mirror of
https://github.com/zeek/zeek.git
synced 2025-10-01 22:28:20 +00:00
Remove deprecations tagged for v8.1
This commit is contained in:
Tim Wojtulewicz
parent
e4dab3dded
commit
d95affde4d
108 changed files with 113 additions and 2230 deletions
|
|
@ -1,5 +1,5 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
error in <...>/main.zeek, line 691: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_x))
|
||||
error in <...>/main.zeek, line 691: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_wss_port))
|
||||
error in <...>/main.zeek, line 691: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_qs))
|
||||
error in <...>/main.zeek, line 689: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_x))
|
||||
error in <...>/main.zeek, line 689: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_wss_port))
|
||||
error in <...>/main.zeek, line 689: Already listening on 127.0.0.1:<port> (Cluster::__listen_websocket(ws_opts_qs))
|
||||
received termination signal
|
||||
|
|
|
|||
|
|
@ -1,4 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in ../manager.zeek, line 12: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. ((coerce [$listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))] to Cluster::WebSocketServerOptions))
|
||||
warning in <no location>: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. (Cluster::WebSocketServerOptions($listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))))
|
||||
received termination signal
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
error in <...>/main.zeek, line 691: Invalid tls_options: No key_file field (Cluster::__listen_websocket(Cluster::options.0))
|
||||
error in <...>/main.zeek, line 691: Invalid tls_options: No cert_file field (Cluster::__listen_websocket(Cluster::options.3))
|
||||
error in <...>/main.zeek, line 689: Invalid tls_options: No key_file field (Cluster::__listen_websocket(Cluster::options.0))
|
||||
error in <...>/main.zeek, line 689: Invalid tls_options: No cert_file field (Cluster::__listen_websocket(Cluster::options.3))
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
[, ct, str1]
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
receiver added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
receiver got ping: my-message, 1
|
||||
receiver got ping: my-message, 2
|
||||
receiver got ping: my-message, 3
|
||||
receiver got ping: my-message, 4
|
||||
receiver got ping: my-message, 5
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
sender added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
sender got pong: my-message, 1
|
||||
sender got pong: my-message, 2
|
||||
sender got pong: my-message, 3
|
||||
sender got pong: my-message, 4
|
||||
sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
receiver added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
receiver got ping: my-message, 1
|
||||
receiver got ping: my-message, 2
|
||||
receiver got ping: my-message, 3
|
||||
receiver got ping: my-message, 4
|
||||
receiver got ping: my-message, 5
|
||||
|
|
@ -1,7 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
sender added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
sender got pong: my-message, 1
|
||||
sender got pong: my-message, 2
|
||||
sender got pong: my-message, 3
|
||||
sender got pong: my-message, 4
|
||||
sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
receiver added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
receiver got ping: my-message-a intended for 1989-12-12-22:00:00 stamped to 1989-12-12-22:00:00 (is_remote = T)
|
||||
receiver got ping: my-message-b intended for 1989-12-12-22:15:00 stamped to 1989-12-12-22:15:00 (is_remote = T)
|
||||
receiver got ping: my-message-c intended for 1989-12-12-22:30:00 stamped to 1989-12-12-22:30:00 (is_remote = T)
|
||||
receiver got ping: my-message-a intended for 1989-12-12-23:00:00 stamped to 1989-12-12-23:00:00 (is_remote = T)
|
||||
receiver got ping: my-message-b intended for 1989-12-12-23:15:00 stamped to 1989-12-12-23:15:00 (is_remote = T)
|
||||
receiver got ping: my-message-c intended for 1989-12-12-23:30:00 stamped to 1989-12-12-23:30:00 (is_remote = T)
|
||||
receiver got ping: my-message-a intended for 1989-12-13-00:00:00 stamped to 1989-12-13-00:00:00 (is_remote = T)
|
||||
receiver got ping: my-message-b intended for 1989-12-13-00:15:00 stamped to 1989-12-13-00:15:00 (is_remote = T)
|
||||
receiver got ping: my-message-c intended for 1989-12-13-00:30:00 stamped to 1989-12-13-00:30:00 (is_remote = T)
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
sender added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
>> Run 1 (1989-12-12-22:00:00)
|
||||
>> Run 2 (1989-12-12-23:00:00)
|
||||
>> Run 3 (1989-12-13-00:00:00)
|
||||
>> Run 4 (1989-12-13-01:00:00)
|
||||
>> Run 5 (1989-12-13-02:00:00)
|
||||
>> Run 6 (1989-12-13-03:00:00)
|
||||
>> Run 7 (1989-12-13-04:00:00)
|
||||
>> Run 8 (1989-12-13-05:00:00)
|
||||
>> Run 9 (1989-12-13-06:00:00)
|
||||
>> Run 10 (1989-12-13-07:00:00)
|
||||
sender lost peer: endpoint=127.0.0.1 msg=lost connection to remote peer
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ping args ['my-message', 1] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:14.000'}]}]
|
||||
ping args ['my-message', 2] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:24.000'}]}]
|
||||
ping args ['my-message', 3] metadata [{'@data-type': 'vector', 'data': [{'@data-type': 'count', 'data': 1}, {'@data-type': 'timestamp', 'data': '2023-04-18T12:13:34.000'}]}]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
sender added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
sender got pong: my-message, 1 network_time=1681819994.0 current_event_time=1681819995.0
|
||||
sender got pong: my-message, 2 network_time=1681820004.0 current_event_time=1681819996.0
|
||||
sender got pong: my-message, 3 network_time=1681820014.0 current_event_time=1681819997.0
|
||||
sender lost peer: endpoint=127.0.0.1 msg=lost connection to client
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ping ['my-message', 1]
|
||||
ping ['my-message', 2]
|
||||
ping ['my-message', 3]
|
||||
|
|
@ -1,6 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
sender added peer: endpoint=127.0.0.1 msg=handshake successful
|
||||
sender got pong: my-message, 1
|
||||
sender got pong: my-message, 2
|
||||
sender got pong: my-message, 3
|
||||
sender lost peer: endpoint=127.0.0.1 msg=lost connection to client
|
||||
|
|
@ -1 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
|
|
@ -1,12 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
Connected
|
||||
Sending ping 0
|
||||
topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 1}]
|
||||
Sending ping 1
|
||||
topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 2}]
|
||||
Sending ping 2
|
||||
topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 3}]
|
||||
Sending ping 3
|
||||
topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 4}]
|
||||
Sending ping 4
|
||||
topic /test/pings event name pong args [{'@data-type': 'string', 'data': 'my-message'}, {'@data-type': 'count', 'data': 5}]
|
||||
|
|
@ -1,3 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in ../manager.zeek, line 12: deprecated (Cluster::WebSocketServerOptions$listen_host): Remove in v8.1: Use $listen_addr instead. ((coerce [$listen_host=::1, $listen_port=to_port(getenv(WEBSOCKET_PORT))] to Cluster::WebSocketServerOptions))
|
||||
received termination signal
|
||||
|
|
@ -1,8 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
Cluster::websocket_client_added, [/test/pings, /zeek/wstest/ws1/]
|
||||
got ping: ping 0, 0
|
||||
got ping: ping 1, 1
|
||||
got ping: ping 2, 2
|
||||
got ping: ping 3, 3
|
||||
got ping: ping 4, 4
|
||||
Cluster::websocket_client_lost
|
||||
|
|
@ -1,2 +1 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in <...>/dns-init.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname().
