Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-05 08:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
5374 commits 385 branches 195 tags 258 MiB
Commit graph

1582 commits

Author SHA1 Message Date
Jon Siwek
1a03a95f35 Workaround race condition in unified2 file module. 
This makes the unit test pass consistently, but need to see about
fixing it in the unified2 file module directly.
 2014-12-17 09:57:06 -06:00
Jon Siwek
cbbe7b52dc Review/fix/change file reassembly functionality. 
- Re-arrange how some fa_file fields (e.g. source, connection info, mime
  type) get updated/set for consistency.

- Add more robust mechanisms for flushing the reassembly buffer.
  The goal being to report all gaps and deliveries to file analyzers
  regardless of the state of the reassembly buffer at the time it has to
  be flushed.
 2014-12-16 14:05:15 -06:00
Jon Siwek
edaf7edc11 Merge remote-tracking branch 'origin/topic/seth/files-reassembly-and-mime-updates' into topic/jsiwek/file-reassembly-merge 
Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-12-15 10:33:09 -06:00
Robin Sommer
665e6b00f1 Updating doc baselines. 2014-12-04 09:05:38 -08:00
Robin Sommer
bb7d94d9c5 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1296' 
* origin/topic/jsiwek/bit-1296:
  Make using local IDs in @if directives an error.

BIT-1296 #merged
 2014-12-03 14:14:23 -08:00
Robin Sommer
19d9a8bfa2 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix some "make doc" warnings and update some doc tests
 2014-12-03 14:10:49 -08:00
Jon Siwek
cdbe459f20 Make using local IDs in @if directives an error. 
Addresses BIT-1296.
 2014-12-02 12:30:46 -06:00
Daniel Thayer
cc7286b628 Fix some "make doc" warnings and update some doc tests 2014-12-01 22:43:17 -06:00
Raúl Benencia
127a61597e Add/invoke "distclean" for testing directories. 
BIT-1292 #close
 2014-12-01 10:43:41 -06:00
Johanna Amann
cd21b7f130 Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs. 
Returned dsa so far.

Bug found by Michał Purzyński
 2014-11-25 11:18:07 -08:00
Robin Sommer
9d3cfaddaa Merge branch 'master' of https://github.com/anthonykasza/bro 
- I've changed/extended the URI record fields a bit:
        - path is always the full path including the full file name
        - if there's no path, the field still still be set set "/".
        - file_name is the full name including extenstion, and
          file_base and file_ext split it out.

    - Adding a test exercising a bunch of URLs.
 2014-11-18 12:21:06 -08:00
Jon Siwek
f214158cc5 BIT-1288: Improve coercion of &default expressions. 2014-11-18 12:40:16 -06:00
Robin Sommer
ee14b96a15 Merge remote-tracking branch 'origin/topic/struck/BIT-1287' 
* origin/topic/struck/BIT-1287:
  [ADD] builtin function enum_to_int()

BIT-1287 #merged
 2014-11-11 13:20:40 -08:00
Christian Struck
b36d5fc81b [ADD] builtin function enum_to_int() 
[ADD] added tests for the new enum_to_int function
 2014-11-10 18:24:27 -08:00
Seth Hall
e879aa78f5 Merge remote-tracking branch 'origin/topic/seth/mime-updates' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	scripts/base/init-bare.bro
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:42:34 -05:00
Seth Hall
842dfd8b4a Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:40:26 -05:00
Seth Hall
efdfef7970 Merge remote-tracking branch 'origin/master' into topic/seth/mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 10:57:57 -05:00
Vlad Grigorescu
e86fc160db Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-10-31 21:32:19 -04:00
Robin Sommer
78de5c17ef Merge remote-tracking branch 'origin/topic/jsiwek/bit-1176' 
* origin/topic/jsiwek/bit-1176:
  Fix segfault if when statement's RHS is unitialized.

BIT-1176 #merged
 2014-10-31 16:30:49 -07:00
Robin Sommer
2e7b732c4b Merge remote-tracking branch 'origin/topic/jsiwek/bit-1280' 
* origin/topic/jsiwek/bit-1280:
  BIT-1280: Fix checking vector indices via "in".

BIT-1280 #merged.
 2014-10-31 16:28:08 -07:00
Vlad Grigorescu
743d388be8 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-10-31 16:46:07 -04:00
Vlad Grigorescu
b484da1539 Update baselines. 2014-10-31 16:45:48 -04:00
Jon Siwek
2a181a88c5 Allow arbitrary when statement timeout expressions 
BIT-1284 #close
 2014-10-31 10:38:23 -05:00
Jon Siwek
1f7facda5b Fix segfault if when statement's RHS is unitialized. 
If it is ever assigned a value, the body of the when can be triggered as
usual.

