mirror of
https://github.com/zeek/zeek.git
synced 2025-10-06 16:48:19 +00:00
Merge remote-tracking branch 'origin/topic/johanna/in-binary'
BIT-1845 #merged * origin/topic/johanna/in-binary: Make "in" keyword work with binary data.
This commit is contained in:
Robin Sommer
commit
ad6162ce44
4 changed files with 25 additions and 3 deletions
20
testing/btest/scripts/base/files/data_event/basic.bro
Normal file
20
testing/btest/scripts/base/files/data_event/basic.bro
Normal file
|
|
@ -0,0 +1,20 @@
|
|||
# Just a very basic test to check if ANALYZER_DATA_EVENT works.
|
||||
# Also check if "in" works with binary data.
|
||||
# @TEST-EXEC: bro -r $TRACES/pe/pe.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
# @TEST-EXEC: btest-diff .stderr
|
||||
|
||||
event stream_data(f: fa_file, data: string)
|
||||
{
|
||||
if ( "Windows" in data )
|
||||
{
|
||||
print "Found";
|
||||
}
|
||||
}
|
||||
|
||||
event file_new (f: fa_file)
|
||||
{
|
||||
Files::add_analyzer(f, Files::ANALYZER_DATA_EVENT,
|
||||
[$stream_event=stream_data]);
|
||||
}
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue