diff --git a/testing/btest/Baseline.zam/bifs.disable_analyzer-early/out b/testing/btest/Baseline.zam/bifs.disable_analyzer-early/out new file mode 100644 index 0000000000..b72c958aef --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.disable_analyzer-early/out @@ -0,0 +1,7 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +proto confirm, AllAnalyzers::ANALYZER_ANALYZER_HTTP +T +http_request, GET, /style/enhanced.css +total http messages, { +[[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]] = 1 +} diff --git a/testing/btest/Baseline.zam/bifs.disable_analyzer-hook/out b/testing/btest/Baseline.zam/bifs.disable_analyzer-hook/out index bbce22f58e..c72bc161e8 100644 --- a/testing/btest/Baseline.zam/bifs.disable_analyzer-hook/out +++ b/testing/btest/Baseline.zam/bifs.disable_analyzer-hook/out @@ -1,15 +1,15 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. proto confirm, AllAnalyzers::ANALYZER_ANALYZER_HTTP http_request, GET, /style/enhanced.css -preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 1 +preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], AllAnalyzers::ANALYZER_ANALYZER_HTTP, 3, 1 F http_reply, 200 http_request, GET, /script/urchin.js -preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 3 +preventing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], AllAnalyzers::ANALYZER_ANALYZER_HTTP, 3, 3 F http_reply, 200 http_request, GET, /images/template/screen/bullet_utility.png -allowing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], Analyzer::ANALYZER_HTTP, 3, 5 +allowing disable_analyzer, [orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp], AllAnalyzers::ANALYZER_ANALYZER_HTTP, 3, 5 T total http messages, { [[orig_h=192.168.1.104, orig_p=1673/tcp, resp_h=63.245.209.11, resp_p=80/tcp]] = 5 diff --git a/testing/btest/Baseline.zam/bifs.from_json-10/.stderr b/testing/btest/Baseline.zam/bifs.from_json-10/.stderr new file mode 100644 index 0000000000..49d861c74c --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-10/.stderr @@ -0,0 +1 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. diff --git a/testing/btest/Baseline.zam/bifs.from_json-10/.stdout b/testing/btest/Baseline.zam/bifs.from_json-10/.stdout new file mode 100644 index 0000000000..c7202a240c --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-10/.stdout @@ -0,0 +1,6 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v={ +fe80::/64, +192.168.0.0/16 +}, valid=T] +[v=[1, 3, 4], valid=T] diff --git a/testing/btest/Baseline.zam/bifs.from_json-11/.stderr b/testing/btest/Baseline.zam/bifs.from_json-11/.stderr new file mode 100644 index 0000000000..83cccb763e --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-11/.stderr @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 8: required field Foo$hello is missing in JSON (from_json({"t":null}, ::#0)) +error in <...>/from_json.zeek, line 9: required field Foo$hello is null in JSON (from_json({"hello": null, "t": true}, ::#2)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-11/.stdout b/testing/btest/Baseline.zam/bifs.from_json-11/.stdout new file mode 100644 index 0000000000..d288024480 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-11/.stdout @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-12/.stderr b/testing/btest/Baseline.zam/bifs.from_json-12/.stderr new file mode 100644 index 0000000000..49d861c74c --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-12/.stderr @@ -0,0 +1 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. diff --git a/testing/btest/Baseline.zam/bifs.from_json-12/.stdout b/testing/btest/Baseline.zam/bifs.from_json-12/.stdout new file mode 100644 index 0000000000..7673a47ea5 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-12/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=[hello=Hello!], valid=T] diff --git a/testing/btest/Baseline.zam/bifs.from_json-2/.stderr b/testing/btest/Baseline.zam/bifs.from_json-2/.stderr new file mode 100644 index 0000000000..5fe8977244 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-2/.stderr @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 4: from_json() requires a type argument (from_json([], 10)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-2/.stdout b/testing/btest/Baseline.zam/bifs.from_json-2/.stdout new file mode 100644 index 0000000000..aee95c8a8e --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-2/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-3/.stderr