Merge remote-tracking branch 'origin/master' into topic/vladg/mysql

Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log

testing/btest/scripts/base/frameworks/file-analysis/bifs/register_mime_type.bro

@@ -0,0 +1,9 @@
+# @TEST-EXEC: bro -r $TRACES/http/get.trace %INPUT
+# @TEST-EXEC: btest-diff files.log
+
+event bro_init()
+	{
+	Files::register_for_mime_type(Files::ANALYZER_MD5, "text/plain");
+	};
+
+

testing/btest/scripts/base/frameworks/logging/dataseries/options.bro

@@ -1,44 +0,0 @@
-#
-# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
-# @TEST-GROUP: dataseries
-#
-# @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES
-# @TEST-EXEC: test -e ssh.ds.xml
-# @TEST-EXEC: btest-diff ssh.ds.xml
-
-module SSH;
-
-redef LogDataSeries::dump_schema = T;
-
-# Haven't yet found a way to check for the effect of these.
-redef LogDataSeries::compression = "bz2";
-redef LogDataSeries::extent_size = 1000;
-redef LogDataSeries::num_threads = 5;
-
-# LogDataSeries::use_integer_for_time is tested separately.
-
-export {
-	redef enum Log::ID += { LOG };
-
-	type Log: record {
-		t: time;
-		id: conn_id; # Will be rolled out into individual columns.
-		status: string &optional;
-		country: string &default="unknown";
-	} &log;
-}
-
-event bro_init()
-{
-	Log::create_stream(SSH::LOG, [$columns=Log]);
-
-    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
-
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
-	
-}
-

testing/btest/scripts/base/frameworks/logging/dataseries/rotate.bro

@@ -1,34 +0,0 @@
-#
-# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
-# @TEST-GROUP: dataseries
-#
-# @TEST-EXEC: bro -b -r ${TRACES}/rotation.trace %INPUT 2>&1 Log::default_writer=Log::WRITER_DATASERIES | grep "test" >out
-# @TEST-EXEC: for i in test.*.ds; do printf '> %s\n' $i; ds2txt --skip-index $i; done >>out
-# @TEST-EXEC: btest-diff out
-
-module Test;
-
-export {
-	# Create a new ID for our log stream
-	redef enum Log::ID += { LOG };
-
-	# Define a record with all the columns the log file can have.
-	# (I'm using a subset of fields from ssh-ext for demonstration.)
-	type Log: record {
-		t: time;
-		id: conn_id; # Will be rolled out into individual columns.
-	} &log;
-}
-
-redef Log::default_rotation_interval = 1hr;
-redef Log::default_rotation_postprocessor_cmd = "echo";
-
-event bro_init()
-{
-	Log::create_stream(Test::LOG, [$columns=Log]);
-}
-
-event new_connection(c: connection)
-	{
-	Log::write(Test::LOG, [$t=network_time(), $id=c$id]);
-	}

testing/btest/scripts/base/frameworks/logging/dataseries/test-logging.bro

@@ -1,35 +0,0 @@
-#
-# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
-# @TEST-GROUP: dataseries
-#
-# @TEST-EXEC: bro -b %INPUT Log::default_writer=Log::WRITER_DATASERIES
-# @TEST-EXEC: ds2txt --skip-index ssh.ds >ssh.ds.txt
-# @TEST-EXEC: btest-diff ssh.ds.txt
-
-module SSH;
-
-export {
-	redef enum Log::ID += { LOG };
-
-	type Log: record {
-		t: time;
-		id: conn_id; # Will be rolled out into individual columns.
-		status: string &optional;
-		country: string &default="unknown";
-	} &log;
-}
-
-event bro_init()
-{
-	Log::create_stream(SSH::LOG, [$columns=Log]);
-
-    local cid = [$orig_h=1.2.3.4, $orig_p=1234/tcp, $resp_h=2.3.4.5, $resp_p=80/tcp];
-
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="US"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="UK"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="success", $country="BR"]);
-	Log::write(SSH::LOG, [$t=network_time(), $id=cid, $status="failure", $country="MX"]);
-	
-}
-

