Merge remote-tracking branch 'origin/topic/awelzel/fixup-detect-sql-injection-zeekygen-comment'

* origin/topic/awelzel/fixup-detect-sql-injection-zeekygen-comment: http/detect-sql-injection: Fix zeekygen comment btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled
2025-10-02 14:48:21 +00:00 · 2025-05-21 13:38:46 +02:00 · 2025-05-21 13:38:46 +02:00 · 891338194f
commit 891338194f
parent 7d54a58a76 8d588a10a9
6 changed files with 25 additions and 5 deletions
--- a/11
+++ b/11
@ -1,3 +1,14 @@
+8.0.0-dev.168 | 2025-05-21 13:38:46 +0200
+
+  * http/detect-sql-injection: Fix zeekygen comment (Arne Welzel, Corelight)
+
+        Discarded extraneous Zeekygen comment: $src field; and always provides a victim IP address in the $dst field.
+
+  * btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled (Arne Welzel, Corelight)
+
+    There should not be warnings produced. The default ZEEK_DISABLE_ZEEKYGEN=1
+    setting in the btest configuration hid some issues previously.
+
 8.0.0-dev.164 | 2025-05-20 12:02:09 -0700

  * Add extra input files to ftp fuzzer corpus (Tim Wojtulewicz, Corelight)
--- a/2
+++ b/2
@ -1 +1 @@
-8.0.0-dev.164
+8.0.0-dev.168
--- a/scripts/policy/protocols/http/detect-sql-injection.zeek
+++ b/scripts/policy/protocols/http/detect-sql-injection.zeek
@ -1,8 +1,8 @@
 ##! SQL injection attack detection in HTTP.
-
-## The script annotates the notices it generates with an associated $uid
-## connection identifier; always provides an attacker IP address in the
-## $src field; and always provides a victim IP address in the $dst field.
+##!
+##! The script annotates the notices it generates with an associated $uid
+##! connection identifier; always provides an attacker IP address in the
+##! $src field; and always provides a victim IP address in the $dst field.

@load base/frameworks/notice
@load base/frameworks/sumstats
--- a/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stderr
+++ b/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stderr
@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stdout
+++ b/testing/btest/Baseline/coverage.test-all-policy-zeekygen/.stdout
@ -0,0 +1 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
--- a/testing/btest/coverage/test-all-policy-zeekygen.test
+++ b/testing/btest/coverage/test-all-policy-zeekygen.test
@ -0,0 +1,7 @@
+# @TEST-DOC: Enable zeekygen and load test-all-policy, baseline stdout and stderr output for warnings or errors.
+#
+# @TEST-EXEC: unset ZEEK_DISABLE_ZEEKYGEN; zeek %INPUT
+# @TEST-EXEC: btest-diff .stdout
+# @TEST-EXEC: btest-diff .stderr
+
+@load test-all-policy
				`@ -0,0 +1 @@`
				`### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.`