Remove deprecations tagged for v8.1

2025-10-02 06:38:20 +00:00 · 2025-08-04 15:41:23 -07:00 · 2025-08-04 15:41:23 -07:00 · d95affde4d
commit d95affde4d
parent e4dab3dded
108 changed files with 113 additions and 2230 deletions
--- a/testing/btest/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek
+++ b/testing/btest/scripts/policy/frameworks/analyzer/deprecated-dpd-log.zeek
@ -1,18 +0,0 @@
-# @TEST-DOC: Test the deprecated dpd log with tests from before its removal.
-# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-missing-space-after-reply-code.pcap %INPUT
-# @TEST-EXEC: mv dpd.log dpd-ftp-missing-space-after-reply-code.log
-# @TEST-EXEC: zeek -r $TRACES/ftp/ftp-invalid-reply-code.pcap %INPUT
-# @TEST-EXEC: mv dpd.log dpd-ftp-invalid-reply-code.log
-# @TEST-EXEC: zeek -r $TRACES/http/http-11-request-then-cruft.pcap %INPUT
-# @TEST-EXEC: mv dpd.log dpd-http-11-request-then-cruft.log
-# @TEST-EXEC: zeek -C -r $TRACES/tunnels/gtp/gtp9_unknown_or_too_short_payload.pcap %INPUT
-# @TEST-EXEC: mv dpd.log dpd-gtp9_unknown_or_too_short_payload.log
-# @TEST-EXEC: zeek -r $TRACES/dce-rpc/ntlm-empty-av-sequence.pcap %INPUT
-# @TEST-EXEC: mv dpd.log dpd-ntlm-empty-av-sequence.log
-# @TEST-EXEC: btest-diff dpd-ftp-missing-space-after-reply-code.log
-# @TEST-EXEC: btest-diff dpd-ftp-invalid-reply-code.log
-# @TEST-EXEC: btest-diff dpd-http-11-request-then-cruft.log
-# @TEST-EXEC: btest-diff dpd-gtp9_unknown_or_too_short_payload.log
-# @TEST-EXEC: btest-diff dpd-ntlm-empty-av-sequence.log
-
-@load frameworks/analyzer/deprecated-dpd-log.zeek
--- a/testing/btest/scripts/policy/frameworks/dpd/packet-segment-logging.zeek
+++ b/testing/btest/scripts/policy/frameworks/dpd/packet-segment-logging.zeek
@ -1,16 +0,0 @@
-# @TEST-DOC: IPv6 connection from external ipv6.pcap triggering FTP analyzer violation. Check dpd.log contains the right packet_segment
-# @TEST-EXEC: zeek -r $TRACES/ftp/ipv6-violation.trace %INPUT
-# @TEST-EXEC: btest-diff dpd.log
-
-@load frameworks/dpd/packet-segment-logging
-
-event analyzer_violation(c: connection, atype: AllAnalyzers::Tag, aid: count, reason: string)
-	{
-	print "analyzer_violation", c$id, atype, aid, reason;
-	}
-
-event analyzer_violation_info(tag: AllAnalyzers::Tag, info: AnalyzerViolationInfo)
-	{
-	print "reason", info$reason;
-	print "data", fmt("%s", info$data);
-	}
--- a/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek
+++ b/testing/btest/scripts/policy/protocols/http/sql-injection-plus-dvwa.zeek
@ -1,14 +0,0 @@
-# @TEST-EXEC: zeek -C -r $TRACES/http/cooper-grill-dvwa.pcapng -b %INPUT >output
-# @TEST-EXEC: btest-diff output
-# @TEST-EXEC: zeek-cut -m uid method host uri tags < http.log > http.log.cut
-# @TEST-EXEC: btest-diff http.log.cut
-
-@load base/protocols/http
-# Remove in v8.1: Remove this test when detect-sqli is gone sql-injection-plus-dvwa2.zeek tests detect-sql-injection.
-@load protocols/http/detect-sqli
-
-event connection_state_remove(c: connection)
-	{
-	if ( c?$http )
-		print c$uid, c$id, cat(c$http$tags);
-	}
--- a/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek
+++ b/testing/btest/scripts/policy/protocols/http/test-sql-injection-regex.zeek
@ -1,7 +1,7 @@
 # @TEST-EXEC: zeek -b %INPUT > output
 # @TEST-EXEC: btest-diff output

-@load protocols/http/detect-sqli
+@load protocols/http/detect-sql-injection

 event zeek_init()
 	{
@ -14,7 +14,6 @@ event zeek_init()
 	add positive_matches["/index.asp?ID='+139+'0"];
 	add positive_matches["/index.php?blah=123'/*blooblah*/;select * from something;--"];
 	add positive_matches["/index.cfm?ID=3%' and '%'='"];
-	add positive_matches["/index.php?mac=\" OR whatever LIKE \"%"];
 	add positive_matches["/index.cfm?ID=3;declare @d int;--"];
 	add positive_matches["/index.cfm?subjID=12;create table t_jiaozhu(jiaozhu varchar(200))"];
 	add positive_matches["/index.cfm?subjID=12%' and(char(94)+user+char(94))>0 and '%'='"];
@ -96,6 +95,7 @@ event zeek_init()
 	add negative_matches["/A-B-C-D/inc/foobar.php?img=1179681280a b c d arf union.jpg"];

 	# These are still being matched accidentally.
+	#add positive_matches["/index.php?mac=\" OR whatever LIKE \"%"];
 	#add negative_matches["/api/datasources/proxy/1/query?db=telegraf&q=SELECT mean(\"0.5\") AS \"0.5\", mean(\"0.9\") AS \"0.9\", mean(\"0.99\") AS \"0.99\" FROM \"boomd_indexer_write_size_bytes\" WHERE (\"type\" = 'key' AND \"space\" =~ /^(corelight|wrccdc)$/) AND time >= 1561410802000ms and time <= 1561416568000ms GROUP BY time(1s);SELECT derivative(sum(\"sum\"), 1s) FROM \"boomd_indexer_write_size_bytes\" WHERE (\"type\" = 'key' AND \"space\" =~ /^(corelight|wrccdc)$/) AND time >= 1561410802000ms and time <= 1561416568000ms GROUP BY time(1s)&epoch=ms"];
 	#add negative_matches["/test,+soviet+union&searchscope=7&SORT=DZ/test,+soviet+union&foobar=7"];
 	#add negative_matches["/search?hl=en&q=fee union western"];
--- a/testing/btest/scripts/site/local-compat.test
+++ b/testing/btest/scripts/site/local-compat.test
@ -95,7 +95,7 @@ redef digest_salt = "Please change this value.";
@load protocols/ssh/interesting-hostnames

 # Detect SQL injection attacks.
-@load protocols/http/detect-sqli
+@load protocols/http/detect-sql-injection

 #### Network File Handling ####