Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 15:18:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
19611 commits 386 branches 195 tags 257 MiB
Commit graph

16 commits

Author SHA1 Message Date
Benjamin Grap
fafc0212a5 Changed behavior of var-extraction-uri.zeek from policy/protocol/http to extract only the URI parameter names. Do not include the path in the first parameter name. Only extract uri vars if parameters actually exist. 2025-08-13 22:45:20 +02:00
Tim Wojtulewicz
d95affde4d Remove deprecations tagged for v8.1 2025-08-12 10:19:03 -07:00
Vern Paxson
dcd14f7a16 Add a revised script for detecting HTTP SQL injection, deprecate original 2025-05-20 16:24:20 +02:00
Arne Welzel
b69222d5f6 btest: Add detect-sqli test script 
...I added the baselines during the merge, just not the test itself.
 2024-11-04 18:42:55 +01:00
Arne Welzel
5200b84fb3 Merge branch 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek 
* 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek:
  account for spaces encoding to plus signs in sqli regex detection
 2024-10-29 14:08:39 +01:00
Cooper Grill
ec6bf7bebc account for spaces encoding to plus signs in sqli regex detection 
remove instance of plus sign to account for real plus in sql

account for spaces encoding to plus signs in sqli regex detection

add test cases for sqli space to plus

account for spaces encoding to plus signs in sqli regex detection

forgot semicolon

account for spaces encoding to plus signs in sqli regex detection
 2024-10-29 07:48:36 -04:00
Jon Siwek
ae923106f1 GH-352: Improve HTTP::match_sql_injection_uri regex 
Changes \x00-\x37 ranges to \x00-\x1f with assumption that the former
was attempting to match ASCII control characters, but mistook an octal
range for hex.  This change reduces some false positives.
 2020-11-12 16:19:35 -08:00
Jon Siwek
7967a5b0aa General btest cleanup 
- Use `-b` most everywhere, it will save time.

- Start some intel tests upon the input file being fully read instead of
  at an arbitrary time.

- Improve termination condition for some sumstats/cluster tests.

- Filter uninteresting output from some supervisor tests.

- Test for `notice_policy.log` is no longer needed.
 2020-08-11 11:26:22 -07:00
Robin Sommer
789cb376fd GH-239: Rename bro to zeek, bro-config to zeek-config, and bro-path-dev to zeek-path-dev. 
This also installs symlinks from "zeek" and "bro-config" to a wrapper
script that prints a deprecation warning.

The btests pass, but this is still WIP. broctl renaming is still
missing.

#239
 2019-05-01 21:43:45 +00:00
Jon Siwek
a994be9eeb Merge remote-tracking branch 'origin/topic/seth/zeek_init' 
* origin/topic/seth/zeek_init:
  Some more testing fixes.
  Update docs and tests for bro_(init|done) -> zeek_(init|done)
  Implement the zeek_init handler.
 2019-04-19 11:24:29 -07:00
Jon Siwek
1e57e3f026 Use .zeek file suffix in unit tests 2019-04-16 16:08:57 -07:00
Seth Hall
5db766bd88 Update docs and tests for bro_(init|done) -> zeek_(init|done) 2019-04-14 08:49:12 -04:00
Robin Sommer
46e584daa2 Adding tests for Flash version parsing and plugin detection. 
(The plugin detection isn't testing the Chrome behaviour actually,
don't have a trace for that.)
 2015-07-30 07:23:14 -07:00
Jon Siwek
c09411bc8b BIT-1077: fix HTTP::log_server_header_names. 
Before, it just re-logged fields from the client side.
 2015-03-16 15:12:48 -05:00
Seth Hall
61aa592db5 A few updates for SQL injection detection. 
- The biggest change is the change in notice names from
	HTTP::SQL_Injection_Attack_Against to
	HTTP::SQL_Injection_Victim

- A few new SQL injection attacks in the tests that we need to
  support at some point.
 2011-12-12 14:26:54 -05:00
Jon Siwek
c3fb0ea035 Reorganizing btest/policy directory to match new scripts/ organization 
Addresses #545
 2011-08-11 10:43:11 -05:00