violation/files.log new file mode 100644 index 0000000000..abef87d6a6 --- /dev/null +++ b/testing/btest/Baseline.zam/core.file-analyzer-violation/files.log @@ -0,0 +1,10 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path files +#open XXXX-XX-XX-XX-XX-XX +#fields ts fuid uid id.orig_h id.orig_p id.resp_h id.resp_p source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid +#types time string string addr port addr port string count set[string] string string interval bool bool count count count count bool string +XXXXXXXXXX.XXXXXX FKPuH630Tmj6UQUMP7 - - - - - ./myfile.exe 0 PE application/x-dosexec - 0.000000 - - 64 - 0 0 F - diff --git a/testing/btest/Baseline.zam/language.vector-deprecated/.stderr b/testing/btest/Baseline.zam/language.vector-deprecated/.stderr index 4a79ecc126..215b327ac3 100644 --- a/testing/btest/Baseline.zam/language.vector-deprecated/.stderr +++ b/testing/btest/Baseline.zam/language.vector-deprecated/.stderr @@ -1,7 +1,7 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -warning in <...>/vector-deprecated.zeek, line 18: mixing vector and scalar operands is deprecated (vector) (string) -warning in <...>/vector-deprecated.zeek, line 21: mixing vector and scalar operands is deprecated (string) (vector) -warning in <...>/vector-deprecated.zeek, line 24: mixing vector and scalar operands is deprecated (string) (vector) +warning in <...>/vector-deprecated.zeek, line 19: mixing vector and scalar operands is deprecated (vector) (string) +warning in <...>/vector-deprecated.zeek, line 22: mixing vector and scalar operands is deprecated (string) (vector) +warning in <...>/vector-deprecated.zeek, line 25: mixing vector and scalar operands is deprecated (string) (vector) error: deprecated mixed vector/scalar operation not supported for ZAM compiling error: deprecated mixed vector/scalar operation not supported for ZAM compiling error: deprecated mixed vector/scalar operation not supported for ZAM compiling diff --git a/testing/btest/Baseline.zam/plugins.file/output b/testing/btest/Baseline.zam/plugins.file/output new file mode 100644 index 0000000000..3c3e7eb48d --- /dev/null +++ b/testing/btest/Baseline.zam/plugins.file/output @@ -0,0 +1,21 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +Demo::Foo - A Foo test analyzer (dynamic, version 1.0.0) + [File Analyzer] Foo (ANALYZER_FOO, enabled) + [Event] foo_piece + +=== +analyzer_confirmation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri +foo_piece, FCceqBvpMfirSN0Ri, The National Center +foo_piece, FCceqBvpMfirSN0Ri, net, consult your lo +foo_piece, FCceqBvpMfirSN0Ri, most everything else +foo_piece, FCceqBvpMfirSN0Ri, low:\x0a\x0a /Mac +foo_piece, FCceqBvpMfirSN0Ri, es and directories o +analyzer_violation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri, test violation 5, es and directori +foo_piece, FCceqBvpMfirSN0Ri, r example, here is a +foo_piece, FCceqBvpMfirSN0Ri, application, StuffIt +foo_piece, FCceqBvpMfirSN0Ri, tion BinHex by doubl +foo_piece, FCceqBvpMfirSN0Ri, laced, or are going +foo_piece, FCceqBvpMfirSN0Ri, sers several documen +analyzer_violation_info, AllAnalyzers::FILES_ANALYZER_FOO, FCceqBvpMfirSN0Ri, test violation 10, sers several doc +foo_piece, FCceqBvpMfirSN0Ri, er or can be printed +foo_piece, FCceqBvpMfirSN0Ri, \x0a\x0aBug reports shoul diff --git a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log index 5e25bb48a0..e0e40f71bb 100644 --- a/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log @@ -27,6 +27,7 @@ scripts/base/init-bare.zeek scripts/base/frameworks/analyzer/main.zeek scripts/base/frameworks/packet-filter/utils.zeek build/scripts/base/bif/analyzer.bif.zeek + build/scripts/base/bif/file_analysis.bif.zeek scripts/base/packet-protocols/root/__load__.zeek scripts/base/packet-protocols/root/main.zeek scripts/base/packet-protocols/ip/__load__.zeek @@ -115,7 +116,6 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/frameworks/analyzer/dpd.zeek scripts/base/frameworks/files/__load__.zeek scripts/base/frameworks/files/main.zeek - build/scripts/base/bif/file_analysis.bif.zeek scripts/base/utils/site.