testing/btest/scripts/base/frameworks/logging/dataseries/time-as-int.bro

@@ -1,9 +0,0 @@
-#
-# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
-# @TEST-GROUP: dataseries
-#
-# @TEST-EXEC: bro -r $TRACES/wikipedia.trace %INPUT Log::default_writer=Log::WRITER_DATASERIES
-# @TEST-EXEC: ds2txt --skip-index conn.ds >conn.ds.txt
-# @TEST-EXEC: btest-diff conn.ds.txt
-
-redef LogDataSeries::use_integer_for_time = T;

testing/btest/scripts/base/frameworks/logging/dataseries/wikipedia.bro

@@ -1,9 +0,0 @@
-#
-# @TEST-REQUIRES: has-writer DataSeries && which ds2txt
-# @TEST-GROUP: dataseries
-#
-# @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_DATASERIES
-# @TEST-EXEC: ds2txt --skip-index conn.ds >conn.ds.txt
-# @TEST-EXEC: ds2txt --skip-index http.ds >http.ds.txt
-# @TEST-EXEC: btest-diff conn.ds.txt
-# @TEST-EXEC: btest-diff http.ds.txt

testing/btest/scripts/base/frameworks/logging/sqlite/error.bro

@@ -1,6 +1,6 @@
 #
 # @TEST-REQUIRES: which sqlite3
-# @TEST-REQUIRES: has-writer SQLite 
+# @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
 # @TEST-EXEC: cat ssh.sql | sqlite3 ssh.sqlite

testing/btest/scripts/base/frameworks/logging/sqlite/set.bro

@@ -3,7 +3,7 @@
 # chance of being off by one if someone changes it).
 #
 # @TEST-REQUIRES: which sqlite3
-# @TEST-REQUIRES: has-writer SQLite
+# @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
 # @TEST-EXEC: bro -b %INPUT

testing/btest/scripts/base/frameworks/logging/sqlite/types.bro

@@ -1,6 +1,6 @@
 #
 # @TEST-REQUIRES: which sqlite3
-# @TEST-REQUIRES: has-writer SQLite 
+# @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
 # @TEST-EXEC: bro -b %INPUT

testing/btest/scripts/base/frameworks/logging/sqlite/wikipedia.bro

@@ -1,6 +1,6 @@
 #
 # @TEST-REQUIRES: which sqlite3
-# @TEST-REQUIRES: has-writer SQLite
+# @TEST-REQUIRES: has-writer Bro::SQLiteWriter
 # @TEST-GROUP: sqlite
 #
 # @TEST-EXEC: bro -r $TRACES/wikipedia.trace Log::default_writer=Log::WRITER_SQLITE

testing/btest/scripts/base/protocols/dnp3/events.bro

@@ -82,12 +82,12 @@ event dnp3_frozen_counter_16wFlag(c: connection, is_orig: bool, flag:count, coun
 	print "dnp3_frozen_counter_16wFlag", is_orig, flag;
 	}
 
-event dnp3_frozen_counter_32wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: string)
+event dnp3_frozen_counter_32wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: count)
 	{
 	print "dnp3_frozen_counter_32wFlagTime", is_orig, flag;
 	}
 
-event dnp3_frozen_counter_16wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: string)
+event dnp3_frozen_counter_16wFlagTime(c: connection, is_orig: bool, flag:count, count_value: count, time48: count)
 	{
 	print "dnp3_frozen_counter_16wFlagTime", is_orig, flag;
 	}
@@ -142,12 +142,12 @@ event dnp3_frozen_analog_input_16wFlag(c: connection, is_orig: bool, flag: count
 	print "dnp3_frozen_analog_input_16wFlag", is_orig, flag, frozen_value;
 	}
 
-event dnp3_frozen_analog_input_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+event dnp3_frozen_analog_input_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)
 	{
 	print "dnp3_frozen_analog_input_32wTime", is_orig, flag, frozen_value, time48;
 	}
 
-event dnp3_frozen_analog_input_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+event dnp3_frozen_analog_input_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)
 	{
 	print "dnp3_frozen_analog_input_16wTime", is_orig, flag, frozen_value, time48;
 	}
@@ -182,12 +182,12 @@ event dnp3_analog_input_event_16woTime(c: connection, is_orig: bool, flag: count
 	print "dnp3_analog_input_event_16woTime", is_orig, flag, value;
 	}
 
