Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
10798 commits 386 branches 195 tags 257 MiB
Commit graph

1081 commits

Author SHA1 Message Date
Daniel Thayer
96df1bac40 Add test case for FTP over IPv4 2012-02-21 11:18:43 -06:00
Bernhard Amann
edd30da082 better testcase & fix a few bugs (that took way too long to find). 2012-02-20 15:30:21 -08:00
Bernhard Amann
4126b458ca Automatic file re-refresh and streaming works. 
* simple testcase for file refresh (check for changes) and streaming reads
* add events for simple put and delete operations
* fix bugs in table filter events (type for first element was wrong)
* and I think a couple of other small bugs
 2012-02-20 13:18:15 -08:00
Bernhard Amann
91943c2655 * rework script interface, add autostart stream flag that starts up a stream automatically when first filter has been added ( probably the most common use case ) 
* change internal reader interface again
* remove some quite embarassing bugs that must have been in the interface for rather long
* add different read methods to script & internal interface (like normal, streaming, etc). Not implemented in ascii reader yet.
 2012-02-16 15:03:20 -08:00
Daniel Thayer
278704f7a3 Add a test for FTP over IPv6 2012-02-16 15:17:55 -06:00
Bernhard Amann
88233efb2c It works. Even including all unit tests. 
But: there are still a few places where I am sure that there are race conditions & memory leaks & I do not really like the current interface & I have to add a few more messages between the front and backend.

But - it works :)
 2012-02-13 22:29:55 -08:00
Bernhard Amann
4e868d282d Merge branch 'topic/bernhard/log-threads' into topic/bernhard/input-threads 2012-02-13 02:37:02 -08:00
Seth Hall
2cd88ee4f6 Merge remote-tracking branch 'origin/topic/bernhard/software' 
* origin/topic/bernhard/software:
  change software framework interface again. At the moment everything should worl.
  start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface...
  after talking to seth - change host_a field in record back to host.
  forgotten policy files.
  Software framework stores ports for server software.
 2012-02-03 16:17:04 -05:00
Bernhard Amann
eacdffff90 Merge remote-tracking branch 'origin/master' into topic/bernhard/software 
Conflicts:
	scripts/base/frameworks/software/main.bro
	scripts/policy/protocols/ftp/software.bro
 2012-01-20 12:51:58 -08:00
Bernhard Amann
92050af947 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2012-01-20 12:03:54 -08:00
Jon Siwek
ec6560a6ed Make communication log baseline test more reliable. 2012-01-13 16:06:44 -06:00
Bernhard Amann
5bef49d625 Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/parse.y
 2012-01-05 01:11:13 -08:00
Seth Hall
f8ec98625d Merge remote-tracking branch 'origin/topic/robin/pp-alarms' 
* origin/topic/robin/pp-alarms:
  The silliest, tiniest little whitespace fixes.
  Update missing in last commit to this branch.
  Adding test for alarm mail.
  Tuning the pretty-printed alarms output.
 2012-01-04 13:41:28 -05:00
Jon Siwek
eeceb14c1a Merge branch 'master' into fastpath 2011-12-20 11:45:50 -06:00
Bernhard Amann
59967d40ac Merge remote-tracking branch 'origin/master' into topic/bernhard/input 
Conflicts:
	src/LogMgr.cc
	src/LogMgr.h
 2011-12-19 12:36:53 -08:00
Jon Siwek
578cd06176 Increase timeout interval of communication-related btests. 
This may help clear up some transient test failures on the NMI testbed.
 2011-12-19 13:12:02 -06:00
Robin Sommer
3220bbce55 Merge remote branch 'origin/topic/jsiwek/log-escaping' 
* origin/topic/jsiwek/log-escaping:
  Add missing ascii writer options to log header.
  Escape the ASCII log's set separator (addresses #712)
  Rewrite ODesc character escaping functionality. (addresses #681)

Closes #712.
 2011-12-19 06:37:54 -08:00
Seth Hall
61aa592db5 A few updates for SQL injection detection. 
- The biggest change is the change in notice names from
	HTTP::SQL_Injection_Attack_Against to
	HTTP::SQL_Injection_Victim

