Occasionally a few lines in the first part of the output file were
not in the expected order (this seems to be caused by each line in the
output being created by a process that is run in the background but
bro doesn't wait for it to finish). Fixed by sorting the output.
This test has failed numerous times on Travis CI. Fixes to make this
test more reliable: create the does-not-exist.dat file atomically, and
increase wait time after starting bro in order to give all input
streams a chance to try to read the input file.
Also added the input stream name to the test output, in order to make
output easier to understand if the test fails again.
On Travis CI, btest was using 32 threads when running with "-j". Reducing
this to "-j 4" seems to make the tests run a bit faster overall and
somewhat reduces the number of test failures.
* The altered Modbus checks seemed overly strict -- the pcap used
for the unit test at least had quantities/byte_count fields of
zero, to which the server responds with an error (expected).
* Most of the altered DNP3 checks seemed overly strict and caused
the unit tests to fail. The one that was just wrong was the
'start' field in header blocks.
* Removed the "start" parameter of the dnp3_header_block event
since it's always the same value.
* The SMB check failed to compile and I don't know what it intended
to do, so removed.
The test could fail on the order of 100s of iterations, so I bumped to
desired accuracy to actually check for results that are outside the
error margin.
* origin/topic/seth/smb-pending-fix:
Updating the defined SMB2 dialects to match Microsofts current docs.
On rare occasions the server doesn't return the tree id on read responses.
Fix an issue with pending commands.
BIT-1862 #merged
* 'Reporter/MessageFix' of https://github.com/catenacyber/bro:
Better reporter for Brostring with embedded NUL
I slightly changed the code for beautification purposes and added a
testcase. No functional changes.
Systems that have gcc 4.8 (such as RHEL 7 or ubuntu 14.04 LTS) have a
version of libstdc++ that doesn't implement the C++11 regex functions
(the header and functions exist, but calling them results in the process
being terminated). On those systems, the following tests fail:
scripts.base.frameworks.config.basic ... failed
scripts.base.frameworks.config.read_config ... failed
scripts.base.frameworks.config.several-files ... failed
scripts.base.frameworks.config.updates ... failed
scripts.base.frameworks.input.config.basic ... failed
scripts.base.frameworks.input.config.errors ... failed
As a workaround, this commit switches to using the POSIX regex.h
functions.
- This separates NTLM handling away from SMB.
- It logs more accurately when logins are succeed or fail
or even if the resulting status of an authentication is
unknown.
- Adds some new fields where the server is indicating information
about itself (server_nb_computer_name, server_dns_computer_name,
and server_tree_name)
This tracks the tree id given by the request
This also addresses BIT-1862 with code submitted by Stefano Rinaldi
and took some hints from his changes in other areas of the code.
Remove some output from the Travis CI build log to make it easier
to read.
There is an issue with Travis CI when using encrypted environment
variables. In this case, when btest calls the python function
sys.stdout.isatty() it returns False, which causes btest to output one
line for each test (passed or failed). As a result, it is difficult to
see at a glance which tests failed. Switching to btest brief output to
address this issue.
* jrolli-gssapi-krb-fix:
Cleaned up and moved parsing to binpac.
removed check on kerberos request or response type. allow the kerberos analyzer to handle what it can, gssapi shouldn't check this
modified GSSAPI analyzer to parse NTLM and KRB tokens
Added and verified correct test results
Initial btest structure
Changes proposed in #104
Addresses #110
Too much parsing was being done in C++ so I moved more of
it into binpac. Also, fixed up a bunch of the whitespace
(the new code was indented with spaces).
Good stuff!
Closes BIT-1915
* origin/topic/johanna/cleanup:
Mark one-parameter constructors as explicit & use override where possible
Remove unimplemented & unused functions from header files.
Make data flow more explicit for complilers.
The way in which TLS 1.3 is negotiated was changed slightly in later
revisions of the standard. The final version is only sent in an
extension - while the version field in the server hello still shows TLS
1.2.
This patch makes ssl.log show the correct version again.
This commit marks (hopefully) ever one-parameter constructor as explicit.
It also uses override in (hopefully) all circumstances where a virtual
method is overridden.
There are a very few other minor changes - most of them were necessary
to get everything to compile (like one additional constructor). In one
case I changed an implicit operation to an explicit string conversion -
I think the automatically chosen conversion was much more convoluted.
This took longer than I want to admit but not as long as I feared :)
I've moved .travis.job to testing/scripts/travis-job and adapted
.travis.yml accordingly.
* origin/topic/dnthayer/travis-ci-updates:
Fix information leak in the update-traces script
Add coverity scan and private testing to Travis CI
For trace files that require authentication to download, hide
part of the URL in output messages. This avoids leaking potentially
sensitive info when running tests using a continuous integration
service.
