diff --git a/CHANGES b/CHANGES index 9ff294055c..b912354f04 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,52 @@ +2.1-209 | 2012-12-05 16:44:04 -0800 + + * Adapting the HTTP request line parsing to only accept methods + consisting of letters [A-Za-z]. (Robin Sommer) + +2.1-207 | 2012-12-05 15:47:32 -0800 + + * Reporting warnings if kill/waitpid fail in communication system. + (Bill Parker) + + * Replace() bzero with memset(). (Bill Parker) + + * Merge remote-tracking branch 'vlad/topic/vladg/http-verbs' + + * vlad/topic/vladg/http-verbs: + A test for HTTP methods, including some horribly illegal requests. + Remove hardcoded HTTP verbs from the analyzer (#741) + + I added a "bad_HTTP_request" weird for HTTP request lines that don't + have more than a single word. + + Closes #741. (Robin Sommer) + + * A test for HTTP methods, including some horribly illegal requests. (Vlad Grigorescu) + + * Remove hardcoded HTTP verbs from the analyzer (#741) (Vlad Grigorescu) + + +2.1-203 | 2012-12-05 14:36:56 -0800 + + * Fix segfault: Synchronization of state between connecting peers + now skips over identifiers that aren't initialized with a value + yet. Addresses #66. (Jon Siwek) + + * Fix segfault: Delete correct entry in error case in input + framework. (Bernhard Amann) + + * Bad record constructor initializers now give an error. Addresses + #34. (Jon Siwek) + + * Invalid vector indices now generate error message. Addresses #24. + (Jon Siwek) + + * Bump CPack RPM package requirement to Python >= 2.6.0. (Jon Siwek) + + * Interpreter exceptions occurring in "when" blocks are now handled. + Addresses #779 (Jon Siwek) + 2.1-195 | 2012-12-03 14:50:33 -0800 * Catching out-of-memory in patricia tree code. (Bill Parker) diff --git a/CMakeLists.txt b/CMakeLists.txt index 17ba34ab3b..e2a83e10f5 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -195,7 +195,7 @@ CheckOptionalBuildSources(aux/broccoli Broccoli INSTALL_BROCCOLI) if (INSTALL_BROCTL) # CPack RPM Generator may not automatically detect this - set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.4.0") + set(CPACK_RPM_PACKAGE_REQUIRES "python >= 2.6.0") endif () # If this CMake project is a sub-project of another, we will not diff --git a/VERSION b/VERSION index 5f2036da97..f169e62b3a 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.1-195 +2.1-209 diff --git a/aux/broccoli b/aux/broccoli index a8846fc5b0..06682dbb15 160000 --- a/aux/broccoli +++ b/aux/broccoli @@ -1 +1 @@ -Subproject commit a8846fc5b004ffe4e3d00e826d0077ba19518192 +Subproject commit 06682dbb15d26d2688bdc9ad76efec17d38dc80f diff --git a/scripts/base/protocols/http/main.bro b/scripts/base/protocols/http/main.bro index 21b4fb6113..660386f901 100644 --- a/scripts/base/protocols/http/main.bro +++ b/scripts/base/protocols/http/main.bro @@ -94,6 +94,19 @@ export { "XROXY-CONNECTION", "PROXY-CONNECTION", } &redef; + + ## A list of HTTP methods. Other methods will generate a weird. Note + ## that the HTTP analyzer will only accept methods consisting solely + ## of letters ``[A-Za-z]``. + const http_methods: set[string] = { + "GET", "POST", "HEAD", "OPTIONS", + "PUT", "DELETE", "TRACE", "CONNECT", + # HTTP methods for distributed authoring: + "PROPFIND", "PROPPATCH", "MKCOL", + "COPY", "MOVE", "LOCK", "UNLOCK", + "POLL", "REPORT", "SUBSCRIBE", "BMOVE", + "SEARCH" + } &redef; ## Event that can be handled to access the HTTP record as it is sent on ## to the logging framework. @@ -180,6 +193,9 @@ event http_request(c: connection, method: string, original_URI: string, c$http$method = method; c$http$uri = unescaped_URI; + + if ( method !in http_methods ) + event conn_weird("unknown_HTTP_method", c, method); } event http_reply(c: connection, version: string, code: count, reason: string) &priority=5 diff --git a/src/Expr.cc b/src/Expr.cc index 07ee4eb1e1..7995d5d495 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -2950,16 +2950,12 @@ Val* IndexExpr::Fold(Val* v1, Val* v2) const if ( IsError() ) return 0; - if ( v1->Type()->Tag() == TYPE_VECTOR ) - { - Val* v = v1->AsVectorVal()->Lookup(v2); - // ### dangerous - this can silently fail larger operations - // due to a missing element - return v ? v->Ref() : 0; - } + Val* v = 0; - TableVal* v_tbl = v1->AsTableVal(); - Val* v = v_tbl->Lookup(v2); + if ( v1->Type()->Tag() == TYPE_VECTOR ) + v = v1->AsVectorVal()->Lookup(v2); + else + v = v1->AsTableVal()->Lookup(v2); if ( v ) return v->Ref(); @@ -3290,20 +3286,22 @@ RecordConstructorExpr::RecordConstructorExpr(ListExpr* constructor_list) Val* RecordConstructorExpr::InitVal(const BroType* t, Val* aggr) const { - RecordVal* rv = Eval(0)->AsRecordVal(); - RecordVal* ar = rv->CoerceTo(t->AsRecordType(), aggr); + Val* v = Eval(0); - if ( ar ) + if ( v ) { - Unref(rv); - return ar; + RecordVal* rv = v->AsRecordVal(); + RecordVal* ar = rv->CoerceTo(t->AsRecordType(), aggr); + + if ( ar ) + { + Unref(rv); + return ar; + } } - else - { - Error("bad record initializer"); - return 0; - } + Error("bad record initializer"); + return 0; } Val* RecordConstructorExpr::Fold(Val* v) const diff --git a/src/HTTP.cc b/src/HTTP.cc index 9d9f01be64..7a18e903e8 100644 --- a/src/HTTP.cc +++ b/src/HTTP.cc @@ -1118,36 +1118,31 @@ const char* HTTP_Analyzer::PrefixWordMatch(const char* line, int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line) { + const char* request_method_str = 0; + const char* end_of_request = 0; const char* rest = 0; - static const char* http_methods[] = { - "GET", "POST", "HEAD", + int request_method_len = 0; - "OPTIONS", "PUT", "DELETE", "TRACE", "CONNECT", + get_word(end_of_line - line, line, request_method_len, request_method_str); - // HTTP methods for distributed authoring. - "PROPFIND", "PROPPATCH", "MKCOL", "DELETE", "PUT", - "COPY", "MOVE", "LOCK", "UNLOCK", - "POLL", "REPORT", "SUBSCRIBE", "BMOVE", + if ( request_method_len == 0 ) + goto error; - "SEARCH", + end_of_request = request_method_str + request_method_len; - 0, - }; - - int i; - for ( i = 0; http_methods[i]; ++i ) - if ( (rest = PrefixWordMatch(line, end_of_line, http_methods[i])) != 0 ) - break; - - if ( ! http_methods[i] ) + for ( const char* p = request_method_str; p < end_of_request; p++ ) { - // Weird("HTTP_unknown_method"); - if ( RequestExpected() ) - HTTP_Event("unknown_HTTP_method", new_string_val(line, end_of_line)); - return 0; + // The method must consist of only letters. + if ( (*p < 'a' || *p > 'z') && (*p < 'A' || *p > 'Z') ) + goto error; } - request_method = new StringVal(http_methods[i]); + rest = skip_whitespace(end_of_request, end_of_line); + if ( rest == end_of_request ) + // End of line already reached. Most likely a DPD failure. + goto error; + + request_method = new StringVal(request_method_len, request_method_str); if ( ! ParseRequest(rest, end_of_line) ) reporter->InternalError("HTTP ParseRequest failed"); @@ -1157,6 +1152,10 @@ int HTTP_Analyzer::HTTP_RequestLine(const char* line, const char* end_of_line) unescaped_URI->AsString()->Len(), true, true, true, true); return 1; + +error: + reporter->Weird(Conn(), "bad_HTTP_request"); + return 0; } int HTTP_Analyzer::ParseRequest(const char* line, const char* end_of_line) diff --git a/src/RemoteSerializer.cc b/src/RemoteSerializer.cc index 564ad2be68..66f8def489 100644 --- a/src/RemoteSerializer.cc +++ b/src/RemoteSerializer.cc @@ -545,8 +545,11 @@ RemoteSerializer::~RemoteSerializer() { if ( child_pid ) { - kill(child_pid, SIGKILL); - waitpid(child_pid, 0, 0); + if ( kill(child_pid, SIGKILL) < 0 ) + reporter->Warning("warning: cannot kill child (pid %d), %s", child_pid, strerror(errno)); + + else if ( waitpid(child_pid, 0, 0) < 0 ) + reporter->Warning("warning: error encountered during waitpid(%d), %s", child_pid, strerror(errno)); } delete io; @@ -1032,6 +1035,14 @@ bool RemoteSerializer::SendAllSynchronized(Peer* peer, SerialInfo* info) for ( ; index < sync_ids.length(); ++index ) { + if ( ! sync_ids[index]->ID_Val() ) + { +#ifdef DEBUG + DBG_LOG(DBG_COMM, "Skip sync of ID with null value: %s\n", + sync_ids[index]->Name()); +#endif + continue; + } cont->SaveContext(); StateAccess sa(OP_ASSIGN, sync_ids[index], @@ -3153,7 +3164,10 @@ void