diff --git a/CHANGES b/CHANGES index b68469fc5d..0ae555d788 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,36 @@ +2.0-598 | 2012-06-06 11:47:00 -0700 + + * Add @load-sigs directive for loading signature files (addresses + #551). This can be used to load signatures relative to the current + scripts (e.g., "@load-sigs ./foo.sig"). (Jon Siwek) + + +2.0-596 | 2012-06-06 11:41:00 -0700 + + * Fixes for some BiFs and their documentation. (Daniel Thayer) + + * Many new unit tests for BiFs. (Daniel Thayer) + +2.0-579 | 2012-06-06 11:04:46 -0700 + + * Memory leak fixes for bad usages of VectorVal ctor. (Jon Siwek) + + * Fixed a bug with the MIME analyzer not removing whitespace on + wrapped headers. (Seth Hall) + + * Change Input::update_finished lookup to happen at init time. (Jon Siwek) + + * Fix going through the internal_handler() function which will now + set the event as "used" (i.e. it's marked as being raised + somewhere). Addresses #823. (Jon Siwek) + + * Fix format specifier on RemoteSerializer::Connect. This caused + 32-bit systems to show a warning at compile-time, and fail when + connecting to peers. (Jon Siwek) + + * Fixes for running tests in parallel. (Robin Sommer) + 2.0-571 | 2012-05-30 19:12:43 -0700 * Updating submodule(s). diff --git a/NEWS b/NEWS index fe2d9b452e..83f7c5bc8b 100644 --- a/NEWS +++ b/NEWS @@ -55,6 +55,11 @@ Bro 2.1 of that script, you need to adapt it. See the shipped version for details. +- Signature files can now be loaded via the new "@load-sigs" + directive. In contrast to the existing (and still supported) + signature_files constant, this can be used to load signatures + relative to the current script (e.g., "@load-sigs ./foo.sig"). + TODO: Extend. Bro 2.0 diff --git a/VERSION b/VERSION index b3387dc11b..51a9053b6a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.0-571 +2.0-598 diff --git a/aux/broctl b/aux/broctl index 892b60edb9..589cb04c3d 160000 --- a/aux/broctl +++ b/aux/broctl @@ -1 +1 @@ -Subproject commit 892b60edb967bb456872638f22ba994e84530137 +Subproject commit 589cb04c3d7e28a81aa07454e2b9b6b092f0e1af diff --git a/doc/signatures.rst b/doc/signatures.rst index 7a1b164dbb..f65215eceb 100644 --- a/doc/signatures.rst +++ b/doc/signatures.rst @@ -51,13 +51,18 @@ This script contains a default event handler that raises :bro:enum:`Signatures::Sensitive_Signature` :doc:`Notices ` (as well as others; see the beginning of the script). -As signatures are independent of Bro's policy scripts, they are put -into their own file(s). There are two ways to specify which files -contain signatures: By using the ``-s`` flag when you invoke Bro, or -by extending the Bro variable :bro:id:`signature_files` using the ``+=`` -operator. If a signature file is given without a path, it is searched -along the normal ``BROPATH``. The default extension of the file name -is ``.sig``, and Bro appends that automatically when necessary. +As signatures are independent of Bro's policy scripts, they are put into +their own file(s). There are three ways to specify which files contain +signatures: By using the ``-s`` flag when you invoke Bro, or by +extending the Bro variable :bro:id:`signature_files` using the ``+=`` +operator, or by using the ``@load-sigs`` directive inside a Bro script. +If a signature file is given without a full path, it is searched for +along the normal ``BROPATH``. Additionally, the ``@load-sigs`` +directive can be used to load signature files in a path relative to the +Bro script in which it's placed, e.g. ``@load-sigs ./mysigs.sig`` will +expect that signature file in the same directory as the Bro script. The +default extension of the file name is ``.sig``, and Bro appends that +automatically when necessary. Signature language ================== diff --git a/scripts/base/frameworks/dpd/main.bro b/scripts/base/frameworks/dpd/main.bro index 9eb0b467f8..a5349b6cfb 100644 --- a/scripts/base/frameworks/dpd/main.bro +++ b/scripts/base/frameworks/dpd/main.bro @@ -3,8 +3,7 @@ module DPD; -## Add the DPD signatures to the signature framework. -redef signature_files += "base/frameworks/dpd/dpd.sig"; +@load-sigs ./dpd.sig export { ## Add the DPD logging stream identifier. diff --git a/scripts/base/init-bare.bro b/scripts/base/init-bare.bro index f23a4e9714..a356167cd7 100644 --- a/scripts/base/init-bare.bro +++ b/scripts/base/init-bare.bro @@ -647,7 +647,9 @@ function add_signature_file(sold: string, snew: string): string } ## Signature files to read. Use ``redef signature_files += "foo.sig"`` to -## extend. Signature files will be searched relative to ``BROPATH``. +## extend. Signature files added this way will be searched relative to +## ``BROPATH``. Using the ``@load-sigs`` directive instead is preferred +## since that can search paths relative to the current script. global signature_files = "" &add_func = add_signature_file; ## ``p0f`` fingerprint file to use. Will be searched relative to ``BROPATH``. @@ -996,6 +998,9 @@ type ip6_option: record { data: string; ##< Option data. }; +## A type alias for a vector of IPv6 options. +type ip6_options: vector of ip6_option; + ## Values extracted from an IPv6 Hop-by-Hop options extension header. ## ## .. bro:see:: pkt_hdr ip4_hdr ip6_hdr ip6_ext_hdr ip6_option @@ -1006,7 +1011,7 @@ type ip6_hopopts: record { ## Length of header in 8-octet units, excluding first unit. len: count; ## The TLV encoded options; - options: vector of ip6_option; + options: ip6_options; }; ## Values extracted from an IPv6 Destination options extension header. @@ -1019,7 +1024,7 @@ type ip6_dstopts: record { ## Length of header in 8-octet units, excluding first unit. len: count; ## The TLV encoded options; - options: vector of ip6_option; + options: ip6_options; }; ## Values extracted from an IPv6 Routing extension header. diff --git a/scripts/base/protocols/http/file-ident.bro b/scripts/base/protocols/http/file-ident.bro index f2cb9d19ac..b493f02bf0 100644 --- a/scripts/base/protocols/http/file-ident.bro +++ b/scripts/base/protocols/http/file-ident.bro @@ -6,7 +6,8 @@ @load ./utils # Add the magic number signatures to the core signature set. -redef signature_files += "base/protocols/http/file-ident.sig"; +@load-sigs ./file-ident.sig + # Ignore the signatures used to match files redef Signatures::ignored_ids += /^matchfile-/; diff --git a/scripts/policy/protocols/http/detect-webapps.bro b/scripts/policy/protocols/http/detect-webapps.bro index 796da5c29a..fb805bfd33 100644 --- a/scripts/policy/protocols/http/detect-webapps.bro +++ b/scripts/policy/protocols/http/detect-webapps.bro @@ -4,9 +4,10 @@ @load base/frameworks/software @load base/protocols/http +@load-sigs ./detect-webapps.sig + module HTTP; -redef signature_files += "protocols/http/detect-webapps.sig"; # Ignore the signatures used to match webapps redef Signatures::ignored_ids += /^webapp-/; diff --git a/scripts/site/local.bro b/scripts/site/local.bro index 9681f7a75c..db1a786839 100644 --- a/scripts/site/local.bro +++ b/scripts/site/local.bro @@ -25,7 +25,7 @@ redef Software::vulnerable_versions += { @load frameworks/software/version-changes # This adds signatures to detect cleartext forward and reverse windows shells. -redef signature_files += "frameworks/signatures/detect-windows-shells.sig"; +@load-sigs frameworks/signatures/detect-windows-shells # Uncomment the following line to begin receiving (by default hourly) emails # containing all of your notices. diff --git a/src/IP.cc b/src/IP.cc index 7113c4a678..45afd593a9 100644 --- a/src/IP.cc +++ b/src/IP.cc @@ -36,13 +36,12 @@ static inline RecordType* hdrType(RecordType*& type, const char* name) static VectorVal* BuildOptionsVal(const u_char* data, int len) { - VectorVal* vv = new VectorVal(new VectorType( - hdrType(ip6_option_type, "ip6_option")->Ref())); + VectorVal* vv = new VectorVal(internal_type("ip6_options")->AsVectorType()); while ( len > 0 ) { const struct ip6_opt* opt = (const struct ip6_opt*) data; - RecordVal* rv = new RecordVal(ip6_option_type); + RecordVal* rv = new RecordVal(hdrType(ip6_option_type, "ip6_option")); rv->Assign(0, new Val(opt->ip6o_type, TYPE_COUNT)); if ( opt->ip6o_type == 0 ) @@ -87,8 +86,8 @@ RecordVal* IPv6_Hdr::BuildRecordVal(VectorVal* chain) const rv->Assign(5, new AddrVal(IPAddr(ip6->ip6_src))); rv->Assign(6, new AddrVal(IPAddr(ip6->ip6_dst))); if ( ! chain ) - chain = new VectorVal(new VectorType( - hdrType(ip6_ext_hdr_type, "ip6_ext_hdr")->Ref())); + chain = new VectorVal( + internal_type("ip6_ext_hdr_chain")->AsVectorType()); rv->Assign(7, chain); } break; diff --git a/src/Net.cc b/src/Net.cc index 5bfae2275b..328998b011 100644 --- a/src/Net.cc +++ b/src/Net.cc @@ -69,6 +69,7 @@ PktSrc* current_pktsrc = 0; IOSource* current_iosrc; std::list files_scanned; +std::vector sig_files; RETSIGTYPE watchdog(int /* signo */) { diff --git a/src/Net.h b/src/Net.h index 9e68cc025b..5b959d1688 100644 --- a/src/Net.h +++ b/src/Net.h @@ -111,5 +111,6 @@ struct ScannedFile { }; extern std::list files_scanned; +extern std::vector sig_files; #endif diff --git a/src/Type.cc b/src/Type.cc index d688b15376..caba0c9fa0 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -1467,6 +1467,16 @@ bool VectorType::DoUnserialize(UnserialInfo* info) return yield_type != 0; } +void VectorType::Describe(ODesc* d) const + { + if ( d->IsReadable() ) + d->AddSP("vector of"); + else + d->Add(int(Tag())); + + yield_type->Describe(d); + } + BroType* base_type(TypeTag tag) { static BroType* base_types[NUM_TYPES]; diff --git a/src/Type.h b/src/Type.h index e935ba2267..efe15e6188 100644 --- a/src/Type.h +++ b/src/Type.h @@ -564,6 +564,8 @@ public: // gets using an empty "vector()" constructor. bool IsUnspecifiedVector() const; + void Describe(ODesc* d) const; + protected: VectorType() { yield_type = 0; } diff --git a/src/bro.bif b/src/bro.bif index e1521adee8..b49c88058a 100644 --- a/src/bro.bif +++ b/src/bro.bif @@ -466,17 +466,18 @@ function system%(str: string%): int ## ## str: The command to