Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp-sct-validate

2025-10-14 20:48:21 +00:00 · 2017-06-26 11:16:08 -07:00 · 2017-06-26 11:16:08 -07:00 · b7a7e45a07
commit b7a7e45a07
parent 8af810e00b ff4caaf50a
87 changed files with 1583 additions and 172 deletions
--- a/testing/btest/scripts/base/frameworks/intel/expire-item.bro
+++ b/testing/btest/scripts/base/frameworks/intel/expire-item.bro
@ -9,9 +9,10 @@
 1.2.3.4	Intel::ADDR	source1	this host is bad	http://some-data-distributor.com/1
 # @TEST-END-FILE

-@load frameworks/communication/listen
@load frameworks/intel/do_expire

+redef exit_only_after_terminate = T;
+
 redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };
 redef Intel::item_expiration = 9sec;
@ -44,6 +45,8 @@ event do_it()

 	if ( runs < 6 )
 		schedule 3sec { do_it() };
+	else
+		terminate();
 	}

 event Intel::match(s: Intel::Seen, items: set[Intel::Item])
--- a/testing/btest/scripts/base/frameworks/intel/match-subnet.bro
+++ b/testing/btest/scripts/base/frameworks/intel/match-subnet.bro
@ -14,7 +14,7 @@
 192.168.128.0/18	Intel::SUBNET	source1	this subnetwork might be baaad	http://some-data-distributor.com/5
 # @TEST-END-FILE

-@load frameworks/communication/listen
+redef exit_only_after_terminate = T;

 redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };
--- a/testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro
+++ b/testing/btest/scripts/base/frameworks/intel/remove-non-existing.bro
@ -9,7 +9,7 @@
 192.168.1.1	Intel::ADDR	source1	this host is just plain baaad	http://some-data-distributor.com/1
 # @TEST-END-FILE

-@load frameworks/communication/listen
+redef exit_only_after_terminate = T;

 redef Intel::read_files += { "../intel.dat" };
 redef enum Intel::Where += { SOMEWHERE };
--- a/testing/btest/scripts/base/frameworks/logging/ascii-gz.bro
+++ b/testing/btest/scripts/base/frameworks/logging/ascii-gz.bro
@ -0,0 +1,75 @@
+#
+# @TEST-EXEC: bro -b %INPUT
+# @TEST-EXEC: gunzip ssh.log.gz
+# @TEST-EXEC: btest-diff ssh.log
+# @TEST-EXEC: btest-diff ssh-uncompressed.log
+#
+# Testing all possible types.
+
+redef LogAscii::gzip_level = 9;
+
+module SSH;
+
+export {
+	redef enum Log::ID += { LOG };
+
+	type Log: record {
+		b: bool;
+		i: int;
+		e: Log::ID;
+		c: count;
+		p: port;
+		sn: subnet;
+		a: addr;
+		d: double;
+		t: time;
+		iv: interval;
+		s: string;
+		sc: set[count];
+		ss: set[string];
+		se: set[string];
+		vc: vector of count;
+		ve: vector of string;
+		f: function(i: count) : string;
+	} &log;
+}
+
+function foo(i : count) : string
+	{
+	if ( i > 0 )
+		return "Foo";
+	else
+		return "Bar";
+	}
+
+event bro_init()
+{
+	Log::create_stream(SSH::LOG, [$columns=Log]);
+	local filter = Log::Filter($name="ssh-uncompressed", $path="ssh-uncompressed",
+	                           $config = table(["gzip_level"] = "0"));
+	Log::add_filter(SSH::LOG, filter);
+
+	local empty_set: set[string];
+	local empty_vector: vector of string;
+
+	Log::write(SSH::LOG, [
+		$b=T,
+		$i=-42,
+		$e=SSH::LOG,
+		$c=21,
+		$p=123/tcp,
+		$sn=10.0.0.1/24,
+		$a=1.2.3.4,
+		$d=3.14,
+		$t=(strptime("%Y-%m-%dT%H:%M:%SZ", "2008-07-09T16:13:30Z") + 0.543210 secs),
+		$iv=100secs,
+		$s="hurz",
+		$sc=set(1,2,3,4),
+		$ss=set("AA", "BB", "CC"),
+		$se=empty_set,
+		$vc=vector(10, 20, 30),
+		$ve=empty_vector,
+		$f=foo
+		]);
+}
+
--- a/testing/btest/scripts/base/frameworks/netcontrol/acld.bro
+++ b/testing/btest/scripts/base/frameworks/netcontrol/acld.bro
@ -79,6 +79,11 @@ event NetControl::rule_removed(r: NetControl::Rule, p: NetControl::PluginState,
 	print "rule removed", r$entity, r$ty;
 	}

