From 847b16442b819f3e86132f7fec7a966b55078d3e Mon Sep 17 00:00:00 2001 From: Vlad Grigorescu Date: Mon, 1 Jun 2015 20:49:04 -0500 Subject: [PATCH] BIT-1410: Add btest --- .../scripts.base.protocols.smtp.attachment/files.log | 12 ++++++++++++ .../scripts.base.protocols.smtp.attachment/smtp.log | 10 ++++++++++ .../scripts/base/protocols/smtp/attachment.test | 5 +++++ 3 files changed, 27 insertions(+) create mode 100644 testing/btest/Baseline/scripts.base.protocols.smtp.attachment/files.log create mode 100644 testing/btest/Baseline/scripts.base.protocols.smtp.attachment/smtp.log create mode 100644 testing/btest/scripts/base/protocols/smtp/attachment.test diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/files.log b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/files.log new file mode 100644 index 0000000000..7c8015d94b --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/files.log @@ -0,0 +1,12 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path files +#open 2015-06-02-01-46-30 +#fields ts fuid tx_hosts rx_hosts conn_uids source depth analyzers mime_type filename duration local_orig is_orig seen_bytes total_bytes missing_bytes overflow_bytes timedout parent_fuid +#types time string set[addr] set[addr] set[string] string count set[string] string string interval bool bool count count count count bool string +1254722770.692743 Fel9gs4OtNEV6gUJZ5 10.10.1.4 74.53.140.153 CXWv6p3arKYeMETxOg SMTP 3 (empty) text/plain - 0.000000 - T 77 - 0 0 F - +1254722770.692743 Ft4M3f2yMvLlmwtbq9 10.10.1.4 74.53.140.153 CXWv6p3arKYeMETxOg SMTP 4 (empty) text/html - 0.000061 - T 1868 - 0 0 F - +1254722770.692804 FL9Y0d45OI4LpS6fmh 10.10.1.4 74.53.140.153 CXWv6p3arKYeMETxOg SMTP 5 (empty) text/plain NEWS.txt 1.165512 - T 10809 - 0 0 F - +#close 2015-06-02-01-46-31 diff --git a/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/smtp.log b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/smtp.log new file mode 100644 index 0000000000..e82d323f52 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.smtp.attachment/smtp.log @@ -0,0 +1,10 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path smtp +#open 2015-06-02-01-46-30 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth helo mailfrom rcptto date from to reply_to msg_id in_reply_to subject x_originating_ip first_received second_received last_reply path user_agent tls fuids +#types time string addr port addr port count string string set[string] string string set[string] string string string string addr string string string vector[addr] string bool vector[string] +1254722768.219663 CXWv6p3arKYeMETxOg 10.10.1.4 1470 74.53.140.153 25 1 GP Mon, 5 Oct 2009 11:36:07 +0530 "Gurpartap Singh" - <000301ca4581$ef9e57f0$cedb07d0$@in> - SMTP - - - 250 OK id=1Mugho-0003Dg-Un 74.53.140.153,10.10.1.4 Microsoft Office Outlook 12.0 F Fel9gs4OtNEV6gUJZ5,Ft4M3f2yMvLlmwtbq9,FL9Y0d45OI4LpS6fmh +#close 2015-06-02-01-46-31 diff --git a/testing/btest/scripts/base/protocols/smtp/attachment.test b/testing/btest/scripts/base/protocols/smtp/attachment.test new file mode 100644 index 0000000000..49602f00c1 --- /dev/null +++ b/testing/btest/scripts/base/protocols/smtp/attachment.test @@ -0,0 +1,5 @@ +# @TEST-EXEC: bro -b -r $TRACES/smtp.trace %INPUT +# @TEST-EXEC: btest-diff smtp.log +# @TEST-EXEC: btest-diff files.log + +@load base/protocols/smtp