execute. ## -## env: A :bro:type:`set` or :bro:type:`table` with the environment variables -## in the form of key-value pairs (where the value is optional). +## env: A :bro:type:`table` with the environment variables in the form +## of key-value pairs. Each specified environment variable name +## will be automatically prepended with ``BRO_ARG_``. ## ## Returns: The return value from the OS ``system`` function. ## ## .. bro:see:: system str_shell_escape piped_exec -function system_env%(str: string, env: any%): int +function system_env%(str: string, env: table_string_of_string%): int %{ if ( env->Type()->Tag() != TYPE_TABLE ) { - builtin_error("system_env() requires a table/set argument"); + builtin_error("system_env() requires a table argument"); return new Val(-1, TYPE_INT); } @@ -1422,12 +1423,15 @@ bool indirect_int_sort_function(int a, int b) ## Sorts a vector in place. The second argument is a comparison function that ## takes two arguments: if the vector type is ``vector of T``, then the -## comparison function must be ``function(a: T, b: T): bool``, which returns -## ``a < b`` for some type-specific notion of the less-than operator. +## comparison function must be ``function(a: T, b: T): int``, which returns +## a value less than zero if ``a < b`` for some type-specific notion of the +## less-than operator. The comparison function is optional if the type +## is an integral type (int, count, etc.). ## ## v: The vector instance to sort. ## -## Returns: The original vector. +## Returns: The vector, sorted from minimum to maximum value. If the vector +## could not be sorted, then the original vector is returned instead. ## ## .. bro:see:: order function sort%(v: any, ...%) : any @@ -1494,8 +1498,8 @@ function sort%(v: any, ...%) : any ## .. bro:see:: sort function order%(v: any, ...%) : index_vec %{ - VectorVal* result_v = - new VectorVal(new VectorType(base_type(TYPE_COUNT))); + VectorVal* result_v = new VectorVal( + internal_type("index_vec")->AsVectorType()); if ( v->Type()->Tag() != TYPE_VECTOR ) { @@ -1522,13 +1526,13 @@ function order%(v: any, ...%) : index_vec } if ( ! comp && ! IsIntegral(elt_type->Tag()) ) - builtin_error("comparison function required for sort() with non-integral types"); + builtin_error("comparison function required for order() with non-integral types"); vector& vv = *v->AsVector(); int n = vv.size(); // Set up initial mapping of indices directly to corresponding - // elements. We stay zero-based until after the sorting. + // elements. vector ind_vv(n); index_map = new Val*[n]; int i; @@ -1544,7 +1548,7 @@ function order%(v: any, ...%) : index_vec if ( comp_type->YieldType()->Tag() != TYPE_INT || ! comp_type->ArgTypes()->AllMatch(elt_type, 0) ) { - builtin_error("invalid comparison function in call to sort()"); + builtin_error("invalid comparison function in call to order()"); return v; } @@ -1558,8 +1562,7 @@ function order%(v: any, ...%) : index_vec delete [] index_map; index_map = 0; - // Now spin through ind_vv to read out the rearrangement, - // adjusting indices as we do so. + // Now spin through ind_vv to read out the rearrangement. for ( i = 0; i < n; ++i ) { int ind = ind_vv[i]; @@ -1649,7 +1652,7 @@ function cat_sep%(sep: string, def: string, ...%): string ## ## - ``.``: Precision of floating point specifiers ``[efg]`` (< 128) ## -## - ``A``: Escape NUL bytes, i.e., replace ``0`` with ``\0`` +## - ``A``: Escape only NUL bytes (each one replaced with ``\0``) in a string ## ## - ``[DTdxsefg]``: Format specifier ## @@ -1661,15 +1664,14 @@ function cat_sep%(sep: string, def: string, ...%): string ## - ``x``: Unsigned hexadecimal (using C-style ``%llx``); ## addresses/ports are converted to host-byte order ## -## - ``s``: Escaped string +## - ``s``: String (byte values less than 32 or greater than 126 +## will be escaped) ## ## - ``[efg]``: Double ## -## Returns: Given no arguments, :bro:id:`fmt` returns an empty string. Given a -## non-string first argument, :bro:id:`fmt` returns the concatenation -## of all its arguments, per :bro:id:`cat`. Finally, given the wrong -## number of additional arguments for the given format specifier, -## :bro:id:`fmt` generates a run-time error. +## Returns: Returns the formatted string. Given no arguments, :bro:id:`fmt`. Given +## no format string or the wrong number of additional arguments for the +## given format specifier, :bro:id:`fmt` generates a run-time error. ## ## .. bro:see:: cat cat_sep string_cat cat_string_array cat_string_array_n function fmt%(...%): string @@ -1678,8 +1680,9 @@ function fmt%(...%): string return new StringVal(""); Val* fmt_v = @ARG@[0]; - if ( fmt_v->Type()->Tag() != TYPE_STRING ) - return bro_cat(frame, @ARGS@); + + // Type of fmt_v will be string here, check_built_in_call() in Func.cc + // checks that. const char* fmt = fmt_v->AsString()->CheckString(); ODesc d; @@ -1689,10 +1692,16 @@ function fmt%(...%): string ; if ( n < @ARGC@ - 1 ) + { builtin_error("too many arguments for format", fmt_v); + return new StringVal(""); + } - else if ( n >= @ARGC@ ) + else if ( n >= @ARGC@ ) + { builtin_error("too few arguments for format", fmt_v); + return new StringVal(""); + } BroString* s = new BroString(1, d.TakeBytes(), d.Len()); s->SetUseFreeToDelete(true); @@ -2331,7 +2340,7 @@ function is_v6_addr%(a: addr%): bool ## Returns: The vector of addresses contained in the routing header data. function routing0_data_to_addrs%(s: string%): addr_vec %{ - VectorVal* rval = new VectorVal(new VectorType(base_type(TYPE_ADDR))); + VectorVal* rval = new VectorVal(internal_type("addr_vec")->AsVectorType()); int len = s->Len(); const u_char* bytes = s->Bytes(); @@ -2362,7 +2371,7 @@ function routing0_data_to_addrs%(s: string%): addr_vec ## .. bro:see:: counts_to_addr function addr_to_counts%(a: addr%): index_vec %{ - VectorVal* rval = new VectorVal(new VectorType(base_type(TYPE_COUNT))); + VectorVal* rval = new VectorVal(internal_type("index_vec")->AsVectorType()); const uint32* bytes; int len = a->AsAddr().GetBytes(&bytes); @@ -2670,7 +2679,7 @@ function to_port%(s: string%): port ## ## Returns: The IP address corresponding to *s*. ## -## .. bro:see:: addr_to_ptr_name parse_dotted_addr +## .. bro:see:: addr_to_ptr_name to_addr function ptr_name_to_addr%(s: string%): addr %{ if ( s->Len() != 72 ) @@ -2734,27 +2743,12 @@ function ptr_name_to_addr%(s: string%): addr ## ## Returns: The reverse pointer representation of *a*. ## -## .. bro:see:: ptr_name_to_addr parse_dotted_addr +## .. bro:see:: ptr_name_to_addr to_addr function addr_to_ptr_name%(a: addr%): string %{ return new StringVal(a->AsAddr().PtrName().c_str()); %} -# Transforms n0.n1.n2.n3 -> addr. - -## Converts a decimal dotted IP address in a :bro:type:`string` to an -## :bro:type:`addr` type. -## -## s: The IP address in the form ``n0.n1.n2.n3``. -## -## Returns: The IP address as type :bro:type:`addr`. -## -## .. bro:see:: addr_to_ptr_name parse_dotted_addr -function parse_dotted_addr%(s: string%): addr - %{ - IPAddr a(s->CheckString()); - return new AddrVal(a); - %} %%{ static Val* parse_port(const char* line) @@ -5659,6 +5653,14 @@ function match_signatures%(c: connection, pattern_type: int, s: string, # # =========================================================================== +## Deprecated. Will be removed. +function parse_dotted_addr%(s: string%): addr + %{ + IPAddr a(s->CheckString()); + return new AddrVal(a); + %} + + %%{ #include "Anon.h" %%} diff --git a/src/main.cc b/src/main.cc index 9e9c867714..b1d0a4d723 100644 --- a/src/main.cc +++ b/src/main.cc @@ -838,6 +838,10 @@ int main(int argc, char** argv) if ( *s ) rule_files.append(s); + // Append signature files defined in @load-sigs + for ( size_t i = 0; i < sig_files.size(); ++i ) + rule_files.append(copy_string(sig_files[i].c_str())); + if ( rule_files.length() > 0 ) { rule_matcher = new RuleMatcher(RE_level); diff --git a/src/scan.l b/src/scan.l index 30d521c6bd..645ce659cd 100644 --- a/src/scan.l +++ b/src/scan.l @@ -358,6 +358,22 @@ when return TOK_WHEN; (void) load_files(new_file); } +@load-sigs{WS}{FILE} { + const char* new_sig_file = skip_whitespace(yytext + 10); + const char* full_filename = 0; + FILE* f = search_for_file(new_sig_file, "sig", &full_filename, false, 0); + + if ( f ) + { + sig_files.push_back(full_filename); + fclose(f); + delete [] full_filename; + } + else + reporter->Error("failed to find file associated with @load-sigs %s", + new_sig_file); + } + @unload{WS}{FILE} { // Skip "@unload". const char* new_file = skip_whitespace(yytext + 7); diff --git a/src/strings.bif b/src/strings.bif index 27c11b4013..22e29950ee 100644 --- a/src/strings.bif +++ b/src/strings.bif @@ -175,7 +175,7 @@ function join_string_vec%(vec: string_vec, sep: string%): string if ( i > 0 ) d.Add(sep->CheckString(), 0); - v->Lookup(i+1)->Describe(&d); + v->Lookup(i)->Describe(&d); } BroString* s = new BroString(1, d.TakeBytes(), d.Len()); @@ -875,8 +875,8 @@ function str_split%(s: string, idx: index_vec%): string_vec indices[i] = (*idx_v)[i]->AsCount(); BroString::Vec* result = s->AsString()->Split(indices); - VectorVal* result_v = - new VectorVal(new VectorType(base_type(TYPE_STRING))); + VectorVal* result_v = new VectorVal( + internal_type("string_vec")->AsVectorType()); if ( result ) { diff --git a/testing/btest/Baseline/bifs.all_set/out b/testing/btest/Baseline/bifs.all_set/out new file mode 100644 index 0000000000..ed4964b655 --- /dev/null +++ b/testing/btest/Baseline/bifs.all_set/out @@ -0,0 +1,3 @@ +F +F +T diff --git a/testing/btest/Baseline/bifs.any_set/out b/testing/btest/Baseline/bifs.any_set/out new file mode 100644 index 0000000000..3ea3c39b0d --- /dev/null +++ b/testing/btest/Baseline/bifs.any_set/out @@ -0,0 +1,3 @@ +T +F +F diff --git a/testing/btest/Baseline/bifs.byte_len/out b/testing/btest/Baseline/bifs.byte_len/out new file mode 100644 index 0000000000..b4de394767 --- /dev/null +++ b/testing/btest/Baseline/bifs.byte_len/out @@ -0,0 +1 @@ +11 diff --git