|
||||
|
|
|
|||
|
|
@ -1,5 +1,2 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in <...>/fake_dns.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname().
|
||||
warning in <...>/fake_dns.zeek, line 9: Remove in v8.1: DNS lookup of host literal 'bing.com' is deprecated. Replace with blocking_lookup_hostname().
|
||||
warning in <...>/fake_dns.zeek, line 10: Remove in v8.1: DNS lookup of host literal 'yahoo.com' is deprecated. Replace with blocking_lookup_hostname().
|
||||
received termination signal
|
||||
|
|
|
|||
|
|
@ -1,2 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname().
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname().
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
dns.example.com, {
|
||||
9fb0:8c56:531e:72ee:ca2b:4c97:da18:3a6
|
||||
}
|
||||
|
|
@ -1 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
|
|
@ -1,5 +1,2 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
### NOTE: This file has been sorted with diff-sort.
|
||||
warning in <...>/detect-protocols.zeek, line 1: deprecated script loaded from command line arguments ("frameworks<...>/detect-protocols.zeek moved to frameworks<...>/detect-protocols.zeek. Please switch to frameworks<...>/detect-protocols.zeek. Remove in 8.1")
|
||||
warning in <...>/detect-sqli.zeek, line 16: deprecated script loaded from command line arguments "Remove in v8.1: Switch to the improved detect-sql-injection script"
|
||||
warning in <...>/packet-segment-logging.zeek, line 1: deprecated script loaded from command line arguments ("Please switch to frameworks<...>/packet-segment-logging, which logs to analyzer.log. Remove in 8.1")
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@ dce_rpc
|
|||
dhcp
|
||||
dnp3
|
||||
dns
|
||||
dpd
|
||||
files
|
||||
ftp
|
||||
http
|
||||
|
|
|
|||
|
|
@ -1,6 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
warning in <...>/optional-and-default-field.zeek, line 10: Remove in v8.1: Using &default and &optional together results in &default behavior
|
||||
warning in <...>/optional-and-default-field.zeek, line 11: Remove in v8.1: Using &default and &optional together results in &default behavior
|
||||
warning in <...>/optional-and-default-field.zeek, line 12: Remove in v8.1: Using &default and &optional together results in &default behavior
|
||||
warning in <...>/optional-and-default-field.zeek, line 13: Remove in v8.1: Using &default and &optional together results in &default behavior
|
||||
warning in <...>/optional-and-default-field.zeek, line 14: Remove in v8.1: Using &default and &optional together results in &default behavior
|
||||
|
|
@ -1,2 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
[c=5, i=-5, v=[], r0=[], r1=[]]
|
||||
|
|
@ -102,7 +102,6 @@
|
|||
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
|
||||
0.000000 MetaHookPost CallFunction(Option::set_change_handler, <frame>, (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)) -> <no result>
|
||||
|
|
@ -1045,7 +1044,6 @@
|
|||
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
|
||||
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
|
||||
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
|
||||
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
|
||||
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
|
||||
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
|
||||
0.000000 MetaHookPre CallFunction(Option::set_change_handler, <frame>, (HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100))
|
||||
|
|
@ -1987,7 +1985,6 @@
|
|||
0.000000 | HookCallFunction Option::set_change_handler(Conn::port_inactivity_timeouts, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
|
||||
0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
|
||||
0.000000 | HookCallFunction Option::set_change_handler(DPD::ignore_violations_after, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
|
||||
0.000000 | HookCallFunction Option::set_change_handler(DPD::max_violations, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
|
||||
0.000000 | HookCallFunction Option::set_change_handler(DPD::track_removed_services_in_connection, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
|
||||
0.000000 | HookCallFunction Option::set_change_handler(Files::enable_reassembler, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
|
||||
0.000000 | HookCallFunction Option::set_change_handler(HTTP::default_capture_password, Config::config_option_changed: function(ID:string, new_value:any, location:string) : any{ if (<skip-config-log> == Config::location) return (Config::new_value)Config::log = Config::Info($ts=network_time(), $id=Config::ID, $old_value=Config::format_value(lookup_ID(Config::ID)), $new_value=Config::format_value(Config::new_value))if ( != Config::location) Config::log$location = Config::locationLog::write(Config::LOG, to_any_coerce Config::log)return (Config::new_value)}, -100)
|
||||
|
|
|
|||
|
|
