Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18618 commits 387 branches 195 tags 255 MiB
Commit graph

18618 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arne Welzel
25b5cabab7 DNS: Move extract_char_string() helper around 2025-06-21 13:50:29 +02:00
Johanna Amann
a22837536d Merge remote-tracking branch 'origin/topic/johanna/gh-4521' 
* origin/topic/johanna/gh-4521:
  Change x509 not_before/not_after to not be based on local timezone
 2025-06-18 13:27:57 +01:00
Johanna Amann
e797e15d38 Change x509 not_before/not_after to not be based on local timezone 
Not the not_before/not_after fields output GMT based times.

Also adds a new btest diff canonifier which only removes the first
timestamp in a line.

Fixes GH-4521
 2025-06-18 13:21:35 +01:00
Johanna Amann
ea23581ef7 Merge remote-tracking branch 'origin/topic/timw/deprecate-zeekstring-vector-methods' 
* origin/topic/timw/deprecate-zeekstring-vector-methods:
  Mark ZeekString vector helper methods deprecated
 2025-06-18 12:29:47 +01:00
Benjamin Bannier
2866934792 Merge branch 'topic/bbannier/spicy-ssl-refs' 2025-06-18 13:14:13 +02:00
Benjamin Bannier
bf4dce5e5f Enable Spicy SSL analyzer in nightly CI job against Spicy HEAD 2025-06-18 11:00:18 +02:00
Benjamin Bannier
ea4d30eb6a Clean up use of references in Spicy SSL analyzer 
The Spicy SSL analyzer was using references pretty heavily, probably to
work around now fixed issues with `inout` parameters in older Spicy
versions. At least for units this seems not needed anymore, and was also
partially incorrect, e.g., the Spicy docs call out that when using
`inout` parameters, passed and expected types should match exactly so
passing a reference as an `inout` value seems incorrect. Additionally,
one use case for references in Spicy is to use their interior
mutability, i.e., a reference never needs to be passed `inout` since
their can always be mutated.

Internally units are stored as reference-counted values, and references
to units are not much cheaper since they also need to be refcounted.
With that there seems litle reason to use references in this analyzer at
all, and this patch drops their use completely; instead we either pass
values, or values declared `inout`.

We leave the use of references for sharing sinks in place.
 2025-06-18 10:49:38 +02:00
Benjamin Bannier
1c3b7273d6 Add workaround for zeek/spicy#2091 2025-06-18 10:49:38 +02:00
Arne Welzel
19f2621f7b Merge remote-tracking branch 'origin/topic/awelzel/4573-remove-is-packet-source' 
* origin/topic/awelzel/4573-remove-is-packet-source:
  IOSource: Remove IsPacketSource
 2025-06-17 09:25:39 +02:00
Arne Welzel
2bc320cf11 IOSource: Remove IsPacketSource 
This wasn't used in tree and even the PktSrc class doesn't override this
to return true, so just remove it outright without deprecation.

Closes #4573
 2025-06-17 09:25:03 +02:00
Arne Welzel
f4357485d2 Merge remote-tracking branch 'origin/topic/awelzel/4562-post-proc-lookup-failure' 
* origin/topic/awelzel/4562-post-proc-lookup-failure:
  btest/logging: Fly-by cleanup
  logging/Ascii: Fix abort() for non-existing postrotation functions
 2025-06-16 14:58:49 +02:00
Arne Welzel
bcca7702cd btest/logging: Fly-by cleanup 2025-06-16 14:56:30 +02:00
Arne Welzel
45f5a4c1b8 logging/Ascii: Fix abort() for non-existing postrotation functions 
When looking up the postprocessor function from shadow files, id::find_func()
would abort() if the function wasn't available instead of falling back
to the default postprocessor.

Fix by using id::find() and checking the type explicitly and also adding a
strict type check while at it.

This issue was tickled by loading the json-streaming-logs package,
Zeek creating shadow files containing its custom postprocessor function,
then restarting Zeek without the package loaded.

Closes #4562
 2025-06-16 14:55:49 +02:00
Benjamin Bannier
e35fc1b7b1 Merge branch 'topic/bbannier/bump-spicy' 2025-06-16 14:39:52 +02:00
Arne Welzel
99155f6ec6 Merge remote-tracking branch 'origin/topic/awelzel/add-ws-tls-nocert-btest' 
* origin/topic/awelzel/add-ws-tls-nocert-btest:
  btest/cluster/websocket: Add cert-less test
 2025-06-16 13:48:08 +02:00
Arne Welzel
77f1337b4c btest/cluster/websocket: Add cert-less test 2025-06-16 13:47:33 +02:00
Benjamin Bannier
fe27962836 Bump auxil/spicy to latest development snapshot 2025-06-16 10:39:21 +02:00
zeek-bot
2242423aa3 Update doc submodule [nomail] [skip ci] 2025-06-12 00:26:21 +00:00
Tim Wojtulewicz
2b8cb515b9 Merge remote-tracking branch 'origin/topic/timw/fix-master' 
* origin/topic/timw/fix-master:
  Add missing #include to packet_analysis/Component.h
 2025-06-11 13:18:43 -07:00
Tim Wojtulewicz
f712c77682 Add missing #include to packet_analysis/Component.h 2025-06-11 12:10:14 -07:00
Tim Wojtulewicz
0a8149c185 Merge remote-tracking branch 'origin/topic/timw/util-types' 
* origin/topic/timw/util-types:
  Remove some unused #includes from spicy code
  Remove using util.h in various headers in favor of util-types.h
  Move type definitions/aliases from util.h to a separate file
 2025-06-11 11:12:27 -07:00
Tim Wojtulewicz
dc42f0fd5f Remove some unused #includes from spicy code 2025-06-11 11:11:54 -07:00
Tim Wojtulewicz
f8c04998af Remove using util.h in various headers in favor of util-types.h 2025-06-11 11:11:54 -07:00
Tim Wojtulewicz
9928403b0b Move type definitions/aliases from util.h to a separate file 2025-06-11 11:11:54 -07:00
Christian Kreibich
62442058e7 Merge branch 'topic/christian/enumval-string-fix' 
* topic/christian/enumval-string-fix:
  Bugfix: AsString() on an EnumVal will segfault
 2025-06-11 09:01:03 -07:00
Arne Welzel
f5063bfcd4 Merge remote-tracking branch 'origin/topic/awelzel/4522-bdat-last-reply-fix' 
* origin/topic/awelzel/4522-bdat-last-reply-fix:
  smtp: Fix last_reply column in smtp.log for BDAT LAST
 2025-06-11 17:25:21 +02:00
zeek-bot
53c56491ee Update doc submodule [nomail] [skip ci] 2025-06-11 00:30:17 +00:00
Christian Kreibich
dcf6e7432d Bugfix: AsString() on an EnumVal will segfault 
This likely simply hasn't come up in practice, but we now go the intended route
of producing the textual enum value from the type.
 2025-06-10 15:16:11 -07:00
Tim Wojtulewicz
14ca808bcf Merge remote-tracking branch 'origin/topic/timw/netbios-ssn-session-timeout-constant' 
* origin/topic/timw/netbios-ssn-session-timeout-constant:
  Move netbios_ssn_session_timeout to a script-level constant
 2025-06-10 12:08:46 -07:00
Tim Wojtulewicz
ed51738668 Move netbios_ssn_session_timeout to a script-level constant 2025-06-10 11:58:20 -07:00
Arne Welzel
61f93f9eb6 Merge remote-tracking branch 'origin/topic/awelzel/disable-zam-bif-tracking' 
* origin/topic/awelzel/disable-zam-bif-tracking:
  btest/opt/ZAM-bif-tracking: Disable by default
 2025-06-10 18:50:54 +02:00
Arne Welzel
dc26558894 btest/opt/ZAM-bif-tracking: Disable by default 
After a public discussion and also chatting with Vern directly, disable the
ZAM bif tracking test to avoid an update every time new functions are
added. Usually these aren't performance critical and the defaults
characterization is fine. If they are performance critical, then Vern
is currently best positioned to properly integrate an optimized version.
 2025-06-10 15:53:18 +02:00
Christian Kreibich
2f8bbeab1f Merge branch 'topic/christian/btest-trace-cleanup' 
* topic/christian/btest-trace-cleanup:
  Btests: don't use -C in Zeek invocations that don't actually need it
  Remove executable file permission bits from a bunch of our pcaps
 2025-06-09 18:00:44 -07:00
zeek-bot
9e2accf016 Update doc submodule [nomail] [skip ci] 2025-06-07 00:24:09 +00:00
Christian Kreibich
8b39e59572 Btests: don't use -C in Zeek invocations that don't actually need it 2025-06-06 13:46:45 -07:00
Christian Kreibich
e3cecdf04d Remove executable file permission bits from a bunch of our pcaps 2025-06-06 12:35:14 -07:00
Tim Wojtulewicz
e6d0f8a64d Mark ZeekString vector helper methods deprecated 2025-06-06 12:26:43 -07:00
Tim Wojtulewicz
ac9ee9f219 Merge remote-tracking branch 'origin/topic/timw/clang-tidy-modernize-fixes' 
* origin/topic/timw/clang-tidy-modernize-fixes:
  Move initialization of RandTest members to header
  Update .clang-tidy to have modernize-* enabled with some exclusions
  Fix clang-tidy modernize-use-transparent-functors findings
  Fix clang-tidy modernize-use-override findings
  Fix clang-tidy modernize-use-nullptr findings
  Fix clang-tidy modernize-use-emplace findings
  Fix clang-tidy modernize-use-default-member-init findings
  Fix clang-tidy modernize-use-bool-literals findings
  Fix clang-tidy modernize-return-braced-init-list findings
  Fix clang-tidy modernize-redundant-void-arg findings
  Fix clang-tidy modernize-pass-by-value findings
  Fix clang-tidy modernize-min-max-use-initializer-list findings
  Fix clang-tidy modernize-make-unique findings
  Fix clang-tidy modernize-loop-convert findings (LOOP_OVER_ macros)
  Fix clang-tidy modernize-loop-convert findings
  Update bifcl submodule with clang-tidy fixes [nomail]
 2025-06-06 11:45:59 -07:00
Tim Wojtulewicz
b22caa812d Move initialization of RandTest members to header 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
359ab18bf7 Update .clang-tidy to have modernize-* enabled with some exclusions 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
0681ab9071 Fix clang-tidy modernize-use-transparent-functors findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
2f0e3a5e23 Fix clang-tidy modernize-use-override findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
ee319fc1c5 Fix clang-tidy modernize-use-nullptr findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
a3078f3132 Fix clang-tidy modernize-use-emplace findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
3943e64372 Fix clang-tidy modernize-use-default-member-init findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
0227e3a545 Fix clang-tidy modernize-use-bool-literals findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
17c14a3ce1 Fix clang-tidy modernize-return-braced-init-list findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
8c3eee7a87 Fix clang-tidy modernize-redundant-void-arg findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
5930d2f944 Fix clang-tidy modernize-pass-by-value findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
46e67a749a Fix clang-tidy modernize-min-max-use-initializer-list findings 2025-06-06 11:43:06 -07:00