Merge branch 'master' into topic/jsiwek/faf-cleanup

Conflicts: scripts/base/protocols/ftp/file-analysis.bro scripts/base/protocols/http/file-analysis.bro scripts/base/protocols/irc/file-analysis.bro scripts/base/protocols/smtp/file-analysis.bro src/file_analysis/File.cc src/file_analysis/File.h src/file_analysis/Manager.cc src/file_analysis/Manager.h testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/file_analysis.log testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-0.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-1.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-2.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-3.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7-1.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4-0.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38-2.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk-3.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp.log testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3-0.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb-0.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-0.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-1.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3-1.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb-0.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log testing/btest/scripts/base/protocols/ftp/ftp-extract.bro testing/btest/scripts/base/protocols/http/http-extract-files.bro testing/btest/scripts/base/protocols/irc/dcc-extract.test testing/btest/scripts/base/protocols/smtp/mime-extract.test
2025-10-13 03:58:20 +00:00 · 2013-06-07 15:44:36 -05:00 · 2013-06-07 15:44:36 -05:00 · f2574636b6
commit f2574636b6
parent 9c86a3ee0e 203df4fa6b
517 changed files with 15571 additions and 12637 deletions
--- a/testing/btest/scripts/base/protocols/ftp/ftp-extract.bro
+++ b/testing/btest/scripts/base/protocols/ftp/ftp-extract.bro
@ -3,10 +3,8 @@
 # @TEST-EXEC: bro -r $TRACES/ftp/ipv4.trace %INPUT
 # @TEST-EXEC: btest-diff conn.log
 # @TEST-EXEC: btest-diff ftp.log
-# @TEST-EXEC: btest-diff ftp-item-Rqjkzoroau4.dat
-# @TEST-EXEC: btest-diff ftp-item-BTsa70Ua9x7.dat
-# @TEST-EXEC: btest-diff ftp-item-VLQvJybrm38.dat
-# @TEST-EXEC: btest-diff ftp-item-zrfwSs9K1yk.dat
+# @TEST-EXEC: cat ftp-item-*.dat | sort > extractions
+# @TEST-EXEC: btest-diff extractions

 redef FTP::logged_commands += {"LIST"};
 redef FTP::extract_file_types=/.*/;
--- a/testing/btest/scripts/base/protocols/http/http-extract-files.bro
+++ b/testing/btest/scripts/base/protocols/http/http-extract-files.bro
@ -1,5 +1,6 @@
 # @TEST-EXEC: bro -C -r $TRACES/web.trace %INPUT
 # @TEST-EXEC: btest-diff http.log
-# @TEST-EXEC: btest-diff http-item-BFymS6bFgT3.dat
+# @TEST-EXEC: mv http-item-*.dat http-item.dat
+# @TEST-EXEC: btest-diff http-item.dat

 redef HTTP::extract_file_types += /text\/html/;
--- a/testing/btest/scripts/base/protocols/http/multipart-extract.bro
+++ b/testing/btest/scripts/base/protocols/http/multipart-extract.bro
@ -1,8 +1,5 @@
 # @TEST-EXEC: bro -C -r $TRACES/http/multipart.trace %INPUT
 # @TEST-EXEC: btest-diff http.log
-# @TEST-EXEC: btest-diff http-item-TJdltRTxco1.dat
-# @TEST-EXEC: btest-diff http-item-QJO04kPdawk.dat
-# @TEST-EXEC: btest-diff http-item-dDH5dHdsRH4.dat
-# @TEST-EXEC: btest-diff http-item-TaUJcEIboHh.dat
+# @TEST-EXEC: cat http-item-* | sort > extractions

 redef HTTP::extract_file_types += /.*/;
--- a/testing/btest/scripts/base/protocols/irc/dcc-extract.test
+++ b/testing/btest/scripts/base/protocols/irc/dcc-extract.test
@ -3,8 +3,9 @@

 # @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT
 # @TEST-EXEC: btest-diff irc.log
-# @TEST-EXEC: btest-diff irc-dcc-item-wqKMAamJVSb.dat
+# @TEST-EXEC: mv irc-dcc-item-*.dat irc-dcc-item.dat
+# @TEST-EXEC: btest-diff irc-dcc-item.dat
 # @TEST-EXEC: bro -r $TRACES/irc-dcc-send.trace %INPUT IRC::extraction_prefix="test"
-# @TEST-EXEC: test -e test-wqKMAamJVSb.dat
+# @TEST-EXEC: test -e test-*.dat

 redef IRC::extract_file_types=/.*/;
--- a/testing/btest/scripts/base/protocols/modbus/events.bro
+++ b/testing/btest/scripts/base/protocols/modbus/events.bro
@ -2,7 +2,7 @@
 # @TEST-EXEC: bro -r $TRACES/modbus/modbus.trace %INPUT | sort | uniq -c | sed 's/^ *//g' >output
 # @TEST-EXEC: btest-diff output
 # @TEST-EXEC: cat output | awk '{print $2}' | grep "^modbus_" | sort | uniq | wc -l >covered
-# @TEST-EXEC: cat ${DIST}/src/event.bif  | grep "^event modbus_" | wc -l >total
+# @TEST-EXEC: cat ${DIST}/src/analyzer/protocol/modbus/events.bif  | grep "^event modbus_" | wc -l >total
 # @TEST-EXEC: echo `cat covered` of `cat total` events triggered by trace >coverage
 # @TEST-EXEC: btest-diff coverage

--- a/testing/btest/scripts/base/protocols/smtp/mime-extract.test
+++ b/testing/btest/scripts/base/protocols/smtp/mime-extract.test
@ -1,10 +1,10 @@
 # @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT
 # @TEST-EXEC: btest-diff smtp_entities.log
-# @TEST-EXEC: btest-diff smtp-entity-cwR7l6Zctxb.dat
-# @TEST-EXEC: btest-diff smtp-entity-Ltd7QO7jEv3.dat
+# @TEST-EXEC: cat smtp-entity-*.dat | sort > extractions
+# @TEST-EXEC: btest-diff extractions
 # @TEST-EXEC: bro -r $TRACES/smtp.trace %INPUT SMTP::extraction_prefix="test"
-# @TEST-EXEC: test -e test-cwR7l6Zctxb.dat
-# @TEST-EXEC: test -e test-Ltd7QO7jEv3.dat
+# @TEST-EXEC: cnt=0 && for f in test-*.dat; do cnt=$((cnt+1)); done && echo $cnt >filecount
+# @TEST-EXEC: btest-diff filecount

@load base/protocols/smtp

--- a/testing/btest/scripts/base/protocols/syslog/trace.test
+++ b/testing/btest/scripts/base/protocols/syslog/trace.test
@ -0,0 +1,4 @@
+# @TEST-EXEC: bro -r $TRACES/syslog-single-udp.trace %INPUT
+# @TEST-EXEC: btest-diff syslog.log
+
+@load base/protocols/syslog