@ -1,17 +1,17 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=32018, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=2196, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=12994, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=23868, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=37611, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=9551, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=48254, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=33130, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=15141, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=41675, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=63711, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=65395, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=31400, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=60289, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=31000, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=40187, removal_flag=0, complte_flag=\x01, is_query=0, complete_flag=1]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=32018, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=2196, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=12994, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=23868, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=7, key_id=37611, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=9551, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=5, key_id=48254, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=8, key_id=33130, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=15141, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=41675, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=10, key_id=63711, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=65395, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=13, key_id=31400, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=14, key_id=60289, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=15, key_id=31000, removal_flag=0, complete_flag=1, is_query=0]
|
||||
BINDS, [query=example.net, answer_type=1, algorithm=16, key_id=40187, removal_flag=0, complete_flag=1, is_query=0]
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dpd
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
||||
#types time string addr port addr port enum string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51354 127.0.0.1 21 tcp FTP non-numeric reply code [99 PASV invalid]
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dpd
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
||||
#types time string addr port addr port enum string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 127.0.0.1 51346 127.0.0.1 21 tcp FTP invalid reply line [230_no_space]
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dpd
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
||||
#types time string addr port addr port enum string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 173.86.159.28 2152 213.72.147.186 2152 udp GTPV1 Truncated GTPv1
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dpd
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
||||
#types time string addr port addr port enum string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.12.5 51792 192.0.78.212 80 tcp HTTP not a http request line
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dpd
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason
|
||||
#types time string addr port addr port enum string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 192.168.0.173 1068 192.168.0.2 4997 tcp NTLM NTLM AV Pair loop underflow
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,11 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
#separator \x09
|
||||
#set_separator ,
|
||||
#empty_field (empty)
|
||||
#unset_field -
|
||||
#path dpd
|
||||
#open XXXX-XX-XX-XX-XX-XX
|
||||
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto analyzer failure_reason packet_segment
|
||||
#types time string addr port addr port enum string string string
|
||||
XXXXXXXXXX.XXXXXX CHhAvVGS1DHFjwGM9 2001:470:1f05:17a6:d69a:20ff:fefd:6b88 24316 2001:6a8:a40::21 21 tcp FTP non-numeric reply code [SSH-2.0-mod_sftp/0.9.7] \xd4\x9a \xfdk\x88\x00\x80\xc8\xb9\xc2\x06\x86\xdd`\x00\x00\x00\x00t\x067 \x01\x06\xa8\x0a@\x00\x00\x00\x00\x00\x00\x00\x00\x00! \x01\x04p\x1f\x05\x17\xa6\xd6\x9a \xff\xfe\xfdk\x88\x00\x15^\xfc\x1f]\xed\x1b\xa9\x9f`\xf1P\x18\x00\x09~n\x00\x00SSH-2.0-mod_sftp/0.9.7\x0d\x0a\x00\x00\x00D\x08\x01\x00\x00\x00\x0c\x00\x00\x00)Maximum connections for host/user reached\x00\x00\x00\x05en-USI\xf8\xb9C\xae\xcf`\xc4
|
||||
#close XXXX-XX-XX-XX-XX-XX
|
||||
|
|
@ -1,5 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
uid method host uri tags
|
||||
ClEkJM2Vm5giqnMf4h GET 192.168.111.154 /dvwa/vulnerabilities/sqli/?id=1'+OR+'1'='1&Submit=Submit HTTP::URI_SQLI
|
||||
C4J4Th3PJpwUYZZ6gc GET 192.168.111.154 /dvwa/vulnerabilities/sqli/?id=1'+UNION+SELECT+NULL,+version()+#&Submit=Submit HTTP::URI_SQLI
|
||||
CtPZjS20MLrsMUOJi2 GET 192.168.111.154 /dvwa/vulnerabilities/sqli/?id=2'+OR+'2'='2&Submit=Submit HTTP::URI_SQLI
|
||||
|
|
@ -1,4 +0,0 @@
|
|||
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
|
||||
ClEkJM2Vm5giqnMf4h, [orig_h=192.168.111.148, orig_p=53796/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a}
|
||||
C4J4Th3PJpwUYZZ6gc, [orig_h=192.168.111.148, orig_p=57524/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a}
|
||||
CtPZjS20MLrsMUOJi2, [orig_h=192.168.111.148, orig_p=40112/tcp, resp_h=192.168.111.154, resp_p=80/tcp, proto=6, ctx=[]], {\x0a\x09HTTP::URI_SQLI\x0a}
|
||||
|
|
@ -1,13 +0,0 @@
|
|||
#
|
||||
# @TEST-EXEC: zeek -b %INPUT >out
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
type myrecord: record {
|
||||
ct: count;
|
||||
str1: string;
|
||||
};
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
print record_type_to_vector("myrecord");
|
||||
}
|
||||
|
|
@ -1,119 +0,0 @@
|
|||
# @TEST-DOC: Disabling an unrelated event group caused auto-publish to break because the remote event had no bodies and got disabled. This is a regression test it's not being done again.
|
||||
#
|
||||
# Remove in v8.1 when auto_publish() is removed.
|
||||
#
|
||||
# @TEST-GROUP: broker
|
||||
#
|
||||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
|
||||
# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out"
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-wait 10
|
||||
# @TEST-EXEC: btest-diff recv/recv.out
|
||||
# @TEST-EXEC: btest-diff send/send.out
|
||||
|
||||
# @TEST-START-FILE send.zeek
|
||||
|
||||
global event_count = 0;
|
||||
|
||||
global ping: event(msg: string, c: count);
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::subscribe("zeek/event/my_topic");
|
||||
Broker::auto_publish("zeek/event/my_topic", ping);
|
||||
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
function send_event()
|
||||
{
|
||||
event ping("my-message", ++event_count);
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
send_event();
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
terminate();
|
||||
}
|
||||
|
||||
event pong(msg: string, n: count) &is_used
|
||||
{
|
||||
print fmt("sender got pong: %s, %s", msg, n);
|
||||
send_event();
|
||||
}
|
||||
|
||||
module TestDumpEvents;
|
||||
|
||||
event pong(msg: string, n: count) &is_used
|
||||
{
|
||||
print fmt("ERROR: This should not be visible: %s, %s", msg, n);
|
||||
}
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
disable_module_events("TestDumpEvents");
|
||||
}
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
||||
|
||||
# @TEST-START-FILE recv.zeek
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
const events_to_recv = 5;
|
||||
|
||||
global pong: event(msg: string, c: count);
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::subscribe("zeek/event/my_topic");
|
||||
Broker::auto_publish("zeek/event/my_topic", pong);
|
||||
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("receiver added peer: endpoint=%s msg=%s",
|
||||
endpoint$network$address, msg);
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("receiver lost peer: endpoint=%s msg=%s",
|
||||
endpoint$network$address, msg);
|
||||
}
|
||||
|
||||
event ping(msg: string, n: count) &is_used
|
||||
{
|
||||
print fmt("receiver got ping: %s, %s", msg, n);
|
||||
|
||||
if ( n == events_to_recv )
|
||||
{
|
||||
terminate();
|
||||
return;
|
||||
}
|
||||
|
||||
event pong(msg, n);
|
||||
}
|
||||
|
||||
module TestDumpEvents;
|
||||
|
||||
event ping(msg: string, n: count) &is_used
|
||||
{
|
||||
print fmt("ERROR: This should not be visible: %s, %s", msg, n);
|
||||
}
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
disable_module_events("TestDumpEvents");
|
||||
}
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
|
@ -1,98 +0,0 @@
|
|||
# Remove in v8.1 when auto_publish() is gone.
|
||||
#
|
||||
# @TEST-GROUP: broker
|
||||
#
|
||||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
|
||||
# @TEST-EXEC: btest-bg-run send "zeek -b ../send.zeek >send.out"
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-wait 45
|
||||
# @TEST-EXEC: btest-diff recv/recv.out
|
||||
# @TEST-EXEC: btest-diff send/send.out
|
||||
|
||||
# @TEST-START-FILE send.zeek
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
global event_count = 0;
|
||||
|
||||
global ping: event(msg: string, c: count);
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::subscribe("zeek/event/my_topic");
|
||||
Broker::auto_publish("zeek/event/my_topic", ping);
|
||||
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
function send_event()
|
||||
{
|
||||
event ping("my-message", ++event_count);
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
send_event();
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
terminate();
|
||||
}
|
||||
|
||||
event pong(msg: string, n: count)
|
||||
{
|
||||
print fmt("sender got pong: %s, %s", msg, n);
|
||||
send_event();
|
||||
}
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
||||
|
||||
# @TEST-START-FILE recv.zeek
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
const events_to_recv = 5;
|
||||
|
||||
global handler: event(msg: string, c: count);
|
||||
global auto_handler: event(msg: string, c: count);
|
||||
|
||||
global pong: event(msg: string, c: count);
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::subscribe("zeek/event/my_topic");
|
||||
Broker::auto_publish("zeek/event/my_topic", pong);
|
||||
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("receiver added peer: endpoint=%s msg=%s",
|
||||
endpoint$network$address, msg);
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("receiver lost peer: endpoint=%s msg=%s",
|
||||
endpoint$network$address, msg);
|
||||
}
|
||||
|
||||
event ping(msg: string, n: count)
|
||||
{
|
||||
print fmt("receiver got ping: %s, %s", msg, n);
|
||||
|
||||
if ( n == events_to_recv )
|
||||
{
|
||||
terminate();
|
||||
return;
|
||||
}
|
||||
|
||||
event pong(msg, n);
|
||||
}
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
|
@ -1,89 +0,0 @@
|
|||
# Remove in v8.1 when auto_publish() is gone.
|
||||
#
|
||||
# Not compatible with -O C++ testing since includes two distinct scripts.
|
||||
# @TEST-REQUIRES: test "${ZEEK_USE_CPP}" != "1"
|
||||
#
|
||||
# @TEST-GROUP: broker
|
||||
#
|
||||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run recv "zeek -b ../recv.zeek >recv.out"
|
||||
# @TEST-EXEC: btest-bg-run send "zeek -b -r $TRACES/ticks-dns-1hr.pcap ../send.zeek >send.out"
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-wait 45
|
||||
# @TEST-EXEC: btest-diff recv/recv.out
|
||||
# @TEST-EXEC: btest-diff send/send.out
|
||||
|
||||
# @TEST-START-FILE send.zeek
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
redef EventMetadata::add_network_timestamp = T;
|
||||
|
||||
global runs = 0;
|
||||
global ping: event(msg: string, intended_ts: time);
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
suspend_processing();
|
||||
Broker::subscribe("zeek/event/my_topic");
|
||||
Broker::auto_publish("zeek/event/my_topic", ping);
|
||||
Broker::peer("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender added peer: endpoint=%s msg=%s",
|
||||
endpoint$network$address, msg);
|
||||
continue_processing();
|
||||
}
|
||||
|
||||
event new_connection(c: connection)
|
||||
{
|
||||
print fmt(">> Run %s (%D)", ++runs, network_time());
|
||||
|
||||
event ping("my-message-a", network_time());
|
||||
schedule 30 mins { ping("my-message-c", network_time() + 30 mins) };
|
||||
schedule 15 mins { ping("my-message-b", network_time() + 15 mins) };
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender lost peer: endpoint=%s msg=%s",
|
||||
endpoint$network$address, msg);
|
||||
terminate();
|
||||
}
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
||||
|
||||
# @TEST-START-FILE recv.zeek
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
redef EventMetadata::add_network_timestamp = T;
|
||||
|
||||
global msg_count = 0;
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::subscribe("zeek/event/my_topic");
|
||||
Broker::listen("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("receiver added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
}
|
||||
|
||||
event ping(msg: string, intended_ts: time) &is_used
|
||||
{
|
||||
if ( ++msg_count >= 10 )
|
||||
{
|
||||
terminate();
|
||||
return;
|
||||
}
|
||||
|
||||
print fmt("receiver got ping: %s intended for %D stamped to %D (is_remote = %s)",
|
||||
msg, intended_ts, current_event_time(), is_remote_event());
