Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Adding a test building a file analyzer plugin.

Browse source 
Also cleaning up, and moving, the other plugin tests.
This commit is contained in:
Robin Sommer 2014-06-18 14:08:28 -07:00
parent 55de5c60f4
commit c24bb9cacd
28 changed files with 203 additions and 2336 deletions
Download patch file Download diff file Expand all files Collapse all files

2262
testing/btest/Baseline/core.plugins.hooks/output
View file

File diff suppressed because one or more lines are too long

2
testing/btest/Baseline/core.plugins.test-plugin/output → testing/btest/Baseline/plugins.bifs-and-scripts/output
View file

@ -1,4 +1,4 @@
Plugin: Demo::Foo - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1.0) Demo::Foo - Caesar cipher rotating a string's characters by 13 places. (dynamic, version 1.0)
[Event] plugin_event [Event] plugin_event
[Function] hello_plugin_world [Function] hello_plugin_world

17
testing/btest/Baseline/plugins.file/output Normal file
View file

@ -0,0 +1,17 @@
Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
[File Analyzer] Foo (ANALYZER_FOO)
[Event] foo_piece
===
foo_piece, FGy9Oo9JLY8SFxMJ2, The National Center
foo_piece, FGy9Oo9JLY8SFxMJ2, net, consult your lo
foo_piece, FGy9Oo9JLY8SFxMJ2, most everything else
foo_piece, FGy9Oo9JLY8SFxMJ2, low:^J^J /Mac
foo_piece, FGy9Oo9JLY8SFxMJ2, es and directories o
foo_piece, FGy9Oo9JLY8SFxMJ2, r example, here is a
foo_piece, FGy9Oo9JLY8SFxMJ2, application, StuffIt
foo_piece, FGy9Oo9JLY8SFxMJ2, tion BinHex by doubl
foo_piece, FGy9Oo9JLY8SFxMJ2, laced, or are going
foo_piece, FGy9Oo9JLY8SFxMJ2, sers several documen
foo_piece, FGy9Oo9JLY8SFxMJ2, er or can be printed
foo_piece, FGy9Oo9JLY8SFxMJ2, ^J^JBug reports shoul

2
testing/btest/Baseline/core.plugins.analyzer/output → testing/btest/Baseline/plugins.protocol/output
View file

@ -1,4 +1,4 @@
Plugin: Demo::Foo - A Foo test analyzer (dynamic, version 1.0) Demo::Foo - A Foo test analyzer (dynamic, version 1.0)
[Analyzer] Foo (ANALYZER_FOO, enabled) [Analyzer] Foo (ANALYZER_FOO, enabled)
[Event] foo_message [Event] foo_message

59
testing/btest/core/plugins/analyzer-plugin/src/Foo.cc
View file

@ -1,59 +0,0 @@
#include "Foo.h"
#include "foo_pac.h"
#include "events.bif.h"
#include <analyzer/protocol/tcp/TCP_Reassembler.h>
using namespace analyzer::Foo;
Foo_Analyzer::Foo_Analyzer(Connection* conn)
: tcp::TCP_ApplicationAnalyzer("Foo", conn)
{
interp = new binpac::Foo::Foo_Conn(this);
}
Foo_Analyzer::~Foo_Analyzer()
{
delete interp;
}
void Foo_Analyzer::Done()
{
tcp::TCP_ApplicationAnalyzer::Done();
interp->FlowEOF(true);
interp->FlowEOF(false);
}
void Foo_Analyzer::EndpointEOF(bool is_orig)
{
tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
interp->FlowEOF(is_orig);
}
void Foo_Analyzer::DeliverStream(int len, const u_char* data, bool orig)
{
tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
assert(TCP());
if ( TCP()->IsPartial() )
// punt on partial.
return;
try
{
interp->NewData(orig, data, data + len);
}
catch ( const binpac::Exception& e )
{
ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
}
}
void Foo_Analyzer::Undelivered(int seq, int len, bool orig)
{
tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
interp->NewGap(orig, len);
}

5
testing/btest/core/plugins/test-plugin.sh → testing/btest/plugins/bifs-and-scripts.sh
View file

@ -1,7 +1,7 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo
# @TEST-EXEC: bash %INPUT # @TEST-EXEC: bash %INPUT
# @TEST-EXEC: make BRO=${DIST} # @TEST-EXEC: make BRO=${DIST}
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN | awk '/^Plugin:.*Demo/ {p=1; print; next} /^Plugin:/{p=0} p==1{print}' >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output
# @TEST-EXEC: echo === >>output # @TEST-EXEC: echo === >>output
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/empty.trace >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/empty.trace >>output
@ -18,8 +18,7 @@
# @TEST-EXEC: echo === >>output # @TEST-EXEC: echo === >>output
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.bro demo/foo -r $TRACES/empty.trace >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -b ./activate.bro demo/foo -r $TRACES/empty.trace >>output
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
# @TEST-EXEC: btest-diff output
cat >scripts/__load__.bro <<EOF cat >scripts/__load__.bro <<EOF
@load ./demo/foo/base/at-startup.bro @load ./demo/foo/base/at-startup.bro