b/testing/btest/Baseline.zam/bifs.from_json-3/.stderr new file mode 100644 index 0000000000..e8e76fd280 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-3/.stderr @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 4: JSON parse error: Missing a closing quotation mark in string. Offset: 5 (from_json({"hel, ::#0)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-3/.stdout b/testing/btest/Baseline.zam/bifs.from_json-3/.stdout new file mode 100644 index 0000000000..aee95c8a8e --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-3/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-4/.stderr b/testing/btest/Baseline.zam/bifs.from_json-4/.stderr new file mode 100644 index 0000000000..ed567bc817 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-4/.stderr @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 9: cannot convert JSON type 'array' to Zeek type 'bool' (from_json([], ::#0)) +error in <...>/from_json.zeek, line 10: cannot convert JSON type 'string' to Zeek type 'bool' (from_json({"a": "hello"}, ::#2)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-4/.stdout b/testing/btest/Baseline.zam/bifs.from_json-4/.stdout new file mode 100644 index 0000000000..d288024480 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-4/.stdout @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-5/.stderr b/testing/btest/Baseline.zam/bifs.from_json-5/.stderr new file mode 100644 index 0000000000..a8d80a29c7 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-5/.stderr @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 4: tables are not supported (from_json([], ::#0)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-5/.stdout b/testing/btest/Baseline.zam/bifs.from_json-5/.stdout new file mode 100644 index 0000000000..aee95c8a8e --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-5/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-6/.stderr b/testing/btest/Baseline.zam/bifs.from_json-6/.stderr new file mode 100644 index 0000000000..2ac321f4e0 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-6/.stderr @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 5: wrong port format, must be <...>/(tcp|udp|icmp|unknown)/ (from_json("80", ::#0)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-6/.stdout b/testing/btest/Baseline.zam/bifs.from_json-6/.stdout new file mode 100644 index 0000000000..aee95c8a8e --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-6/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-7/.stderr b/testing/btest/Baseline.zam/bifs.from_json-7/.stderr new file mode 100644 index 0000000000..fd5ec83642 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-7/.stderr @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 5: index type doesn't match (from_json([[1, false], [2]], ::#0)) +error in <...>/from_json.zeek, line 6: cannot convert JSON type 'number' to Zeek type 'bool' (from_json([[1, false], [2, 1]], ::#2)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-7/.stdout b/testing/btest/Baseline.zam/bifs.from_json-7/.stdout new file mode 100644 index 0000000000..d288024480 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-7/.stdout @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-8/.stderr b/testing/btest/Baseline.zam/bifs.from_json-8/.stderr new file mode 100644 index 0000000000..ba565788a5 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-8/.stderr @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error: error compiling pattern /^?(.|\n)*(([[:print:]]{-}[[:alnum:]]foo))/ +error in <...>/from_json.zeek, line 5: error compiling pattern (from_json("/([[:print:]]{-}[[:alnum:]]foo)/", ::#0)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-8/.stdout b/testing/btest/Baseline.zam/bifs.from_json-8/.stdout new file mode 100644 index 0000000000..aee95c8a8e --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-8/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json-9/.stderr b/testing/btest/Baseline.zam/bifs.from_json-9/.stderr new file mode 100644 index 0000000000..14894c2146 --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-9/.stderr @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +error in <...