Fix typos and formatting in the policy/protocols docs

Also updated a test related to these changes, and adjusted line numbers.
2025-10-02 14:48:21 +00:00 · 2013-10-21 02:32:56 -05:00 · 2013-10-21 02:32:56 -05:00 · 9374a7d584
commit 9374a7d584
parent 24da7ab839
21 changed files with 82 additions and 73 deletions
--- a/doc/scripting/index.rst
+++ b/doc/scripting/index.rst
@ -1222,7 +1222,7 @@ from the connection relative to the behavior that has been observed by
 Bro.  
 .. btest-include:: ${BRO_SRC_ROOT}/scripts/policy/protocols/ssl/expiring-certs.bro
-   :lines: 59-62
+   :lines: 60-63
 In the :doc:`/scripts/policy/protocols/ssl/expiring-certs` script
 which identifies when SSL certificates are set to expire and raises
--- a/scripts/policy/protocols/conn/known-hosts.bro
+++ b/scripts/policy/protocols/conn/known-hosts.bro
@ -15,8 +15,8 @@ export {
 	type HostsInfo: record {
 		## The timestamp at which the host was detected.
 		ts:      time &log;
-		## The address that was detected originating or responding to a TCP 
+		## The address that was detected originating or responding to a
-		## connection.
+		## TCP connection.
 		host:    addr &log;
 	};
--- a/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro
+++ b/scripts/policy/protocols/dhcp/known-devices-and-hostnames.bro
@ -7,7 +7,7 @@ module Known;
 export {
 	redef record DevicesInfo += {
-		## The value of the DHCP host name option, if seen
+		## The value of the DHCP host name option, if seen.
 		dhcp_host_name:	string		&log &optional;
 	};
 }
--- a/scripts/policy/protocols/dns/detect-external-names.bro
+++ b/scripts/policy/protocols/dns/detect-external-names.bro
@ -10,9 +10,9 @@ module DNS;
 export {
 	redef enum Notice::Type += { 
-		## Raised when a non-local name is found to be pointing at a local host.
+		## Raised when a non-local name is found to be pointing at a
-		## :bro:id:`Site::local_zones` variable **must** be set appropriately 
+		## local host.  The :bro:id:`Site::local_zones` variable
-		## for this detection.
+		## **must** be set appropriately for this detection.
 		External_Name,
 		};
 }
--- a/scripts/policy/protocols/ftp/detect-bruteforcing.bro
+++ b/scripts/policy/protocols/ftp/detect-bruteforcing.bro
@ -1,5 +1,5 @@
-##! FTP brute-forcing detector, triggering when too  many rejected usernames or
+##! FTP brute-forcing detector, triggering when too many rejected usernames or
-##! failed passwords have occured from a single address.
+##! failed passwords have occurred from a single address.
@load base/protocols/ftp
@load base/frameworks/sumstats
@ -10,8 +10,8 @@ module FTP;
 export {
 	redef enum Notice::Type += {
-		## Indicates a host bruteforcing FTP logins by watching for too many
+		## Indicates a host bruteforcing FTP logins by watching for too
-		## rejected usernames or failed passwords.
+		## many rejected usernames or failed passwords.
 		Bruteforcing
 	};
--- a/scripts/policy/protocols/http/detect-sqli.bro
+++ b/scripts/policy/protocols/http/detect-sqli.bro
@ -8,10 +8,12 @@ module HTTP;
 export {
 	redef enum Notice::Type += {
-		## Indicates that a host performing SQL injection attacks was detected.
+		## Indicates that a host performing SQL injection attacks was
 		## detected.
 		SQL_Injection_Attacker,
-		## Indicates that a host was seen to have SQL injection attacks against
+		## Indicates that a host was seen to have SQL injection attacks
-		## it.  This is tracked by IP address as opposed to hostname.
+		## against it.  This is tracked by IP address as opposed to
 		## hostname.
 		SQL_Injection_Victim,
 	};
@ -19,9 +21,11 @@ export {
 		## Indicator of a URI based SQL injection attack.
 		URI_SQLI,
 		## Indicator of client body based SQL injection attack.  This is
-		## typically the body content of a POST request. Not implemented yet.
+		## typically the body content of a POST request. Not implemented
 		## yet.
 		POST_SQLI,
-		## Indicator of a cookie based SQL injection attack. Not implemented yet.