|
||||
}
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
|
@ -1,153 +0,0 @@
|
|||
# @TEST-GROUP: broker
|
||||
#
|
||||
# This test requires the websockets module, available via
|
||||
# "pip install websockets".
|
||||
# @TEST-REQUIRES: python3 -c 'import websockets'
|
||||
#
|
||||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run server "zeek -b %INPUT >output"
|
||||
# @TEST-EXEC: btest-bg-run client "python3 ../client.py >output"
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-wait 5
|
||||
# @TEST-EXEC: btest-diff client/output
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER= btest-diff server/output
|
||||
|
||||
redef allow_network_time_forward = F;
|
||||
redef exit_only_after_terminate = T;
|
||||
redef Broker::disable_ssl = T;
|
||||
redef EventMetadata::add_network_timestamp = T;
|
||||
|
||||
global event_count = 0;
|
||||
|
||||
global ping: event(msg: string, c: count);
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
# Tue 18 Apr 2023 12:13:14 PM UTC
|
||||
set_network_time(double_to_time(1681819994.0));
|
||||
Broker::subscribe("/zeek/event/my_topic");
|
||||
Broker::listen_websocket("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
event send_event()
|
||||
{
|
||||
++event_count;
|
||||
local e = Broker::make_event(ping, "my-message", event_count);
|
||||
Broker::publish("/zeek/event/my_topic", e);
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
event send_event();
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
terminate();
|
||||
}
|
||||
|
||||
event pong(msg: string, n: count) &is_used
|
||||
{
|
||||
print fmt("sender got pong: %s, %s network_time=%s current_event_time=%s",
|
||||
msg, n, network_time(), current_event_time());
|
||||
set_network_time(network_time() + 10sec);
|
||||
|
||||
# pong is a remote event and a Broker::publish() would take
|
||||
# current_event_time() as the network time for Broker::publish(),
|
||||
# prevent this by queuing a new send_event().
|
||||
event send_event();
|
||||
}
|
||||
|
||||
|
||||
# @TEST-START-FILE client.py
|
||||
import asyncio, datetime, websockets, os, time, json, sys
|
||||
|
||||
ws_port = os.environ['BROKER_PORT'].split('/')[0]
|
||||
ws_url = 'ws://localhost:%s/v1/messages/json' % ws_port
|
||||
topic = '"/zeek/event/my_topic"'
|
||||
|
||||
def broker_value(type, val):
|
||||
return {
|
||||
'@data-type': type,
|
||||
'data': val
|
||||
}
|
||||
|
||||
async def do_run():
|
||||
# Try up to 30 times.
|
||||
connected = False
|
||||
for i in range(30):
|
||||
try:
|
||||
ws = await websockets.connect(ws_url)
|
||||
connected = True
|
||||
|
||||
# send filter and wait for ack
|
||||
await ws.send('[%s]' % topic)
|
||||
ack_json = await ws.recv()
|
||||
ack = json.loads(ack_json)
|
||||
if not 'type' in ack or ack['type'] != 'ack':
|
||||
print('*** unexpected ACK from server:')
|
||||
print(ack_json)
|
||||
sys.exit()
|
||||
except Exception as e:
|
||||
if not connected:
|
||||
print('failed to connect to %s, try again (%s)' % (ws_url, e), file=sys.stderr)
|
||||
await asyncio.sleep(1)
|
||||
continue
|
||||
else:
|
||||
print('exception: %s' % e, file=sys.stderr)
|
||||
sys.exit()
|
||||
|
||||
for round in range(3):
|
||||
# wait for ping
|
||||
msg = await ws.recv()
|
||||
msg = json.loads(msg)
|
||||
if not 'type' in msg or msg['type'] != 'data-message':
|
||||
print("unexpected type", msg)
|
||||
continue
|
||||
ping = msg['data'][2]['data']
|
||||
if len(ping) < 3:
|
||||
print("no metadata on event")
|
||||
continue
|
||||
|
||||
name = ping[0]['data']
|
||||
args = [x['data'] for x in ping[1]['data']]
|
||||
metadata = ping[2]['data']
|
||||
print(name, "args", args, "metadata", metadata)
|
||||
|
||||
# send pong
|
||||
dt = datetime.datetime.utcfromtimestamp(1681819994 + args[1])
|
||||
ts_str = dt.isoformat('T', 'milliseconds')
|
||||
pong = [
|
||||
broker_value('string', 'pong'),
|
||||
broker_value('vector', [
|
||||
broker_value('string', args[0]),
|
||||
broker_value('count', args[1]),
|
||||
]),
|
||||
broker_value('vector', [
|
||||
broker_value('vector', [
|
||||
broker_value('count', 1), # network_timestamp
|
||||
broker_value('timestamp', ts_str),
|
||||
]),
|
||||
]),
|
||||
]
|
||||
|
||||
ev = [broker_value('count', 1), broker_value('count', 1), broker_value('vector', pong)]
|
||||
msg = {
|
||||
'type': 'data-message',
|
||||
'topic': '/zeek/event/my_topic',
|
||||
'@data-type': 'vector', 'data': ev
|
||||
}
|
||||
|
||||
msg = json.dumps(msg)
|
||||
await ws.send(msg)
|
||||
|
||||
await ws.close()
|
||||
sys.exit()
|
||||
|
||||
loop = asyncio.get_event_loop()
|
||||
loop.run_until_complete(do_run())