-event dnp3_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
+event dnp3_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, value: count, time48: count)
 	{
 	print "dnp3_analog_input_event_32wTime", is_orig, flag, value, time48;
 	}
 
-event dnp3_analog_input_16wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
+event dnp3_analog_input_16wTime(c: connection, is_orig: bool, flag: count, value: count, time48: count)
 	{
 	print "dnp3_analog_input_event_16wTime", is_orig, flag, value, time48;
 	}
@@ -202,12 +202,12 @@ event dnp3_analog_inputDP_woTime(c: connection, is_orig: bool, flag: count, valu
 	print "dnp3_analog_input_event_DPwoTime", is_orig, flag, value_low, value_high;
 	}
 
-event dnp3_analog_inputSP_wTime(c: connection, is_orig: bool, flag: count, value: count, time48: string)
+event dnp3_analog_inputSP_wTime(c: connection, is_orig: bool, flag: count, value: count, time48: count)
 	{
 	print "dnp3_analog_input_event_SPwTime", is_orig, flag, value, time48;
 	}
 
-event dnp3_analog_inputDP_wTime(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: string)
+event dnp3_analog_inputDP_wTime(c: connection, is_orig: bool, flag: count, value_low: count, value_high: count, time48: count)
 	{
 	print "dnp3_analog_input_event_DPwTime", is_orig, flag, value_low, value_high, time48;
 	}
@@ -222,12 +222,12 @@ event dnp3_frozen_analog_input_event_16woTime(c: connection, is_orig: bool, flag
 	print "dnp3_frozen_analog_input_event_16woTime", is_orig, flag, frozen_value;
 	}
 
-event dnp3_frozen_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+event dnp3_frozen_analog_input_event_32wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)
 	{
 	print "dnp3_frozen_analog_input_event_32wTime", is_orig, flag, frozen_value, time48;
 	}
 
-event dnp3_frozen_analog_input_event_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+event dnp3_frozen_analog_input_event_16wTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)
 	{
 	print "dnp3_frozen_analog_input_event_16wTime", is_orig, flag, frozen_value, time48;
 	}
@@ -242,12 +242,12 @@ event dnp3_frozen_analog_input_event_DPwoTime(c: connection, is_orig: bool, flag
 	print "dnp3_frozen_analog_input_event_DPwoTime", is_orig, flag, frozen_value_low, frozen_value_high;
 	}
 
-event dnp3_frozen_analog_input_event_SPwTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: string)
+event dnp3_frozen_analog_input_event_SPwTime(c: connection, is_orig: bool, flag: count, frozen_value: count, time48: count)
 	{
 	print "dnp3_frozen_analog_inputeventSP_wTime", is_orig, flag, frozen_value, time48;
 	}
 
-event dnp3_frozen_analog_input_event_DPwTime(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count, time48: string)
+event dnp3_frozen_analog_input_event_DPwTime(c: connection, is_orig: bool, flag: count, frozen_value_low: count, frozen_value_high: count, time48: count)
 	{
 	print "dnp3_frozen_analog_inputeventDP_wTime", is_orig, flag, frozen_value_low, frozen_value_high, time48;
 	}

testing/btest/scripts/base/protocols/dns/tsig.bro

@@ -0,0 +1,10 @@
+# @TEST-EXEC: bro -r $TRACES/dns-tsig.trace %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+redef dns_skip_all_addl = F;
+
+event dns_TSIG_addl(c: connection, msg: dns_msg, ans: dns_tsig_additional)
+	{
+	print ans;
+	print |ans$sig|;
+	}

testing/btest/scripts/base/protocols/http/content-range-gap-skip.bro

@@ -0,0 +1,26 @@
+# @TEST-EXEC: bro -r $TRACES/http/content-range-gap-skip.trace %INPUT
+
+# In this trace, we should be able to determine that a gap lies
+# entirely within the body of an entity that specifies Content-Range,
+# and so further deliveries after the gap can still be made.
+
+global got_gap = F;
+global got_data_after_gap = F;
+
+event http_entity_data(c: connection, is_orig: bool, length: count,
+                       data: string)
+	{
+	if ( got_gap )
+		got_data_after_gap = T;
+	}
+
+event content_gap(c: connection, is_orig: bool, seq: count, length: count)
+	{
+	got_gap = T;
+	}
+
+event bro_done()
+	{
+	if ( ! got_data_after_gap )
+		exit(1);
+	}