RemoteSerializer::FatalError(const char* msg) reporter->Error("%s", msg); closed = true; - kill(child_pid, SIGQUIT); + + if ( kill(child_pid, SIGQUIT) < 0 ) + reporter->Warning("warning: cannot kill child pid %d, %s", child_pid, strerror(errno)); + child_pid = 0; using_communication = false; io->Clear(); @@ -3963,7 +3977,7 @@ bool SocketComm::Connect(Peer* peer) { int status; addrinfo hints, *res, *res0; - bzero(&hints, sizeof(hints)); + memset(&hints, 0, sizeof(hints)); hints.ai_family = PF_UNSPEC; hints.ai_protocol = IPPROTO_TCP; @@ -4095,7 +4109,7 @@ bool SocketComm::Listen() { int status, on = 1; addrinfo hints, *res, *res0; - bzero(&hints, sizeof(hints)); + memset(&hints, 0, sizeof(hints)); IPAddr listen_ip(listen_if); @@ -4360,7 +4374,8 @@ void SocketComm::Kill() CloseListenFDs(); - kill(getpid(), SIGTERM); + if ( kill(getpid(), SIGTERM) < 0 ) + Log(fmt("warning: cannot kill SocketComm pid %d, %s", getpid(), strerror(errno))); while ( 1 ) ; // loop until killed diff --git a/src/Trigger.cc b/src/Trigger.cc index 164f11b885..b7e08b557e 100644 --- a/src/Trigger.cc +++ b/src/Trigger.cc @@ -217,8 +217,15 @@ bool Trigger::Eval() Name()); Unref(v); + v = 0; stmt_flow_type flow; - v = body->Exec(f, flow); + + try + { + v = body->Exec(f, flow); + } + catch ( InterpreterException& e ) + { /* Already reported. */ } if ( is_return ) { @@ -300,7 +307,14 @@ void Trigger::Timeout() { stmt_flow_type flow; Frame* f = frame->Clone(); - Val* v = timeout_stmts->Exec(f, flow); + Val* v = 0; + + try + { + v = timeout_stmts->Exec(f, flow); + } + catch ( InterpreterException& e ) + { /* Already reported. */ } if ( is_return ) { @@ -382,7 +396,7 @@ void Trigger::Attach(Trigger *trigger) void Trigger::Cache(const CallExpr* expr, Val* v) { - if ( disabled ) + if ( disabled || ! v ) return; ValCache::iterator i = cache.find(expr); diff --git a/src/input/readers/Ascii.cc b/src/input/readers/Ascii.cc index e9cba27205..173ce418ca 100644 --- a/src/input/readers/Ascii.cc +++ b/src/input/readers/Ascii.cc @@ -572,7 +572,7 @@ bool Ascii::DoUpdate() // array structure. for ( int i = 0; i < fpos; i++ ) - delete fields[fpos]; + delete fields[i]; delete [] fields; continue; diff --git a/testing/btest/Baseline/core.dns-interpreter-exceptions/out b/testing/btest/Baseline/core.dns-interpreter-exceptions/out new file mode 100644 index 0000000000..c081edc489 --- /dev/null +++ b/testing/btest/Baseline/core.dns-interpreter-exceptions/out @@ -0,0 +1,12 @@ +1300475167.096535 expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 28: field value missing [p$ip] +1300475167.096535 expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 49: field value missing [p$ip] +1300475168.902195 expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 39: field value missing [p$ip] +1300475168.902195 expression error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/core.dns-interpreter-exceptions/dns-interpreter-exceptions.bro, line 12: field value missing [p$ip] +timeout g(), F +timeout g(), T +timeout +g() done, no exception, T +localhost resolved +localhost resolved from f(), T +localhost resolved from f(), F +f() done, no exception, T diff --git a/testing/btest/Baseline/istate.sync/receiver.vars.log b/testing/btest/Baseline/istate.sync/receiver.vars.log index b28cfbd5c9..192876bd3e 100644 --- a/testing/btest/Baseline/istate.sync/receiver.vars.log +++ b/testing/btest/Baseline/istate.sync/receiver.vars.log @@ -31,3 +31,4 @@ file "test2" of string 6667/tcp [2, 20, 3, 4] [a=zxzxzx, b=[a=pop, b=43, c=9.999], c=[a=IOIOI, b=201, c=612.2], d=6.6666, e=] +122112 diff --git a/testing/btest/Baseline/istate.sync/sender.vars.log b/testing/btest/Baseline/istate.sync/sender.vars.log index b28cfbd5c9..192876bd3e 100644 --- a/testing/btest/Baseline/istate.sync/sender.vars.log +++ b/testing/btest/Baseline/istate.sync/sender.vars.log @@ -31,3 +31,4 @@ file "test2" of string 6667/tcp [2, 20, 3, 4] [a=zxzxzx, b=[a=pop, b=43, c=9.999], c=[a=IOIOI, b=201, c=612.2], d=6.6666, e=] +122112 diff --git a/testing/btest/Baseline/language.invalid_index/out