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek diff --git a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log index cbd581a755..ef71d4ec75 100644 --- a/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log +++ b/testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log @@ -27,6 +27,7 @@ scripts/base/init-bare.zeek scripts/base/frameworks/analyzer/main.zeek scripts/base/frameworks/packet-filter/utils.zeek build/scripts/base/bif/analyzer.bif.zeek + build/scripts/base/bif/file_analysis.bif.zeek scripts/base/packet-protocols/root/__load__.zeek scripts/base/packet-protocols/root/main.zeek scripts/base/packet-protocols/ip/__load__.zeek @@ -115,7 +116,6 @@ scripts/base/init-frameworks-and-bifs.zeek scripts/base/frameworks/analyzer/dpd.zeek scripts/base/frameworks/files/__load__.zeek scripts/base/frameworks/files/main.zeek - build/scripts/base/bif/file_analysis.bif.zeek scripts/base/utils/site.zeek scripts/base/utils/patterns.zeek scripts/base/frameworks/files/magic/__load__.zeek diff --git a/testing/btest/Baseline/plugins.hooks/output b/testing/btest/Baseline/plugins.hooks/output index 0771edcf12..f2c42d3b8f 100644 --- a/testing/btest/Baseline/plugins.hooks/output +++ b/testing/btest/Baseline/plugins.hooks/output @@ -1,5 +1,5 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -0.000000 MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> +0.000000 MetaHookPost CallFunction(Analyzer::__disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> @@ -59,7 +59,7 @@ 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -> -0.000000 MetaHookPost CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) -> +0.000000 MetaHookPost CallFunction(Analyzer::disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) -> 0.000000 MetaHookPost CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) -> @@ -716,6 +716,8 @@ 0.000000 MetaHookPost CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) -> 0.000000 MetaHookPost CallFunction(global_options, , ()) -> 0.000000 MetaHookPost CallFunction(gsub, ..., ...) -> +0.000000 MetaHookPost CallFunction(is_file_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> +0.000000 MetaHookPost CallFunction(is_packet_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) -> 0.000000 MetaHookPost CallFunction(lstrip, ..., ...) -> 0.000000 MetaHookPost CallFunction(network_time, , ()) -> 0.000000 MetaHookPost CallFunction(port_to_count, , (2123/udp)) -> @@ -1512,7 +1514,7 @@ 0.000000 MetaHookPost QueueEvent(NetControl::init()) -> false 0.000000 MetaHookPost QueueEvent(filter_change_tracking()) -> false 0.000000 MetaHookPost QueueEvent(zeek_init()) -> false -0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) +0.000000 MetaHookPre CallFunction(Analyzer::__disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) @@ -1572,7 +1574,7 @@ 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_SYSLOG, 514/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5222/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::__register_for_port, , (Analyzer::ANALYZER_XMPP, 5269/tcp)) -0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, , (Analyzer::ANALYZER_TCPSTATS)) +0.000000 MetaHookPre CallFunction(Analyzer::disable_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DCE_RPC, 135/tcp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 