Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-15 21:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

Merge remote-tracking branch 'origin/master' into topic/johanna/ocsp

Browse source
This commit is contained in:
Johanna Amann 2015-12-14 16:05:41 -08:00
commit da9b5425e4
157 changed files with 1830 additions and 1130 deletions
Download patch file Download diff file Expand all files Collapse all files

13
testing/btest/scripts/base/frameworks/input/raw/offset.bro
View file

@ -1,5 +1,8 @@
# @TEST-EXEC: cp input.log input2.log
# @TEST-EXEC: btest-bg-run bro bro -b %INPUT
# @TEST-EXEC: btest-bg-wait 5
# @TEST-EXEC: sleep 2
# @TEST-EXEC: echo "hi" >> input2.log
# @TEST-EXEC: btest-bg-wait 10
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-sort btest-diff out
@TEST-START-FILE input.log
@ -7,6 +10,7 @@ sdfkh:KH;fdkncv;ISEUp34:Fkdj;YVpIODhfDF
@TEST-END-FILE
redef exit_only_after_terminate = T;
@load base/frameworks/communication # keep network time running
global outfile: file;
global try: count;
@ -21,9 +25,8 @@ event line(description: Input::EventDescription, tpe: Input::Event, s: string)
{
print outfile, s;
try = try + 1;
if ( try == 2 )
if ( try == 3 )
{
Input::remove("input");
close(outfile);
terminate();
}
@ -39,7 +42,11 @@ event bro_init()
local config_strings_two: table[string] of string = {
["offset"] = "-3", # 2 characters before end, last char is newline.
};
local config_strings_three: table[string] of string = {
["offset"] = "-1", # End of file
};
Input::add_event([$source="../input.log", $config=config_strings, $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input", $fields=Val, $ev=line, $want_record=F]);
Input::add_event([$source="../input.log", $config=config_strings_two, $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input2", $fields=Val, $ev=line, $want_record=F]);
Input::add_event([$source="../input2.log", $config=config_strings_three, $reader=Input::READER_RAW, $mode=Input::STREAM, $name="input3", $fields=Val, $ev=line, $want_record=F]);
}

27
testing/btest/scripts/base/frameworks/logging/ascii-json-optional.bro Normal file
View file

@ -0,0 +1,27 @@
#
# @TEST-EXEC: bro -b %INPUT
# @TEST-EXEC: btest-diff testing.log
@load tuning/json-logs.bro
module testing;
export {
redef enum Log::ID += { LOG };
type Info: record {
ts: time &log &optional;
msg: string &log &optional;
};
global log_test: event(rec: Info);
}
event bro_init() &priority=5
{
Log::create_stream(testing::LOG, [$columns=testing::Info, $ev=log_test]);
local info: Info;
info$msg = "Testing 1 2 3 ";
Log::write(testing::LOG, info);
}

12
testing/btest/scripts/base/protocols/http/http-connect-with-header.bro Normal file
View file

@ -0,0 +1,12 @@
# This tests that the HTTP analyzer handles HTTP CONNECT proxying correctly
# when the server include a header line into its response.
#
# @TEST-EXEC: bro -C -r $TRACES/http/connect-with-header.trace %INPUT
# @TEST-EXEC: btest-diff conn.log
# @TEST-EXEC: btest-diff http.log
# @TEST-EXEC: btest-diff tunnel.log
@load base/protocols/conn
@load base/protocols/http
@load base/protocols/tunnels
@load base/frameworks/dpd

1
testing/btest/scripts/base/protocols/ssl/dpd.test
View file

@ -1,6 +1,7 @@
# @TEST-EXEC: bro -C -b -r $TRACES/tls/ssl-v2.trace %INPUT
# @TEST-EXEC: bro -b -r $TRACES/tls/ssl.v3.trace %INPUT
# @TEST-EXEC: bro -b -r $TRACES/tls/tls1.2.trace %INPUT
# @TEST-EXEC: bro -b -r $TRACES/tls/tls-early-alert.trace %INPUT
# @TEST-EXEC: btest-diff .stdout
@load base/frameworks/dpd

37
testing/btest/scripts/policy/protocols/ssl/validate-certs-cluster.bro
View file

@ -1,37 +0,0 @@
# @TEST-SERIALIZE: comm
#
# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
# @TEST-EXEC: sleep 1
# @TEST-EXEC: btest-bg-run proxy-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-1 bro %INPUT"
# @TEST-EXEC: btest-bg-run proxy-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=proxy-2 bro %INPUT"
# @TEST-EXEC: sleep 1
# @TEST-EXEC: btest-bg-run worker-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
# @TEST-EXEC: btest-bg-run worker-2 "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/tls/missing-intermediate.pcap %INPUT"
# @TEST-EXEC: btest-bg-wait 20
# @TEST-EXEC: cat manager-1/ssl*.log > ssl.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-file-ids btest-diff ssl.log
#
redef Log::default_rotation_interval = 0secs;
@TEST-START-FILE cluster-layout.bro
redef Cluster::nodes = {
["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
["proxy-1"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37758/tcp, $manager="manager-1", $workers=set("worker-1", "worker-2")],
["proxy-2"] = [$node_type=Cluster::PROXY, $ip=127.0.0.1, $p=37759/tcp, $manager="manager-1", $workers=set("worker-2")],
["worker-1"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth0"],
["worker-2"] = [$node_type=Cluster::WORKER, $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $proxy="proxy-1", $interface="eth1"],
};
@TEST-END-FILE
event terminate_me() {
terminate();
}
event remote_connection_closed(p: event_peer) {
schedule 1sec { terminate_me() };
}
@load base/frameworks/cluster
@load protocols/ssl/validate-certs.bro

4
testing/btest/scripts/policy/protocols/ssl/validate-certs-no-cache.bro
View file

@ -1,5 +1,5 @@
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log
@load protocols/ssl/validate-certs.bro

6
testing/btest/scripts/policy/protocols/ssl/validate-certs.bro
View file

@ -1,7 +1,7 @@
# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace %INPUT
# @TEST-EXEC: bro -r $TRACES/tls/tls-expired-cert.trace $SCRIPTS/external-ca-list.bro %INPUT
# @TEST-EXEC: cat ssl.log > ssl-all.log
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap %INPUT
# @TEST-EXEC: bro -C -r $TRACES/tls/missing-intermediate.pcap $SCRIPTS/external-ca-list.bro %INPUT
# @TEST-EXEC: cat ssl.log >> ssl-all.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-all.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-all.log
@load protocols/ssl/validate-certs.bro

12
testing/btest/scripts/policy/protocols/ssl/validate-ocsp.bro
View file

@ -1,10 +1,10 @@
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl.log
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling.trace %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl.log
# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling-twimg.trace %INPUT
# @TEST-EXEC: mv ssl.log ssl-twimg.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-twimg.log
# @TEST-EXEC: bro -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-twimg.log
# @TEST-EXEC: bro $SCRIPTS/external-ca-list.bro -C -r $TRACES/tls/ocsp-stapling-digicert.trace %INPUT
# @TEST-EXEC: mv ssl.log ssl-digicert.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-x509-names btest-diff ssl-digicert.log
# @TEST-EXEC: TEST_DIFF_CANONIFIER="$SCRIPTS/diff-remove-x509-names | $SCRIPTS/diff-remove-timestamps" btest-diff ssl-digicert.log
@load protocols/ssl/validate-ocsp