spicy-redis: Cleanup scripts and tests

- Recomputes checksums for pcaps to keep clean - Removes some tests that had big pcaps or weren't necessary - Cleans up scripting names and minor points - Comments out Spicy code that causes a build failure now with a TODO to uncomment it
2025-10-02 06:38:20 +00:00 · 2025-05-16 13:16:49 -04:00 · 2025-05-16 13:16:49 -04:00 · d5b121db14
commit d5b121db14
parent 11777bd6d5
66 changed files with 368 additions and 1072 deletions
--- a/testing/btest/scripts/base/protocols/redis/almost-redis.zeek
+++ b/testing/btest/scripts/base/protocols/redis/almost-redis.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test 2 commands that look like RESP, then server responses don't
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/almost-resp.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/almost-resp.pcap %INPUT >output
 # @TEST-EXEC: btest-diff redis.log
 #
 # Really, the first 2 ARE Redis. The later ones should not be logged because we
--- a/testing/btest/scripts/base/protocols/redis/auth.zeek
+++ b/testing/btest/scripts/base/protocols/redis/auth.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek with AUTH commands
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/auth.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/auth.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output

@load base/protocols/redis
--- a/testing/btest/scripts/base/protocols/redis/bulk.zeek
+++ b/testing/btest/scripts/base/protocols/redis/bulk.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek parsing a trace file made with bulk-created SET commands
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/bulk-loading.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/bulk-loading.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output

 # The bulk-loading functionality just sends the serialized form from some ruby
--- a/testing/btest/scripts/base/protocols/redis/client-reply-off-2conn.zeek
+++ b/testing/btest/scripts/base/protocols/redis/client-reply-off-2conn.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test CLIENT REPLY OFF, but turns on with new connection
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/reply-off-on-2conn.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/reply-off-on-2conn.pcap %INPUT >output
 # @TEST-EXEC: btest-diff redis.log

@load base/protocols/redis
--- a/testing/btest/scripts/base/protocols/redis/client-reply-off.zeek
+++ b/testing/btest/scripts/base/protocols/redis/client-reply-off.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test CLIENT REPLY OFF then ON again and a SKIP
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/reply-off-on.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/reply-off-on.pcap %INPUT >output
 # @TEST-EXEC: btest-diff redis.log

@load base/protocols/redis
--- a/testing/btest/scripts/base/protocols/redis/client-skip-while-off.zeek
+++ b/testing/btest/scripts/base/protocols/redis/client-skip-while-off.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test CLIENT REPLY OFF then ON again and a SKIP
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/client-skip-while-off.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/client-skip-while-off.pcap %INPUT >output
 # @TEST-EXEC: btest-diff redis.log

@load base/protocols/redis
--- a/testing/btest/scripts/base/protocols/redis/django-cloud.zeek
+++ b/testing/btest/scripts/base/protocols/redis/django-cloud.zeek
@ -1,13 +1,15 @@
 # @TEST-DOC: Test Redis traffic from a django app using Redis (in the cloud) as a cache
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/django-cloud.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/django-cloud.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff redis.log
+# @TEST-EXEC: btest-diff conn.log

 # This test has a bunch of factorial commands, try to test for the correct
 # factorial without exploding the baseline

+@load base/protocols/conn
@load base/protocols/redis

 redef Redis::ports += {
--- a/testing/btest/scripts/base/protocols/redis/django.zeek
+++ b/testing/btest/scripts/base/protocols/redis/django.zeek
@ -1,15 +0,0 @@
-# @TEST-DOC: Test Redis traffic from a django app using Redis as a cache
-# @TEST-REQUIRES: have-spicy
-#
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/django-cache.pcap %INPUT >output
-# @TEST-EXEC: btest-diff output
-# @TEST-EXEC: btest-diff redis.log
-
-@load base/protocols/redis
-
-event Redis::set_command(c: connection, command: Redis::SetCommand)
-	{
-	# Print the whole command because these have extra data that's worth capturing.
-	print fmt("SET: %s %s expires in %d milliseconds", command$key, command$value,
-	    command$px);
-	}
--- a/testing/btest/scripts/base/protocols/redis/excessive-pipelining.zeek
+++ b/testing/btest/scripts/base/protocols/redis/excessive-pipelining.zeek
@ -1,11 +1,11 @@
 # @TEST-DOC: Test Zeek parsing "pipelined" data responses
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/excessive-pipelining.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/excessive-pipelining.pcap %INPUT >output
 # @TEST-EXEC: btest-diff redis.log
 # @TEST-EXEC: btest-diff weird.log

