From cf154e02ddd280353ec9064ec7fa693ac7b7980f Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Mon, 10 Mar 2025 11:51:23 +0100 Subject: [PATCH 1/2] Bump zeekjs to v0.15.0 f5ff7c4 version: 0.15.0 2a48143 docker/fedora: Bust cache and ensure sqlite-libs is updated 05e5f57 Executor: Unblock SIGTERM in thread 46496b9 Instance: Remove unsued variable c3b3c86 Instance: Offload JavaScript invocations to executor thread 09e311f Introduce Executor helper Mainly, run JavaScript on a separate thread for interoperability with Spicy fiber stacks. Closes #4239 --- auxil/zeekjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/auxil/zeekjs b/auxil/zeekjs index 79b0c2126f..f5ff7c4b51 160000 --- a/auxil/zeekjs +++ b/auxil/zeekjs @@ -1 +1 @@ -Subproject commit 79b0c2126fa0178dbc2e37536588fcd1db9f4443 +Subproject commit f5ff7c4b51e3ec1e11fc48adafdd813feccc04c5 From e2b65acc6d5a09fb2e800184fb60370e6f5f5192 Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Mon, 10 Mar 2025 14:14:24 +0100 Subject: [PATCH 2/2] btest/javascript: Add file_sniff() and file_state_remove() test Using file_state_remove() or file_sniff() would previously crash with the spicy-zip file analyzer. We don't have spicy-zip here, so it's not a proper reproducer, but still makes sense to test these events. --- .../javascript.file-sniff/files.log.cut | 3 +++ .../btest/Baseline/javascript.file-sniff/out | 3 +++ testing/btest/javascript/file-sniff.js | 22 +++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 testing/btest/Baseline/javascript.file-sniff/files.log.cut create mode 100644 testing/btest/Baseline/javascript.file-sniff/out create mode 100644 testing/btest/javascript/file-sniff.js diff --git a/testing/btest/Baseline/javascript.file-sniff/files.log.cut b/testing/btest/Baseline/javascript.file-sniff/files.log.cut new file mode 100644 index 0000000000..fb62c5def5 --- /dev/null +++ b/testing/btest/Baseline/javascript.file-sniff/files.log.cut @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +fuid uid from_js +FMnxxt3xjVcWNS2141 CHhAvVGS1DHFjwGM9 Hello from JavaScript diff --git a/testing/btest/Baseline/javascript.file-sniff/out b/testing/btest/Baseline/javascript.file-sniff/out new file mode 100644 index 0000000000..4d5945a08b --- /dev/null +++ b/testing/btest/Baseline/javascript.file-sniff/out @@ -0,0 +1,3 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +file_sniff FMnxxt3xjVcWNS2141 {"mime_type":"text/plain","mime_types":[{"strength":-20,"mime":"text/plain"}],"inferred":true} +file_state_remove FMnxxt3xjVcWNS2141 diff --git a/testing/btest/javascript/file-sniff.js b/testing/btest/javascript/file-sniff.js new file mode 100644 index 0000000000..81d90fd862 --- /dev/null +++ b/testing/btest/javascript/file-sniff.js @@ -0,0 +1,22 @@ +/* + * @TEST-REQUIRES: $SCRIPTS/have-javascript + * @TEST-EXEC: zeek -b -Cr $TRACES/http/get.trace base/protocols/http ./ext.zeek %INPUT > out + * @TEST-EXEC: zeek-cut -m fuid uid from_js < files.log > files.log.cut + * @TEST-EXEC: btest-diff out + * @TEST-EXEC: btest-diff files.log.cut + */ + +zeek.on('file_sniff', (f, meta) => { + console.log(`file_sniff ${f.id} ${JSON.stringify(meta)}`); +}); + +zeek.on('file_state_remove', (f) => { + console.log(`file_state_remove ${f.id}`); + f.info.from_js = "Hello from JavaScript"; +}); + +@TEST-START-FILE ext.zeek +redef record Files::Info += { + from_js: string &log &optional; +}; +@TEST-END-FILE