b/testing/btest/Baseline/language.invalid_index/out new file mode 100644 index 0000000000..9110a8979d --- /dev/null +++ b/testing/btest/Baseline/language.invalid_index/out @@ -0,0 +1,7 @@ +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.invalid_index/invalid_index.bro, line 8: no such index (foo[1]) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.invalid_index/invalid_index.bro, line 9: no such index (foo[2]) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.invalid_index/invalid_index.bro, line 12: no such index (foo2[1]) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.invalid_index/invalid_index.bro, line 13: no such index (foo2[2]) +foo[0], 42 +foo2[0], 13 +done diff --git a/testing/btest/Baseline/language.record-bad-ctor/out b/testing/btest/Baseline/language.record-bad-ctor/out new file mode 100644 index 0000000000..2b890419ae --- /dev/null +++ b/testing/btest/Baseline/language.record-bad-ctor/out @@ -0,0 +1,3 @@ +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-bad-ctor/record-bad-ctor.bro, line 6: no type given (asdfasdf) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-bad-ctor/record-bad-ctor.bro, line 7: uninitialized list value ($ports=asdfasdf) +error in /Users/jsiwek/Projects/bro/bro/testing/btest/.tmp/language.record-bad-ctor/record-bad-ctor.bro, line 7: bad record initializer ([$ports=asdfasdf]) diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/.stderrwithoutfirstline b/testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/.stderrwithoutfirstline new file mode 100644 index 0000000000..3d8ba5e267 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/.stderrwithoutfirstline @@ -0,0 +1,4 @@ +error: ../input.log/Input::READER_ASCII: String 'l' contained no parseable number +error: ../input.log/Input::READER_ASCII: Could not convert line ' l' to Val. Ignoring line. +received termination signal +>>> diff --git a/testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/out b/testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/out new file mode 100644 index 0000000000..4950b6f590 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.frameworks.input.invalidtext/out @@ -0,0 +1,3 @@ +{ +[] = [c=5] +} diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log new file mode 100644 index 0000000000..8626071e18 --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/http.log @@ -0,0 +1,58 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path http +#open 2012-12-06-00-55-27 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p trans_depth method host uri referrer user_agent request_body_len response_body_len status_code status_msg info_code info_msg filename tags username password proxied mime_type md5 extraction_file +#types time string addr port addr port count string string string string string count count count string count string string table[enum] string string table[string] string string file +1354328870.191989 UWkUyAuUGXf 128.2.6.136 46562 173.194.75.103 80 1 OPTIONS www.google.com * - - 0 962 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328874.237327 arKYeMETxOg 128.2.6.136 46563 173.194.75.103 80 1 OPTIONS www.google.com HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328874.299063 k6kgXLOoSKl 128.2.6.136 46564 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328874.342591 nQcgTWjvg4c 128.2.6.136 46565 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328874.364020 j4u32Pc5bif 128.2.6.136 46566 173.194.75.103 80 1 GET www.google.com / - - 0 43911 200 OK - - - (empty) - - - text/html - - +1354328878.470424 TEfuqmmG4bh 128.2.6.136 46567 173.194.75.103 80 1 GET www.google.com / - - 0 43983 200 OK - - - (empty) - - - text/html - - +1354328882.575456 FrJExwHcSal 128.2.6.136 46568 173.194.75.103 80 1 GET www.google.com /HTTP/1.1 - - 0 1207 403 Forbidden - - - (empty) - - - text/html - - +1354328882.928027 5OKnoww6xl4 128.2.6.136 46569 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328882.968948 3PKsZ2Uye21 128.2.6.136 46570 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328882.990373 VW0XPVINV8a 128.2.6.136 46571 173.194.75.103 80 1 