@load base/protocols/redis

 # Make sure we get a weird if we go over the pipelining threshold (intentionally limited)
-redef Redis::max_pending_requests = 5;
+redef Redis::max_pending_commands = 5;
--- a/testing/btest/scripts/base/protocols/redis/pipeline-with-quotes.zeek
+++ b/testing/btest/scripts/base/protocols/redis/pipeline-with-quotes.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek parsing "pipelined" data responses
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/pipeline-quotes.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/pipeline-quotes.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff redis.log
 # TODO: Make it so weird.log exists again with `zeek::weird` for inline commands
--- a/testing/btest/scripts/base/protocols/redis/pipelined-with-commands.zeek
+++ b/testing/btest/scripts/base/protocols/redis/pipelined-with-commands.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek parsing "pipelined" data responses
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/pipeline-with-commands.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/pipeline-with-commands.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff redis.log

--- a/testing/btest/scripts/base/protocols/redis/pipelined.zeek
+++ b/testing/btest/scripts/base/protocols/redis/pipelined.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek parsing "pipelined" data responses
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/pipelining-example.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/pipelining-example.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff redis.log

--- a/testing/btest/scripts/base/protocols/redis/pubsub.zeek
+++ b/testing/btest/scripts/base/protocols/redis/pubsub.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek parsing pubsub commands
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/pubsub.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/pubsub.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: btest-diff redis.log

--- a/testing/btest/scripts/base/protocols/redis/set.zeek
+++ b/testing/btest/scripts/base/protocols/redis/set.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek parsing SET commands
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/set.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/set.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output

@load base/protocols/redis
--- a/testing/btest/scripts/base/protocols/redis/start-with-server.zeek
+++ b/testing/btest/scripts/base/protocols/redis/start-with-server.zeek
@ -1,17 +1,17 @@
 # @TEST-DOC: Test that Redis does not parse if it starts with the server data
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/start-with-server.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/start-with-server.pcap %INPUT >output
 # @TEST-EXEC: btest-diff output

@load base/protocols/redis

-event Redis::client_command(c: connection, command: Redis::Command)
+event Redis::command(c: connection, command: Redis::Command)
 	{
 	print "BAD", command;
 	}

-event Redis::server_data(c: connection, dat: Redis::ServerData)
+event Redis::reply(c: connection, dat: Redis::ServerData)
 	{
 	print "BAD", dat;
 	}
--- a/testing/btest/scripts/base/protocols/redis/stream.zeek
+++ b/testing/btest/scripts/base/protocols/redis/stream.zeek
@ -1,7 +1,7 @@
 # @TEST-DOC: Test Zeek parsing pubsub commands
 # @TEST-REQUIRES: have-spicy
 #
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/stream.pcap %INPUT >output
+# @TEST-EXEC: zeek -b -r $TRACES/redis/stream.pcap %INPUT >output
 # @TEST-EXEC: btest-diff redis.log

 # Streams like with XRANGE return arrays of bulk strings. We shouldn't count the
--- a/testing/btest/scripts/base/protocols/redis/tls.zeek
+++ b/testing/btest/scripts/base/protocols/redis/tls.zeek
@ -1,9 +0,0 @@
-# @TEST-DOC: Test Zeek with RESP over TLS so it doesn't get gibberish
-# @TEST-REQUIRES: have-spicy
-#
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/tls.pcap %INPUT >output
-# @TEST-EXEC-FAIL: test -f redis.log
-
-# The logs should probably be empty since it's all encrypted
-
-@load base/protocols/redis
--- a/testing/btest/scripts/base/protocols/redis/trace.zeek
+++ b/testing/btest/scripts/base/protocols/redis/trace.zeek
@ -1,18 +0,0 @@
-# @TEST-DOC: Test Zeek parsing a trace file through the Redis analyzer.
-# @TEST-REQUIRES: have-spicy
-#
-# @TEST-EXEC: zeek -b -Cr $TRACES/redis/loop-redis.pcap %INPUT >output
-# @TEST-EXEC: btest-diff output
-# @TEST-EXEC: btest-diff redis.log
-
-@load base/protocols/redis
-
-event Redis::set_command(c: connection, command: Redis::SetCommand)
-	{
-	print fmt("SET: %s %s", command$key, command$value);
-	}
-
-event Redis::get_command(c: connection, key: string)
-	{
-	print fmt("GET: %s", key);
-	}