+		## Indicator of a cookie based SQL injection attack. Not
 		## implemented yet.
 		COOKIE_SQLI,
 	};
--- a/scripts/policy/protocols/http/header-names.bro
+++ b/scripts/policy/protocols/http/header-names.bro
@ -8,12 +8,12 @@ module HTTP;
 export {
 	redef record Info += {
-		## The vector of HTTP header names sent by the client.  No header 
+		## The vector of HTTP header names sent by the client.  No
-		## values are included here, just the header names.
+		## header values are included here, just the header names.
 		client_header_names:  vector of string &log &optional;
-		## The vector of HTTP header names sent by the server.  No header 
+		## The vector of HTTP header names sent by the server.  No
-		## values are included here, just the header names.
+		## header values are included here, just the header names.
 		server_header_names:  vector of string &log &optional;
 	};
--- a/scripts/policy/protocols/http/var-extraction-cookies.bro
+++ b/scripts/policy/protocols/http/var-extraction-cookies.bro
@ -1,4 +1,4 @@
-##! Extracts and logs variables names from cookies sent by clients.
+##! Extracts and logs variable names from cookies sent by clients.
@load base/protocols/http/main
@load base/protocols/http/utils
--- a/scripts/policy/protocols/http/var-extraction-uri.bro
+++ b/scripts/policy/protocols/http/var-extraction-uri.bro
@ -1,4 +1,4 @@
-##! Extracts and log variables from the requested URI in the default HTTP 
+##! Extracts and logs variables from the requested URI in the default HTTP 
 ##! logging stream.
@load base/protocols/http
--- a/scripts/policy/protocols/modbus/track-memmap.bro
+++ b/scripts/policy/protocols/modbus/track-memmap.bro
@ -15,9 +15,9 @@ export {
 	const track_memmap: Host = ALL_HOSTS &redef;
 	type MemmapInfo: record {
-		## Timestamp for the detected register change
+		## Timestamp for the detected register change.
 		ts:        time     &log;
-		## Unique ID for the connection
+		## Unique ID for the connection.
 		uid:       string   &log;
 		## Connection ID.
 		id:        conn_id  &log;
@ -27,7 +27,8 @@ export {
 		old_val:   count    &log;
 		## The new value stored in the register.
 		new_val:   count    &log;
-		## The time delta between when the 'old_val' and 'new_val' were seen.
+		## The time delta between when the *old_val* and *new_val* were
 		## seen.
 		delta:     interval &log;
 	};
@ -42,8 +43,8 @@ export {
 	## The memory map of slaves is tracked with this variable.
 	global device_registers: table[addr] of Registers;
-	## This event is generated every time a register is seen to be different than
+	## This event is generated every time a register is seen to be different
-	## it was previously seen to be.
+	## than it was previously seen to be.
 	global changed_register: event(c: connection, register: count, old_val: count, new_val: count, delta: interval);
 }
--- a/scripts/policy/protocols/smtp/detect-suspicious-orig.bro
+++ b/scripts/policy/protocols/smtp/detect-suspicious-orig.bro
@ -8,8 +8,8 @@ export {
 		Suspicious_Origination
 	};
-	## Places where it's suspicious for mail to originate from represented as
+	## Places where it's suspicious for mail to originate from represented
-	## all-capital, two character country codes (e.x. US).  It requires 
+	## as all-capital, two character country codes (e.g., US).  It requires 
 	## libGeoIP support built in.
 	const suspicious_origination_countries: set[string] = {} &redef;
 	const suspicious_origination_networks: set[subnet] = {} &redef;
--- a/scripts/policy/protocols/smtp/software.bro
+++ b/scripts/policy/protocols/smtp/software.bro
@ -5,7 +5,7 @@
 ##! TODO:
 ##!
 ##! * Find some heuristic to determine if email was sent through 
-##!   a MS Exhange webmail interface as opposed to a desktop client.
+##!   a MS Exchange webmail interface as opposed to a desktop client.
@load base/frameworks/software/main
@load base/protocols/smtp/main
@ -20,19 +20,19 @@ export {
 	};
 	redef record Info += {
-		## Boolean indicator of if the message was sent through a webmail 
+		## Boolean indicator of if the message was sent through a
-		## interface.
+		## webmail interface.
 		is_webmail: bool &log &default=F;
 	};
-	## Assuming that local mail servers are more trustworthy with the headers 
+	## Assuming that local mail servers are more trustworthy with the
-	## they insert into messages envelopes, this default makes Bro not attempt
+	## headers they insert into message envelopes, this default makes Bro
-	## to detect software in inbound message bodies.  If mail coming in from
+	## not attempt to detect software in inbound message bodies.  If mail
-	## external addresses gives incorrect data in the Received headers, it 
+	## coming in from external addresses gives incorrect data in
-	## could populate your SOFTWARE logging stream with incorrect data.