4011/udp)) 0.000000 MetaHookPre CallFunction(Analyzer::register_for_port, , (Analyzer::ANALYZER_DHCP, 67/udp)) @@ -2229,6 +2231,8 @@ 0.000000 MetaHookPre CallFunction(getenv, , (ZEEK_DEFAULT_LISTEN_ADDRESS)) 0.000000 MetaHookPre CallFunction(global_options, , ()) 0.000000 MetaHookPre CallFunction(gsub, ..., ...) +0.000000 MetaHookPre CallFunction(is_file_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) +0.000000 MetaHookPre CallFunction(is_packet_analyzer, , (AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS)) 0.000000 MetaHookPre CallFunction(lstrip, ..., ...) 0.000000 MetaHookPre CallFunction(network_time, , ()) 0.000000 MetaHookPre CallFunction(port_to_count, , (2123/udp)) @@ -3025,7 +3029,7 @@ 0.000000 MetaHookPre QueueEvent(NetControl::init()) 0.000000 MetaHookPre QueueEvent(filter_change_tracking()) 0.000000 MetaHookPre QueueEvent(zeek_init()) -0.000000 | HookCallFunction Analyzer::__disable_analyzer(Analyzer::ANALYZER_TCPSTATS) +0.000000 | HookCallFunction Analyzer::__disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) @@ -3085,7 +3089,7 @@ 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_SYSLOG, 514/udp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5222/tcp) 0.000000 | HookCallFunction Analyzer::__register_for_port(Analyzer::ANALYZER_XMPP, 5269/tcp) -0.000000 | HookCallFunction Analyzer::disable_analyzer(Analyzer::ANALYZER_TCPSTATS) +0.000000 | HookCallFunction Analyzer::disable_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DCE_RPC, 135/tcp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 4011/udp) 0.000000 | HookCallFunction Analyzer::register_for_port(Analyzer::ANALYZER_DHCP, 67/udp) @@ -3741,6 +3745,8 @@ 0.000000 | HookCallFunction getenv(ZEEK_DEFAULT_LISTEN_ADDRESS) 0.000000 | HookCallFunction global_options() 0.000000 | HookCallFunction gsub(...) +0.000000 | HookCallFunction is_file_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) +0.000000 | HookCallFunction is_packet_analyzer(AllAnalyzers::ANALYZER_ANALYZER_TCPSTATS) 0.000000 | HookCallFunction lstrip(...) 0.000000 | HookCallFunction network_time() 0.000000 | HookCallFunction port_to_count(2123/udp) diff --git a/testing/btest/Baseline/plugins.packet-protocol/output_build b/testing/btest/Baseline/plugins.packet-protocol/output_build index a8b9e8bc31..4097618014 100644 --- a/testing/btest/Baseline/plugins.packet-protocol/output_build +++ b/testing/btest/Baseline/plugins.packet-protocol/output_build @@ -1,7 +1,7 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. PacketDemo::Bar - Demo packet analyzers (RawLayer, LLC). (dynamic, version 1.0.0) - [Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO) - [Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER) + [Packet Analyzer] LLC_Demo (ANALYZER_LLC_DEMO, enabled) + [Packet Analyzer] Raw_Layer (ANALYZER_RAW_LAYER, enabled) [Event] raw_layer_message [Event] llc_demo_message diff --git a/testing/btest/Baseline/scripts.base.frameworks.analyzer.disabled-packet-analyzers/output b/testing/btest/Baseline/scripts.base.frameworks.analyzer.disabled-packet-analyzers/output new file mode 100644 index 0000000000..c151611fd1 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.analyzer.disabled-packet-analyzers/output @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +packet, 1 +packet, 2 +packet, 3 +packet, 4 +packet, 5 +packet, 6 +packet, 7 +packet, 8 +packet, 9 +packet, 10 diff --git a/testing/btest/Baseline/scripts.base.frameworks.analyzer.toggle-packet-analyzers/output b/testing/btest/Baseline/scripts.base.frameworks.analyzer.toggle-packet-analyzers/output new file mode 100644 index 0000000000..39cd890e18 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.analyzer.toggle-packet-analyzers/output @@ -0,0 +1,17 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +packet, 1 +packet, 2 +vxlan_packet, C4J4Th3PJpwUYZZ6gc, inner, [hl=20, tos=0, len=84, id=12111, ttl=64, p=1, src=10.0.0.1, dst=10.0.0.2] +packet, 3 +vxlan_packet, CtPZjS20MLrsMUOJi2, inner, [hl=20, tos=0, len=84, id=36913, ttl=64, p=1, src=10.0.0.2, dst=10.0.0.1] +packet, 4 +Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN), T +packet, 5 +packet, 6 +packet, 7 +packet, 8 +Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN), T +vxlan_packet, C4J4Th3PJpwUYZZ6gc, inner, [hl=20, tos=0, len=84, id=12684, ttl=64, p=1, src=10.0.0.1, dst=10.0.0.2] +packet, 9 +vxlan_packet, CtPZjS20MLrsMUOJi2, inner, [hl=20, tos=0, len=84, id=37295, ttl=64, p=1, src=10.0.0.2, dst=10.0.0.1] +packet, 10 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-no-crlf/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-no-crlf/weird.log new file mode 100644 index 0000000000..01b82634c2 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-no-crlf/weird.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source +#types time string addr port addr port string string bool string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 10.1.6.206 49783 5.2.136.90 80 line_terminated_without_CRLF - F zeek CONTENTLINE +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/http.log b/testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/http.log new file mode 100644 index 0000000000..8c93f43a3a --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/http.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer version user_agent origin request_body_len response_body_len status_code status_msg info_code info_msg tags username password proxied orig_fuids orig_filenames orig_mime_types resp_fuids resp_filenames resp_mime_types +#types time string addr port addr port count string string string string string string string count count count string count string set[enum] string string set[string] vector[string] vector[string] vector[string] vector[string] vector[string] vector[string] +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35474 127.0.0.1 8080 1 POST interleave.me / - 1.1 - - 10 3 200 OK - - (empty) - - - FtWn3S3nVYQ9iA3uu8 - text/plain F2bxt6qiQGYTYxTgg - - +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/weird.log new file mode 100644 index 0000000000..adbc77bead --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.missing-http-entity/weird.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source +#types time string addr port addr port string string bool string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 35474 127.0.0.1 8080 missing_HTTP_entity - F zeek HTTP +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Traces/http/interleaved-http-entity.pcap b/testing/btest/Traces/http/interleaved-http-entity.pcap new file mode 100644 index 0000000000..7ee49abfbe Binary files /dev/null and b/testing/btest/Traces/http/interleaved-http-entity.pcap differ diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test index 523589be1f..130842cc59 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp.test @@ -10,6 +10,12 @@ redef SSL::root_certs += { ["CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN"] = "\x30\x82\x05\x76\x30\x82\x03\x5E\xA0\x03\x02\x01\x02\x02\x10\x5E\x68\xD6\x11\x71\x94\x63\x50\x56\x00\x68\xF3\x3E\xC9\xC5\x91\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x57\x6F\x53\x69\x67\x6E\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x13\x21\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x6F\x66\x20\x57\x6F\x53\x69\x67\x6E\x30\x1E\x17\x0D\x30\x39\x30\x38\x30\x38\x30\x31\x30\x30\x30\x31\x5A\x17\x0D\x33\x39\x30\x38\x30\x38\x30\x31\x30\x30\x30\x31\x5A\x30\x55\x31\x0B\x30\x09\x06\x03\x55\x04\x06\x13\x02\x43\x4E\x31\x1A\x30\x18\x06\x03\x55\x04\x0A\x13\x11\x57\x6F\x53\x69\x67\x6E\x20\x43\x41\x20\x4C\x69\x6D\x69\x74\x65\x64\x31\x2A\x30\x28\x06\x03\x55\x04\x03\x13\x21\x43\x65\x72\x74\x69\x66\x69\x63\x61\x74\x69\x6F\x6E\x20\x41\x75\x74\x68\x6F\x72\x69\x74\x79\x20\x6F\x66\x20\x57\x6F\x53\x69\x67\x6E\x30\x82\x02\x22\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x01\x05\x00\x03\x82\x02\x0F\x00\x30\x82\x02\x0A\x02\x82\x02\x01\x00\xBD\xCA\x8D\xAC\xB8\x91\x15\x56\x97\x7B\x6B\x5C\x7A\xC2\xDE\x6B\xD9\xA1\xB0\xC3\x10\x23\xFA\xA7\xA1\xB2\xCC\x31\xFA\x3E\xD9\xA6\x29\x6F\x16\x3D\xE0\x6B\xF8\xB8\x40\x5F\xDB\x39\xA8\x00\x7A\x8B\xA0\x4D\x54\x7D\xC2\x22\x78\xFC\x8E\x09\xB8\xA8\x85\xD7\xCC\x95\x97\x4B\x74\xD8\x9E\x7E\xF0\x00\xE4\x0E\x89\xAE\x49\x28\x44\x1A\x10\x99\x32\x0F\x25\x88\x53\xA4\x0D\xB3\x0F\x12\x08\x16\x0B\x03\x71\x27\x1C\x7F\xE1\xDB\xD2\xFD\x67\x68\xC4\x05\x5D\x0A\x0E\x5D\x70\xD7\xD8\x97\xA0\xBC\x53\x41\x9A\x91\x8D\xF4\x9E\x36\x66\x7A\x7E\x56\xC1\x90\x5F\xE6\xB1\x68\x20\x36\xA4\x8C\x24\x2C\x2C\x47\x0B\x59\x76\x66\x30\xB5\xBE\xDE\xED\x8F\xF8\x9D\xD3\xBB\x01\x30\xE6\xF2\xF3\x0E\xE0\x2C\x92\x80\xF3\x85\xF9\x28\x8A\xB4\x54\x2E\x9A\xED\xF7\x76\xFC\x15\x68\x16\xEB\x4A\x6C\xEB\x2E\x12\x8F\xD4\xCF\xFE\x0C\xC7\x5C\x1D\x0B\x7E\x05\x32\xBE\x5E\xB0\x09\x2A\x42\xD5\xC9\x4E\x90\xB3\x59\x0D\xBB\x7A\x7E\xCD\xD5\x08\x5A\xB4\x7F\xD8\x1C\x69\x11\xF9\x27\x0F\x7B\x06\xAF\x54\x83\x18\x7B\xE1\xDD\x54\x7A\x51\x68\x6E\x77\xFC\xC6\xBF\x52\x4A\x66\x46\xA1\xB2\x67\x1A\xBB\xA3\x4F\x77\xA0\xBE\x5D\xFF\xFC\x56\x0B\x43\x72\x77\x90\xCA\x9E\xF9\xF2\x39\xF5\x0D\xA9\xF4\xEA\xD7\xE7\xB3\x10\x2F\x30\x42\x37\x21\xCC\x30\x70\xC9\x86\x98\x0F\xCC\x58\x4D\x83\xBB\x7D\xE5\x1A\xA5\x37\x8D\xB6\xAC\x32\x97\x00\x3A\x63\x71\x24\x1E\x9E\x37\xC4\xFF\x74\xD4\x37\xC0\xE2\xFE\x88\x46\x60\x11\xDD\x08\x3F\x50\x36\xAB\xB8\x7A\xA4\x95\x62\x6A\x6E\xB0\xCA\x6A\x21\x5A\x69\xF3\xF3\xFB\x1D\x70\x39\x95\xF3\xA7\x6E\xA6\x81\x89\xA1\x88\xC5\x3B\x71\xCA\xA3\x52\xEE\x83\xBB\xFD\xA0\x77\xF4\xE4\x6F\xE7\x42\xDB\x6D\x4A\x99\x8A\x34\x48\xBC\x17\xDC\xE4\x80\x08\x22\xB6\xF2\x31\xC0\x3F\x04\x3E\xEB\x9F\x20\x79\xD6\xB8\x06\x64\x64\x02\x31\xD7\xA9\xCD\x52\xFB\x84\x45\x69\x09\x00\x2A\xDC\x55\x8B\xC4\x06\x46\x4B\xC0\x4A\x1D\x09\x5B\x39\x28\xFD\xA9\xAB\xCE\x00\xF9\x2E\x48\x4B\x26\xE6\x30\x4C\xA5\x58\xCA\xB4\x44\x82\x4F\xE7\x91\x1E\x33\xC3\xB0\x93\xFF\x11\xFC\x81\xD2\xCA\x1F\x71\x29\xDD\x76\x4F\x92\x25\xAF\x1D\x81\xB7\x0F\x2F\x8C\xC3\x06\xCC\x2F\x27\xA3\x4A\xE4\x0E\x99\xBA\x7C\x1E\x45\x1F\x7F\xAA\x19\x45\x96\xFD\xFC\x3D\x02\x03\x01\x00\x01\xA3\x42\x30\x40\x30\x0E\x06\x03\x55\x1D\x0F\x01\x01\xFF\x04\x04\x03\x02\x01\x06\x30\x0F\x06\x03\x55\x1D\x13\x01\x01\xFF\x04\x05\x30\x03\x01\x01\xFF\x30\x1D\x06\x03\x55\x1D\x0E\x04\x16\x04\x14\xE1\x66\xCF\x0E\xD1\xF1\xB3\x4B\xB7\x06\x20\x14\xFE\x87\x12\xD5\xF6\xFE\xFB\x3E\x30\x0D\x06\x09\x2A\x86\x48\x86\xF7\x0D\x01\x01\x05\x05\x00\x03\x82\x02\x01\x00\xA8\xCB\x72\x40\xB2\x76\xC1\x7E\x7B\xFC\xAD\x64\xE3\x32\x7B\xCC\x3C\xB6\x5D\x46\xD3\xF5\x2C\xE2\x70\x5D\xC8\x2E\xD8\x06\x7D\x98\xD1\x0B\x21\xA0\x89\x59\x24\x01\x9D\xF9\xAF\x09\x7D\x0A\x23\x82\x34\xD5\xFC\x7C\x72\x99\xB9\xA3\xD7\x54\xF4\xEA\x52\x70\x0E\xC5\xF5\xD6\x3B\xE1\x3A\x09\x32\xE6\x21\x39\x93\xBD\xB3\x15\xEA\x4F\x6A\xF4\xF5\x8B\x3F\x2F\x7C\x8D\x58\x2E\xC5\xE1\x39\xA0\x3E\xC7\x3D\x4A\x73\x9E\x40\x7A\xC0\x2B\x61\xA9\x67\xC9\xF3\x24\xB9\xB3\x6D\x55\x2C\x5A\x1D\x9E\x25\x72\xCE\x0B\xAD\xAA\xC7\x55\x62\x0B\xBE\xFB\x63\xB3\x61\x44\x23\xA3\xCB\xE1\x1A\x0E\xF7\x9A\x06\x4D\xDE\xD4\x23\x4E\x21\x96\x5B\x39\x5B\x57\x1D\x2F\x5D\x08\x5E\x09\x79\xFF\x7C\x97\xB5\x4D\x83\xAE\x0D\xD6\xE6\xA3\x79\xE0\x33\xD0\x99\x96\x02\x30\xA7\x3E\xFF\xD2\xA3\x43\x3F\x05\x5A\x06\xEA\x44\x02\xDA\x7C\xF8\x48\xD0\x33\xA9\xF9\x07\xC7\x95\xE1\xF5\x3E\xF5\x5D\x71\xBA\xF2\x95\xA9\x74\x88\x61\x59\xE3\xBF\xCA\x5A\x13\xBA\x72\xB4\x8C\x5D\x36\x87\xE9\xA6\xC5\x3C\x13\xBF\xDE\xD0\x44\x26\xEE\xB7\xEC\x2E\x70\xFA\xD7\x9D\xB7\xAC\xE5\xC5\x40\x5A\xE6\xD7\x6C\x7B\x2C\xC3\x56\x9B\x47\xCD\x0B\xCE\xFA\x1B\xB4\x21\xD7\xB7\x66\xB8\xF4\x25\x30\x8B\x5C\x0D\xB9\xEA\x67\xB2\xF4\x6D\xAE\xD5\xA1\x9E\x4F\xD8\x9F\xE9\x27\x02\xB0\x1D\x06\xD6\x8F\xE3\xFB\x48\x12\x9F\x7F\x11\xA1\x10\x3E\x4C\x51\x3A\x96\xB0\xD1\x13\xF1\xC7\xD8\x26\xAE\x3A\xCA\x91\xC4\x69\x9D\xDF\x01\x29\x64\x51\x6F\x68\xDA\x14\xEC\x08\x41\x97\x90\x8D\xD0\xB2\x80\xF2\xCF\xC2\x3D\xBF\x91\x68\xC5\x80\x67\x1E\xC4\x60\x13\x55\xD5\x61\x99\x57\x7C\xBA\x95\x0F\x61\x49\x3A\xCA\x75\xBC\xC9\x0A\x93\x3F\x67\x0E\x12\xF2\x28\xE2\x31\x1B\xC0\x57\x16\xDF\x08\x7C\x19\xC1\x7E\x0F\x1F\x85\x1E\x0A\x36\x7C\x5B\x7E\x27\xBC\x7A\xBF\xE0\xDB\xF4\xDA\x52\xBD\xDE\x0C\x54\x70\x31\x91\x43\x95\xC8\xBC\xF0\x3E\xDD\x09\x7E\x30\x64\x50\xED\x7F\x01\xA4\x33\x67\x4D\x68\x4F\xBE\x15\xEF\xB0\xF6\x02\x11\xA2\x1B\x13\x25\x3A\xDC\xC2\x59\xF1\xE3\x5C\x46\xBB\x67\x2C\x02\x46\xEA\x1E\x48\xA6\xE6\x5B\xD9\xB5\xBC\x51\xA2\x92\x96\xDB\xAA\xC6\x37\x22\xA6\xFE\xCC\x20\x74\xA3\x2D\xA9\x2E\x6B\xCB\xC0\x82\x11\x21\xB5\x93\x79\xEE\x44\x86\xBE\xD7\x1E\xE4\x1E\xFB", }; +redef SSL::ct_logs += { +["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"), +["\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc"] = SSL::CTInfo($description="Symantec log", $operator="DigiCert", $url="ct.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76\x99\x08\x3d\x21\x14\x86"), +}; + + export { type LogInfo: record { version: count; diff --git a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test index 8f5271cb5a..e9c03ff884 100644 --- a/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test +++ b/testing/btest/scripts/base/files/x509/signed_certificate_timestamp_ocsp.test @@ -3,6 +3,10 @@ @load base/protocols/ssl +redef SSL::ct_logs += { +["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"), +}; + event zeek_init() { Files::register_for_mime_type(Files::ANALYZER_OCSP_REPLY, "application/ocsp-response"); diff --git a/testing/btest/scripts/base/frameworks/analyzer/disabled-file-analyzers.zeek b/testing/btest/scripts/base/frameworks/analyzer/disabled-file-analyzers.zeek new file mode 100644 index 0000000000..9191693cc9 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/analyzer/disabled-file-analyzers.zeek @@ -0,0 +1,20 @@ +# @TEST-DOC: Add the PE analyzer to Analyzer::disabled_analyzers and ensure no pe.log is created. + +# First, cross-check that pe.log is indeed generated. +# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT +# @TEST-EXEC: test -f pe.log +# @TEST-EXEC: rm *log + +# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }' +# @TEST-EXEC: test ! -f pe.log +# @TEST-EXEC: test -f conn.log +# @TEST-EXEC: rm *log + +# Finally, explicitly enable the analyzer via Analyzer::enable_analyzer() during zeek_init() and expect pe.log to be generated. +# @TEST-EXEC: zeek -b -r $TRACES/pe/pe.trace %INPUT 'Analyzer::disabled_analyzers += { Files::ANALYZER_PE }' -e 'event zeek_init() { Analyzer::enable_analyzer(Files::ANALYZER_PE); }' +# @TEST-EXEC: test -f pe.log +# @TEST-EXEC: test -f conn.log + +@load base/protocols/conn +@load base/protocols/ftp +@load base/files/pe diff --git a/testing/btest/scripts/base/frameworks/analyzer/disabled-packet-analyzers.zeek b/testing/btest/scripts/base/frameworks/analyzer/disabled-packet-analyzers.zeek new file mode 100644 index 0000000000..ac7a843ac1 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/analyzer/disabled-packet-analyzers.zeek @@ -0,0 +1,21 @@ +# @TEST-DOC: Add a packet analyzer to