+event NetControl::rule_error(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	print "rule error", r$entity, r$ty;
+	}
+
@TEST-END-FILE

@TEST-START-FILE recv.bro
@ -115,7 +120,10 @@ event NetControl::acld_remove_rule(id: count, r: NetControl::Rule, ar: NetContro
 	{
 	print "remove_rule", id, r$entity, r$ty, ar;

-	Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+	if ( r$cid != 2 )
+		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_removed, id, r, ar$command));
+	else
+		Broker::send_event("bro/event/netcontroltest", Broker::event_args(NetControl::acld_rule_error, id, r, ar$command));

 	if ( r$cid == 4 )
 		terminate();
--- a/testing/btest/scripts/base/misc/version.bro
+++ b/testing/btest/scripts/base/misc/version.bro
@ -36,6 +36,6 @@ print "yup";
 print "yup";
@endif

-@if ( Version::at_least("2.4") )
+@if ( Version::at_least("2.9") )
 print "no";
@endif
--- a/testing/btest/scripts/base/protocols/nfs/basic.test
+++ b/testing/btest/scripts/base/protocols/nfs/basic.test
@ -0,0 +1,66 @@
+# @TEST-EXEC: bro -b -r $TRACES/nfs/nfs_base.pcap %INPUT
+# @TEST-EXEC: btest-diff .stdout
+
+global nfs_ports: set[port] = { 2049/tcp, 2049/udp } &redef;
+redef ignore_checksums = T;
+
+event bro_init()
+	{
+	Analyzer::register_for_ports(Analyzer::ANALYZER_NFS, nfs_ports);
+	}
+
+event nfs_proc_lookup(c: connection , info: NFS3::info_t , req: NFS3::diropargs_t , rep: NFS3::lookup_reply_t )
+	{
+	print "nfs_proc_lookup", c, info, req, rep;
+	}
+
+event nfs_proc_read(c: connection , info: NFS3::info_t , req: NFS3::readargs_t , rep: NFS3::read_reply_t )
+	{
+	print "nfs_proc_read", c, info, req, rep;
+	}
+
+event nfs_proc_readlink(c: connection , info: NFS3::info_t , fh: string , rep: NFS3::readlink_reply_t )
+	{
+	print "nfs_proc_readlink", c, info, fh, rep;
+	}
+
+event nfs_proc_write(c: connection , info: NFS3::info_t , req: NFS3::writeargs_t , rep: NFS3::write_reply_t )
+	{
+	print "nfs_proc_write", c, info, req, rep;
+	}
+
+event nfs_proc_create(c: connection , info: NFS3::info_t , req: NFS3::diropargs_t , rep: NFS3::newobj_reply_t )
+	{
+	print "nfs_proc_create", c, info, req, rep;
+	}
+
+event nfs_proc_mkdir(c: connection , info: NFS3::info_t , req: NFS3::diropargs_t , rep: NFS3::newobj_reply_t )
+	{
+	print "nfs_proc_mkdir", c, info, req, rep;
+	}
+
+event nfs_proc_remove(c: connection , info: NFS3::info_t , req: NFS3::diropargs_t , rep: NFS3::delobj_reply_t )
+	{
+	print "nfs_proc_remove", c, info, req, rep;
+	}
+
+event nfs_proc_rmdir(c: connection , info: NFS3::info_t , req: NFS3::diropargs_t , rep: NFS3::delobj_reply_t )
+	{
+	print "nfs_proc_rmdir", c, info, req, rep;
+	}
+
+event nfs_proc_readdir(c: connection , info: NFS3::info_t , req: NFS3::readdirargs_t , rep: NFS3::readdir_reply_t )
+	{
+	print "nfs_proc_readdir", c, info, req, rep;
+	}
+
+event nfs_proc_rename(c: connection , info: NFS3::info_t , req: NFS3::renameopargs_t , rep: NFS3::renameobj_reply_t )
+	{
+	print "nfs_proc_rename", c, info, req, rep;
+	}
+
+event nfs_proc_not_implemented(c: connection , info: NFS3::info_t , proc: NFS3::proc_t )
+	{
+	print "nfs_proc_not_implemented", c, info, proc;
+	}
+