Merge remote-tracking branch 'origin/master' into topic/johanna/openflow

testing/btest/scripts/base/files/pe/basic.test

@@ -0,0 +1,5 @@
+# This tests the PE analyzer against a PCAP of 4 PE files being downloaded via FTP.
+# The files are a mix of DLL/EXEs, signed/unsigned, and 32/64-bit files.
+
+# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT
+# @TEST-EXEC: btest-diff pe.log

testing/btest/scripts/base/frameworks/logging/ascii-escape-binary.bro

@@ -0,0 +1,48 @@
+# @TEST-EXEC: bro -b %INPUT >output
+# @TEST-EXEC: btest-diff test.log
+# @TEST-EXEC: btest-diff output
+
+module Test;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		s: string;
+	} &log;
+}
+
+event bro_init()
+{
+	local a = "abc\0def";
+	local b = escape_string(a);
+	local c = fmt("%s", a);
+
+	Log::create_stream(Test::LOG, [$columns=Log]);
+	Log::write(Test::LOG, [$s="AB\0CD\0"]);
+	Log::write(Test::LOG, [$s="AB\xffCD\0"]);
+	Log::write(Test::LOG, [$s="AB\\xffCD\0"]);
+	Log::write(Test::LOG, [$s=" "]);
+	Log::write(Test::LOG, [$s=b]);
+	Log::write(Test::LOG, [$s=" "]);
+	Log::write(Test::LOG, [$s=c]);
+	Log::write(Test::LOG, [$s=" "]);
+	Log::write(Test::LOG, [$s="foo \xc2\xae bar \\xc2\\xae baz"]);
+	Log::write(Test::LOG, [$s="foo\x00bar\\0baz"]);
+	Log::write(Test::LOG, [$s="foo \16 bar ^N baz"]);
+
+	print "AB\0CD\0";
+	print "AB\xffCD\0";
+	print "AB\\xffCD\0";
+	print "";
+	print b;
+	print "";
+	print c;
+	print "";
+	print "foo \xc2\xae bar \\xc2\\xae baz";
+	print "foo\x00bar\\0baz";
+	print "foo \16 bar ^N baz";
+
+	print "";
+}
+

testing/btest/scripts/base/protocols/http/zero-length-bodies-with-drops.bro

@@ -0,0 +1,10 @@
+# This tests an issue with interaction between zero length
+# http bodies and the file analysis code.  It is creating
+# files when there isn't actually any body there and shouldn't
+# create a file.
+#
+# @TEST-EXEC: bro -r $TRACES/http/zero-length-bodies-with-drops.pcap %INPUT
+
+# There shouldn't be a files log (no files!)
+# @TEST-EXEC: test ! -f files.log
+

testing/btest/scripts/base/protocols/krb/kinit.test

@@ -0,0 +1,16 @@
+# This test exercises many of the Linux kinit options against a KDC
+
+# @TEST-EXEC: bro -b -r $TRACES/krb/kinit.trace %INPUT > output
+# @TEST-EXEC: btest-diff kerberos.log
+# @TEST-EXEC: btest-diff output
+
+@load base/protocols/krb
+
+event krb_ap_request(c: connection, ticket: KRB::Ticket, opts: KRB::AP_Options)
+	{
+	print "KRB_AP_REQUEST";
+	print ticket;
+	print opts;
+	}
+
+

testing/btest/scripts/base/protocols/krb/tgs.test

@@ -0,0 +1,7 @@
+# This test exercises a Kerberos authentication to a Kerberized SSH server
+
+# @TEST-EXEC: bro -b -r $TRACES/krb/auth.trace %INPUT
+# @TEST-EXEC: btest-diff kerberos.log
+
+@load base/protocols/krb
+

testing/btest/scripts/base/protocols/sip/wireshark.test

@@ -0,0 +1,6 @@
+# This tests a PCAP with a few SIP commands from the Wireshark samples.
+
+# @TEST-EXEC: bro -b -r $TRACES/sip/wireshark.trace %INPUT
+# @TEST-EXEC: btest-diff sip.log
+
+@load base/protocols/sip