Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge remote-tracking branch 'origin/topic/awelzel/fixup-detect-sql-injection-zeekygen-comment'

Browse source 
* origin/topic/awelzel/fixup-detect-sql-injection-zeekygen-comment:
  http/detect-sql-injection: Fix zeekygen comment
  btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled
This commit is contained in:
Arne Welzel 2025-05-21 13:38:46 +02:00
commit 891338194f
6 changed files with 25 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

11
CHANGES
View file

@ -1,3 +1,14 @@
8.0.0-dev.168 | 2025-05-21 13:38:46 +0200
* http/detect-sql-injection: Fix zeekygen comment (Arne Welzel, Corelight)
Discarded extraneous Zeekygen comment: $src field; and always provides a victim IP address in the $dst field.
* btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled (Arne Welzel, Corelight)
There should not be warnings produced. The default ZEEK_DISABLE_ZEEKYGEN=1
setting in the btest configuration hid some issues previously.
8.0.0-dev.164 | 2025-05-20 12:02:09 -0700 8.0.0-dev.164 | 2025-05-20 12:02:09 -0700
* Add extra input files to ftp fuzzer corpus (Tim Wojtulewicz, Corelight) * Add extra input files to ftp fuzzer corpus (Tim Wojtulewicz, Corelight)

2
VERSION
View file

@ -1 +1 @@
8.0.0-dev.164 8.0.0-dev.168

8
scripts/policy/protocols/http/detect-sql-injection.zeek
View file

@ -1,8 +1,8 @@
##! SQL injection attack detection in HTTP. ##! SQL injection attack detection in HTTP.
##!
## The script annotates the notices it generates with an associated $uid ##! The script annotates the notices it generates with an associated $uid
## connection identifier; always provides an attacker IP address in the ##! connection identifier; always provides an attacker IP address in the
## $src field; and always provides a victim IP address in the $dst field. ##! $src field; and always provides a victim IP address in the $dst field.
@load base/frameworks/notice @load base/frameworks/notice
@load base/frameworks/sumstats @load base/frameworks/sumstats

1
testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stderr Normal file
View file

@ -0,0 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

1
testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stdout Normal file
View file

@ -0,0 +1 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.

7
testing/btest/coverage/test-all-policy-zeekygen.test Normal file
View file

@ -0,0 +1,7 @@
# @TEST-DOC: Enable zeekygen and load test-all-policy, baseline stdout and stderr output for warnings or errors.
#
# @TEST-EXEC: unset ZEEK_DISABLE_ZEEKYGEN; zeek %INPUT
# @TEST-EXEC: btest-diff .stdout
# @TEST-EXEC: btest-diff .stderr
@load test-all-policy