Analyzer::disabled_analyzers and ensure it does not generate events (vxlan in this case). +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/vxlan.pcap %INPUT > output +# @TEST-EXEC: btest-diff output +# + +# Removing this line triggers vxlan events from all but the first two packets. +redef Analyzer::disabled_analyzers += { PacketAnalyzer::ANALYZER_VXLAN }; + +global all_packets = 0; + +event raw_packet(hdr: raw_pkt_hdr) + { + ++all_packets; + print "packet", all_packets; + } + +# Should never run. +event vxlan_packet(outer: connection, inner: pkt_hdr, vni: count) + { + print "vxlan_packet", outer$uid, "inner", inner$ip; + } diff --git a/testing/btest/scripts/base/frameworks/analyzer/toggle-packet-analyzers.zeek b/testing/btest/scripts/base/frameworks/analyzer/toggle-packet-analyzers.zeek new file mode 100644 index 0000000000..946f9e1148 --- /dev/null +++ b/testing/btest/scripts/base/frameworks/analyzer/toggle-packet-analyzers.zeek @@ -0,0 +1,30 @@ +# @TEST-DOC: Use Analyzer::disable_analyzer() and Analyzer::enable_analyzer() to disable the VXLAN packet analyzers at runtime based on total raw packet count. +# @TEST-EXEC: zeek -b -r $TRACES/tunnels/vxlan.pcap %INPUT > output +# @TEST-EXEC: btest-diff output +# + +global all_packets = 0; + +event raw_packet(hdr: raw_pkt_hdr) + { + ++all_packets; + print "packet", all_packets; + + if ( all_packets == 4 ) + { + local er = Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN); + print "Analyzer::disable_analyzer(PacketAnalyzer::ANALYZER_VXLAN)", er; + } + # Packets 5 to 8 don't produce vxlan_packet events. + + if ( all_packets == 8 ) + { + local dr = Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN); + print "Analyzer::enable_analyzer(PacketAnalyzer::ANALYZER_VXLAN)", dr; + } + } + +event vxlan_packet(outer: connection, inner: pkt_hdr, vni: count) + { + print "vxlan_packet", outer$uid, "inner", inner$ip; + } diff --git a/testing/btest/scripts/base/protocols/http/http-no-crlf.zeek b/testing/btest/scripts/base/protocols/http/http-no-crlf.zeek index 458be00446..3d932bb099 100644 --- a/testing/btest/scripts/base/protocols/http/http-no-crlf.zeek +++ b/testing/btest/scripts/base/protocols/http/http-no-crlf.zeek @@ -3,7 +3,7 @@ # @TEST-EXEC: zeek -b -r $TRACES/http/no_crlf.pcap %INPUT # @TEST-EXEC: btest-diff conn.log # @TEST-EXEC: btest-diff http.log -# @TEST-EXEC: test ! -f weird.log +# @TEST-EXEC: btest-diff weird.log @load base/protocols/conn @load base/protocols/http diff --git a/testing/btest/scripts/base/protocols/http/missing-http-entity.zeek b/testing/btest/scripts/base/protocols/http/missing-http-entity.zeek new file mode 100644 index 0000000000..67e76b491f --- /dev/null +++ b/testing/btest/scripts/base/protocols/http/missing-http-entity.zeek @@ -0,0 +1,7 @@ +# @TEST-DOC: The server starts sending a response while the client is still uploading the POST payload. This causes http_header to be raised while no entity is set. +# @TEST-EXEC: zeek -b -r $TRACES/http/interleaved-http-entity.pcap %INPUT +# @TEST-EXEC: btest-diff http.log +# @TEST-EXEC: btest-diff weird.log + +@load base/protocols/http +@load base/frameworks/notice/weird diff --git a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test index 9c6ac0b9df..3484323cd4 100644 --- a/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test +++ b/testing/btest/scripts/base/protocols/ssl/signed_certificate_timestamp.test @@ -11,6 +11,11 @@ # @TEST-EXEC: btest-diff .stdout # @TEST-EXEC: test ! -f dpd.log +redef SSL::ct_logs += { +["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"), +["\xdd\xeb\x1d\x2b\x7a\x0d\x4f\xa6\x20\x8b\x81\xad\x81\x68\x70\x7e\x2e\x8e\x9d\x01\xd5\x5c\x88\x8d\x3d\x11\xc4\xcd\xb6\xec\xbe\xcc"] = SSL::CTInfo($description="Symantec log", $operator="DigiCert", $url="ct.ws.symantec.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x96\xea\xac\x1c\x46\x0c\x1b\x55\xdc\x0d\xfc\xb5\x94\x27\x46\x57\x42\x70\x3a\x69\x18\xe2\xbf\x3b\xc4\xdb\xab\xa0\xf4\xb6\x6c\xc0\x53\x3f\x4d\x42\x10\x33\xf0\x58\x97\x8f\x6b\xbe\x72\xf4\x2a\xec\x1c\x42\xaa\x03\x2f\x1a\x7e\x28\x35\x76\x99\x08\x3d\x21\x14\x86"), +}; + export { type LogInfo: record { version: count; diff --git a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek index e81bc214a7..8d0c9ad873 100644 --- a/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek +++ b/testing/btest/scripts/policy/protocols/ssl/validate-sct.zeek @@ -9,6 +9,8 @@ redef SSL::ct_logs += { ["\x03\x01\x9d\xf3\xfd\x85\xa6\x9a\x8e\xbd\x1f\xac\xc6\xda\x9b\xa7\x3e\x46\x97\x74\xfe\x77\xf5\x79\xfc\x5a\x08\xb8\x32\x8c\x1d\x6b"] = SSL::CTInfo($description="Venafi Gen2 CT log", $operator="Venafi", $url="ctlog-gen2.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x8e\x27\x27\x7a\xb6\x55\x09\x74\xeb\x6c\x4b\x94\x84\x65\xbc\xe4\x15\xf1\xea\x5a\xd8\x7c\x0e\x37\xce\xba\x3f\x6c\x09\xda\xe7\x29\x96\xd3\x45\x50\x6f\xde\x1e\xb4\x1c\xd2\x83\x88\xff\x29\x2f\xce\xa9\xff\xdf\x34\xde\x75\x0f\xc0\xcc\x18\x0d\x94\x2e\xfc\x37\x01"), +["\x68\xf6\x98\xf8\x1f\x64\x82\xbe\x3a\x8c\xee\xb9\x28\x1d\x4c\xfc\x71\x51\x5d\x67\x93\xd4\x44\xd1\x0a\x67\xac\xbb\x4f\x4f\xfb\xc4"] = SSL::CTInfo($description="Google 'Aviator' log", $operator="Google", $url="ct.googleapis.com/aviator/", $maximum_merge_delay=86400, $key="\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48\xce\x3d\x03\x01\x07\x03\x42\x00\x04\xd7\xf4\xcc\x69\xb2\xe4\x0e\x90\xa3\x8a\xea\x5a\x70\x09\x4f\xef\x13\x62\xd0\x8d\x49\x60\xff\x1b\x40\x50\x07\x0c\x6d\x71\x86\xda\x25\x49\x8d\x65\xe1\x08\x0d\x47\x34\x6b\xbd\x27\xbc\x96\x21\x3e\x34\xf5\x87\x76\x31\xb1\x7f\x1d\xc9\x85\x3b\x0d\xf7\x1f\x3f\xe9"), +["\xac\x3b\x9a\xed\x7f\xa9\x67\x47\x57\x15\x9e\x6d\x7d\x57\x56\x72\xf9\xd9\x81\x00\x94\x1e\x9b\xde\xff\xec\xa1\x31\x3b\x75\x78\x2d"] = SSL::CTInfo($description="Venafi log", $operator="Venafi", $url="ctlog.api.venafi.com/", $maximum_merge_delay=86400, $key="\x30\x82\x01\x22\x30\x0d\x06\x09\x2a\x86\x48\x86\xf7\x0d\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x00\x30\x82\x01\x0a\x02\x82\x01\x01\x00\xa2\x5a\x48\x1f\x17\x52\x95\x35\xcb\xa3\x5b\x3a\x1f\x53\x82\x76\x94\xa3\xff\x80\xf2\x1c\x37\x3c\xc0\xb1\xbd\xc1\x59\x8b\xab\x2d\x65\x93\xd7\xf3\xe0\x04\xd5\x9a\x6f\xbf\xd6\x23\x76\x36\x4f\x23\x99\xcb\x54\x28\xad\x8c\x15\x4b\x65\x59\x76\x41\x4a\x9c\xa6\xf7\xb3\x3b\x7e\xb1\xa5\x49\xa4\x17\x51\x6c\x80\xdc\x2a\x90\x50\x4b\x88\x24\xe9\xa5\x12\x32\x93\x04\x48\x90\x02\xfa\x5f\x0e\x30\x87\x8e\x55\x76\x05\xee\x2a\x4c\xce\xa3\x6a\x69\x09\x6e\x25\xad\x82\x76\x0f\x84\x92\xfa\x38\xd6\x86\x4e\x24\x8f\x9b\xb0\x72\xcb\x9e\xe2\x6b\x3f\xe1\x6d\xc9\x25\x75\x23\x88\xa1\x18\x58\x06\x23\x33\x78\xda\x00\xd0\x38\x91\x67\xd2\xa6\x7d\x27\x97\x67\x5a\xc1\xf3\x2f\x17\xe6\xea\xd2\x5b\xe8\x81\xcd\xfd\x92\x68\xe7\xf3\x06\xf0\xe9\x72\x84\xee\x01\xa5\xb1\xd8\x33\xda\xce\x83\xa5\xdb\xc7\xcf\xd6\x16\x7e\x90\x75\x18\xbf\x16\xdc\x32\x3b\x6d\x8d\xab\x82\x17\x1f\x89\x20\x8d\x1d\x9a\xe6\x4d\x23\x08\xdf\x78\x6f\xc6\x05\xbf\x5f\xae\x94\x97\xdb\x5f\x64\xd4\xee\x16\x8b\xa3\x84\x6c\x71\x2b\xf1\xab\x7f\x5d\x0d\x32\xee\x04\xe2\x90\xec\x41\x9f\xfb\x39\xc1\x02\x03\x01\x00\x01"), }; module SSL; @@ -19,7 +21,12 @@ event ssl_established(c: connection) for ( i in c$ssl$ct_proofs ) { local proof = c$ssl$ct_proofs[i]; - local log = SSL::ct_logs[proof$logid]; - print log$description, proof$valid; + if ( proof$logid !in SSL::ct_logs ) + print "Logid unknown: ", proof$logid; + else + { + local log = SSL::ct_logs[proof$logid]; + print log$description, proof$valid; + } } }