Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/jazoff/gh-3268t '

Browse source 
* origin/topic/jazoff/gh-3268:
  Fix check for emailed notices

Changes: Added a test-case printing email_delay_tokens to compare email vs
non-email notice types. Previously, both notice types would have email
delay tokens at that point in the flow.

(cherry picked from commit 7e11501d3c)
This commit is contained in:
Arne Welzel 2023-09-04 14:00:37 +02:00 committed by Tim Wojtulewicz
parent 8507d58141
commit fe9c7d4191
3 changed files with 47 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
scripts/policy/frameworks/notice/extend-email/hostnames.zeek
View file

@ -20,7 +20,7 @@ hook notice(n: Notice::Info) &priority=-1
return; return;
# This should only be done for notices that are being sent to email. # This should only be done for notices that are being sent to email.
if ( ! n?$email_dest ) if ( |n$email_dest| == 0 )
return; return;
# I'm not recovering gracefully from the when statements because I want # I'm not recovering gracefully from the when statements because I want

3
testing/btest/Baseline/scripts.policy.frameworks.notice.extend-email.hostnames/out Normal file
View file

@ -0,0 +1,3 @@
### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
email_delay_tokens, Test_New_Connection_Notice, (empty)
email_delay_tokens, Test_Connection_State_Remove_Notice, hostnames-dst,hostnames-src

43
testing/btest/scripts/policy/frameworks/notice/extend-email/hostnames.zeek Normal file
View file

@ -0,0 +1,43 @@
# @TEST-DOC: Check that extend-email/hostnames.zeek does not run lookup_addr() for non email type notices.
# @TEST-EXEC: zeek -b -r $TRACES/http/get.trace %INPUT >out
# @TEST-EXEC: btest-diff out
@load base/frameworks/notice
@load frameworks/notice/extend-email/hostnames
redef enum Notice::Type += {
Test_New_Connection_Notice,
Test_Connection_State_Remove_Notice,
};
redef Notice::emailed_types += {
Test_Connection_State_Remove_Notice,
};
redef Notice::mail_dest = "user@example.net";
redef Notice::sendmail = "fake-sendmail"; # not in effect, but better safe than sorry.
module Notice;
hook Notice::notice(n: Notice::Info) &priority=-2
{
# email_delay_token population runs at priority -1
# in extend-email/hostnames.zeek, so we can look
# at the result during priority=-2 and observe
# that only Test_Connection_State_Remove_Notice
# has email_delay_tokens set.
print "email_delay_tokens", n$note, |n$email_delay_tokens| > 0 ? join_string_set(n$email_delay_tokens, ",") : "(empty)";
}
event new_connection(c: connection)
{
NOTICE([$note=Test_New_Connection_Notice, $conn=c]);
}
event connection_state_remove(c: connection)
{
NOTICE([$note=Test_Connection_State_Remove_Notice, $conn=c]);
}