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
|
@ -1,128 +0,0 @@
|
|||
# @TEST-GROUP: broker
|
||||
#
|
||||
# This test requires the websockets module, available via
|
||||
# "pip install websockets".
|
||||
# @TEST-REQUIRES: python3 -c 'import websockets'
|
||||
#
|
||||
# @TEST-PORT: BROKER_PORT
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run server "zeek -b %INPUT >output"
|
||||
# @TEST-EXEC: btest-bg-run client "python3 ../client.py >output"
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-wait 45
|
||||
# @TEST-EXEC: btest-diff client/output
|
||||
# @TEST-EXEC: btest-diff server/output
|
||||
|
||||
redef exit_only_after_terminate = T;
|
||||
redef Broker::disable_ssl = T;
|
||||
|
||||
global event_count = 0;
|
||||
|
||||
global ping: event(msg: string, c: count);
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Broker::subscribe("/zeek/event/my_topic");
|
||||
Broker::listen_websocket("127.0.0.1", to_port(getenv("BROKER_PORT")));
|
||||
}
|
||||
|
||||
function send_event()
|
||||
{
|
||||
++event_count;
|
||||
local e = Broker::make_event(ping, "my-message", event_count);
|
||||
Broker::publish("/zeek/event/my_topic", e);
|
||||
}
|
||||
|
||||
event Broker::peer_added(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender added peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
send_event();
|
||||
}
|
||||
|
||||
event Broker::peer_lost(endpoint: Broker::EndpointInfo, msg: string)
|
||||
{
|
||||
print fmt("sender lost peer: endpoint=%s msg=%s", endpoint$network$address, msg);
|
||||
terminate();
|
||||
}
|
||||
|
||||
event pong(msg: string, n: count) &is_used
|
||||
{
|
||||
print fmt("sender got pong: %s, %s", msg, n);
|
||||
send_event();
|
||||
}
|
||||
|
||||
|
||||
# @TEST-START-FILE client.py
|
||||
import asyncio, websockets, os, time, json, sys
|
||||
|
||||
ws_port = os.environ['BROKER_PORT'].split('/')[0]
|
||||
ws_url = 'ws://localhost:%s/v1/messages/json' % ws_port
|
||||
topic = '"/zeek/event/my_topic"'
|
||||
|
||||
def broker_value(type, val):
|
||||
return {
|
||||
'@data-type': type,
|
||||
'data': val
|
||||
}
|
||||
|
||||
async def do_run():
|
||||
# Try up to 30 times.
|
||||
connected = False
|
||||
for i in range(30):
|
||||
try:
|
||||
ws = await websockets.connect(ws_url)
|
||||
connected = True
|
||||
|
||||
# send filter and wait for ack
|
||||
await ws.send('[%s]' % topic)
|
||||
ack_json = await ws.recv()
|
||||
ack = json.loads(ack_json)
|
||||
if not 'type' in ack or ack['type'] != 'ack':
|
||||
print('*** unexpected ACK from server:')
|
||||
print(ack_json)
|
||||
sys.exit()
|
||||
except Exception as e:
|
||||
if not connected:
|
||||
print('failed to connect to %s, try again (%s)' % (ws_url, e), file=sys.stderr)
|
||||
await asyncio.sleep(1)
|
||||
continue
|
||||
else:
|
||||
print('exception: %s' % e, file=sys.stderr)
|
||||
sys.exit()
|
||||
|
||||
for round in range(3):
|
||||
# wait for ping
|
||||
msg = await ws.recv()
|
||||
msg = json.loads(msg)
|
||||
if not 'type' in msg or msg['type'] != 'data-message':
|
||||
continue
|
||||
|
||||
ping = msg['data'][2]['data']
|
||||
name = ping[0]['data']
|
||||
args = [x['data'] for x in ping[1]['data']]
|
||||
print(name, args)
|
||||
|
||||
# send pong
|
||||
pong = [broker_value('string', 'pong'),
|
||||
broker_value('vector', [
|
||||
broker_value('string', args[0]),
|
||||
broker_value('count', args[1])
|
||||
])]
|
||||
|
||||
ev = [broker_value('count', 1), broker_value('count', 1), broker_value('vector', pong)]
|
||||
msg = {
|
||||
'type': 'data-message',
|
||||
'topic': '/zeek/event/my_topic',
|
||||
'@data-type': 'vector', 'data': ev
|
||||
}
|
||||
|
||||
msg = json.dumps(msg)
|
||||
await ws.send(msg)
|
||||
|
||||
await ws.close()
|
||||
sys.exit()
|
||||
|
||||
loop = asyncio.get_event_loop()
|
||||
loop.run_until_complete(do_run())
