mirror of
https://github.com/zeek/zeek.git
synced 2025-10-14 04:28:20 +00:00
GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev.
This also installs symlinks from "zeek" and "bro-config" to a wrapper script that prints a deprecation warning. The btests pass, but this is still WIP. broctl renaming is still missing. #239
This commit is contained in:
Robin Sommer
parent
375b151a4b
commit
789cb376fd
1119 changed files with 1686 additions and 1647 deletions
|
|
@ -1,6 +1,6 @@
|
|||
# This tests a normal SSL connection and the log it outputs.
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
# @TEST-EXEC: test ! -f dpd.log
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
# This tests a normal SSL connection and the log it outputs.
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/cert-no-cn.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/cert-no-cn.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event x509_certificate(f: fa_file, cert_ref: opaque of x509, cert: X509::Certificate)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests that the values sent for compression methods are correct.
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests if Bro does not crash when exposed to CVE-2015-3194
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/CVE-2015-3194.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/CVE-2015-3194.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
|
||||
@load protocols/ssl/validate-certs
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
# @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT
|
||||
# @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT
|
||||
# @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT
|
||||
# @TEST-EXEC: bro -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -b -r $TRACES/tls/ssl-v2.trace %INPUT
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/tls/ssl.v3.trace %INPUT
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-early-alert.trace %INPUT
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
@load base/frameworks/dpd
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests checks that non-dtls connections to which we attach don't trigger tons of errors.
|
||||
|
||||
# @TEST-EXEC: bro -C -r $TRACES/dns-txt-multiple.trace %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/dns-txt-multiple.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event zeek_init()
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/webrtc-stun.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/webrtc-stun.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: touch dpd.log
|
||||
# @TEST-EXEC: btest-diff dpd.log
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
# This tests a normal SSL connection and the log it outputs.
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT
|
||||
# @TEST-EXEC: cp ssl.log ssl1_2.log
|
||||
# @TEST-EXEC: cp x509.log x5091_2.log
|
||||
# @TEST-EXEC: btest-diff ssl1_2.log
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ecdsa-cert.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# Test a heavily fragmented tls connection
|
||||
|
||||
# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | bro -r - %INPUT
|
||||
# @TEST-EXEC: cat $TRACES/tls/tls-fragmented-handshake.pcap.gz | gunzip | zeek -r - %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests events not covered by other tests
|
||||
|
||||
# @TEST-EXEC: bro -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: zeek -b -r $TRACES/tls/tls-conn-with-extensions.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
@load base/protocols/ssl
|
||||
|
|
|
|||
|
|
@ -1,14 +1,14 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/dhe.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/dhe.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log > ssl-all.log
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/ecdhe.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/ecdhe.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/ssl.v3.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/ssl.v3.trace %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/dtls1_0.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_0.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/dtls1_2.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/dtls1_2.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-all.log
|
||||
# @TEST-EXEC: btest-diff ssl-all.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests a normal OCSP request sent through HTTP GET
|
||||
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-http-get.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ocsp.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests a OCSP request missing response
|
||||
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-only.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
@load files/x509/log-ocsp
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests a pair of normal OCSP request and response
|
||||
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-request-response.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ocsp.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests a normal OCSP response missing request
|
||||
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-response-only.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ocsp.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests OCSP response with revocation
|
||||
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-revoked.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ocsp.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
redef SSL::root_certs += {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp.pcap %INPUT
|
||||
#
|
||||
# The following file contains a tls 1.0 connection with a SCT in a TLS extension.
|
||||
# This is interesting because the digitally-signed struct in TLS 1.0 does not come
|
||||
|
|
@ -7,7 +7,7 @@
|
|||
# uses in the end. So this one does have a Signature/Hash alg, even if the protocol
|
||||
# itself does not carry it in the same struct.
|
||||
#
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/signed_certificate_timestamp_tls1_0.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
# @TEST-EXEC: test ! -f dpd.log
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
|
|
|
|||
|
|
@ -1,2 +1,2 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls-1.2-handshake-failure.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_client_hello(c: connection, version: count, record_version: count, possible_ts: time, client_random: string, session_id: string, ciphers: index_vec, comp_methods: index_vec)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-34-google.trace %INPUT
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-34-google.trace %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/tls-13draft19-early-data.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event ssl_extension_elliptic_curves(c: connection, is_orig: bool, curves: index_vec)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/chrome-63.0.3211.0-canary-tls_experiment.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft23-chrome67.0.3368.0-canary.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
|
||||
# Test that we correctly parse the version out of the extension in an 1.3 connection
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary-aborted.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log > ssl-out.log
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-chrome55.0.2879.0-canary.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01-aborted.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: bro -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/tls13draft16-ff52.a01.pcap %INPUT
|
||||
# @TEST-EXEC: cat ssl.log >> ssl-out.log
|
||||
# @TEST-EXEC: btest-diff ssl-out.log
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
# This tests a normal SSL connection and the log it outputs.
|
||||
|
||||
# @TEST-EXEC: bro -r $TRACES/tls/tls1_1.pcap %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls1_1.pcap %INPUT
|
||||
# @TEST-EXEC: btest-diff ssl.log
|
||||
# @TEST-EXEC: btest-diff x509.log
|
||||
# @TEST-EXEC: test ! -f dpd.log
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event x509_extension(f: fa_file, ext: X509::Extension)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# @TEST-EXEC: bro -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: zeek -r $TRACES/tls/tls1.2.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
event x509_extension(f: fa_file, extension: X509::Extension)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue