Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Fixing tests after intel-framework merge.

Browse source 
coverage.bare-mode-errors still failing.
This commit is contained in:
Robin Sommer 2012-11-01 09:28:59 -07:00
parent fb7ba82bab
commit 70339e9fed
5 changed files with 30 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

14
doc/scripts/DocSourcesList.cmake
View file

@ -36,6 +36,8 @@ rest_target(${psd} base/frameworks/input/main.bro)
rest_target(${psd} base/frameworks/input/readers/ascii.bro) rest_target(${psd} base/frameworks/input/readers/ascii.bro)
rest_target(${psd} base/frameworks/input/readers/benchmark.bro) rest_target(${psd} base/frameworks/input/readers/benchmark.bro)
rest_target(${psd} base/frameworks/input/readers/raw.bro) rest_target(${psd} base/frameworks/input/readers/raw.bro)
rest_target(${psd} base/frameworks/intel/cluster.bro)
rest_target(${psd} base/frameworks/intel/input.bro)
rest_target(${psd} base/frameworks/intel/main.bro) rest_target(${psd} base/frameworks/intel/main.bro)
rest_target(${psd} base/frameworks/logging/main.bro) rest_target(${psd} base/frameworks/logging/main.bro)
rest_target(${psd} base/frameworks/logging/postprocessors/scp.bro) rest_target(${psd} base/frameworks/logging/postprocessors/scp.bro)
@ -100,11 +102,21 @@ rest_target(${psd} base/utils/patterns.bro)
rest_target(${psd} base/utils/site.bro) rest_target(${psd} base/utils/site.bro)
rest_target(${psd} base/utils/strings.bro) rest_target(${psd} base/utils/strings.bro)
rest_target(${psd} base/utils/thresholds.bro) rest_target(${psd} base/utils/thresholds.bro)
rest_target(${psd} base/utils/urls.bro)
rest_target(${psd} policy/frameworks/communication/listen.bro) rest_target(${psd} policy/frameworks/communication/listen.bro)
rest_target(${psd} policy/frameworks/control/controllee.bro) rest_target(${psd} policy/frameworks/control/controllee.bro)
rest_target(${psd} policy/frameworks/control/controller.bro) rest_target(${psd} policy/frameworks/control/controller.bro)
rest_target(${psd} policy/frameworks/dpd/detect-protocols.bro) rest_target(${psd} policy/frameworks/dpd/detect-protocols.bro)
rest_target(${psd} policy/frameworks/dpd/packet-segment-logging.bro) rest_target(${psd} policy/frameworks/dpd/packet-segment-logging.bro)
rest_target(${psd} policy/frameworks/intel/conn-established.bro)
rest_target(${psd} policy/frameworks/intel/dns.bro)
rest_target(${psd} policy/frameworks/intel/http-host-header.bro)
rest_target(${psd} policy/frameworks/intel/http-url.bro)
rest_target(${psd} policy/frameworks/intel/http-user-agents.bro)
rest_target(${psd} policy/frameworks/intel/smtp-url-extraction.bro)
rest_target(${psd} policy/frameworks/intel/smtp.bro)
rest_target(${psd} policy/frameworks/intel/ssl.bro)
rest_target(${psd} policy/frameworks/intel/where-locations.bro)
rest_target(${psd} policy/frameworks/metrics/conn-example.bro) rest_target(${psd} policy/frameworks/metrics/conn-example.bro)
rest_target(${psd} policy/frameworks/metrics/http-example.bro) rest_target(${psd} policy/frameworks/metrics/http-example.bro)
rest_target(${psd} policy/frameworks/metrics/ssl-example.bro) rest_target(${psd} policy/frameworks/metrics/ssl-example.bro)
@ -112,6 +124,7 @@ rest_target(${psd} policy/frameworks/software/version-changes.bro)
rest_target(${psd} policy/frameworks/software/vulnerable.bro) rest_target(${psd} policy/frameworks/software/vulnerable.bro)
rest_target(${psd} policy/integration/barnyard2/main.bro) rest_target(${psd} policy/integration/barnyard2/main.bro)
rest_target(${psd} policy/integration/barnyard2/types.bro) rest_target(${psd} policy/integration/barnyard2/types.bro)
rest_target(${psd} policy/integration/collective-intel/main.bro)
rest_target(${psd} policy/misc/analysis-groups.bro) rest_target(${psd} policy/misc/analysis-groups.bro)
rest_target(${psd} policy/misc/capture-loss.bro) rest_target(${psd} policy/misc/capture-loss.bro)
rest_target(${psd} policy/misc/loaded-scripts.bro) rest_target(${psd} policy/misc/loaded-scripts.bro)
@ -126,7 +139,6 @@ rest_target(${psd} policy/protocols/dns/detect-external-names.bro)
rest_target(${psd} policy/protocols/ftp/detect.bro) rest_target(${psd} policy/protocols/ftp/detect.bro)
rest_target(${psd} policy/protocols/ftp/software.bro) rest_target(${psd} policy/protocols/ftp/software.bro)
rest_target(${psd} policy/protocols/http/detect-MHR.bro) rest_target(${psd} policy/protocols/http/detect-MHR.bro)
rest_target(${psd} policy/protocols/http/detect-intel.bro)
rest_target(${psd} policy/protocols/http/detect-sqli.bro) rest_target(${psd} policy/protocols/http/detect-sqli.bro)
rest_target(${psd} policy/protocols/http/detect-webapps.bro) rest_target(${psd} policy/protocols/http/detect-webapps.bro)
rest_target(${psd} policy/protocols/http/header-names.bro) rest_target(${psd} policy/protocols/http/header-names.bro)

21
scripts/policy/protocols/http/detect-intel.bro
View file

@ -1,21 +0,0 @@
##! Intelligence based HTTP detections. Not yet working!
@load base/protocols/http/main
@load base/protocols/http/utils
@load base/frameworks/intel/main
module HTTP;
event log_http(rec: Info)
{
local url = HTTP::build_url(rec);
local query = [$str=url, $subtype="url", $or_tags=set("malicious", "malware")];
if ( Intel::matcher(query) )
{
local msg = fmt("%s accessed a malicious URL from the intelligence framework", rec$id$orig_h);
NOTICE([$note=Intel::Detection,
$msg=msg,
$sub=HTTP::build_url_http(rec),
$id=rec$id]);
}
}

13
scripts/test-all-policy.bro
View file

@ -14,6 +14,16 @@
# @load frameworks/control/controller.bro # @load frameworks/control/controller.bro
@load frameworks/dpd/detect-protocols.bro @load frameworks/dpd/detect-protocols.bro
@load frameworks/dpd/packet-segment-logging.bro @load frameworks/dpd/packet-segment-logging.bro
@load frameworks/intel/__load__.bro
@load frameworks/intel/conn-established.bro
@load frameworks/intel/dns.bro
@load frameworks/intel/http-host-header.bro
@load frameworks/intel/http-url.bro
@load frameworks/intel/http-user-agents.bro
@load frameworks/intel/smtp-url-extraction.bro
@load frameworks/intel/smtp.bro
@load frameworks/intel/ssl.bro
@load frameworks/intel/where-locations.bro
@load frameworks/metrics/conn-example.bro @load frameworks/metrics/conn-example.bro
@load frameworks/metrics/http-example.bro @load frameworks/metrics/http-example.bro
@load frameworks/metrics/ssl-example.bro @load frameworks/metrics/ssl-example.bro
@ -22,6 +32,8 @@
@load integration/barnyard2/__load__.bro @load integration/barnyard2/__load__.bro
@load integration/barnyard2/main.bro @load integration/barnyard2/main.bro
@load integration/barnyard2/types.bro @load integration/barnyard2/types.bro
@load integration/collective-intel/__load__.bro
@load integration/collective-intel/main.bro
@load misc/analysis-groups.bro @load misc/analysis-groups.bro
@load misc/capture-loss.bro @load misc/capture-loss.bro
@load misc/loaded-scripts.bro @load misc/loaded-scripts.bro
@ -35,7 +47,6 @@
@load protocols/dns/detect-external-names.bro @load protocols/dns/detect-external-names.bro
@load protocols/ftp/detect.bro @load protocols/ftp/detect.bro
@load protocols/ftp/software.bro @load protocols/ftp/software.bro
@load protocols/http/detect-intel.bro
@load protocols/http/detect-MHR.bro @load protocols/http/detect-MHR.bro
@load protocols/http/detect-sqli.bro @load protocols/http/detect-sqli.bro
@load protocols/http/detect-webapps.bro @load protocols/http/detect-webapps.bro

6
testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
View file

@ -3,7 +3,7 @@
#empty_field (empty) #empty_field (empty)
#unset_field - #unset_field -
#path loaded_scripts #path loaded_scripts
#open 2012-07-20-14-34-40 #open 2012-11-01-15-37-12
#fields name #fields name
#types string #types string
scripts/base/init-bare.bro scripts/base/init-bare.bro
@ -40,6 +40,7 @@ scripts/base/init-default.bro
scripts/base/utils/paths.bro scripts/base/utils/paths.bro
scripts/base/utils/strings.bro scripts/base/utils/strings.bro
scripts/base/utils/thresholds.bro scripts/base/utils/thresholds.bro
scripts/base/utils/urls.bro
scripts/base/frameworks/notice/__load__.bro scripts/base/frameworks/notice/__load__.bro
scripts/base/frameworks/notice/./main.bro scripts/base/frameworks/notice/./main.bro
scripts/base/frameworks/notice/./weird.bro scripts/base/frameworks/notice/./weird.bro
@ -69,6 +70,7 @@ scripts/base/init-default.bro
scripts/base/frameworks/metrics/./non-cluster.bro scripts/base/frameworks/metrics/./non-cluster.bro
scripts/base/frameworks/intel/__load__.bro scripts/base/frameworks/intel/__load__.bro
scripts/base/frameworks/intel/./main.bro scripts/base/frameworks/intel/./main.bro
scripts/base/frameworks/intel/./input.bro
scripts/base/frameworks/reporter/__load__.bro scripts/base/frameworks/reporter/__load__.bro
scripts/base/frameworks/reporter/./main.bro scripts/base/frameworks/reporter/./main.bro
scripts/base/frameworks/tunnels/__load__.bro scripts/base/frameworks/tunnels/__load__.bro
@ -112,4 +114,4 @@ scripts/base/init-default.bro
scripts/base/protocols/syslog/./consts.bro scripts/base/protocols/syslog/./consts.bro
scripts/base/protocols/syslog/./main.bro scripts/base/protocols/syslog/./main.bro
scripts/policy/misc/loaded-scripts.bro scripts/policy/misc/loaded-scripts.bro
#close 2012-07-20-14-34-40 #close 2012-11-01-15-37-12

1
testing/btest/Baseline/coverage.init-default/missing_loads
View file

@ -2,5 +2,6 @@
-./frameworks/cluster/nodes/proxy.bro -./frameworks/cluster/nodes/proxy.bro
-./frameworks/cluster/nodes/worker.bro -./frameworks/cluster/nodes/worker.bro
-./frameworks/cluster/setup-connections.bro -./frameworks/cluster/setup-connections.bro
-./frameworks/intel/cluster.bro
-./frameworks/metrics/cluster.bro -./frameworks/metrics/cluster.bro
-./frameworks/notice/cluster.bro -./frameworks/notice/cluster.bro