Addresses BIT-1176.
 2014-10-30 12:19:25 -05:00
Jon Siwek
e5f75cde93 BIT-1280: Fix checking vector indices via "in". 
$ cat test.bro
local vec: vector of string = { "zero" };
vec[2] = "two";
print 0 in vec, 1 in vec, 2 in vec;

$ bro -b test.bro
T, F, T
 2014-10-28 14:21:16 -05:00
Vlad Grigorescu
b259a41ef2 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:24:31 -04:00
Robin Sommer
087a9f975d Adding missing baseline. 2014-10-24 15:34:06 -07:00
Robin Sommer
fb56d3f0bb Fixing unstable test. 2014-10-24 13:40:00 -07:00
Robin Sommer
4216a5eb1c Merge remote-tracking branch 'origin/topic/struck/BIT-1277' 
* origin/topic/struck/BIT-1277:
  [ADD] Added the feature to return 0 content to the python http test server and added functionality for post requests
  [ADD] added baseline for the new active-http test and added a test to check for the content-length 0 fix.
  [ADD] added baseline for the new exec test and added a test to check for the empty files fix.
  [FIX] exec should write an empty string when file is empty instead of the filename
  [FIX] Add files to result table even if the files are empty

BIT-1277 #merged
 2014-10-24 11:43:09 -07:00
Robin Sommer
3e508d316a Plugins: Change order in which plugins' scripts are loaded at startup. 
We now load the top-level  __init__.bro before the internal bif.bro so
that the former can define types used by the latter.
 2014-10-23 14:22:26 -07:00
Christian Struck
de33490586 [ADD] Added the feature to return 0 content to the python http test server and added functionality for post requests 2014-10-22 16:05:06 -07:00
Christian Struck
d17b3746cf [ADD] added baseline for the new active-http test and added a test to check for the content-length 0 fix. 2014-10-22 16:04:04 -07:00
Christian Struck
0a59772043 [ADD] added baseline for the new exec test and added a test to check for the empty files fix. 2014-10-22 16:02:19 -07:00
Johanna Amann
624aa3cac1 Update baseline of new SSL policy script for changes 2014-10-21 11:38:02 -07:00
Johanna Amann
ba3b35a612 Merge remote-tracking branch 'origin/master' into topic/johanna/ssl-resumption 2014-10-21 11:32:46 -07:00
Jon Siwek
02c86b2304 Merge branch 'master' into topic/jsiwek/bit-1235 2014-10-14 14:45:58 -05:00
Jon Siwek
191e5da74d Documentation fixes. 
BIT-1272 #close
 2014-10-14 14:43:08 -05:00
Jon Siwek
7ef1409b40 Change find-bro-logs unit test to follow symlinks. 2014-10-09 16:02:13 -05:00
Daniel Thayer
072dad6508 Add error checks and messages to a test script 2014-10-08 10:42:35 -05:00
Robin Sommer
f4f5cfd321 Further baseline normalization for plugin test portability. 2014-10-08 08:16:31 -07:00
Seth Hall
24a809b53e Merge remote-tracking branch 'origin/master' into topic/seth/mime-updates 2014-10-08 10:04:22 -04:00
Seth Hall
d77243823f Updates for file mime type identification. 
- Change to the default BOF buffer size to 3000 (was 1024).
 - Reorganized MS signatures into a separate file
 - Improved lots of the signatures and added new ones.
 2014-10-08 02:12:10 -04:00
Robin Sommer
81933d25a8 Fix for test portability. 2014-10-07 20:18:31 -07:00
Robin Sommer
91c218d44a Include plugin unit tests into the top-level btest configuration. 
Turns out they weren't part of it yet. Comes with some baseline updates.
 2014-10-07 15:33:18 -07:00
Robin Sommer
21a0e12d82 Merge remote-tracking branch 'origin/topic/jdopheid/BIT-1242' 
* origin/topic/jdopheid/BIT-1242:
  Improved the log file reference documentation
  Added missing log files prof, stderr, stdout
  Add a test that detects changes in the list of all Bro log files
  Broke down logs into grouped sections based on use & origin
  Adding deatils for modbus_register_change.log
  More updates to log files page: descriptions
  Changing name of file
  New page for List of Log files, linked to script-reference

Very nice. I've reorganized slightly more, mostly to shrink down the
"other" category: moved some of that into "Detection" and "Files" (the
latter is small, but will hopefully grow).

BIT-1242 #merged
 2014-10-07 14:35:19 -07:00
Daniel Thayer
6dc4863d81 Add a test that detects changes in the list of all Bro log files 2014-09-26 22:06:56 -05:00
Hui Lin
6e7a4a4fee Merge branch 'fastpath' of git://git.bro-ids.org/bro into fastpath 2014-09-26 14:48:58 -05:00
Hui Lin
f933899b17 adding a function in dnp3-analyzer.pac to translate the time stamp format 2014-09-26 14:47:51 -05:00
Seth Hall
cafd35e746 Updates the files event api and brings file reassembly up to master. 2014-09-26 00:40:37 -04:00
Robin Sommer
cce09b75de Changing prefix for packet sources/dumper from ':' to '%'. 
Addresses BIT-1249.
 2014-09-25 17:54:36 -07:00