|
||||
|
||||
# @TEST-END-FILE
|
||||
|
|
@ -1,85 +0,0 @@
|
|||
# @TEST-DOC: Use listen_host to listen on an IPv6 address, otherwise same as one-ipv6.zeek
|
||||
#
|
||||
# @TEST-REQUIRES: have-zeromq
|
||||
# @TEST-REQUIRES: python3 -c 'import websockets.sync'
|
||||
# @TEST-REQUIRES: can-listen-tcp 6 ::1
|
||||
#
|
||||
# @TEST-GROUP: cluster-zeromq
|
||||
#
|
||||
# @TEST-PORT: XPUB_PORT
|
||||
# @TEST-PORT: XSUB_PORT
|
||||
# @TEST-PORT: LOG_PULL_PORT
|
||||
# @TEST-PORT: WEBSOCKET_PORT
|
||||
#
|
||||
# @TEST-EXEC: cp $FILES/zeromq/cluster-layout-simple.zeek cluster-layout.zeek
|
||||
# @TEST-EXEC: cp $FILES/zeromq/test-bootstrap.zeek zeromq-test-bootstrap.zeek
|
||||
# @TEST-EXEC: cp $FILES/ws/wstest.py .
|
||||
#
|
||||
# @TEST-EXEC: zeek -b --parse-only manager.zeek
|
||||
# @TEST-EXEC: python3 -m py_compile client.py
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-run manager "ZEEKPATH=$ZEEKPATH:.. && CLUSTER_NODE=manager zeek -b ../manager.zeek >out"
|
||||
# @TEST-EXEC: btest-bg-run client "python3 ../client.py >out"
|
||||
#
|
||||
# @TEST-EXEC: btest-bg-wait 30
|
||||
# @TEST-EXEC: btest-diff ./manager/out
|
||||
# @TEST-EXEC: btest-diff ./manager/.stderr
|
||||
# @TEST-EXEC: btest-diff ./client/out
|
||||
# @TEST-EXEC: btest-diff ./client/.stderr
|
||||
|
||||
# @TEST-START-FILE manager.zeek
|
||||
@load ./zeromq-test-bootstrap
|
||||
redef exit_only_after_terminate = T;
|
||||
|
||||
global ping_count = 0;
|
||||
|
||||
global ping: event(msg: string, c: count) &is_used;
|
||||
global pong: event(msg: string, c: count) &is_used;
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
Cluster::subscribe("/test/pings/");
|
||||
Cluster::listen_websocket([$listen_host="::1", $listen_port=to_port(getenv("WEBSOCKET_PORT"))]);
|
||||
}
|
||||
|
||||
event ping(msg: string, n: count) &is_used
|
||||
{
|
||||
++ping_count;
|
||||
print fmt("got ping: %s, %s", msg, n);
|
||||
local e = Cluster::make_event(pong, "my-message", ping_count);
|
||||
Cluster::publish("/test/pings", e);
|
||||
}
|
||||
|
||||
event Cluster::websocket_client_added(info: Cluster::EndpointInfo, subscriptions: string_vec)
|
||||
{
|
||||
print "Cluster::websocket_client_added", subscriptions;
|
||||
}
|
||||
|
||||
event Cluster::websocket_client_lost(info: Cluster::EndpointInfo, code: count, reason: string)
|
||||
{
|
||||
print "Cluster::websocket_client_lost";
|
||||
terminate();
|
||||
}
|
||||
# @TEST-END-FILE
|
||||
|
||||
|
||||
# @TEST-START-FILE client.py
|
||||
# @TEST-START-FILE client.py
|
||||
import wstest
|
||||
|
||||
def run(ws_url):
|
||||
with wstest.connect("ws1", ws_url) as tc:
|
||||
print("Connected")
|
||||
tc.hello_v1(["/test/pings"])
|
||||
|
||||
for i in range(5):
|
||||
print("Sending ping", i)
|
||||
tc.send_json(wstest.build_event_v1("/test/pings/", "ping", [f"ping {i}", i]))
|
||||
pong = tc.recv_json()
|
||||
assert pong["@data-type"] == "vector"
|
||||
ev = pong["data"][2]["data"]
|
||||
print("topic", pong["topic"], "event name", ev[0]["data"], "args", ev[1]["data"])
|
||||
|
||||
if __name__ == "__main__":
|
||||
wstest.main(run, wstest.WS6_URL_V1)
|
||||
# @TEST-END-FILE
|
||||
|
|
@ -1,11 +1,11 @@
|
|||
# We once had a bug where DNS lookups at init time lead to an immediate crash.
|
||||
# We once had a bug where DNS lookups at init time lead to an immediate crash.
|
||||
#
|
||||
# @TEST-EXEC: zeek -b %INPUT
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
|
||||
const foo: set[addr] = {
|
||||
google.com
|
||||
blocking_lookup_hostname("google.com")
|
||||
};
|
||||
|
||||
print foo;
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@
|
|||
redef exit_only_after_terminate = T;
|
||||
|
||||
global addrs: set[addr] = {
|
||||
google.com,
|
||||
bing.com,
|
||||
yahoo.com
|
||||
blocking_lookup_hostname("google.com"),
|
||||
blocking_lookup_hostname("bing.com"),
|
||||
blocking_lookup_hostname("yahoo.com")
|
||||
};
|
||||
|
||||
global c: count = 0;
|
||||
|
|
|
|||
|
|
@ -1,11 +0,0 @@
|
|||
# @TEST-DOC: Testing deprecated hostname literal resolutions
|
||||
#
|
||||
# @TEST-EXEC: zeek --parse-only -b %INPUT 2>err.parse-only >out.parse-only
|
||||
# @TEST-EXEC: zeek -b %INPUT 2>err >out
|
||||
#
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err.parse-only
|
||||
# @TEST-EXEC: btest-diff out.parse-only
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err
|
||||
# @TEST-EXEC: btest-diff out
|
||||
|
||||
print "dns.example.com", dns.example.com;
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
# @TEST-DOC: Warn on record fields that have both, &optional and &default
|
||||
#
|
||||
# @TEST-EXEC: zeek -b %INPUT
|
||||
# @TEST-EXEC: btest-diff .stdout
|
||||
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
|
||||
|
||||
type R: record { };
|
||||
|
||||
type X: record {
|
||||
c: count &optional &default=5;
|
||||
i: int &default=-5 &optional;
|
||||
v: vector of string &optional &default=vector();
|
||||
r0: R &optional &default=R();
|
||||
r1: R &default=R() &optional;
|
||||
};
|
||||
|
||||
global x = X();
|
||||
print x;
|
||||
|
|
@ -48,7 +48,7 @@ std::pair<bool, zeek::ValPtr> Plugin::HookFunctionCall(const zeek::Func* func, z
|
|||
zeek::plugin::HookArgument(args).Describe(&d);
|
||||
fprintf(stderr, "%.6f %-15s %s\n", zeek::run_state::network_time, "| HookFunctionCall", d.Description());
|
||||
|
||||
if ( zeek::util::streq(func->Name(), "foo") ) {
|
||||
if ( func->GetName() == "foo" ) {
|
||||
auto& vl = *args;
|
||||
vl[0] = zeek::val_mgr->Count(42);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