a/testing/btest/Baseline/bifs.bytestring_to_hexstr/out b/testing/btest/Baseline/bifs.bytestring_to_hexstr/out new file mode 100644 index 0000000000..241fa43ec3 --- /dev/null +++ b/testing/btest/Baseline/bifs.bytestring_to_hexstr/out @@ -0,0 +1,3 @@ +3034 + +00 diff --git a/testing/btest/Baseline/bifs.cat/out b/testing/btest/Baseline/bifs.cat/out new file mode 100644 index 0000000000..cf73512b88 --- /dev/null +++ b/testing/btest/Baseline/bifs.cat/out @@ -0,0 +1,6 @@ +foo3T + +3T +foo|3|T + +|3|T diff --git a/testing/btest/Baseline/bifs.cat_string_array/out b/testing/btest/Baseline/bifs.cat_string_array/out new file mode 100644 index 0000000000..963f826db9 --- /dev/null +++ b/testing/btest/Baseline/bifs.cat_string_array/out @@ -0,0 +1,3 @@ +isatest +thisisatest +isa diff --git a/testing/btest/Baseline/bifs.clear_table/out b/testing/btest/Baseline/bifs.clear_table/out new file mode 100644 index 0000000000..b261da18d5 --- /dev/null +++ b/testing/btest/Baseline/bifs.clear_table/out @@ -0,0 +1,2 @@ +1 +0 diff --git a/testing/btest/Baseline/bifs.convert_for_pattern/out b/testing/btest/Baseline/bifs.convert_for_pattern/out new file mode 100644 index 0000000000..0de79c0927 --- /dev/null +++ b/testing/btest/Baseline/bifs.convert_for_pattern/out @@ -0,0 +1,3 @@ +foo + +b\[a\-z\]\+ diff --git a/testing/btest/Baseline/bifs.create_file/out b/testing/btest/Baseline/bifs.create_file/out new file mode 100644 index 0000000000..330268ec59 --- /dev/null +++ b/testing/btest/Baseline/bifs.create_file/out @@ -0,0 +1,15 @@ +T +testfile +F +15.0 +T +F +28.0 +-1.0 +15.0 +0.0 +T +15.0 +T +testdir/testfile4 +F diff --git a/testing/btest/Baseline/bifs.create_file/testfile b/testing/btest/Baseline/bifs.create_file/testfile new file mode 100644 index 0000000000..a29421755d --- /dev/null +++ b/testing/btest/Baseline/bifs.create_file/testfile @@ -0,0 +1,2 @@ +This is a test +another test diff --git a/testing/btest/Baseline/bifs.create_file/testfile2 b/testing/btest/Baseline/bifs.create_file/testfile2 new file mode 100644 index 0000000000..eee417f1b9 --- /dev/null +++ b/testing/btest/Baseline/bifs.create_file/testfile2 @@ -0,0 +1 @@ +new text diff --git a/testing/btest/Baseline/bifs.edit/out b/testing/btest/Baseline/bifs.edit/out new file mode 100644 index 0000000000..d8582f9b20 --- /dev/null +++ b/testing/btest/Baseline/bifs.edit/out @@ -0,0 +1 @@ +llo t diff --git a/testing/btest/Baseline/bifs.escape_string/out b/testing/btest/Baseline/bifs.escape_string/out new file mode 100644 index 0000000000..6d79533c61 --- /dev/null +++ b/testing/btest/Baseline/bifs.escape_string/out @@ -0,0 +1,10 @@ +12 +Test \0string +13 +Test \0string +15 +Test \x00string +13 +Test \0string +24 +546573742000737472696e67 diff --git a/testing/btest/Baseline/bifs.exit/out b/testing/btest/Baseline/bifs.exit/out new file mode 100644 index 0000000000..ce01362503 --- /dev/null +++ b/testing/btest/Baseline/bifs.exit/out @@ -0,0 +1 @@ +hello diff --git a/testing/btest/Baseline/bifs.file_mode/out b/testing/btest/Baseline/bifs.file_mode/out new file mode 100644 index 0000000000..0c7b672b5b --- /dev/null +++ b/testing/btest/Baseline/bifs.file_mode/out @@ -0,0 +1,10 @@ +rw-r--r-- +rwxrwxrwx +rwxrwxrwt +rwxr-x--T +rwsr-xr-x +r-S------ +rwxr-sr-x +r--r-S--- +--xr-xrwx +--------- diff --git a/testing/btest/Baseline/bifs.find_all/out b/testing/btest/Baseline/bifs.find_all/out new file mode 100644 index 0000000000..17913c44ed --- /dev/null +++ b/testing/btest/Baseline/bifs.find_all/out @@ -0,0 +1,4 @@ +es +hi +------------------- +0 diff --git a/testing/btest/Baseline/bifs.find_entropy/out b/testing/btest/Baseline/bifs.find_entropy/out new file mode 100644 index 0000000000..08a09de4e4 --- /dev/null +++ b/testing/btest/Baseline/bifs.find_entropy/out @@ -0,0 +1,2 @@ +[entropy=4.715374, chi_square=591.981818, mean=75.472727, monte_carlo_pi=4.0, serial_correlation=-0.11027] +[entropy=2.083189, chi_square=3906.018182, mean=69.054545, monte_carlo_pi=4.0, serial_correlation=0.849402] diff --git a/testing/btest/Baseline/bifs.find_last/out b/testing/btest/Baseline/bifs.find_last/out new file mode 100644 index 0000000000..13eabac948 --- /dev/null +++ b/testing/btest/Baseline/bifs.find_last/out @@ -0,0 +1,3 @@ +es +------------------- +0 diff --git a/testing/btest/Baseline/bifs.fmt/out b/testing/btest/Baseline/bifs.fmt/out new file mode 100644 index 0000000000..2a28bf333a --- /dev/null +++ b/testing/btest/Baseline/bifs.fmt/out @@ -0,0 +1,55 @@ +test +% + +*test * +* test* +* T* +*T * +* 3.14e+00* +*3.14e+00 * +* 3.14* +* 3.1* +* -3.14e+00* +* -3.14* +* -3.1* +*-3.14e+00 * +*-3.14 * +*-3.1 * +* -128* +*-128 * +* 128* +*0000000128* +*128 * +* a0* +*00000000a0* +* a0* +* 160/tcp* +* 127.0.0.1* +* 7f000001* +*192.168.0.0/16* +* ::1* +*fe000000000000000000000000000001* +*fe80:1234::1* +*fe80:1234::/32* +* 3.0 hrs* +*/^?(^foo|bar)$?/* +* Blue* +* [1, 2, 3]* +*{^J^I2,^J^I1,^J^I3^J}* +*{^J^I[2] = bro,^J^I[1] = test^J}* +3.100000e+02 +310.000000 +310 +3.100e+02 +310.000 +310 +310 +2 +3 +4 +2 +2 +6 +2 +2 +6 diff --git a/testing/btest/Baseline/bifs.fmt_ftp_port/out b/testing/btest/Baseline/bifs.fmt_ftp_port/out new file mode 100644 index 0000000000..124878dd48 --- /dev/null +++ b/testing/btest/Baseline/bifs.fmt_ftp_port/out @@ -0,0 +1,2 @@ +192,168,0,2,1,1 + diff --git a/testing/btest/Baseline/bifs.get_port_transport_proto/out b/testing/btest/Baseline/bifs.get_port_transport_proto/out new file mode 100644 index 0000000000..dceddbc0f3 --- /dev/null +++ b/testing/btest/Baseline/bifs.get_port_transport_proto/out @@ -0,0 +1,3 @@ +tcp +udp +icmp diff --git a/testing/btest/Baseline/bifs.getsetenv/out b/testing/btest/Baseline/bifs.getsetenv/out new file mode 100644 index 0000000000..0eabe36713 --- /dev/null +++ b/testing/btest/Baseline/bifs.getsetenv/out @@ -0,0 +1,3 @@ +OK +OK +OK diff --git a/testing/btest/Baseline/bifs.global_ids/out b/testing/btest/Baseline/bifs.global_ids/out new file mode 100644 index 0000000000..415b9ac63d --- /dev/null +++ b/testing/btest/Baseline/bifs.global_ids/out @@ -0,0 +1 @@ +func diff --git a/testing/btest/Baseline/bifs.hexdump/out b/testing/btest/Baseline/bifs.hexdump/out new file mode 100644 index 0000000000..740435f7ea --- /dev/null +++ b/testing/btest/Baseline/bifs.hexdump/out @@ -0,0 +1 @@ +0000 61 62 63 ff 64 65 66 67 68 69 6a 6b 6c 6d 6e 6f abc.defg hijklmno^J0010 70 71 72 73 74 75 76 77 78 79 7a pqrstuvw xyz^J diff --git a/testing/btest/Baseline/bifs.is_ascii/out b/testing/btest/Baseline/bifs.is_ascii/out new file mode 100644 index 0000000000..82d2bc093e --- /dev/null +++ b/testing/btest/Baseline/bifs.is_ascii/out @@ -0,0 +1,2 @@ +F +T diff --git a/testing/btest/Baseline/bifs.is_port/out b/testing/btest/Baseline/bifs.is_port/out new file mode 100644 index 0000000000..0a7c80fc6e --- /dev/null +++ b/testing/btest/Baseline/bifs.is_port/out @@ -0,0 +1,9 @@ +T +F +F +F +T +F +F +F +T diff --git a/testing/btest/Baseline/bifs.join_string/out b/testing/btest/Baseline/bifs.join_string/out new file mode 100644 index 0000000000..f1640a57ee --- /dev/null +++ b/testing/btest/Baseline/bifs.join_string/out @@ -0,0 +1,6 @@ +this * is * a * test +thisisatest +mytest +this__is__another__test +thisisanothertest +Test diff --git a/testing/btest/Baseline/bifs.length/out b/testing/btest/Baseline/bifs.length/out new file mode 100644 index 0000000000..ad43182650 --- /dev/null +++ b/testing/btest/Baseline/bifs.length/out @@ -0,0 +1,6 @@ +1 +4 +2 +0 +0 +0 diff --git a/testing/btest/Baseline/bifs.lookup_ID/out b/testing/btest/Baseline/bifs.lookup_ID/out new file mode 100644 index 0000000000..64b6379deb --- /dev/null +++ b/testing/btest/Baseline/bifs.lookup_ID/out @@ -0,0 +1,5 @@ +bro test + + + +event() diff --git a/testing/btest/Baseline/bifs.lowerupper/out b/testing/btest/Baseline/bifs.lowerupper/out new file mode 100644 index 0000000000..96b69a43c8 --- /dev/null +++ b/testing/btest/Baseline/bifs.lowerupper/out @@ -0,0 +1,2 @@ +this is a test +THIS IS A TEST diff --git a/testing/btest/Baseline/bifs.math/out b/testing/btest/Baseline/bifs.math/out new file mode 100644 index 0000000000..40131d2528 --- /dev/null +++ b/testing/btest/Baseline/bifs.math/out @@ -0,0 +1,8 @@ +3.0 +2.0 +-4.0 +-3.0 +1.772005 +23.103867 +1.144223 +0.49693 diff --git a/testing/btest/Baseline/bifs.md5/output b/testing/btest/Baseline/bifs.md5/output index 71c0fbfcb8..a560286854 100644 --- a/testing/btest/Baseline/bifs.md5/output +++ b/testing/btest/Baseline/bifs.md5/output @@ -2,3 +2,5 @@ f97c5d29941bfb1b2fdab0874906ab82 7b0391feb2e0cd271f1cf39aafb4376f f97c5d29941bfb1b2fdab0874906ab82 7b0391feb2e0cd271f1cf39aafb4376f +571c0a35c7858ad5a0e16b8fdb41adcd +1751cbd623726f423f734e23a8c7ec06 diff --git a/testing/btest/Baseline/bifs.merge_pattern/out b/testing/btest/Baseline/bifs.merge_pattern/out new file mode 100644 index 0000000000..fe8ebc3c01 --- /dev/null +++ b/testing/btest/Baseline/bifs.merge_pattern/out @@ -0,0 +1,2 @@ +match +match diff --git a/testing/btest/Baseline/bifs.order/out b/testing/btest/Baseline/bifs.order/out new file mode 100644 index 0000000000..e77fbd310c --- /dev/null +++ b/testing/btest/Baseline/bifs.order/out @@ -0,0 +1,8 @@ +[5, 2, 8, 3] +[1, 3, 0, 2] +[5.0 hrs, 2.0 days, 1.0 sec, -7.0 mins] +[3, 2, 0, 1] +[192.168.123.200, 10.0.0.157, 192.168.0.3] +[1, 2, 0] +[3.03, 3.01, 3.02, 3.015] +[1, 3, 2, 0] diff --git a/testing/btest/Baseline/bifs.parse_ftp/out b/testing/btest/Baseline/bifs.parse_ftp/out new file mode 100644 index 0000000000..c080d56bdf --- /dev/null +++ b/testing/btest/Baseline/bifs.parse_ftp/out @@ -0,0 +1,5 @@ +[h=192.168.0.2, p=257/tcp, valid=T] +[h=192.168.0.2, p=257/tcp, valid=T] +[h=fe80::12, p=1234/tcp, valid=T] +[h=192.168.0.2, p=257/tcp, valid=T] +[h=::, p=1234/tcp, valid=T] diff --git a/testing/btest/Baseline/bifs.rand/out b/testing/btest/Baseline/bifs.rand/out new file mode 100644 index 0000000000..367833f80a --- /dev/null +++ b/testing/btest/Baseline/bifs.rand/out @@ -0,0 +1,6 @@ +185 +236 +805 +47 +996 +498 diff --git a/testing/btest/Baseline/bifs.raw_bytes_to_v4_addr/out b/testing/btest/Baseline/bifs.raw_bytes_to_v4_addr/out new file mode 100644 index 0000000000..e0424e0e07 --- /dev/null +++ b/testing/btest/Baseline/bifs.raw_bytes_to_v4_addr/out @@ -0,0 +1,2 @@ +65.66.67.68 +0.0.0.0 diff --git a/testing/btest/Baseline/bifs.record_type_to_vector/out b/testing/btest/Baseline/bifs.record_type_to_vector/out new file mode 100644 index 0000000000..1b4fa4baf1 --- /dev/null +++ b/testing/btest/Baseline/bifs.record_type_to_vector/out @@ -0,0 +1 @@ +[, ct, str1] diff --git a/testing/btest/Baseline/bifs.resize/out b/testing/btest/Baseline/bifs.resize/out new file mode 100644 index 0000000000..fcefeaf4df --- /dev/null +++ b/testing/btest/Baseline/bifs.resize/out @@ -0,0 +1,4 @@ +3 +5 +0 +7 diff --git a/testing/btest/Baseline/bifs.rotate_file/out b/testing/btest/Baseline/bifs.rotate_file/out new file mode 100644 index 0000000000..1e833bbae4 --- /dev/null +++ b/testing/btest/Baseline/bifs.rotate_file/out @@ -0,0 +1,3 @@ +file rotated +15.0 +0.0 diff --git a/testing/btest/Baseline/bifs.rotate_file_by_name/out b/testing/btest/Baseline/bifs.rotate_file_by_name/out new file mode 100644 index 0000000000..1e833bbae4 --- /dev/null +++ b/testing/btest/Baseline/bifs.rotate_file_by_name/out @@ -0,0 +1,3 @@ +file rotated +15.0 +0.0 diff --git a/testing/btest/Baseline/bifs.same_object/out b/testing/btest/Baseline/bifs.same_object/out new file mode 100644 index 0000000000..3ea3c39b0d --- /dev/null +++ b/testing/btest/Baseline/bifs.same_object/out @@ -0,0 +1,3 @@ +T +F +F diff --git a/testing/btest/Baseline/bifs.sort/out b/testing/btest/Baseline/bifs.sort/out new file mode 100644 index 0000000000..fed75265b9 --- /dev/null +++ b/testing/btest/Baseline/bifs.sort/out @@ -0,0 +1,16 @@ +[2, 3, 5, 8] +[2, 3, 5, 8] +[-7.0 mins, 1.0 sec, 5.0 hrs, 2.0 days] +[-7.0 mins, 1.0 sec, 5.0 hrs, 2.0 days] +[F, F, T, T] +[F, F, T, T] +[57/tcp, 123/tcp, 7/udp, 500/udp, 12/icmp] +[57/tcp, 123/tcp, 7/udp, 500/udp, 12/icmp] +[3.03, 3.01, 3.02, 3.015] +[3.03, 3.01, 3.02, 3.015] +[192.168.123.200, 10.0.0.157, 192.168.0.3] +[192.168.123.200, 10.0.0.157, 192.168.0.3] +[10.0.0.157, 192.168.0.3, 192.168.123.200] +[10.0.0.157, 192.168.0.3, 192.168.123.200] +[3.01, 3.015, 3.02, 3.03] +[3.01, 3.015, 3.02, 3.03] diff --git a/testing/btest/Baseline/bifs.sort_string_array/out b/testing/btest/Baseline/bifs.sort_string_array/out new file mode 100644 index 0000000000..533844768d --- /dev/null +++ b/testing/btest/Baseline/bifs.sort_string_array/out @@ -0,0 +1,4 @@ +a +is +test +this diff --git a/testing/btest/Baseline/bifs.split/out b/testing/btest/Baseline/bifs.split/out new file mode 100644 index 0000000000..0ec2541f3d --- /dev/null +++ b/testing/btest/Baseline/bifs.split/out @@ -0,0 +1,32 @@ +t +s is a t +t +--------------------- +t +s is a test +--------------------- +t +hi +s is a t +es +t +--------------------- +t +s is a test +--------------------- +t +hi +s is a test +--------------------- +[, thi, s i, s a tes, t] +--------------------- +X-Mailer +Testing Test (http://www.example.com) +--------------------- +A += + B += + C += + D diff --git a/testing/btest/Baseline/bifs.str_shell_escape/out b/testing/btest/Baseline/bifs.str_shell_escape/out new file mode 100644 index 0000000000..1845fefa37 --- /dev/null +++ b/testing/btest/Baseline/bifs.str_shell_escape/out @@ -0,0 +1,4 @@ +24 +echo ${TEST} > "my file" +27 +echo \${TEST} > \"my file\" diff --git a/testing/btest/Baseline/bifs.strcmp/out b/testing/btest/Baseline/bifs.strcmp/out new file mode 100644 index 0000000000..d67491ed75 --- /dev/null +++ b/testing/btest/Baseline/bifs.strcmp/out @@ -0,0 +1,3 @@ +T +T +T diff --git a/testing/btest/Baseline/bifs.string_fill/out b/testing/btest/Baseline/bifs.string_fill/out new file mode 100644 index 0000000000..b15a2d1006 --- /dev/null +++ b/testing/btest/Baseline/bifs.string_fill/out @@ -0,0 +1,3 @@ +*\0* 1 +*t\0* 2 +*test test\0* 10 diff --git a/testing/btest/Baseline/bifs.string_splitting/out b/testing/btest/Baseline/bifs.string_splitting/out deleted file mode 100644 index 8514916834..0000000000 --- a/testing/btest/Baseline/bifs.string_splitting/out +++ /dev/null @@ -1,13 +0,0 @@ -{ -[2] = Testing Test (http://www.example.com), -[1] = X-Mailer -} -{ -[2] = =, -[4] = =, -[6] = =, -[7] = D, -[1] = A , -[5] = C , -[3] = B -} diff --git a/testing/btest/Baseline/bifs.string_to_pattern/out b/testing/btest/Baseline/bifs.string_to_pattern/out new file mode 100644 index 0000000000..2492fbade2 --- /dev/null +++ b/testing/btest/Baseline/bifs.string_to_pattern/out @@ -0,0 +1,6 @@ +/^?(foo)$?/ +/^?()$?/ +/^?(b[a-z]+)$?/ +/^?(foo)$?/ +/^?()$?/ +/^?(b\[a\-z\]\+)$?/ diff --git a/testing/btest/Baseline/bifs.strip/out b/testing/btest/Baseline/bifs.strip/out new file mode 100644 index 0000000000..dc1ca4204c --- /dev/null +++ b/testing/btest/Baseline/bifs.strip/out @@ -0,0 +1,6 @@ +* this is a test * +*this is a test* +** +** +* * +** diff --git a/testing/btest/Baseline/bifs.strstr/out b/testing/btest/Baseline/bifs.strstr/out new file mode 100644 index 0000000000..389e262145 --- /dev/null +++ b/testing/btest/Baseline/bifs.strstr/out @@ -0,0 +1,2 @@ +2 +0 diff --git a/testing/btest/Baseline/bifs.sub/out b/testing/btest/Baseline/bifs.sub/out new file mode 100644 index 0000000000..d8860ac5f8 --- /dev/null +++ b/testing/btest/Baseline/bifs.sub/out @@ -0,0 +1,2 @@ +that is a test +that at a test diff --git a/testing/btest/Baseline/bifs.subst_string/out b/testing/btest/Baseline/bifs.subst_string/out new file mode 100644 index 0000000000..be3c92a20b --- /dev/null +++ b/testing/btest/Baseline/bifs.subst_string/out @@ -0,0 +1 @@ +that at another test diff --git a/testing/btest/Baseline/bifs.system/out b/testing/btest/Baseline/bifs.system/out new file mode 100644 index 0000000000..ae782e3280 --- /dev/null +++ b/testing/btest/Baseline/bifs.system/out @@ -0,0 +1 @@ +thistest diff --git a/testing/btest/Baseline/bifs.system_env/testfile b/testing/btest/Baseline/bifs.system_env/testfile new file mode 100644 index 0000000000..31e0fce560 --- /dev/null +++ b/testing/btest/Baseline/bifs.system_env/testfile @@ -0,0 +1 @@ +helloworld diff --git a/testing/btest/Baseline/bifs.to_count/out b/testing/btest/Baseline/bifs.to_count/out new file mode 100644 index 0000000000..a283cbaed3 --- /dev/null +++ b/testing/btest/Baseline/bifs.to_count/out @@ -0,0 +1,9 @@ +0 +2 +3 +4 +7 +0 +18446744073709551611 +0 +123 diff --git a/testing/btest/Baseline/bifs.to_double/out b/testing/btest/Baseline/bifs.to_double/out new file mode 100644 index 0000000000..8c2fef496a --- /dev/null +++ b/testing/btest/Baseline/bifs.to_double/out @@ -0,0 +1,6 @@ +0.000001 +1.0 +-60.0 +3600.0 +86400.0 +1337982322.762159 diff --git a/testing/btest/Baseline/bifs.to_int/out b/testing/btest/Baseline/bifs.to_int/out new file mode 100644 index 0000000000..cde0c82987 --- /dev/null +++ b/testing/btest/Baseline/bifs.to_int/out @@ -0,0 +1,3 @@ +1 +-1 +0 diff --git a/testing/btest/Baseline/bifs.to_interval/out b/testing/btest/Baseline/bifs.to_interval/out new file mode 100644 index 0000000000..d841f8d99a --- /dev/null +++ b/testing/btest/Baseline/bifs.to_interval/out @@ -0,0 +1,2 @@ +1234563.14 +-1234563.14 diff --git a/testing/btest/Baseline/bifs.to_port/out b/testing/btest/Baseline/bifs.to_port/out new file mode 100644 index 0000000000..79796d605e --- /dev/null +++ b/testing/btest/Baseline/bifs.to_port/out @@ -0,0 +1,7 @@ +123/tcp +123/udp +123/icmp +0/unknown +256/tcp +256/udp +256/icmp diff --git a/testing/btest/Baseline/bifs.to_time/out b/testing/btest/Baseline/bifs.to_time/out new file mode 100644 index 0000000000..d841f8d99a --- /dev/null +++ b/testing/btest/Baseline/bifs.to_time/out @@ -0,0 +1,2 @@ +1234563.14 +-1234563.14 diff --git a/testing/btest/Baseline/bifs.type_name/out b/testing/btest/Baseline/bifs.type_name/out new file mode 100644 index 0000000000..30be3b49b2 --- /dev/null +++ b/testing/btest/Baseline/bifs.type_name/out @@ -0,0 +1,26 @@ +string +count +int +double +bool +time +interval +pattern +enum +port +addr +addr +subnet +subnet +vector of count +vector of table[count] of string +set[count] +set[port,string] +table[count] of string +table[string] of table[addr,port] of string +record { c:count; s:string; } +function(aa:int; bb:int;) : bool +function() : any +function() : void +file of string +event() diff --git a/testing/btest/Baseline/bifs.uuid_to_string/out b/testing/btest/Baseline/bifs.uuid_to_string/out new file mode 100644 index 0000000000..8ea4f86dae --- /dev/null +++ b/testing/btest/Baseline/bifs.uuid_to_string/out @@ -0,0 +1,2 @@ +626180fe-6463-6665-6730-313233343536 + diff --git a/testing/btest/Baseline/bifs.val_size/out b/testing/btest/Baseline/bifs.val_size/out new file mode 100644 index 0000000000..16b548f269 --- /dev/null +++ b/testing/btest/Baseline/bifs.val_size/out @@ -0,0 +1,2 @@ +72 +72 diff --git a/testing/btest/Baseline/core.leaks.ipv6_ext_headers/output b/testing/btest/Baseline/core.leaks.ipv6_ext_headers/output new file mode 100644 index 0000000000..5c2177718c --- /dev/null +++ b/testing/btest/Baseline/core.leaks.ipv6_ext_headers/output @@ -0,0 +1,4 @@ +weird routing0_hdr from 2001:4f8:4:7:2e0:81ff:fe52:ffff to 2001:78:1:32::2 +[orig_h=2001:4f8:4:7:2e0:81ff:fe52:ffff, orig_p=53/udp, resp_h=2001:78:1:32::2, resp_p=53/udp] +[ip=, ip6=[class=0, flow=0, len=59, nxt=0, hlim=64, src=2001:4f8:4:7:2e0:81ff:fe52:ffff, dst=2001:4f8:4:7:2e0:81ff:fe52:9a6b, exts=[[id=0, hopopts=[nxt=43, len=0, options=[[otype=1, len=4, data=\0\0\0\0]]], dstopts=, routing=, fragment=, ah=, esp=, mobility=], [id=43, hopopts=, dstopts=, routing=[nxt=17, len=4, rtype=0, segleft=2, data=\0\0\0\0 ^A\0x\0^A\02\0\0\0\0\0\0\0^A ^A\0x\0^A\02\0\0\0\0\0\0\0^B], fragment=, ah=, esp=, mobility=]]], tcp=, udp=[sport=53/udp, dport=53/udp, ulen=11], icmp=] +[2001:78:1:32::1, 2001:78:1:32::2] diff --git a/testing/btest/Baseline/core.leaks.vector-val-bifs/output b/testing/btest/Baseline/core.leaks.vector-val-bifs/output new file mode 100644 index 0000000000..4a57d29a71 --- /dev/null +++ b/testing/btest/Baseline/core.leaks.vector-val-bifs/output @@ -0,0 +1,10 @@ +[1, 3, 0, 2] +[2374950123] +[1, 3, 0, 2] +[2374950123] +[1, 3, 0, 2] +[2374950123] +[1, 3, 0, 2] +[3353991673] +[1, 3, 0, 2] +[3353991673] diff --git a/testing/btest/Baseline/core.load-sigs/output b/testing/btest/Baseline/core.load-sigs/output new file mode 100644 index 0000000000..2a22b47ad4 --- /dev/null +++ b/testing/btest/Baseline/core.load-sigs/output @@ -0,0 +1,3 @@ +[orig_h=141.142.220.118, orig_p=35642/tcp, resp_h=208.80.152.2, resp_p=80/tcp] +works +GET /images/wikimedia-button.png HTTP/1.1^M^JHost: meta.wikimedia.org^M^JUser-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.15) Geck... diff --git a/testing/btest/bifs/all_set.bro b/testing/btest/bifs/all_set.bro new file mode 100644 index 0000000000..31544eb31e --- /dev/null +++ b/testing/btest/bifs/all_set.bro @@ -0,0 +1,15 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = vector( T, F, T ); + print all_set(a); + + local b = vector(); + print all_set(b); + + local c = vector( T ); + print all_set(c); + } diff --git a/testing/btest/bifs/any_set.bro b/testing/btest/bifs/any_set.bro new file mode 100644 index 0000000000..5fe046cdf4 --- /dev/null +++ b/testing/btest/bifs/any_set.bro @@ -0,0 +1,15 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = vector( F, T, F ); + print any_set(a); + + local b = vector(); + print any_set(b); + + local c = vector( F ); + print any_set(c); + } diff --git a/testing/btest/bifs/byte_len.bro b/testing/btest/bifs/byte_len.bro new file mode 100644 index 0000000000..25191fd173 --- /dev/null +++ b/testing/btest/bifs/byte_len.bro @@ -0,0 +1,10 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "hello\0there"; + + print byte_len(a); + } diff --git a/testing/btest/bifs/bytestring_to_hexstr.bro b/testing/btest/bifs/bytestring_to_hexstr.bro new file mode 100644 index 0000000000..976a4ccf71 --- /dev/null +++ b/testing/btest/bifs/bytestring_to_hexstr.bro @@ -0,0 +1,10 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print bytestring_to_hexstr("04"); + print bytestring_to_hexstr(""); + print bytestring_to_hexstr("\0"); + } diff --git a/testing/btest/bifs/cat.bro b/testing/btest/bifs/cat.bro new file mode 100644 index 0000000000..b85b3af550 --- /dev/null +++ b/testing/btest/bifs/cat.bro @@ -0,0 +1,22 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "foo"; + local b = 3; + local c = T; + + print cat(a, b, c); + + print cat(); + + print cat("", 3, T); + + print cat_sep("|", "", a, b, c); + + print cat_sep("|", ""); + + print cat_sep("|", "", "", b, c); + } diff --git a/testing/btest/bifs/cat_string_array.bro b/testing/btest/bifs/cat_string_array.bro new file mode 100644 index 0000000000..d2c2242411 --- /dev/null +++ b/testing/btest/bifs/cat_string_array.bro @@ -0,0 +1,14 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a: string_array = { + [0] = "this", [1] = "is", [2] = "a", [3] = "test" + }; + + print cat_string_array(a); + print cat_string_array_n(a, 0, |a|-1); + print cat_string_array_n(a, 1, 2); + } diff --git a/testing/btest/bifs/clear_table.bro b/testing/btest/bifs/clear_table.bro new file mode 100644 index 0000000000..94779285af --- /dev/null +++ b/testing/btest/bifs/clear_table.bro @@ -0,0 +1,14 @@ +# +# @TEST-EXEC: bro %INPUT > out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local mytable: table[string] of string = { ["key1"] = "val1" }; + + print |mytable|; + + clear_table(mytable); + + print |mytable|; + } diff --git a/testing/btest/bifs/convert_for_pattern.bro b/testing/btest/bifs/convert_for_pattern.bro new file mode 100644 index 0000000000..11533cd49b --- /dev/null +++ b/testing/btest/bifs/convert_for_pattern.bro @@ -0,0 +1,10 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print convert_for_pattern("foo"); + print convert_for_pattern(""); + print convert_for_pattern("b[a-z]+"); + } diff --git a/testing/btest/bifs/create_file.bro b/testing/btest/bifs/create_file.bro new file mode 100644 index 0000000000..8f3d6cfdcd --- /dev/null +++ b/testing/btest/bifs/create_file.bro @@ -0,0 +1,65 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: btest-diff testfile +# @TEST-EXEC: btest-diff testfile2 +# @TEST-EXEC: test -f testdir/testfile4 + +event bro_init() + { + # Test that creating a file works as expected + local a = open("testfile"); + print active_file(a); + print get_file_name(a); + write_file(a, "This is a test\n"); + close(a); + + print active_file(a); + print file_size("testfile"); + + # Test that "open_for_append" doesn't overwrite an existing file + a = open_for_append("testfile"); + print active_file(a); + write_file(a, "another test\n"); + close(a); + + print active_file(a); + print file_size("testfile"); + + # This should fail + print file_size("doesnotexist"); + + # Test that "open" overwrites existing file + a = open("testfile2"); + write_file(a, "this will be overwritten\n"); + close(a); + a = open("testfile2"); + write_file(a, "new text\n"); + close(a); + + # Test that set_buf and flush_all work correctly + a = open("testfile3"); + set_buf(a, F); + write_file(a, "This is a test\n"); + print file_size("testfile3"); + close(a); + a = open("testfile3"); + set_buf(a, T); + write_file(a, "This is a test\n"); + print file_size("testfile3"); + print flush_all(); + print file_size("testfile3"); + close(a); + + # Create a new directory + print mkdir("testdir"); + + # Create a file in the new directory + a = open("testdir/testfile4"); + print get_file_name(a); + write_file(a, "This is a test\n"); + close(a); + + # This should fail + print mkdir("/thisdoesnotexist/dir"); + } diff --git a/testing/btest/bifs/edit.bro b/testing/btest/bifs/edit.bro new file mode 100644 index 0000000000..c9a73d17f1 --- /dev/null +++ b/testing/btest/bifs/edit.bro @@ -0,0 +1,10 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "hello there"; + + print edit(a, "e"); + } diff --git a/testing/btest/bifs/escape_string.bro b/testing/btest/bifs/escape_string.bro new file mode 100644 index 0000000000..92b7b535d8 --- /dev/null +++ b/testing/btest/bifs/escape_string.bro @@ -0,0 +1,27 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "Test \0string"; + + print |a|; + print a; + + local b = clean(a); + print |b|; + print b; + + local c = to_string_literal(a); + print |c|; + print c; + + local d = escape_string(a); + print |d|; + print d; + + local e = string_to_ascii_hex(a); + print |e|; + print e; + } diff --git a/testing/btest/bifs/exit.bro b/testing/btest/bifs/exit.bro new file mode 100644 index 0000000000..e551144caa --- /dev/null +++ b/testing/btest/bifs/exit.bro @@ -0,0 +1,9 @@ +# +# @TEST-EXEC: bro %INPUT >out || test $? -eq 7 +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print "hello"; + exit(7); + } diff --git a/testing/btest/bifs/file_mode.bro b/testing/btest/bifs/file_mode.bro new file mode 100644 index 0000000000..c63a2fa188 --- /dev/null +++ b/testing/btest/bifs/file_mode.bro @@ -0,0 +1,36 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 420; # octal: 0644 + print file_mode(a); + + a = 511; # octal: 0777 + print file_mode(a); + + a = 1023; # octal: 01777 + print file_mode(a); + + a = 1000; # octal: 01750 + print file_mode(a); + + a = 2541; # octal: 04755 + print file_mode(a); + + a = 2304; # octal: 04400 + print file_mode(a); + + a = 1517; # octal: 02755 + print file_mode(a); + + a = 1312; # octal: 02440 + print file_mode(a); + + a = 111; # octal: 0157 + print file_mode(a); + + a = 0; + print file_mode(a); + } diff --git a/testing/btest/bifs/find_all.bro b/testing/btest/bifs/find_all.bro new file mode 100644 index 0000000000..edf3530c8a --- /dev/null +++ b/testing/btest/bifs/find_all.bro @@ -0,0 +1,18 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is a test"; + local pat = /hi|es/; + local pat2 = /aa|bb/; + + local b = find_all(a, pat); + local b2 = find_all(a, pat2); + + for (i in b) + print i; + print "-------------------"; + print |b2|; + } diff --git a/testing/btest/bifs/find_entropy.bro b/testing/btest/bifs/find_entropy.bro new file mode 100644 index 0000000000..24f1c0ed84 --- /dev/null +++ b/testing/btest/bifs/find_entropy.bro @@ -0,0 +1,13 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "dh3Hie02uh^s#Sdf9L3frd243h$d78r2G4cM6*Q05d(7rh46f!0|4-f"; + local b = "0011000aaabbbbcccc000011111000000000aaaabbbbcccc0000000"; + + print find_entropy(a); + + print find_entropy(b); + } diff --git a/testing/btest/bifs/find_last.bro b/testing/btest/bifs/find_last.bro new file mode 100644 index 0000000000..b1a567f73a --- /dev/null +++ b/testing/btest/bifs/find_last.bro @@ -0,0 +1,17 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is a test"; + local pat = /hi|es/; + local pat2 = /aa|bb/; + + local b = find_last(a, pat); + local b2 = find_last(a, pat2); + + print b; + print "-------------------"; + print |b2|; + } diff --git a/testing/btest/bifs/fmt.bro b/testing/btest/bifs/fmt.bro new file mode 100644 index 0000000000..53b5f2235d --- /dev/null +++ b/testing/btest/bifs/fmt.bro @@ -0,0 +1,90 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +type color: enum { Red, Blue }; + +event bro_init() + { + local a = Blue; + local b = vector( 1, 2, 3); + local c = set( 1, 2, 3); + local d: table[count] of string = { [1] = "test", [2] = "bro" }; + + # tests with only a format string (no additional args) + print fmt("test"); + print fmt("%%"); + + # no arguments + print fmt(); + + # tests of various data types with field width specified + print fmt("*%-10s*", "test"); + print fmt("*%10s*", "test"); + print fmt("*%10s*", T); + print fmt("*%-10s*", T); + print fmt("*%10.2e*", 3.14159265); + print fmt("*%-10.2e*", 3.14159265); + print fmt("*%10.2f*", 3.14159265); + print fmt("*%10.2g*", 3.14159265); + print fmt("*%10.2e*", -3.14159265); + print fmt("*%10.2f*", -3.14159265); + print fmt("*%10.2g*", -3.14159265); + print fmt("*%-10.2e*", -3.14159265); + print fmt("*%-10.2f*", -3.14159265); + print fmt("*%-10.2g*", -3.14159265); + print fmt("*%10d*", -128); + print