>/from_json.zeek, line 7: 'Yellow' is not a valid enum for 'Color'. (from_json("Yellow", ::#0)) diff --git a/testing/btest/Baseline.zam/bifs.from_json-9/.stdout b/testing/btest/Baseline.zam/bifs.from_json-9/.stdout new file mode 100644 index 0000000000..aee95c8a8e --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json-9/.stdout @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=, valid=F] diff --git a/testing/btest/Baseline.zam/bifs.from_json/.stderr b/testing/btest/Baseline.zam/bifs.from_json/.stderr new file mode 100644 index 0000000000..49d861c74c --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json/.stderr @@ -0,0 +1 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. diff --git a/testing/btest/Baseline.zam/bifs.from_json/.stdout b/testing/btest/Baseline.zam/bifs.from_json/.stdout new file mode 100644 index 0000000000..24f35f7b9b --- /dev/null +++ b/testing/btest/Baseline.zam/bifs.from_json/.stdout @@ -0,0 +1,8 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +[v=[hello=world, t=T, f=F, n=, m=, def=123, i=123, pi=3.1416, a=[1, 2, 3, 4], c1=A::Blue, p=1500/tcp, ti=1681652265.042767, it=1.0 hr 23.0 mins 20.0 secs, ad=127.0.0.1, s=::1/128, re=/^?(a)$?/, su={ +aa:bb::/32, +192.168.0.0/16 +}, se={ +[192.168.0.1, 80/tcp] , +[2001:db8::1, 8080/udp] +}], valid=T] diff --git a/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout index 315fb7c87f..1e4f9aa98a 100644 --- a/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout +++ b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info-ftp/.stdout @@ -1,5 +1,3 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3 -analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_FTP, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3 analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code, [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3, SSH-2.0-mod_sftp/0.9.7 -analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_FTP, non-numeric reply code [SSH-2.0-mod_sftp/0.9.7], [orig_h=2001:470:1f05:17a6:d69a:20ff:fefd:6b88, orig_p=24316/tcp, resp_h=2001:6a8:a40::21, resp_p=21/tcp], 3 diff --git a/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout index 286fc6c502..af8800750d 100644 --- a/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout +++ b/testing/btest/Baseline.zam/core.analyzer-confirmation-violation-info/.stdout @@ -1,5 +1,3 @@ ### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. analyzer_confirmation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 -analyzer_confirmation, AllAnalyzers::ANALYZER_ANALYZER_SSL, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 analyzer_violation_info, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 -analyzer_violation, AllAnalyzers::ANALYZER_ANALYZER_SSL, Invalid version late in TLS connection. Packet reported version: 0, [orig_h=1.1.1.1, orig_p=20394/tcp, resp_h=2.2.2.2, resp_p=443/tcp], 3 diff --git a/testing/btest/Baseline.zam/scripts.base.frameworks.input.raw.rereadraw/out b/testing/btest/Baseline.zam/scripts.base.frameworks.input.raw.rereadraw/out deleted file mode 100644 index 2700d05e77..0000000000 --- a/testing/btest/Baseline.zam/scripts.base.frameworks.input.raw.rereadraw/out +++ /dev/null @@ -1,97 +0,0 @@ -### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -q3r3057fdf -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -sdfs\d -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW - -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -dfsdf -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -sdf -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -3rw43wRRERLlL#RWERERERE. -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -DSF"DFKJ"SDFKLh304yrsdkfj@#(*U$34jfDJup3UF -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -q3r3057fdf -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -sdfs\d -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW - -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -dfsdf -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -sdf -[source=../input.log, reader=Input::READER_RAW, mode=Input::REREAD, name=input, fields=A::Val, want_record=F, ev=line -ZAM-code line , error_ev=, config={ - -}] -Input::EVENT_NEW -3rw43wRRERLlL#RWERERERE. diff --git a/testing/btest/Baseline.zam/scripts.base.protocols.ssl.prevent-disable-analyzer/.stdout b/testing/btest/Baseline.zam/scripts.base.protocols.ssl.prevent-disable-analyzer/.stdout index d4fcef9236..229c675729 100644 --- a/testing/btest/Baseline.zam/scripts.base.protocols.ssl.prevent-disable-analyzer/.stdout +++ b/testing/btest/Baseline.zam/scripts.base.protocols.ssl.prevent-disable-analyzer/.stdout @@ -2,10 +2,10 @@ analyzer_confirmation, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], T, 22, 32, 1 established, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp] -disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3 -preventing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3 +disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3 +preventing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], F, 22, 32, 2 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], T, 23, 31, 3 encrypted_data, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], T, 23, 17, 4 -disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3 -allowing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], Analyzer::ANALYZER_SSL, 3 +disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3 +allowing disabling_analyzer, [orig_h=10.0.0.80, orig_p=56637/tcp, resp_h=68.233.76.12, resp_p=443/tcp], AllAnalyzers::ANALYZER_ANALYZER_SSL, 3 diff --git a/testing/btest/Baseline.zam/spicy.analyzer-tag/output b/testing/btest/Baseline.zam/spicy.analyzer-tag/output new file mode 100644 index 0000000000..d999b52c17 --- /dev/null +++ b/testing/btest/Baseline.zam/spicy.analyzer-tag/output @@ -0,0 +1,6 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +Have analyzer! +tag: AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH +name: SPICY_SSH + +Do not have analyzer! diff --git a/testing/btest/Baseline.zam/spicy.replaces/output b/testing/btest/Baseline.zam/spicy.replaces/output new file mode 100644 index 0000000000..0a68502166 --- /dev/null +++ b/testing/btest/Baseline.zam/spicy.replaces/output @@ -0,0 +1,4 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +AllAnalyzers::ANALYZER_ANALYZER_SSH, 3 +SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], F, 1.99, OpenSSH_3.9p1 +SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1 diff --git a/testing/btest/Baseline.zam/spicy.ssh-banner/analyzer.log b/testing/btest/Baseline.zam/spicy.ssh-banner/analyzer.log new file mode 100644 index 0000000000..b60c24d0f9 --- /dev/null +++ b/testing/btest/Baseline.zam/spicy.ssh-banner/analyzer.log @@ -0,0 +1,12 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path analyzer +#open XXXX-XX-XX-XX-XX-XX +#fields ts cause analyzer_kind analyzer_name uid fuid id.orig_h id.orig_p id.resp_h id.resp_p failure_reason failure_data +#types time string string string string string addr port addr port string string +XXXXXXXXXX.XXXXXX violation protocol SPICY_SSH CHhAvVGS1DHFjwGM9 - 141.142.228.5 53595 54.243.55.129 80 protocol rejected - +XXXXXXXXXX.XXXXXX violation protocol SPICY_SSH CHhAvVGS1DHFjwGM9 - 141.142.228.5 53595 54.243.55.129 80 failed to match regular expression (<...>/ssh.spicy:7:15) POST /post HTTP/1.1\x0d\x0aUser-Agent: curl/7. +#close XXXX-XX-XX-XX-XX-XX diff --git a/testing/btest/Baseline.zam/spicy.ssh-banner/output b/testing/btest/Baseline.zam/spicy.ssh-banner/output new file mode 100644 index 0000000000..b9c4a75921 --- /dev/null +++ b/testing/btest/Baseline.zam/spicy.ssh-banner/output @@ -0,0 +1,10 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +=== confirmation +SSH banner in Foo, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], F, 1.99, OpenSSH_3.9p1 +SSH banner in Foo, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1 +SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], F, 1.99, OpenSSH_3.9p1 +SSH banner, [orig_h=192.150.186.169, orig_p=49244/tcp, resp_h=131.159.14.23, resp_p=22/tcp], T, 2.0, OpenSSH_3.8.1p1 +confirm, AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH +=== violation +violation, AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH, failed to match regular expression (<...>/ssh.spicy:7:15) +violation, AllAnalyzers::ANALYZER_ANALYZER_SPICY_SSH, protocol rejected diff --git a/testing/btest/Baseline.zam/spicy.ssh-banner/weird.log b/testing/btest/Baseline.zam/spicy.ssh-banner/weird.log new file mode 100644 index 0000000000..7dcdd71aef --- /dev/null +++ b/testing/btest/Baseline.zam/spicy.ssh-banner/weird.log @@ -0,0 +1,11 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#open XXXX-XX-XX-XX-XX-XX +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer source +#types time string addr port addr port string string bool string string +XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.150.186.169 49244 131.159.14.23 22 my_weird OpenSSH_3.9p1 F zeek SPICY_SSH +#close XXXX-XX-XX-XX-XX-XX