- A few new SQL injection attacks in the tests that we need to
  support at some point.
 2011-12-12 14:26:54 -05:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Bernhard Amann
7e3ebc1817 forgotten policy files. 2011-12-07 15:03:36 -08:00
Bernhard Amann
9f32f68a13 make test more robust. 2011-12-06 10:50:36 -08:00
Bernhard Amann
4a690484ec make port annotation work and ascii input reader way more rebust with better error messages. 2011-12-06 10:42:37 -08:00
Bernhard Amann
949ec6897a Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet 2011-12-03 20:15:05 -08:00
Robin Sommer
f59c766858 Portability fix for new patch. 2011-12-02 17:00:08 -08:00
Robin Sommer
1e45910b25 Merge remote-tracking branch 'origin/topic/jsiwek/bro-log-suffix' 
* origin/topic/jsiwek/bro-log-suffix:
  Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704)

Closes #704.
 2011-12-02 16:52:18 -08:00
Jon Siwek
edc0a451f8 Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704) 2011-12-01 16:18:56 -06:00
Jon Siwek
0c8b5a712d Add a remote_log_peer event which contains an event_peer record param. 
Addresses #493.
 2011-12-01 14:07:08 -06:00
Robin Sommer
ebd15cf12e Fixing ASCII logger to escape the unset-field place-holder if written 
out literally.
 2011-11-29 17:01:47 -08:00
Bernhard Amann
a68e6b9fa4 allow sets to be read from files, convenience function for reading a file once, 
bug in destructor that could lead to a segfault.
 2011-11-29 15:05:09 -08:00
Bernhard Amann
4975584e01 change Log enum to Input enum. 2011-11-28 13:45:00 -08:00
Bernhard Amann
3c40f00a53 make filters pointers (for inheritance) 2011-11-22 16:09:13 -08:00
Bernhard Amann
3035eb2b21 fix a little bug that prevented several simultaneous filters from working. 2011-11-21 19:30:16 -08:00
Bernhard Amann
53af0544cc re-enable table events 2011-11-21 19:03:35 -08:00
Bernhard Amann
77a517f2b5 camel-casing for types 2011-11-21 15:45:27 -08:00
Bernhard Amann
92b3723b09 add very basic predicate test. 2011-11-21 15:36:03 -08:00
Bernhard Amann
18591b53d4 rename filter to tablefilter in preparation of event filters... 2011-11-21 15:20:52 -08:00
Bernhard Amann
f0e5303330 make want_record field for tablefilter work... 2011-11-21 15:09:00 -08:00
Bernhard Amann
029871e48c first test. 2011-11-20 13:42:02 -08:00
Robin Sommer
0b8428d1bb Merge branch 'master' into topic/robin/pp-alarms 2011-11-17 15:26:15 -08:00
Robin Sommer
7696c8b365 Merge remote-tracking branch 'origin/topic/jsiwek/require-libmagic-libz' 
* origin/topic/jsiwek/require-libmagic-libz:
  Promote libz and libmagic to required dependencies.

Conflicts:
	doc/quickstart.rst

Closes #674
 2011-11-15 17:08:24 -08:00
Robin Sommer
dacc019f1f Adding test for alarm mail. 
Can't test all the functionality, so skipping DNS lookup and the
actual mailing via sendmail.
 2011-11-15 08:51:48 -08:00
Seth Hall
d14349a6f8 Merge remote-tracking branch 'origin/master' into fastpath 2011-11-14 16:06:44 -05:00
Seth Hall
b12d2c768e Tiny bugfix for http file extraction along with test. 2011-11-14 15:24:15 -05:00
Jon Siwek
d750c3ba74 Promote libz and libmagic to required dependencies. 2011-11-11 12:39:00 -06:00
Seth Hall
320739e183 Updated/fixed MSIE version parsing in the software framework. 2011-10-25 09:30:06 -04:00
Jon Siwek
24f3eb7fc2 Fix test failure due to some platforms joining stderr/stdout differently. 2011-10-17 13:53:10 -05:00
Jon Siwek
556b88e322 Tweaking notice suppression disable and notice policy order tests. 
They should be less sensitive to script-layer changes now.
 2011-10-14 10:47:32 -05:00
Seth Hall
da9b8cc283 Modification to the Communication framework API. 
- Simplified the communication API and made it easier to change
  to encrypted connections by not having separate variables to
  define encrypted and unencrypted ports.

- Now, to enable listening without configuring nodes just
  load the frameworks/communication/listen script.

- If encrypted listening is desired set the following:
	redef Communication::listen_encrypted=T;

- Accompanying test updates.
 2011-10-07 13:29:26 -04:00
Jon Siwek
1cc675e30f Make CompHash computation/recovery for functions deterministic 
Functions are now assigned a unique integer on construction which
CompositeHash can base hashes on.  Recovery then just involves
looking up the function pointer associated with that unique number.
 2011-10-06 14:29:03 -05:00