GET www.google.com / - - 0 43913 200 OK - - - (empty) - - - text/html - - +1354328887.114613 fRFu0wcOle6 128.2.6.136 46572 173.194.75.103 80 0 - - - - - 0 961 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328891.161077 qSsw6ESzHV4 128.2.6.136 46573 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328891.204740 iE6yhOq3SF 128.2.6.136 46574 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328891.245592 GSxOnSLghOa 128.2.6.136 46575 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328891.287655 qCaWGmzFtM5 128.2.6.136 46576 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328891.328583 70MGiRM1Qf4 128.2.6.136 46577 173.194.75.103 80 0 - - - - - 0 963 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328895.375116 h5DsfNtYzi1 128.2.6.136 46578 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328895.416133 P654jzLoe3a 128.2.6.136 46579 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328895.459490 Tw8jXtpTGu6 128.2.6.136 46580 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328895.500315 c4Zw9TmAE05 128.2.6.136 46581 173.194.75.103 80 0 - - - - - 0 963 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328899.526682 EAr0uf4mhq 128.2.6.136 46582 173.194.75.103 80 1 CONNECT www.google.com / - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328903.572533 GvmoxJFXdTa 128.2.6.136 46583 173.194.75.103 80 1 CONNECT www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328903.634196 0Q4FH8sESw5 128.2.6.136 46584 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328903.676395 slFea8xwSmb 128.2.6.136 46585 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328903.697693 UfGkYA2HI2g 128.2.6.136 46586 173.194.75.103 80 1 CONNECT www.google.com / - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328907.743696 i2rO3KD1Syg 128.2.6.136 46587 173.194.75.103 80 1 TRACE www.google.com / - - 0 960 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328911.790590 2cx26uAvUPl 128.2.6.136 46588 173.194.75.103 80 1 TRACE www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328911.853464 BWaU4aSuwkc 128.2.6.136 46589 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328911.897044 10XodEwRycf 128.2.6.136 46590 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328911.918511 zno26fFZkrh 128.2.6.136 46591 173.194.75.103 80 1 TRACE www.google.com / - - 0 960 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328915.964678 v5rgkJBig5l 128.2.6.136 46592 173.194.75.103 80 1 DELETE www.google.com / - - 0 961 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328920.010458 eWZCH7OONC1 128.2.6.136 46593 173.194.75.103 80 1 DELETE www.google.com /HTTP/1.1 - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328920.072101 0Pwk3ntf8O3 128.2.6.136 46594 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328920.114526 0HKorjr8Zp7 128.2.6.136 46595 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328920.136714 yC2d6kVg709 128.2.6.136 46596 173.194.75.103 80 1 DELETE www.google.com / - - 0 961 405 Method Not Allowed - - - (empty) - - - text/html - - +1354328924.183211 VcgagLjnO92 128.2.6.136 46597 173.194.75.103 80 1 PUT www.google.com / - - 0 934 411 Length Required - - - (empty) - - - text/html - - +1354328924.224567 bdRoHfaPBo3 128.2.6.136 46598 173.194.75.103 80 1 PUT www.google.com /HTTP/1.1 - - 0 934 411 Length Required - - - (empty) - - - text/html - - +1354328924.287402 zHqb7t7kv28 128.2.6.136 46599 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328924.328257 rrZWoMUQpv8 128.2.6.136 46600 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328924.350343 xNYSS2hJkle 128.2.6.136 46601 173.194.75.103 80 1 PUT www.google.com / - - 0 934 411 Length Required - - - (empty) - - - text/html - - +1354328924.391728 vMVjlplKKbd 128.2.6.136 46602 173.194.75.103 80 1 POST www.google.com / - - 0 934 411 Length Required - - - (empty) - - - text/html - - +1354328924.433150 3omNawSNrxj 128.2.6.136 46603 173.194.75.103 80 1 POST www.google.com /HTTP/1.1 - - 0 934 411 Length Required - - - (empty) - - - text/html - - +1354328924.496732 Rv8AJVfi9Zi 128.2.6.136 46604 