+	## the Received headers, it could populate your SOFTWARE logging stream
-	## If you would like to detect mail clients for incoming messages 
+	## with incorrect data.  If you would like to detect mail clients for
-	## (network traffic originating from a non-local address), set this
+	## incoming messages (network traffic originating from a non-local
-	## variable to EXTERNAL_HOSTS or ALL_HOSTS.
+	## address), set this variable to EXTERNAL_HOSTS or ALL_HOSTS.
 	const detect_clients_in_messages_from = LOCAL_HOSTS &redef;
 	## A regular expression to match USER-AGENT-like headers to find if a 
--- a/scripts/policy/protocols/ssh/detect-bruteforcing.bro
+++ b/scripts/policy/protocols/ssh/detect-bruteforcing.bro
@ -11,12 +11,12 @@ module SSH;
 export {
 	redef enum Notice::Type += {
 		## Indicates that a host has been identified as crossing the
-		## :bro:id:`SSH::password_guesses_limit` threshold with heuristically
+		## :bro:id:`SSH::password_guesses_limit` threshold with
-		## determined failed logins.
+		## heuristically determined failed logins.
 		Password_Guessing,
-		## Indicates that a host previously identified as a "password guesser"
+		## Indicates that a host previously identified as a "password
-		## has now had a heuristically successful login attempt.  This is not
+		## guesser" has now had a heuristically successful login
-		## currently implemented.
+		## attempt.  This is not currently implemented.
 		Login_By_Password_Guesser,
 	};
@ -29,8 +29,8 @@ export {
 	## guessing passwords.
 	const password_guesses_limit: double = 30 &redef;
-	## The amount of time to remember presumed non-successful logins to build
+	## The amount of time to remember presumed non-successful logins to
-	## model of a password guesser.
+	## build a model of a password guesser.
 	const guessing_timeout = 30 mins &redef;
 	## This value can be used to exclude hosts or entire networks from being
--- a/scripts/policy/protocols/ssh/geo-data.bro
+++ b/scripts/policy/protocols/ssh/geo-data.bro
@ -7,14 +7,15 @@ module SSH;
 export {
 	redef enum Notice::Type += {
-		## If an SSH login is seen to or from a "watched" country based on the
+		## If an SSH login is seen to or from a "watched" country based
-		## :bro:id:`SSH::watched_countries` variable then this notice will
+		## on the :bro:id:`SSH::watched_countries` variable then this
-		## be generated.
+		## notice will be generated.
 		Watched_Country_Login,
 	};
 	redef record Info += {
-		## Add geographic data related to the "remote" host of the connection.
+		## Add geographic data related to the "remote" host of the
 		## connection.
 		remote_location: geo_location &log &optional;
 	};
--- a/scripts/policy/protocols/ssh/interesting-hostnames.bro
+++ b/scripts/policy/protocols/ssh/interesting-hostnames.bro
@ -10,8 +10,8 @@ module SSH;
 export {
 	redef enum Notice::Type += {
-		## Generated if a login originates or responds with a host where the 
+		## Generated if a login originates or responds with a host where
-		## reverse hostname lookup resolves to a name matched by the 
+		## the reverse hostname lookup resolves to a name matched by the
 		## :bro:id:`SSH::interesting_hostnames` regular expression.
 		Interesting_Hostname_Login,
 	};
--- a/scripts/policy/protocols/ssl/expiring-certs.bro
+++ b/scripts/policy/protocols/ssl/expiring-certs.bro
@ -12,13 +12,14 @@ module SSL;
 export {
 	redef enum Notice::Type += {
-		## Indicates that a certificate's NotValidAfter date has lapsed and
+		## Indicates that a certificate's NotValidAfter date has lapsed
-		## the certificate is now invalid.
+		## and the certificate is now invalid.
 		Certificate_Expired,
 		## Indicates that a certificate is going to expire within 
 		## :bro:id:`SSL::notify_when_cert_expiring_in`.
 		Certificate_Expires_Soon,
-		## Indicates that a certificate's NotValidBefore date is future dated.
+		## Indicates that a certificate's NotValidBefore date is future
 		## dated.
 		Certificate_Not_Valid_Yet,
 	};
@ -29,8 +30,8 @@ export {
 	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
 	const notify_certs_expiration = LOCAL_HOSTS &redef;
-	## The time before a certificate is going to expire that you would like to
+	## The time before a certificate is going to expire that you would like
-	## start receiving :bro:enum:`SSL::Certificate_Expires_Soon` notices.