fmt("*%-10d*", -128); + print fmt("*%10d*", 128); + print fmt("*%010d*", 128); + print fmt("*%-10d*", 128); + print fmt("*%10x*", 160); + print fmt("*%010x*", 160); + print fmt("*%10x*", 160/tcp); + print fmt("*%10s*", 160/tcp); + print fmt("*%10s*", 127.0.0.1); + print fmt("*%10x*", 127.0.0.1); + print fmt("*%10s*", 192.168.0.0/16); + print fmt("*%10s*", [::1]); + print fmt("*%10x*", [fe00::1]); + print fmt("*%10s*", [fe80:1234::1]); + print fmt("*%10s*", [fe80:1234::]/32); + print fmt("*%10s*", 3hr); + print fmt("*%10s*", /^foo|bar/); + print fmt("*%10s*", a); + print fmt("*%10s*", b); + print fmt("*%10s*", c); + print fmt("*%10s*", d); + + # tests of various data types without field width + print fmt("%e", 3.1e+2); + print fmt("%f", 3.1e+2); + print fmt("%g", 3.1e+2); + print fmt("%.3e", 3.1e+2); + print fmt("%.3f", 3.1e+2); + print fmt("%.3g", 3.1e+2); + print fmt("%.7g", 3.1e+2); + + # Tests comparing "%As" and "%s" (the string length is printed instead + # of the string itself because the print command does its own escaping) + local s0 = "\x00\x07"; + local s1 = fmt("%As", s0); # expands \x00 to "\0" + local s2 = fmt("%s", s0); # expands \x00 to "\0", and \x07 to "^G" + print |s0|; + print |s1|; + print |s2|; + + s0 = "\x07\x1f"; + s1 = fmt("%As", s0); + s2 = fmt("%s", s0); # expands \x07 to "^G", and \x1f to "\x1f" + print |s0|; + print |s1|; + print |s2|; + + s0 = "\x7f\xff"; + s1 = fmt("%As", s0); + s2 = fmt("%s", s0); # expands \x7f to "^?", and \xff to "\xff" + print |s0|; + print |s1|; + print |s2|; + } diff --git a/testing/btest/bifs/fmt_ftp_port.bro b/testing/btest/bifs/fmt_ftp_port.bro new file mode 100644 index 0000000000..09ec5369e2 --- /dev/null +++ b/testing/btest/bifs/fmt_ftp_port.bro @@ -0,0 +1,13 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 192.168.0.2; + local b = 257/tcp; + print fmt_ftp_port(a, b); + + a = [fe80::1234]; + print fmt_ftp_port(a, b); + } diff --git a/testing/btest/bifs/get_port_transport_proto.bro b/testing/btest/bifs/get_port_transport_proto.bro new file mode 100644 index 0000000000..c9b5e626ec --- /dev/null +++ b/testing/btest/bifs/get_port_transport_proto.bro @@ -0,0 +1,13 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 123/tcp; + local b = 123/udp; + local c = 123/icmp; + print get_port_transport_proto(a); + print get_port_transport_proto(b); + print get_port_transport_proto(c); + } diff --git a/testing/btest/bifs/getsetenv.bro b/testing/btest/bifs/getsetenv.bro new file mode 100644 index 0000000000..b4ee9a0931 --- /dev/null +++ b/testing/btest/bifs/getsetenv.bro @@ -0,0 +1,20 @@ +# +# @TEST-EXEC: TESTBRO=testvalue bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = getenv("NOTDEFINED"); + local b = getenv("TESTBRO"); + if ( |a| == 0 ) + print "OK"; + if ( b == "testvalue" ) + print "OK"; + + if ( setenv("NOTDEFINED", "now defined" ) == T ) + { + if ( getenv("NOTDEFINED") == "now defined" ) + print "OK"; + } + + } diff --git a/testing/btest/bifs/global_ids.bro b/testing/btest/bifs/global_ids.bro new file mode 100644 index 0000000000..65f8944ed4 --- /dev/null +++ b/testing/btest/bifs/global_ids.bro @@ -0,0 +1,16 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = global_ids(); + for ( i in a ) + { + # the table is quite large, so just print one item we expect + if ( i == "bro_init" ) + print a[i]$type_name; + + } + + } diff --git a/testing/btest/bifs/hexdump.bro b/testing/btest/bifs/hexdump.bro new file mode 100644 index 0000000000..4c248efb77 --- /dev/null +++ b/testing/btest/bifs/hexdump.bro @@ -0,0 +1,10 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "abc\xffdefghijklmnopqrstuvwxyz"; + + print hexdump(a); + } diff --git a/testing/btest/bifs/is_ascii.bro b/testing/btest/bifs/is_ascii.bro new file mode 100644 index 0000000000..4d1daf96b4 --- /dev/null +++ b/testing/btest/bifs/is_ascii.bro @@ -0,0 +1,12 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is a test\xfe"; + local b = "this is a test\x7f"; + + print is_ascii(a); + print is_ascii(b); + } diff --git a/testing/btest/bifs/is_port.bro b/testing/btest/bifs/is_port.bro new file mode 100644 index 0000000000..fe2c3f7c35 --- /dev/null +++ b/testing/btest/bifs/is_port.bro @@ -0,0 +1,22 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 123/tcp; + local b = 123/udp; + local c = 123/icmp; + + print is_tcp_port(a); + print is_tcp_port(b); + print is_tcp_port(c); + + print is_udp_port(a); + print is_udp_port(b); + print is_udp_port(c); + + print is_icmp_port(a); + print is_icmp_port(b); + print is_icmp_port(c); + } diff --git a/testing/btest/bifs/join_string.bro b/testing/btest/bifs/join_string.bro new file mode 100644 index 0000000000..16222d6303 --- /dev/null +++ b/testing/btest/bifs/join_string.bro @@ -0,0 +1,21 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a: string_array = { + [1] = "this", [2] = "is", [3] = "a", [4] = "test" + }; + local b: string_array = { [1] = "mytest" }; + local c: string_vec = vector( "this", "is", "another", "test" ); + local d: string_vec = vector( "Test" ); + + print join_string_array(" * ", a); + print join_string_array("", a); + print join_string_array("x", b); + + print join_string_vec(c, "__"); + print join_string_vec(c, ""); + print join_string_vec(d, "-"); + } diff --git a/testing/btest/bifs/length.bro b/testing/btest/bifs/length.bro new file mode 100644 index 0000000000..335223c124 --- /dev/null +++ b/testing/btest/bifs/length.bro @@ -0,0 +1,22 @@ +# +# @TEST-EXEC: bro %INPUT > out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local mytable: table[string] of string = { ["key1"] = "val1" }; + local myset: set[count] = set( 3, 6, 2, 7 ); + local myvec: vector of string = vector( "value1", "value2" ); + + print length(mytable); + print length(myset); + print length(myvec); + + mytable = table(); + myset = set(); + myvec = vector(); + + print length(mytable); + print length(myset); + print length(myvec); + } diff --git a/testing/btest/bifs/lookup_ID.bro b/testing/btest/bifs/lookup_ID.bro new file mode 100644 index 0000000000..b8a29ef41f --- /dev/null +++ b/testing/btest/bifs/lookup_ID.bro @@ -0,0 +1,16 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +global a = "bro test"; + +event bro_init() + { + local b = "local value"; + + print lookup_ID("a"); + print lookup_ID(""); + print lookup_ID("xyz"); + print lookup_ID("b"); + print type_name( lookup_ID("bro_init") ); + } diff --git a/testing/btest/bifs/lowerupper.bro b/testing/btest/bifs/lowerupper.bro new file mode 100644 index 0000000000..fcfdcde319 --- /dev/null +++ b/testing/btest/bifs/lowerupper.bro @@ -0,0 +1,11 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is a Test"; + + print to_lower(a); + print to_upper(a); + } diff --git a/testing/btest/bifs/math.bro b/testing/btest/bifs/math.bro new file mode 100644 index 0000000000..90aed5b4e6 --- /dev/null +++ b/testing/btest/bifs/math.bro @@ -0,0 +1,24 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 3.14; + local b = 2.71; + local c = -3.14; + local d = -2.71; + + print floor(a); + print floor(b); + print floor(c); + print floor(d); + + print sqrt(a); + + print exp(a); + + print ln(a); + + print log10(a); + } diff --git a/testing/btest/bifs/md5.test b/testing/btest/bifs/md5.test index 2632d76cb4..5a9715edf1 100644 --- a/testing/btest/bifs/md5.test +++ b/testing/btest/bifs/md5.test @@ -14,3 +14,6 @@ md5_hash_update("b", "three"); print md5_hash_finish("a"); print md5_hash_finish("b"); + +print md5_hmac("one"); +print md5_hmac("one", "two", "three"); diff --git a/testing/btest/bifs/merge_pattern.bro b/testing/btest/bifs/merge_pattern.bro new file mode 100644 index 0000000000..b447f9a15b --- /dev/null +++ b/testing/btest/bifs/merge_pattern.bro @@ -0,0 +1,17 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = /foo/; + local b = /b[a-z]+/; + local c = merge_pattern(a, b); + + if ( "bar" == c ) + print "match"; + + if ( "foo" == c ) + print "match"; + + } diff --git a/testing/btest/bifs/order.bro b/testing/btest/bifs/order.bro new file mode 100644 index 0000000000..5f3260ee3f --- /dev/null +++ b/testing/btest/bifs/order.bro @@ -0,0 +1,50 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +function myfunc1(a: addr, b: addr): int + { + local x = addr_to_counts(a); + local y = addr_to_counts(b); + if (x[0] < y[0]) + return -1; + else + return 1; + } + +function myfunc2(a: double, b: double): int + { + if (a < b) + return -1; + else + return 1; + } + +event bro_init() + { + # TODO: these results don't make sense + + # Tests without supplying a comparison function + + local a1 = vector( 5, 2, 8, 3 ); + local b1 = order(a1); + print a1; + print b1; + + local a2: vector of interval = vector( 5hr, 2days, 1sec, -7min ); + local b2 = order(a2); + print a2; + print b2; + + # Tests with a comparison function + + local c1: vector of addr = vector( 192.168.123.200, 10.0.0.157, 192.168.0.3 ); + local d1 = order(c1, myfunc1); + print c1; + print d1; + + local c2: vector of double = vector( 3.03, 3.01, 3.02, 3.015 ); + local d2 = order(c2, myfunc2); + print c2; + print d2; + } diff --git a/testing/btest/bifs/parse_ftp.bro b/testing/btest/bifs/parse_ftp.bro new file mode 100644 index 0000000000..ffdc941b4b --- /dev/null +++ b/testing/btest/bifs/parse_ftp.bro @@ -0,0 +1,15 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print parse_ftp_port("192,168,0,2,1,1"); + + print parse_eftp_port("|1|192.168.0.2|257|"); + print parse_eftp_port("|2|fe80::12|1234|"); + + print parse_ftp_pasv("227 Entering Passive Mode (192,168,0,2,1,1)"); + + print parse_ftp_epsv("229 Entering Extended Passive Mode (|||1234|)"); + } diff --git a/testing/btest/bifs/piped_exec.bro b/testing/btest/bifs/piped_exec.bro index 32fd5c5f80..3a76eba8f5 100644 --- a/testing/btest/bifs/piped_exec.bro +++ b/testing/btest/bifs/piped_exec.bro @@ -5,8 +5,10 @@ global cmds = "print \"hello world\";"; cmds = string_cat(cmds, "\nprint \"foobar\";"); -piped_exec("bro", cmds); +if ( piped_exec("bro", cmds) != T ) + exit(1); # Test null output. -piped_exec("cat > test.txt", "\x00\x00hello\x00\x00"); +if ( piped_exec("cat > test.txt", "\x00\x00hello\x00\x00") != T ) + exit(1); diff --git a/testing/btest/bifs/rand.bro b/testing/btest/bifs/rand.bro new file mode 100644 index 0000000000..229645944e --- /dev/null +++ b/testing/btest/bifs/rand.bro @@ -0,0 +1,24 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = rand(1000); + local b = rand(1000); + local c = rand(1000); + + print a; + print b; + print c; + + srand(575); + + local d = rand(1000); + local e = rand(1000); + local f = rand(1000); + + print d; + print e; + print f; + } diff --git a/testing/btest/bifs/raw_bytes_to_v4_addr.bro b/testing/btest/bifs/raw_bytes_to_v4_addr.bro new file mode 100644 index 0000000000..754580a5b0 --- /dev/null +++ b/testing/btest/bifs/raw_bytes_to_v4_addr.bro @@ -0,0 +1,9 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print raw_bytes_to_v4_addr("ABCD"); + print raw_bytes_to_v4_addr("ABC"); + } diff --git a/testing/btest/bifs/record_type_to_vector.bro b/testing/btest/bifs/record_type_to_vector.bro new file mode 100644 index 0000000000..18ddf35022 --- /dev/null +++ b/testing/btest/bifs/record_type_to_vector.bro @@ -0,0 +1,13 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +type myrecord: record { + ct: count; + str1: string; +}; + +event bro_init() + { + print record_type_to_vector("myrecord"); + } diff --git a/testing/btest/bifs/resize.bro b/testing/btest/bifs/resize.bro new file mode 100644 index 0000000000..37e4ac38d9 --- /dev/null +++ b/testing/btest/bifs/resize.bro @@ -0,0 +1,26 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = vector( 5, 3, 8 ); + + print |a|; + + if ( resize(a, 5) != 3 ) + exit(1); + + print |a|; + + if ( resize(a, 0) != 5 ) + exit(1); + + print |a|; + + if ( resize(a, 7) != 0 ) + exit(1); + + print |a|; + + } diff --git a/testing/btest/bifs/rotate_file.bro b/testing/btest/bifs/rotate_file.bro new file mode 100644 index 0000000000..7132b0aaa8 --- /dev/null +++ b/testing/btest/bifs/rotate_file.bro @@ -0,0 +1,15 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = open("testfile"); + write_file(a, "this is a test\n"); + + local b = rotate_file(a); + if ( b$new_name != "testfile" ) + print "file rotated"; + print file_size(b$new_name); + print file_size("testfile"); + } diff --git a/testing/btest/bifs/rotate_file_by_name.bro b/testing/btest/bifs/rotate_file_by_name.bro new file mode 100644 index 0000000000..952b09aff3 --- /dev/null +++ b/testing/btest/bifs/rotate_file_by_name.bro @@ -0,0 +1,16 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = open("testfile"); + write_file(a, "this is a test\n"); + close(a); + + local b = rotate_file_by_name("testfile"); + if ( b$new_name != "testfile" ) + print "file rotated"; + print file_size(b$new_name); + print file_size("testfile"); + } diff --git a/testing/btest/bifs/same_object.bro b/testing/btest/bifs/same_object.bro new file mode 100644 index 0000000000..eee8b1621d --- /dev/null +++ b/testing/btest/bifs/same_object.bro @@ -0,0 +1,16 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "This is a test"; + local b: string; + local c = "This is a test"; + b = a; + print same_object(a, b); + print same_object(a, c); + + local d = vector(1, 2, 3); + print same_object(a, d); + } diff --git a/testing/btest/bifs/sort.bro b/testing/btest/bifs/sort.bro new file mode 100644 index 0000000000..14aa286021 --- /dev/null +++ b/testing/btest/bifs/sort.bro @@ -0,0 +1,70 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +function myfunc1(a: addr, b: addr): int + { + local x = addr_to_counts(a); + local y = addr_to_counts(b); + if (x[0] < y[0]) + return -1; + else + return 1; + } + +function myfunc2(a: double, b: double): int + { + if (a < b) + return -1; + else + return 1; + } + +event bro_init() + { + # Tests without supplying a comparison function + + local a1 = vector( 5, 2, 8, 3 ); + local b1 = sort(a1); + print a1; + print b1; + + local a2: vector of interval = vector( 5hr, 2days, 1sec, -7min ); + local b2 = sort(a2); + print a2; + print b2; + + local a3: vector of bool = vector( T, F, F, T ); + local b3 = sort(a3); + print a3; + print b3; + + local a4: vector of port = vector( 12/icmp, 123/tcp, 500/udp, 7/udp, 57/tcp ); + local b4 = sort(a4); + print a4; + print b4; + + # this one is expected to fail (i.e., "sort" doesn't sort the vector) + local a5: vector of double = vector( 3.03, 3.01, 3.02, 3.015 ); + local b5 = sort(a5); + print a5; + print b5; + + # this one is expected to fail (i.e., "sort" doesn't sort the vector) + local a6: vector of addr = vector( 192.168.123.200, 10.0.0.157, 192.168.0.3 ); + local b6 = sort(a6); + print a6; + print b6; + + # Tests with a comparison function + + local c1: vector of addr = vector( 192.168.123.200, 10.0.0.157, 192.168.0.3 ); + local d1 = sort(c1, myfunc1); + print c1; + print d1; + + local c2: vector of double = vector( 3.03, 3.01, 3.02, 3.015 ); + local d2 = sort(c2, myfunc2); + print c2; + print d2; + } diff --git a/testing/btest/bifs/sort_string_array.bro b/testing/btest/bifs/sort_string_array.bro new file mode 100644 index 0000000000..23c4f55848 --- /dev/null +++ b/testing/btest/bifs/sort_string_array.bro @@ -0,0 +1,17 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a: string_array = { + [1] = "this", [2] = "is", [3] = "a", [4] = "test" + }; + + local b = sort_string_array(a); + + print b[1]; + print b[2]; + print b[3]; + print b[4]; + } diff --git a/testing/btest/bifs/split.bro b/testing/btest/bifs/split.bro new file mode 100644 index 0000000000..fc1b5e96a0 --- /dev/null +++ b/testing/btest/bifs/split.bro @@ -0,0 +1,59 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is a test"; + local pat = /hi|es/; + local idx = vector( 3, 6, 13); + + local b = split(a, pat); + local c = split1(a, pat); + local d = split_all(a, pat); + local e1 = split_n(a, pat, F, 1); + local e2 = split_n(a, pat, T, 1); + + print b[1]; + print b[2]; + print b[3]; + print b[4]; + print "---------------------"; + print c[1]; + print c[2]; + print "---------------------"; + print d[1]; + print d[2]; + print d[3]; + print d[4]; + print d[5]; + print "---------------------"; + print e1[1]; + print e1[2]; + print "---------------------"; + print e2[1]; + print e2[2]; + print e2[3]; + print "---------------------"; + print str_split(a, idx); + print "---------------------"; + + a = "X-Mailer: Testing Test (http://www.example.com)"; + pat = /:[[:blank:]]*/; + local f = split1(a, pat); + + print f[1]; + print f[2]; + print "---------------------"; + + a = "A = B = C = D"; + pat = /=/; + local g = split_all(a, pat); + print g[1]; + print g[2]; + print g[3]; + print g[4]; + print g[5]; + print g[6]; + print g[7]; + } diff --git a/testing/btest/bifs/str_shell_escape.bro b/testing/btest/bifs/str_shell_escape.bro new file mode 100644 index 0000000000..a71cb4dcf6 --- /dev/null +++ b/testing/btest/bifs/str_shell_escape.bro @@ -0,0 +1,15 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "echo ${TEST} > \"my file\""; + + print |a|; + print a; + + local b = str_shell_escape(a); + print |b|; + print b; + } diff --git a/testing/btest/bifs/strcmp.bro b/testing/btest/bifs/strcmp.bro new file mode 100644 index 0000000000..af46c7fa96 --- /dev/null +++ b/testing/btest/bifs/strcmp.bro @@ -0,0 +1,13 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this"; + local b = "testing"; + + print strcmp(a, b) > 0; + print strcmp(b, a) < 0; + print strcmp(a, a) == 0; + } diff --git a/testing/btest/bifs/string_fill.bro b/testing/btest/bifs/string_fill.bro new file mode 100644 index 0000000000..c47f1916cc --- /dev/null +++ b/testing/btest/bifs/string_fill.bro @@ -0,0 +1,16 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "test "; + + local b = string_fill(1, a); + local c = string_fill(2, a); + local d = string_fill(10, a); + + print fmt("*%s* %d", b, |b|); + print fmt("*%s* %d", c, |c|); + print fmt("*%s* %d", d, |d|); + } diff --git a/testing/btest/bifs/string_splitting.bro b/testing/btest/bifs/string_splitting.bro deleted file mode 100644 index 44068fe510..0000000000 --- a/testing/btest/bifs/string_splitting.bro +++ /dev/null @@ -1,12 +0,0 @@ -# -# @TEST-EXEC: bro %INPUT >out -# @TEST-EXEC: btest-diff out - -event bro_init() - { - local a = "X-Mailer: Testing Test (http://www.example.com)"; - print split1(a, /:[[:blank:]]*/); - - a = "A = B = C = D"; - print split_all(a, /=/); - } diff --git a/testing/btest/bifs/string_to_pattern.bro b/testing/btest/bifs/string_to_pattern.bro new file mode 100644 index 0000000000..5164c4576f --- /dev/null +++ b/testing/btest/bifs/string_to_pattern.bro @@ -0,0 +1,14 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print string_to_pattern("foo", F); + print string_to_pattern("", F); + print string_to_pattern("b[a-z]+", F); + + print string_to_pattern("foo", T); + print string_to_pattern("", T); + print string_to_pattern("b[a-z]+", T); + } diff --git a/testing/btest/bifs/strip.bro b/testing/btest/bifs/strip.bro new file mode 100644 index 0000000000..de6601b83c --- /dev/null +++ b/testing/btest/bifs/strip.bro @@ -0,0 +1,17 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = " this is a test "; + local b = ""; + local c = " "; + + print fmt("*%s*", a); + print fmt("*%s*", strip(a)); + print fmt("*%s*", b); + print fmt("*%s*", strip(b)); + print fmt("*%s*", c); + print fmt("*%s*", strip(c)); + } diff --git a/testing/btest/bifs/strstr.bro b/testing/btest/bifs/strstr.bro new file mode 100644 index 0000000000..58f79d593b --- /dev/null +++ b/testing/btest/bifs/strstr.bro @@ -0,0 +1,13 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is a test"; + local b = "his"; + local c = "are"; + + print strstr(a, b); + print strstr(a, c); + } diff --git a/testing/btest/bifs/sub.bro b/testing/btest/bifs/sub.bro new file mode 100644 index 0000000000..f6a956f26a --- /dev/null +++ b/testing/btest/bifs/sub.bro @@ -0,0 +1,12 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is a test"; + local pat = /is|ss/; + + print