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328924.537671 wEyF3OvvcQe 128.2.6.136 46605 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328924.559704 E490YZTUozc 128.2.6.136 46606 173.194.75.103 80 1 HEAD www.google.com / - - 0 0 200 OK - - - (empty) - - - - - - +1354328928.625437 YIeWJmXWNWj 128.2.6.136 46607 173.194.75.103 80 1 HEAD www.google.com / - - 0 0 200 OK - - - (empty) - - - - - - +1354328932.692706 ydiZblvsYri 128.2.6.136 46608 173.194.75.103 80 1 HEAD www.google.com /HTTP/1.1 - - 0 0 400 Bad Request - - - (empty) - - - - - - +1354328932.754657 HFYOnBqSE5e 128.2.6.136 46609 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +1354328932.796568 JcUvhfWUMgd 128.2.6.136 46610 173.194.75.103 80 0 - - - - - 0 925 400 Bad Request - - - (empty) - - - text/html - - +#close 2012-12-06-00-55-28 diff --git a/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log new file mode 100644 index 0000000000..8a9dcf17cc --- /dev/null +++ b/testing/btest/Baseline/scripts.base.protocols.http.http-methods/weird.log @@ -0,0 +1,61 @@ +#separator \x09 +#set_separator , +#empty_field (empty) +#unset_field - +#path weird +#open 2012-12-06-00-55-27 +#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p name addl notice peer +#types time string addr port addr port string string bool string +1354328874.278822 k6kgXLOoSKl 128.2.6.136 46564 173.194.75.103 80 bad_HTTP_request - F bro +1354328874.299063 k6kgXLOoSKl 128.2.6.136 46564 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328874.321792 nQcgTWjvg4c 128.2.6.136 46565 173.194.75.103 80 bad_HTTP_request - F bro +1354328874.342591 nQcgTWjvg4c 128.2.6.136 46565 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328882.908690 5OKnoww6xl4 128.2.6.136 46569 173.194.75.103 80 bad_HTTP_request - F bro +1354328882.928027 5OKnoww6xl4 128.2.6.136 46569 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328882.949510 3PKsZ2Uye21 128.2.6.136 46570 173.194.75.103 80 bad_HTTP_request - F bro +1354328882.968948 3PKsZ2Uye21 128.2.6.136 46570 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328887.094494 fRFu0wcOle6 128.2.6.136 46572 173.194.75.103 80 bad_HTTP_request - F bro +1354328887.114613 fRFu0wcOle6 128.2.6.136 46572 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328891.141058 qSsw6ESzHV4 128.2.6.136 46573 173.194.75.103 80 bad_HTTP_request - F bro +1354328891.161077 qSsw6ESzHV4 128.2.6.136 46573 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328891.183942 iE6yhOq3SF 128.2.6.136 46574 173.194.75.103 80 bad_HTTP_request - F bro +1354328891.204740 iE6yhOq3SF 128.2.6.136 46574 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328891.226199 GSxOnSLghOa 128.2.6.136 46575 173.194.75.103 80 bad_HTTP_request - F bro +1354328891.245592 GSxOnSLghOa 128.2.6.136 46575 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328891.267625 qCaWGmzFtM5 128.2.6.136 46576 173.194.75.103 80 bad_HTTP_request - F bro +1354328891.287655 qCaWGmzFtM5 128.2.6.136 46576 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328891.309065 70MGiRM1Qf4 128.2.6.136 46577 173.194.75.103 80 bad_HTTP_request - F bro +1354328891.328583 70MGiRM1Qf4 128.2.6.136 46577 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328895.355012 h5DsfNtYzi1 128.2.6.136 46578 173.194.75.103 80 bad_HTTP_request - F bro +1354328895.375116 h5DsfNtYzi1 128.2.6.136 46578 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328895.396634 P654jzLoe3a 128.2.6.136 46579 173.194.75.103 80 bad_HTTP_request - F bro +1354328895.416133 P654jzLoe3a 128.2.6.136 46579 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328895.438812 Tw8jXtpTGu6 128.2.6.136 46580 173.194.75.103 80 bad_HTTP_request - F bro +1354328895.459490 Tw8jXtpTGu6 128.2.6.136 46580 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328895.480865 c4Zw9TmAE05 128.2.6.136 46581 173.194.75.103 80 bad_HTTP_request - F bro +1354328895.500315 c4Zw9TmAE05 128.2.6.136 46581 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328903.614145 0Q4FH8sESw5 128.2.6.136 46584 173.194.75.103 80 bad_HTTP_request - F bro +1354328903.634196 0Q4FH8sESw5 128.2.6.136 46584 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328903.656369 slFea8xwSmb 128.2.6.136 46585 173.194.75.103 80 bad_HTTP_request - F bro +1354328903.676395 slFea8xwSmb 128.2.6.136 46585 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328911.832856 BWaU4aSuwkc 128.2.6.136 46589 173.194.75.103 80 bad_HTTP_request - F bro +1354328911.853464 BWaU4aSuwkc 128.2.6.136 46589 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328911.876341 10XodEwRycf 128.2.6.136 46590 173.194.75.103 80 bad_HTTP_request - F bro +1354328911.897044 10XodEwRycf 128.2.6.136 46590 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328920.052085 0Pwk3ntf8O3 128.2.6.136 46594 173.194.75.103 80 bad_HTTP_request - F bro +1354328920.072101 0Pwk3ntf8O3 128.2.6.136 46594 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328920.094072 0HKorjr8Zp7 128.2.6.136 46595 173.194.75.103 80 bad_HTTP_request - F bro +1354328920.114526 0HKorjr8Zp7 128.2.6.136 46595 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328924.266693 zHqb7t7kv28 128.2.6.136 46599 173.194.75.103 80 bad_HTTP_request - F bro +1354328924.287402 zHqb7t7kv28 128.2.6.136 46599 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328924.308714 rrZWoMUQpv8 128.2.6.136 46600 173.194.75.103 80 bad_HTTP_request - F bro +1354328924.328257 rrZWoMUQpv8 128.2.6.136 46600 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328924.476011 Rv8AJVfi9Zi 128.2.6.136 46604 173.194.75.103 80 bad_HTTP_request - F bro +1354328924.496732 Rv8AJVfi9Zi 128.2.6.136 46604 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328924.518204 wEyF3OvvcQe 128.2.6.136 46605 173.194.75.103 80 bad_HTTP_request - F bro +1354328924.537671 wEyF3OvvcQe 128.2.6.136 46605 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328932.734579 HFYOnBqSE5e 128.2.6.136 46609 173.194.75.103 80 bad_HTTP_request - F bro +1354328932.754657 HFYOnBqSE5e 128.2.6.136 46609 173.194.75.103 80 unmatched_HTTP_reply - F bro +1354328932.776609 JcUvhfWUMgd 128.2.6.136 46610 173.194.75.103 80 bad_HTTP_request - F bro +1354328932.796568 JcUvhfWUMgd 128.2.6.136 46610 173.194.75.103 80 unmatched_HTTP_reply - F bro +#close 2012-12-06-00-55-28 diff --git a/testing/btest/Traces/http-methods.trace b/testing/btest/Traces/http-methods.trace new file mode 100644 index 0000000000..323e6ee06a Binary files /dev/null and b/testing/btest/Traces/http-methods.trace differ diff --git a/testing/btest/core/dns-interpreter-exceptions.bro b/testing/btest/core/dns-interpreter-exceptions.bro new file mode 100644 index 0000000000..a795971b58 --- /dev/null +++ b/testing/btest/core/dns-interpreter-exceptions.bro @@ -0,0 +1,63 @@ +# @TEST-EXEC: bro -b -r $TRACES/wikipedia.trace %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out +# interpreter exceptions in "when" blocks shouldn't cause termination +global p: pkt_hdr; + +function f(do_exception: bool): bool + { + return when ( local addrs = lookup_hostname("localhost") ) + { + print "localhost resolved from f()", do_exception; + if ( do_exception ) + print p$ip; + return T; + } + return F; + } + +function g(do_exception: bool): bool + { + return when ( local addrs = lookup_hostname("localhost") ) + { + print "shouldn't get here, g()", do_exception; + } + timeout 0 sec + { + print "timeout g()", do_exception; + if ( do_exception ) + print p$ip; + return T; + } + return F; + } + +event bro_init() + { + when ( local addrs = lookup_hostname("localhost") ) + { + print "localhost resolved"; + print p$ip; + } + + when ( local addrs2 = lookup_hostname("localhost") ) + { + print "shouldn't get here"; + } + timeout 0 sec + { + print "timeout"; + print p$ip; + } + + when ( local b = f(T) ) + print "f() exception done (shouldn't be printed)", b; + + when ( local b2 = g(T) ) + print "g() exception done (shouldn't be printed)", b2; + + when ( local b3 = f(F) ) + print "f() done, no exception", b3; + + when ( local b4 = g(F) ) + print "g() done, no exception", b4; + } diff --git a/testing/btest/istate/sync.bro b/testing/btest/istate/sync.bro index e1364a9553..a297e8a50f 100644 --- a/testing/btest/istate/sync.bro +++ b/testing/btest/istate/sync.bro @@ -1,7 +1,7 @@ # @TEST-SERIALIZE: comm # -# @TEST-EXEC: btest-bg-run sender bro %INPUT ../sender.bro -# @TEST-EXEC: btest-bg-run receiver bro %INPUT ../receiver.bro +# @TEST-EXEC: btest-bg-run sender bro -b %INPUT ../sender.bro +# @TEST-EXEC: btest-bg-run receiver bro -b %INPUT ../receiver.bro # @TEST-EXEC: btest-bg-wait 20 # # @TEST-EXEC: btest-diff sender/vars.log @@ -27,6 +27,7 @@ global foo13 = { [1,"ABC"] = 101, [2,"DEF"] = 102, [3,"GHI"] = 103 } &persiste global foo14 = { [12345] = foo11, [12346] = foo11 } &persistent &synchronized; global foo15 = 42/udp &persistent &synchronized; global foo16: vector of count = [1,2,3] &persistent &synchronized; +global foo18: count &persistent &synchronized; # not initialized type type1: record { a: string; @@ -70,6 +71,7 @@ event bro_done() print out, foo15; print out, foo16; print out, foo17; + print out, foo18; } @@ -128,7 +130,8 @@ function modify() delete foo17$e; foo2 = 1234567; -} + foo18 = 122112; + } @load frameworks/communication/listen @@ -148,6 +151,8 @@ redef Communication::nodes += { @TEST-START-FILE receiver.bro +@load base/frameworks/communication + event bro_init() { capture_events("events.bst"); diff --git a/testing/btest/language/invalid_index.bro b/testing/btest/language/invalid_index.bro new file mode 100644 index 0000000000..96b7fa78c5 --- /dev/null +++ b/testing/btest/language/invalid_index.bro @@ -0,0 +1,15 @@ +# @TEST-EXEC: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +global foo: vector of count = { 42 }; +global foo2: table[count] of count = { [0] = 13 }; + +print "foo[0]", foo[0]; +print "foo[1]", foo[1]; +print "foo[2]", foo[2]; + +print "foo2[0]", foo2[0]; +print "foo2[1]", foo2[1]; +print "foo2[2]", foo2[2]; + +print "done"; diff --git a/testing/btest/language/record-bad-ctor.bro b/testing/btest/language/record-bad-ctor.bro new file mode 100644 index 0000000000..6b7ae4ff19 --- /dev/null +++ b/testing/btest/language/record-bad-ctor.bro @@ -0,0 +1,8 @@ +# @TEST-EXEC-FAIL: bro -b %INPUT >out 2>&1 +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff out + +# At least shouldn't crash Bro, just report the invalid record ctor. + +global asdfasdf; +const blah = [$ports=asdfasdf]; +print blah; diff --git a/testing/btest/scripts/base/frameworks/input/invalidtext.bro b/testing/btest/scripts/base/frameworks/input/invalidtext.bro new file mode 100644 index 0000000000..75efb1247d --- /dev/null +++ b/testing/btest/scripts/base/frameworks/input/invalidtext.bro @@ -0,0 +1,46 @@ +# (uses listen.bro just to ensure input sources are more reliably fully-read). +# @TEST-SERIALIZE: comm +# +# @TEST-EXEC: btest-bg-run bro bro -b %INPUT +# @TEST-EXEC: btest-bg-wait -k 5 +# @TEST-EXEC: btest-diff out +# @TEST-EXEC: sed 1d .stderr > .stderrwithoutfirstline +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderrwithoutfirstline + +@TEST-START-FILE input.log +#separator \x09 +#fields i c +#types int count + l + 5 +@TEST-END-FILE + +@load frameworks/communication/listen + +global outfile: file; + +module A; + +type Idx: record { + i: string; +}; + +type Val: record { + c: count; +}; + +global servers: table[string] of Val = table(); + +event bro_init() + { + outfile = open("../out"); + # first read in the old stuff into the table... + Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers]); + Input::remove("ssh"); + } + +event Input::end_of_data(name: string, source:string) + { + print outfile, servers; + terminate(); + } diff --git a/testing/btest/scripts/base/protocols/http/http-methods.bro b/testing/btest/scripts/base/protocols/http/http-methods.bro new file mode 100644 index 0000000000..59045c1cc5 --- /dev/null +++ b/testing/btest/scripts/base/protocols/http/http-methods.bro @@ -0,0 +1,9 @@ +# This tests that the HTTP analyzer handles strange HTTP methods properly. +# +# @TEST-EXEC: bro -r $TRACES/http-methods.trace %INPUT +# @TEST-EXEC: btest-diff weird.log +# @TEST-EXEC: btest-diff http.log + +# The base analysis scripts are loaded by default. +#@load base/protocols/http +