testing/btest/scripts/base/protocols/http/content-range-gap.bro

@@ -0,0 +1,8 @@
+# @TEST-EXEC: bro -r $TRACES/http/content-range-gap.trace %INPUT
+# @TEST-EXEC: btest-diff extract_files/thefile
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
+					   [$extract_filename="thefile"]);
+	}

testing/btest/scripts/base/protocols/http/entity-gap.bro

@@ -0,0 +1,24 @@
+# @TEST-EXEC: bro -r $TRACES/http/entity_gap.trace %INPUT
+# @TEST-EXEC: btest-diff entity_data
+# @TEST-EXEC: btest-diff extract_files/file0
+
+global f = open("entity_data");
+global fn = 0;
+
+event http_entity_data(c: connection, is_orig: bool, length: count,
+                       data: string)
+	{
+	print f, data;
+	}
+
+event content_gap(c: connection, is_orig: bool, seq: count, length: count)
+	{
+	print f, fmt("<%d byte gap>", length);
+	}
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
+					   [$extract_filename=fmt("file%d", fn)]);
+	++fn;
+	}

testing/btest/scripts/base/protocols/http/entity-gap2.bro

@@ -0,0 +1,24 @@
+# @TEST-EXEC: bro -r $TRACES/http/entity_gap2.trace %INPUT
+# @TEST-EXEC: btest-diff entity_data
+# @TEST-EXEC: btest-diff extract_files/file0
+
+global f = open("entity_data");
+global fn = 0;
+
+event http_entity_data(c: connection, is_orig: bool, length: count,
+                       data: string)
+	{
+	print f, data;
+	}
+
+event content_gap(c: connection, is_orig: bool, seq: count, length: count)
+	{
+	print f, fmt("<%d byte gap>", length);
+	}
+
+event file_new(f: fa_file)
+	{
+	Files::add_analyzer(f, Files::ANALYZER_EXTRACT,
+					   [$extract_filename=fmt("file%d", fn)]);
+	++fn;
+	}

testing/btest/scripts/base/protocols/modbus/coil_parsing_big.bro

@@ -0,0 +1,47 @@
+#
+# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusBig.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif  | grep "^event modbus_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+
+event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
+{
+    print "modbus_message", c$id, headers, is_orig;
+}
+
+event modbus_exception(c: connection, headers: ModbusHeaders, code: count)
+{
+    print "modbus_exception", c$id, headers, code;
+}
+
+event modbus_read_coils_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
+{
+    print "modbus_read_coils_request", c$id, headers, start_address, quantity;
+}
+
+event modbus_read_coils_response(c: connection, headers: ModbusHeaders, coils: ModbusCoils)
+{
+    print "modbus_read_coils_response", c$id, headers, coils;
+}
+event modbus_write_single_coil_request(c: connection, headers: ModbusHeaders, address: count, value: bool)
+{
+    print "modbus_write_single_coil_request", c$id, headers, address, value;
+}
+
+event modbus_write_single_coil_response(c: connection, headers: ModbusHeaders, address: count, value: bool)
+{
+    print "modbus_write_single_coil_response", c$id, headers, address, value;
+}
+
+event modbus_write_multiple_coils_request(c: connection, headers: ModbusHeaders, start_address: count, coils: ModbusCoils)
+{
+    print "modbus_write_multiple_coils_request", c$id, headers, start_address, coils;
+}
+
+event modbus_write_multiple_coils_response(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
+{
+    print "modbus_write_multiple_coils_response", c$id, headers, start_address, quantity;
+}
+

