Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-11 19:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

rule-parse: Remove [event_name] syntax, deprecate msg as identifier

Browse source 
As suggested by Robin. Thanks.
This commit is contained in:
Arne Welzel 2023-12-13 20:50:56 +01:00
parent 0b5126f650
commit f3470843d6
12 changed files with 68 additions and 39 deletions
Download patch file Download diff file Expand all files Collapse all files

16
testing/btest/signatures/custom-event-errors.zeek
View file

@ -1,29 +1,37 @@
# @TEST-DOC: Using the wrong paramters for custom signature events.
#
# @TEST-EXEC-FAIL: zeek -b -s id -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out
# @TEST-EXEC-FAIL: zeek -b -s id2 -r $TRACES/chksums/ip4-udp-good-chksum.pcap %INPUT >id.out
# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
@TEST-START-FILE id.sig
signature udp-proto {
ip-proto == 17
event [wrong_signature2] "id"
event wrong_signature2 "id"
}
signature udp-proto2 {
ip-proto == 17
event [wrong_signature3]
event wrong_signature3
}
signature udp-proto3 {
ip-proto == 17
event [wrong_signature4] "not a count"
event wrong_signature4 "not a count"
}
signature udp-proto4 {
ip-proto == 17
event [non_existing_event]
event non_existing_event
}
@TEST-END-FILE
@TEST-START-FILE id2.sig
# Using two identifiers is not supported.
signature udp-proto-msg-id {
ip-proto == 17
event signature_match message_as_id
}
@TEST-END-FILE
event wrong_signature2(state: signature_state, data: string) { }