Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

btest/javascript: Add file_sniff() and file_state_remove() test

Browse source 
Using file_state_remove() or file_sniff() would previously crash with the
spicy-zip file analyzer. We don't have spicy-zip here, so it's not a
proper reproducer, but still makes sense to test these events.
This commit is contained in:
Arne Welzel 2025-03-10 14:14:24 +01:00
parent cf154e02dd
commit e2b65acc6d
3 changed files with 28 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

22
testing/btest/javascript/file-sniff.js Normal file
View file

@ -0,0 +1,22 @@
/*
* @TEST-REQUIRES: $SCRIPTS/have-javascript
* @TEST-EXEC: zeek -b -Cr $TRACES/http/get.trace base/protocols/http ./ext.zeek %INPUT > out
* @TEST-EXEC: zeek-cut -m fuid uid from_js < files.log > files.log.cut
* @TEST-EXEC: btest-diff out
* @TEST-EXEC: btest-diff files.log.cut
*/
zeek.on('file_sniff', (f, meta) => {
console.log(`file_sniff ${f.id} ${JSON.stringify(meta)}`);
});
zeek.on('file_state_remove', (f) => {
console.log(`file_state_remove ${f.id}`);
f.info.from_js = "Hello from JavaScript";
});
@TEST-START-FILE ext.zeek
redef record Files::Info += {
from_js: string &log &optional;
};
@TEST-END-FILE