+	## to start receiving :bro:enum:`SSL::Certificate_Expires_Soon` notices.
 	const notify_when_cert_expiring_in = 30days &redef;
 }
--- a/scripts/policy/protocols/ssl/extract-certs-pem.bro
+++ b/scripts/policy/protocols/ssl/extract-certs-pem.bro
@ -5,8 +5,8 @@
 ##! .. note::
 ##!
 ##!     - It doesn't work well on a cluster because each worker will write its
-##!       own certificate files and no duplicate checking is done across
+##!       own certificate files and no duplicate checking is done across the
-##!       clusters so each node would log each certificate.
+##!       cluster so each node would log each certificate.
 ##!
@load base/protocols/ssl
@ -18,7 +18,7 @@ module SSL;
 export {
 	## Control if host certificates offered by the defined hosts
 	## will be written to the PEM certificates file.
-	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
+	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
 	const extract_certs_pem = LOCAL_HOSTS &redef;
 }
--- a/scripts/policy/protocols/ssl/known-certs.bro
+++ b/scripts/policy/protocols/ssl/known-certs.bro
@ -1,4 +1,5 @@
-##! Log information about certificates while attempting to avoid duplicate logging.
+##! Log information about certificates while attempting to avoid duplicate
 ##! logging.
@load base/utils/directions-and-hosts
@load base/protocols/ssl
@ -26,7 +27,7 @@ export {
 	};
 	## The certificates whose existence should be logged and tracked.
-	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS
+	## Choices are: LOCAL_HOSTS, REMOTE_HOSTS, ALL_HOSTS, NO_HOSTS.
 	const cert_tracking = LOCAL_HOSTS &redef;
 	## The set of all known certificates to store for preventing duplicate 
@ -35,7 +36,7 @@ export {
 	## in the set is for storing the DER formatted certificate's MD5 hash.
 	global certs: set[addr, string] &create_expire=1day &synchronized &redef;
-	## Event that can be handled to access the loggable record as it is sent 
+	## Event that can be handled to access the loggable record as it is sent
 	## on to the logging framework.
 	global log_known_certs: event(rec: CertsInfo);
 }
--- a/scripts/policy/protocols/ssl/validate-certs.bro
+++ b/scripts/policy/protocols/ssl/validate-certs.bro
@ -8,8 +8,9 @@ module SSL;
 export {
 	redef enum Notice::Type += {
-		## This notice indicates that the result of validating the certificate
+		## This notice indicates that the result of validating the
-		## along with it's full certificate chain was invalid.
+		## certificate along with its full certificate chain was
 		## invalid.
 		Invalid_Server_Cert
 	};
@ -18,9 +19,9 @@ export {
 		validation_status: string &log &optional;
 	};
-	## MD5 hash values for recently validated certs along with the validation
+	## MD5 hash values for recently validated certs along with the
-	## status message are kept in this table to avoid constant validation 
+	## validation status message are kept in this table to avoid constant
-	## everytime the same certificate is seen.
+	## validation every time the same certificate is seen.
 	global recently_validated_certs: table[string] of string = table() 
 		&read_expire=5mins &synchronized &redef;
 }
--- a/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
+++ b/testing/btest/Baseline/doc.sphinx.include-scripts_policy_protocols_ssh_interesting-hostnames_bro/output
@ -14,8 +14,8 @@ module SSH;
 export {
 	redef enum Notice::Type += {
-		## Generated if a login originates or responds with a host where the 
+		## Generated if a login originates or responds with a host where
-		## reverse hostname lookup resolves to a name matched by the 
+		## the reverse hostname lookup resolves to a name matched by the
 		## :bro:id:`SSH::interesting_hostnames` regular expression.
 		Interesting_Hostname_Login,
 	};
--- a/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
+++ b/testing/btest/doc/sphinx/include-scripts_policy_protocols_ssh_interesting-hostnames_bro.btest
@ -14,8 +14,8 @@ module SSH;
 export {
 	redef enum Notice::Type += {
-		## Generated if a login originates or responds with a host where the 
+		## Generated if a login originates or responds with a host where
-		## reverse hostname lookup resolves to a name matched by the 
+		## the reverse hostname lookup resolves to a name matched by the
 		## :bro:id:`SSH::interesting_hostnames` regular expression.
 		Interesting_Hostname_Login,
 	};