Initial paraglob integration.

testing/btest/Baseline/language.paraglob/out

@@ -0,0 +1,6 @@
+[T, T, T, T, T]
+T
+[*, *og, d?g, d[!wl]g]
+[once]
+[*.gov*, *malware*]
+[*.gov*, *malware*]

testing/btest/Baseline/scripts.base.frameworks.input.bad_patterns/.stderr

@@ -0,0 +1,9 @@
+error: input.log/Input::READER_ASCII: String '/cat/sss' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: Could not convert line '2	/cat/sss' of input.log to Val. Ignoring line.
+error: input.log/Input::READER_ASCII: String '/foo|bar' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: Could not convert line '3	/foo|bar' of input.log to Val. Ignoring line.
+error: input.log/Input::READER_ASCII: String 'this is not a pattern' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: Could not convert line '4	this is not a pattern' of input.log to Val. Ignoring line.
+error: input.log/Input::READER_ASCII: String '/5' contained no parseable pattern.
+warning: input.log/Input::READER_ASCII: Could not convert line '5	/5' of input.log to Val. Ignoring line.
+received termination signal

testing/btest/Baseline/scripts.base.frameworks.input.patterns/out

@@ -0,0 +1,9 @@
+T
+F
+T
+{
+[2] = [p=/^?(cat)$?/],
+[4] = [p=/^?(^oob)$?/],
+[1] = [p=/^?(dog)$?/],
+[3] = [p=/^?(foo|bar)$?/]
+}

testing/btest/language/paraglob.zeek

@@ -0,0 +1,34 @@
+# @TEST-EXEC: bro -b %INPUT >out
+# @TEST-EXEC: btest-diff out
+
+event zeek_init ()
+{
+  local v1 = vector("*", "d?g", "*og", "d?", "d[!wl]g");
+  local v2 = vector("once", "!o*", "once");
+  local v3 = vector("https://*.google.com/*", "*malware*", "*.gov*");
+
+  local p1 = paraglob_init(v1);
+  local p2: opaque of paraglob = paraglob_init(v2);
+  local p3 = paraglob_init(v3);
+  local p_eq = paraglob_init(v1);
+
+  # paraglob_init should not modify v1
+  print (v1 == vector("*", "d?g", "*og", "d?", "d[!wl]g"));
+  # p_eq and p1 should be the same paraglobs
+  print paraglob_equals(p1, p_eq);
+
+  print paraglob_get(p1, "dog");
+  print paraglob_get(p2, "once");
+  print paraglob_get(p3, "www.strange-malware-domain.gov");
+
+  # This looks like a lot, but really should complete quickly.
+  # Paraglob should stop addition of duplicate patterns.
+  local i = 1000000;
+  while (i > 0) {
+    i = i - 1;
+    v3 += v3[1];
+  }
+
+  local large_glob: opaque of paraglob = paraglob_init(v3);
+  print paraglob_get(large_glob, "www.strange-malware-domain.gov");
+}

testing/btest/scripts/base/frameworks/input/bad_patterns.zeek

@@ -0,0 +1,38 @@
+# @TEST-EXEC: zeek -b %INPUT
+# @TEST-EXEC: btest-diff .stderr
+
+@TEST-START-FILE input.log
+#separator \x09
+#fields	i	p
+#types	count	pattern
+1	/d/og/
+2	/cat/sss
+3	/foo|bar
+4	this is not a pattern
+5	/5
+@TEST-END-FILE
+
+redef exit_only_after_terminate = T;
+
+module A;
+
+type Idx: record {
+	i: int;
+};
+
+type Val: record {
+	p: pattern;
+};
+
+event kill_me()
+	{
+	terminate();
+	}
+
+global pats: table[int] of Val = table();
+
+event zeek_init()
+	{
+	Input::add_table([$source="input.log", $name="pats", $idx=Idx, $val=Val, $destination=pats]);
+	schedule 10msec { kill_me() };
+	}

testing/btest/scripts/base/frameworks/input/patterns.zeek

@@ -0,0 +1,47 @@
+# @TEST-EXEC: btest-bg-run zeek zeek -b %INPUT
+# @TEST-EXEC: btest-bg-wait 10
+
+
+redef exit_only_after_terminate = T;
+
+@TEST-START-FILE input.log
+#separator \x09
+#fields	i	p
+#types	count	pattern
+1	/dog/
+2	/cat/
+3	/foo|bar/
+4	/^oob/
+@TEST-END-FILE
+
+global outfile: file;
+
+module A;
+
+type Idx: record {
+	i: int;
+};
+
+type Val: record {
+	p: pattern;
+};
+
+global pats: table[int] of Val = table();
+
+event zeek_init()
+	{
+	outfile = open("../out");
+	# first read in the old stuff into the table...
+	Input::add_table([$source="../input.log", $name="pats", $idx=Idx, $val=Val, $destination=pats]);
+	}
+
+event Input::end_of_data(name: string, source:string)
+	{
+	print outfile, (pats[3]$p in "foobar"); # T
+	print outfile, (pats[4]$p in "foobar"); # F
+	print outfile, (pats[3]$p == "foo"); # T
+	print outfile, pats;
+	Input::remove("pats");
+	close(outfile);
+	terminate();
+	}