testing/btest/scripts/base/protocols/modbus/coil_parsing_small.bro

@@ -0,0 +1,47 @@
+#
+# @TEST-EXEC: bro -C -r $TRACES/modbus/modbusSmall.pcap %INPUT | sort | uniq -c | sed 's/^ *//g' >output
+# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif  | grep "^event modbus_" | wc -l >total
+# @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
+# @TEST-EXEC: btest-diff coverage
+
+event modbus_message(c: connection, headers: ModbusHeaders, is_orig: bool)
+{
+    print "modbus_message", c$id, headers, is_orig;
+}
+
+event modbus_exception(c: connection, headers: ModbusHeaders, code: count)
+{
+    print "modbus_exception", c$id, headers, code;
+}
+
+event modbus_read_coils_request(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
+{
+    print "modbus_read_coils_request", c$id, headers, start_address, quantity;
+}
+
+event modbus_read_coils_response(c: connection, headers: ModbusHeaders, coils: ModbusCoils)
+{
+    print "modbus_read_coils_response", c$id, headers, coils;
+}
+event modbus_write_single_coil_request(c: connection, headers: ModbusHeaders, address: count, value: bool)
+{
+    print "modbus_write_single_coil_request", c$id, headers, address, value;
+}
+
+event modbus_write_single_coil_response(c: connection, headers: ModbusHeaders, address: count, value: bool)
+{
+    print "modbus_write_single_coil_response", c$id, headers, address, value;
+}
+
+event modbus_write_multiple_coils_request(c: connection, headers: ModbusHeaders, start_address: count, coils: ModbusCoils)
+{
+    print "modbus_write_multiple_coils_request", c$id, headers, start_address, coils;
+}
+
+event modbus_write_multiple_coils_response(c: connection, headers: ModbusHeaders, start_address: count, quantity: count)
+{
+    print "modbus_write_multiple_coils_response", c$id, headers, start_address, quantity;
+}
+

testing/btest/scripts/base/utils/active-http.test

@@ -1,28 +1,43 @@
 # @TEST-REQUIRES: which python
 # @TEST-REQUIRES: which curl
 #
-# @TEST-EXEC: btest-bg-run httpd python $SCRIPTS/httpd.py --max 1 --addr=127.0.0.1
+# @TEST-EXEC: btest-bg-run httpd python $SCRIPTS/httpd.py --max 2 --addr=127.0.0.1
 # @TEST-EXEC: sleep 3
 # @TEST-EXEC: btest-bg-run bro bro -b %INPUT
 # @TEST-EXEC: btest-bg-wait 15
-# @TEST-EXEC: btest-diff bro/.stdout
+# @TEST-EXEC: cat bro/.stdout | sort >output
+# @TEST-EXEC: btest-diff output
 
 @load base/utils/active-http
 @load base/frameworks/communication # let network-time run. otherwise there are no heartbeats...
 redef exit_only_after_terminate = T;
 
-event bro_init()
-	{
-	local req = ActiveHTTP::Request($url="127.0.0.1:32123");
+global c: count = 0;
 
-	when ( local resp = ActiveHTTP::request(req) )
-		{
-		print resp;
+function check_exit_condition()
+	{
+	c += 1;
+
+	if ( c == 2 )
 		terminate();
+	}
+
+function test_request(label: string, req: ActiveHTTP::Request)
+	{
+	when ( local response = ActiveHTTP::request(req) )
+		{
+		print label, response;
+		check_exit_condition();
 		}
 	timeout 1min
 		{
 		print "HTTP request timeout";
-		terminate();
+		check_exit_condition();
 		}
 	}
+
+event bro_init()
+	{
+	test_request("test1", [$url="127.0.0.1:32123"]);
+	test_request("test2", [$url="127.0.0.1:32123/empty", $method="POST"]);
+	}

testing/btest/scripts/base/utils/exec.test

@@ -14,7 +14,7 @@ function check_exit_condition()
 	{
 	c += 1;
 
-	if ( c == 3 )
+	if ( c == 4 )
 		terminate();
 	}
 
@@ -35,6 +35,8 @@ event bro_init()
 	# Not sure of a portable way to test signals yet.
 	#test_cmd("test3", [$cmd="bash ../suicide.sh"]);
 	test_cmd("test4", [$cmd="bash ../stdin.sh", $stdin="hibye"]);
+	test_cmd("test5", [$cmd="bash ../empty_file.sh",
+	                   $read_files=set("out3", "out4")]);
 	}
 
 @TEST-END-FILE
@@ -73,3 +75,9 @@ echo "nope"
 read -r line
 echo "$line"
 @TEST-END-FILE
+
+@TEST-START-FILE empty_file.sh
+#! /usr/bin/env bash
+touch out3
+echo "test" > out4
+@TEST-END-FILE