0
testing/btest/core/plugins/analyzer-plugin/.btest-ignore → testing/btest/plugins/file-plugin/.btest-ignore
View file

18
testing/btest/plugins/file-plugin/CMakeLists.txt Normal file
View file

@ -0,0 +1,18 @@
project(Bro-Plugin-Demo-Foo)
cmake_minimum_required(VERSION 2.6.3)
if ( NOT BRO_DIST )
message(FATAL_ERROR "BRO_DIST not set")
endif ()
set(CMAKE_MODULE_PATH ${BRO_DIST}/cmake)
include(BroPlugin)
bro_plugin_begin(Demo Foo)
bro_plugin_cc(src/Plugin.cc)
bro_plugin_cc(src/Foo.cc)
bro_plugin_bif(src/events.bif)
bro_plugin_end()

26
testing/btest/plugins/file-plugin/src/Foo.cc Normal file
View file

@ -0,0 +1,26 @@
#include "Foo.h"
#include <events.bif.h>
#include <file_analysis/Manager.h>
using namespace plugin::Demo_Foo;
Foo::Foo(RecordVal* args, file_analysis::File* file)
: file_analysis::Analyzer(file_mgr->GetComponentTag("FOO"), args, file)
{
}
file_analysis::Analyzer* Foo::Instantiate(RecordVal* args, file_analysis::File* file)
{
return new Foo(args, file);
}
bool Foo::DeliverStream(const u_char* data, uint64 len)
{
val_list* args = new val_list;
args->append(GetFile()->GetVal()->Ref());
args->append(new StringVal(new BroString(data, len, 0)));
mgr.QueueEvent(foo_piece, args);
return true;
}

23
testing/btest/plugins/file-plugin/src/Foo.h Normal file
View file

@ -0,0 +1,23 @@
#ifndef BRO_PLUGIN_DEMO_FOO_H
#define BRO_PLUGIN_DEMO_FOO_H
#include <Val.h>
#include <file_analysis/Analyzer.h>
namespace plugin {
namespace Demo_Foo {
class Foo : public file_analysis::Analyzer {
public:
virtual bool DeliverStream(const u_char* data, uint64 len);
static file_analysis::Analyzer* Instantiate(RecordVal* args, file_analysis::File* file);
protected:
Foo(RecordVal* args, file_analysis::File* file);
};
} }
#endif

25
testing/btest/plugins/file-plugin/src/Plugin.cc Normal file
View file

@ -0,0 +1,25 @@
#include <plugin/Plugin.h>
#include "Foo.h"
namespace plugin {
namespace Demo_Foo {
class Plugin : public plugin::Plugin {
public:
plugin::Configuration Configure()
{
AddComponent(new ::file_analysis::Component("Foo", ::plugin::Demo_Foo::Foo::Instantiate));
plugin::Configuration config;
config.name = "Demo::Foo";
config.description = "A Foo test analyzer";
config.version.major = 1;
config.version.minor = 0;
return config;
}
} plugin;
}
}

2
testing/btest/plugins/file-plugin/src/events.bif Normal file
View file

@ -0,0 +1,2 @@
event foo_piece%(f: fa_file, data: string%);

18
testing/btest/plugins/file.bro Normal file
View file

@ -0,0 +1,18 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo
# @TEST-EXEC: cp -r %DIR/file-plugin/* .
# @TEST-EXEC: make BRO=${DIST}
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output
# @TEST-EXEC: echo === >>output
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/ftp/retr.trace %INPUT >>output
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
event file_new(f: fa_file)
{
Files::add_analyzer(f, Files::ANALYZER_FOO);
}
event foo_piece(f: fa_file, data: string)
{
print "foo_piece", f$id, sub_bytes(data, 0, 20);
}

0
testing/btest/core/plugins/hooks-plugin/.btest-ignore → testing/btest/plugins/hooks-plugin/.btest-ignore
View file

0
testing/btest/core/plugins/hooks-plugin/src/Plugin.cc → testing/btest/plugins/hooks-plugin/src/Plugin.cc
View file

0
testing/btest/core/plugins/hooks.bro → testing/btest/plugins/hooks.bro
View file

0
testing/btest/core/plugins/analyzer-plugin/src/functions.bif → testing/btest/plugins/protocol-plugin/.btest-ignore
View file

0
testing/btest/core/plugins/analyzer-plugin/CMakeLists.txt → testing/btest/plugins/protocol-plugin/CMakeLists.txt
View file

0
testing/btest/core/plugins/analyzer-plugin/scripts/Demo/Foo/base/main.bro → testing/btest/plugins/protocol-plugin/scripts/Demo/Foo/base/main.bro
View file

0
testing/btest/core/plugins/analyzer-plugin/scripts/__load__.bro → testing/btest/plugins/protocol-plugin/scripts/__load__.bro
View file

59
testing/btest/plugins/protocol-plugin/src/Foo.cc Normal file
View file

@ -0,0 +1,59 @@
#include "Foo.h"
#include "foo_pac.h"
#include "events.bif.h"
#include <analyzer/protocol/tcp/TCP_Reassembler.h>
using namespace plugin::Demo_Foo;
Foo::Foo(Connection* conn)
: analyzer::tcp::TCP_ApplicationAnalyzer("Foo", conn)
{
interp = new binpac::Foo::Foo_Conn(this);
}
Foo::~Foo()
{
delete interp;
}
void Foo::Done()
{
analyzer::tcp::TCP_ApplicationAnalyzer::Done();
interp->FlowEOF(true);
interp->FlowEOF(false);
}
void Foo::EndpointEOF(bool is_orig)
{
analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
interp->FlowEOF(is_orig);
}
void Foo::DeliverStream(int len, const u_char* data, bool orig)
{
analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(len, data, orig);
assert(TCP());
if ( TCP()->IsPartial() )
// punt on partial.
return;
try
{
interp->NewData(orig, data, data + len);
}
catch ( const binpac::Exception& e )
{
ProtocolViolation(fmt("Binpac exception: %s", e.c_msg()));
}
}
void Foo::Undelivered(int seq, int len, bool orig)
{
analyzer::tcp::TCP_ApplicationAnalyzer::Undelivered(seq, len, orig);
interp->NewGap(orig, len);
}

13
testing/btest/core/plugins/analyzer-plugin/src/Foo.h → testing/btest/plugins/protocol-plugin/src/Foo.h
View file

@ -7,12 +7,13 @@
namespace binpac { namespace Foo { class Foo_Conn; } } namespace binpac { namespace Foo { class Foo_Conn; } }
namespace analyzer { namespace Foo { namespace plugin {
namespace Demo_Foo {
class Foo_Analyzer : public tcp::TCP_ApplicationAnalyzer { class Foo : public analyzer::tcp::TCP_ApplicationAnalyzer {
public: public:
Foo_Analyzer(Connection* conn); Foo(Connection* conn);
~Foo_Analyzer(); ~Foo();
virtual void Done(); virtual void Done();
virtual void DeliverStream(int len, const u_char* data, bool orig); virtual void DeliverStream(int len, const u_char* data, bool orig);
@ -20,12 +21,12 @@ public:
virtual void EndpointEOF(bool is_orig); virtual void EndpointEOF(bool is_orig);
static analyzer::Analyzer* Instantiate(Connection* conn) static analyzer::Analyzer* Instantiate(Connection* conn)
{ return new Foo_Analyzer(conn); } { return new Foo(conn); }
protected: protected:
binpac::Foo::Foo_Conn* interp; binpac::Foo::Foo_Conn* interp;
}; };
} } // namespace analyzer::* } }
#endif #endif

2
testing/btest/core/plugins/analyzer-plugin/src/Plugin.cc → testing/btest/plugins/protocol-plugin/src/Plugin.cc
View file

@ -10,7 +10,7 @@ class Plugin : public plugin::Plugin {
public: public:
plugin::Configuration Configure() plugin::Configuration Configure()
{ {
AddComponent(new ::analyzer::Component("Foo", ::analyzer::Foo::Foo_Analyzer::Instantiate)); AddComponent(new ::analyzer::Component("Foo", plugin::Demo_Foo::Foo::Instantiate));
plugin::Configuration config; plugin::Configuration config;
config.name = "Demo::Foo"; config.name = "Demo::Foo";

0
testing/btest/core/plugins/analyzer-plugin/src/events.bif → testing/btest/plugins/protocol-plugin/src/events.bif
View file

0
testing/btest/core/plugins/analyzer-plugin/src/foo-analyzer.pac → testing/btest/plugins/protocol-plugin/src/foo-analyzer.pac
View file

0
testing/btest/core/plugins/analyzer-plugin/src/foo-protocol.pac → testing/btest/plugins/protocol-plugin/src/foo-protocol.pac
View file

0
testing/btest/core/plugins/analyzer-plugin/src/foo.pac → testing/btest/plugins/protocol-plugin/src/foo.pac
View file

6
testing/btest/core/plugins/analyzer.bro → testing/btest/plugins/protocol.bro
View file

@ -1,10 +1,10 @@
# @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo # @TEST-EXEC: ${DIST}/aux/bro-aux/plugin-support/init-plugin Demo Foo
# @TEST-EXEC: cp -r %DIR/analyzer-plugin/* . # @TEST-EXEC: cp -r %DIR/protocol-plugin/* .
# @TEST-EXEC: make BRO=${DIST} # @TEST-EXEC: make BRO=${DIST}
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN | awk '/^Plugin:.*Demo/ {p=1; print; next} /^Plugin:/{p=0} p==1{print}' >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -NN Demo::Foo >>output
# @TEST-EXEC: echo === >>output # @TEST-EXEC: echo === >>output
# @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace %INPUT >>output # @TEST-EXEC: BRO_PLUGIN_PATH=`pwd` bro -r $TRACES/port4242.trace %INPUT >>output
# @TEST-EXEC: btest-diff output # @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff output
event foo_message(c: connection, data: string) event foo_message(c: connection, data: string)
{ {