sub(a, pat, "at"); + print gsub(a, pat, "at"); + } diff --git a/testing/btest/bifs/subst_string.bro b/testing/btest/bifs/subst_string.bro new file mode 100644 index 0000000000..81a3f89424 --- /dev/null +++ b/testing/btest/bifs/subst_string.bro @@ -0,0 +1,12 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "this is another test"; + local b = "is"; + local c = "at"; + + print subst_string(a, b, c); + } diff --git a/testing/btest/bifs/system.bro b/testing/btest/bifs/system.bro new file mode 100644 index 0000000000..b73aed4d79 --- /dev/null +++ b/testing/btest/bifs/system.bro @@ -0,0 +1,15 @@ +# +# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = system("echo thistest > out"); + if ( a != 0 ) + exit(1); + + local b = system(""); + if ( b == 0 ) + exit(1); + + } diff --git a/testing/btest/bifs/system_env.bro b/testing/btest/bifs/system_env.bro new file mode 100644 index 0000000000..23928e9b10 --- /dev/null +++ b/testing/btest/bifs/system_env.bro @@ -0,0 +1,23 @@ +# +# @TEST-EXEC: bro %INPUT +# @TEST-EXEC: btest-diff testfile + +event bro_init() + { + local vars: table[string] of string = { ["TESTBRO"] = "helloworld" }; + + # make sure the env. variable is not set + local myvar = getenv("BRO_ARG_TESTBRO"); + if ( |myvar| != 0 ) + exit(1); + + # check if command runs with the env. variable defined + local a = system_env("echo $BRO_ARG_TESTBRO > testfile", vars); + if ( a != 0 ) + exit(1); + + # make sure the env. variable is still not set + myvar = getenv("BRO_ARG_TESTBRO"); + if ( |myvar| != 0 ) + exit(1); + } diff --git a/testing/btest/bifs/to_count.bro b/testing/btest/bifs/to_count.bro new file mode 100644 index 0000000000..c1fe72ce52 --- /dev/null +++ b/testing/btest/bifs/to_count.bro @@ -0,0 +1,27 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a: int = -2; + print int_to_count(a); + + local b: int = 2; + print int_to_count(b); + + local c: double = 3.14; + print double_to_count(c); + + local d: double = 3.9; + print double_to_count(d); + + print to_count("7"); + print to_count(""); + print to_count("-5"); + print to_count("not a count"); + + local e: port = 123/tcp; + print port_to_count(e); + + } diff --git a/testing/btest/bifs/to_double.bro b/testing/btest/bifs/to_double.bro new file mode 100644 index 0000000000..f13d34f69a --- /dev/null +++ b/testing/btest/bifs/to_double.bro @@ -0,0 +1,20 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 1 usec; + print interval_to_double(a); + local b = 1sec; + print interval_to_double(b); + local c = -1min; + print interval_to_double(c); + local d = 1hrs; + print interval_to_double(d); + local e = 1 day; + print interval_to_double(e); + + local f = current_time(); + print time_to_double(f); + } diff --git a/testing/btest/bifs/to_int.bro b/testing/btest/bifs/to_int.bro new file mode 100644 index 0000000000..9d108a9da7 --- /dev/null +++ b/testing/btest/bifs/to_int.bro @@ -0,0 +1,10 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print to_int("1"); + print to_int("-1"); + print to_int("not an int"); + } diff --git a/testing/btest/bifs/to_interval.bro b/testing/btest/bifs/to_interval.bro new file mode 100644 index 0000000000..8fded315d2 --- /dev/null +++ b/testing/btest/bifs/to_interval.bro @@ -0,0 +1,11 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 1234563.14; + print double_to_interval(a); + local b = -1234563.14; + print double_to_interval(b); + } diff --git a/testing/btest/bifs/to_port.bro b/testing/btest/bifs/to_port.bro new file mode 100644 index 0000000000..382bf5d333 --- /dev/null +++ b/testing/btest/bifs/to_port.bro @@ -0,0 +1,18 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + print to_port("123/tcp"); + print to_port("123/udp"); + print to_port("123/icmp"); + print to_port("not a port"); + + local a: transport_proto = tcp; + local b: transport_proto = udp; + local c: transport_proto = icmp; + print count_to_port(256, a); + print count_to_port(256, b); + print count_to_port(256, c); + } diff --git a/testing/btest/bifs/to_time.bro b/testing/btest/bifs/to_time.bro new file mode 100644 index 0000000000..97b109e647 --- /dev/null +++ b/testing/btest/bifs/to_time.bro @@ -0,0 +1,11 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 1234563.14; + print double_to_time(a); + local b = -1234563.14; + print double_to_time(b); + } diff --git a/testing/btest/bifs/type_name.bro b/testing/btest/bifs/type_name.bro new file mode 100644 index 0000000000..3ec13fb27d --- /dev/null +++ b/testing/btest/bifs/type_name.bro @@ -0,0 +1,73 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +type color: enum { Red, Blue }; + +type myrecord: record { + c: count; + s: string; +}; + +event bro_init() + { + local a = "foo"; + local b = 3; + local c = -3; + local d = 3.14; + local e = T; + local f = current_time(); + local g = 5hr; + local h = /^foo|bar/; + local i = Blue; + local j = 123/tcp; + local k = 192.168.0.2; + local l = [fe80::1]; + local m = 192.168.0.0/16; + local n = [fe80:1234::]/32; + local o = vector( 1, 2, 3); + local p: vector of table[count] of string = vector( + table( [1] = "test", [2] = "bro" ), + table( [1] = "another", [2] = "test" ) ); + local q = set( 1, 2, 3); + local r: set[port, string] = set( [21/tcp, "ftp"], [23/tcp, "telnet"] ); + local s: table[count] of string = { [1] = "test", [2] = "bro" }; + local t: table[string] of table[addr, port] of string = { + ["a"] = table( [192.168.0.2, 21/tcp] = "ftp", + [192.168.0.3, 80/tcp] = "http" ), + ["b"] = table( [192.168.0.2, 22/tcp] = "ssh" ) }; + local u: myrecord = [ $c = 2, $s = "another test" ]; + local v = function(aa: int, bb: int): bool { return aa < bb; }; + local w = function(): any { }; + local x = function() { }; + local y = open("deleteme"); + + print type_name(a); + print type_name(b); + print type_name(c); + print type_name(d); + print type_name(e); + print type_name(f); + print type_name(g); + print type_name(h); + print type_name(i); + print type_name(j); + print type_name(k); + print type_name(l); + print type_name(m); + print type_name(n); + print type_name(o); + print type_name(p); + print type_name(q); + print type_name(r); + print type_name(s); + print type_name(t); + print type_name(u); + print type_name(v); + print type_name(w); + print type_name(x); + print type_name(y); # result is "file of string" which is a bit odd; + # we should remove the (apparently unused) type argument + # from files. + print type_name(bro_init); + } diff --git a/testing/btest/bifs/uuid_to_string.bro b/testing/btest/bifs/uuid_to_string.bro new file mode 100644 index 0000000000..a64e81d783 --- /dev/null +++ b/testing/btest/bifs/uuid_to_string.bro @@ -0,0 +1,10 @@ +# +# @TEST-EXEC: bro %INPUT >out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = "\xfe\x80abcdefg0123456"; + print uuid_to_string(a); + print uuid_to_string(""); + } diff --git a/testing/btest/bifs/val_size.bro b/testing/btest/bifs/val_size.bro new file mode 100644 index 0000000000..b779460b9b --- /dev/null +++ b/testing/btest/bifs/val_size.bro @@ -0,0 +1,12 @@ +# +# @TEST-EXEC: bro %INPUT > out +# @TEST-EXEC: btest-diff out + +event bro_init() + { + local a = 1; + local b = T; + + print val_size(a); + print val_size(b); + } diff --git a/testing/btest/core/leaks/ipv6_ext_headers.test b/testing/btest/core/leaks/ipv6_ext_headers.test new file mode 100644 index 0000000000..3b2497655c --- /dev/null +++ b/testing/btest/core/leaks/ipv6_ext_headers.test @@ -0,0 +1,37 @@ +# Needs perftools support. +# +# @TEST-GROUP: leaks +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/ipv6-hbh-routing0.trace %INPUT >output +# @TEST-EXEC: btest-diff output + +# Just check that the event is raised correctly for a packet containing +# extension headers. +event ipv6_ext_headers(c: connection, p: pkt_hdr) + { + print p; + } + +# Also check the weird for routing type 0 extensions headers +event flow_weird(name: string, src: addr, dst: addr) + { + print fmt("weird %s from %s to %s", name, src, dst); + } + +# And the connection for routing type 0 packets with non-zero segments left +# should use the last address in that extension header. +event new_connection(c: connection) + { + print c$id; + } + +event ipv6_ext_headers(c: connection, p: pkt_hdr) + { + for ( h in p$ip6$exts ) + if ( p$ip6$exts[h]$id == IPPROTO_ROUTING ) + if ( p$ip6$exts[h]$routing$rtype == 0 ) + print routing0_data_to_addrs(p$ip6$exts[h]$routing$data); + } + diff --git a/testing/btest/core/leaks/vector-val-bifs.test b/testing/btest/core/leaks/vector-val-bifs.test new file mode 100644 index 0000000000..d42e273bc5 --- /dev/null +++ b/testing/btest/core/leaks/vector-val-bifs.test @@ -0,0 +1,28 @@ +# Needs perftools support. +# +# @TEST-GROUP: leaks +# +# @TEST-REQUIRES: bro --help 2>&1 | grep -q mem-leaks +# +# The BIFS used in this test originally didn't call the VectorVal() ctor right, +# assuming that it didn't automatically Ref the VectorType argument and thus +# leaked that memeory. +# +# @TEST-EXEC: HEAP_CHECK_DUMP_DIRECTORY=. HEAPCHECK=local bro -m -b -r $TRACES/ftp-ipv4.trace %INPUT >output +# @TEST-EXEC: btest-diff output + +function myfunc(aa: interval, bb: interval): int + { + if ( aa < bb ) + return -1; + else + return 1; + } + +event new_connection(c: connection) + { + local a = vector( 5, 2, 8, 3 ); + print order(a); + str_split("this is a test string", a); + print addr_to_counts(c$id$orig_h); + } diff --git a/testing/btest/core/load-sigs.bro b/testing/btest/core/load-sigs.bro new file mode 100644 index 0000000000..3e08338f2c --- /dev/null +++ b/testing/btest/core/load-sigs.bro @@ -0,0 +1,21 @@ +# A test of signature loading using @load-sigs. + +# @TEST-EXEC: bro -C -r $TRACES/wikipedia.trace %INPUT >output +# @TEST-EXEC: btest-diff output + +@load-sigs ./subdir/mysigs.sig + +event signature_match(state: signature_state, msg: string, data: string) + { + print state$conn$id; + print msg; + print data; + } + +@TEST-START-FILE subdir/mysigs.sig +signature my-sig { +ip-proto == tcp +payload /GET \/images/ +event "works" +} +@TEST-END-FILE