# @TEST-DOC: Test the deprecated dpd log with tests from before its removal.
|
||||
# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-missing-space-after-reply-code.pcap %INPUT
|
||||
# @TEST-EXEC: mv dpd.log dpd-ftp-missing-space-after-reply-code.log
|
||||
# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-invalid-reply-code.pcap %INPUT
|
||||
# @TEST-EXEC: mv dpd.log dpd-ftp-invalid-reply-code.log
|
||||
# @TEST-EXEC: zeek -r $TRACES/http/http-11-request-then-cruft.pcap %INPUT
|
||||
# @TEST-EXEC: mv dpd.log dpd-http-11-request-then-cruft.log
|
||||
# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap %INPUT
|
||||
# @TEST-EXEC: mv dpd.log dpd-gtp9_unknown_or_too_short_payload.log
|
||||
# @TEST-EXEC: zeek -r $TRACES/dce-rpc/ntlm-empty-av-sequence.pcap %INPUT
|
||||
# @TEST-EXEC: mv dpd.log dpd-ntlm-empty-av-sequence.log
|
||||
# @TEST-EXEC: btest-diff dpd-ftp-missing-space-after-reply-code.log
|
||||
# @TEST-EXEC: btest-diff dpd-ftp-invalid-reply-code.log
|
||||
# @TEST-EXEC: btest-diff dpd-http-11-request-then-cruft.log
|
||||
# @TEST-EXEC: btest-diff dpd-gtp9_unknown_or_too_short_payload.log
|
||||
# @TEST-EXEC: btest-diff dpd-ntlm-empty-av-sequence.log
|
||||
|
||||
@load frameworks/analyzer/deprecated-dpd-log.zeek
|
||||
|
|
@ -1,16 +0,0 @@
|
|||
# @TEST-DOC: IPv6 connection from external ipv6.pcap triggering FTP analyzer violation. Check dpd.log contains the right packet_segment
|
||||
# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6-violation.trace %INPUT
|
||||
# @TEST-EXEC: btest-diff dpd.log
|
||||
|
||||
@load frameworks/dpd/packet-segment-logging
|
||||
|
||||
event analyzer_violation(c: connection, atype: AllAnalyzers::Tag, aid: count, reason: string)
|
||||
{
|
||||
print "analyzer_violation", c$id, atype, aid, reason;
|
||||
}
|
||||
|
||||
event analyzer_violation_info(tag: AllAnalyzers::Tag, info: AnalyzerViolationInfo)
|
||||
{
|
||||
print "reason", info$reason;
|
||||
print "data", fmt("%s", info$data);
|
||||
}
|
||||
|
|
@ -1,14 +0,0 @@
|
|||
# @TEST-EXEC: zeek -C -r $TRACES/http/cooper-grill-dvwa.pcapng -b %INPUT >output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
# @TEST-EXEC: zeek-cut -m uid method host uri tags < http.log > http.log.cut
|
||||
# @TEST-EXEC: btest-diff http.log.cut
|
||||
|
||||
@load base/protocols/http
|
||||
# Remove in v8.1: Remove this test when detect-sqli is gone sql-injection-plus-dvwa2.zeek tests detect-sql-injection.
|
||||
@load protocols/http/detect-sqli
|
||||
|
||||
event connection_state_remove(c: connection)
|
||||
{
|
||||
if ( c?$http )
|
||||
print c$uid, c$id, cat(c$http$tags);
|
||||
}
|
||||
|
|
@ -1,7 +1,7 @@
|
|||
# @TEST-EXEC: zeek -b %INPUT > output
|
||||
# @TEST-EXEC: btest-diff output
|
||||
|
||||
@load protocols/http/detect-sqli
|
||||
@load protocols/http/detect-sql-injection
|
||||
|
||||
event zeek_init()
|
||||
{
|
||||
|
|
@ -14,7 +14,6 @@ event zeek_init()
|
|||
add positive_matches["/index.asp?ID='+139+'0"];
|
||||
add positive_matches["/index.php?blah=123'/*blooblah*/;select * from something;--"];
|
||||
add positive_matches["/index.cfm?ID=3%' and '%'='"];
|
||||
add positive_matches["/index.php?mac=\" OR whatever LIKE \"%"];
|
||||
add positive_matches["/index.cfm?ID=3;declare @d int;--"];
|
||||
add positive_matches["/index.cfm?subjID=12;create table t_jiaozhu(jiaozhu varchar(200))"];
|
||||
add positive_matches["/index.cfm?subjID=12%' and(char(94)+user+char(94))>0 and '%'='"];
|
||||
|
|
@ -96,6 +95,7 @@ event zeek_init()
|
|||
add negative_matches["/A-B-C-D/inc/foobar.php?img=1179681280a b c d arf union.jpg"];
|
||||
|
||||
# These are still being matched accidentally.
|
||||
#add positive_matches["/index.php?mac=\" OR whatever LIKE \"%"];
|
||||
#add negative_matches["/api/datasources/proxy/1/query?db=telegraf&q=SELECT mean(\"0.5\") AS \"0.5\", mean(\"0.9\") AS \"0.9\", mean(\"0.99\") AS \"0.99\" FROM \"boomd_indexer_write_size_bytes\" WHERE (\"type\" = 'key' AND \"space\" =~ /^(corelight|wrccdc)$/) AND time >= 1561410802000ms and time <= 1561416568000ms GROUP BY time(1s);SELECT derivative(sum(\"sum\"), 1s) FROM \"boomd_indexer_write_size_bytes\" WHERE (\"type\" = 'key' AND \"space\" =~ /^(corelight|wrccdc)$/) AND time >= 1561410802000ms and time <= 1561416568000ms GROUP BY time(1s)&epoch=ms"];
|
||||
#add negative_matches["/test,+soviet+union&searchscope=7&SORT=DZ/test,+soviet+union&foobar=7"];
|
||||
#add negative_matches["/search?hl=en&q=fee union western"];
|
||||
|
|
|
|||
|
|
@ -95,7 +95,7 @@ redef digest_salt = "Please change this value.";
|
|||
@load protocols/ssh/interesting-hostnames
|
||||
|
||||
# Detect SQL injection attacks.
|
||||
@load protocols/http/detect-sqli
|
||||
@load protocols/http/detect-sql-injection
|
||||
|
||||
#### Network File Handling ####
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue