Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
17644 commits 386 branches 195 tags 256 MiB
Commit graph

17644 commits

This branch
This branch
All branches
Author SHA1 Message Date
Tim Wojtulewicz
b0b534dbda CI: Upgrade coverity workflow to ubuntu24, add jq 2025-01-05 10:51:24 -07:00
Vern Paxson
7a908a2876 Extended ZAM validation to include macros 2025-01-02 15:32:30 -08:00
Vern Paxson
4f48428283 factoring of some ZAM header files for better modularity 2025-01-02 08:36:42 -08:00
Vern Paxson
3d58732cb3 fixes for initializing globals when using -O gen-standalone-C++ 2025-01-01 13:26:58 -08:00
Benjamin Bannier
e8960e0efc Fix incorrect uses of zeek:see 
This fixes instances where `zeek:see` was used incorrectly so it was not
rendered correctly. All these instances have been found by looking for
`zeek:see` in the generated HTML where it should not be visible anymore.

I also removed a doc reference to `paraglob_add` which never existed.
 2025-01-01 15:35:59 +01:00
zeek-bot
9e85a0d27d Update doc submodule [nomail] [skip ci] 2025-01-01 00:12:27 +00:00
Tim Wojtulewicz
f39f0aae2d Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump auxil/spicy to latest development snapshot
 2024-12-20 15:31:34 -07:00
Benjamin Bannier
4278ab2b04 Bump auxil/spicy to latest development snapshot 2024-12-20 15:18:20 -07:00
Tim Wojtulewicz
3a0bb55244 Merge remote-tracking branch 'origin/topic/timw/require-spicy-for-analyzer-id-test' 
* origin/topic/timw/require-spicy-for-analyzer-id-test:
  Require spicy for spicy.analyzer-id btest
 2024-12-20 15:14:42 -07:00
Tim Wojtulewicz
eb8f99da92 Require spicy for spicy.analyzer-id btest 2024-12-20 14:25:04 -07:00
zeek-bot
65022614ba Update doc submodule [nomail] [skip ci] 2024-12-20 00:12:22 +00:00
Tim Wojtulewicz
15a506a5b7 Merge remote-tracking branch 'origin/topic/etyp/get-tag-doc' 
* origin/topic/etyp/get-tag-doc:
  Document `get_tag` to ensure that `name` exists
 2024-12-19 11:15:48 -07:00
Tim Wojtulewicz
f405f4ea7e Merge remote-tracking branch 'origin/topic/timw/4090-current-spicy-analyzer' 
* origin/topic/timw/4090-current-spicy-analyzer:
  Add spicy runtime-support current_analyzer_id(), use it to set id in events
 2024-12-18 15:46:17 -07:00
Tim Wojtulewicz
fd4f25965d Add spicy runtime-support current_analyzer_id(), use it to set id in events 2024-12-18 15:44:09 -07:00
Evan Typanski
77273a676d Document get_tag to ensure that name exists 
This caused confusion and I don't think it's very intuitive. If called
with a name that does not exist, this returns without a value, not even
an error value. Changing that seems like it could be more deprecation
work.
 2024-12-18 16:13:13 -05:00
Arne Welzel
991bc9644d Merge remote-tracking branch 'origin/topic/vern/ZAM-field-assign-in-op' 
* origin/topic/vern/ZAM-field-assign-in-op:
  pre-commit: Bump spicy-format to 0.23
  fix for ZAM optimization of assigning a record field to result of "in" operation
 2024-12-18 09:28:44 +01:00
Arne Welzel
f290529b35 pre-commit: Bump spicy-format to 0.23 2024-12-18 09:27:31 +01:00
Vern Paxson
6e549554b8 fix for ZAM optimization of assigning a record field to result of "in" operation 2024-12-17 19:49:43 -08:00
Tim Wojtulewicz
e4489616c6 Merge remote-tracking branch 'origin/topic/timw/3969-broker-stores-at-global-scope' 
* origin/topic/timw/3969-broker-stores-at-global-scope:
  Return a warning and fail if creating a store at global scope
 2024-12-17 12:15:56 -07:00
Tim Wojtulewicz
6b5d0491aa Return a warning and fail if creating a store at global scope 2024-12-17 11:32:43 -07:00
Tim Wojtulewicz
33eaa5ccda Merge remote-tracking branch 'origin/topic/awelzel/4084-vector-of-pattern-compare' 
* origin/topic/awelzel/4084-vector-of-pattern-compare:
  ZAM/relexpr-op NE for patterns
  Expr: Fix folding of pattern values to support == and !=
 2024-12-16 12:37:46 -07:00
Vern Paxson
30de8dbea1 ZAM/relexpr-op NE for patterns 2024-12-16 19:56:57 +01:00
Tim Wojtulewicz
f940f2d88f Merge remote-tracking branch 'security/topic/awelzel/217-quic-decrypt-crash' 
* security/topic/awelzel/217-quic-decrypt-crash:
  QUIC/decrypt_crypto: Actually check if decryption was successful
  QUIC/decrypt_crypto: Limit payload_length to 10k
  QUIC/decrypt_crypto: Fix decrypting into too small stack buffer
 2024-12-16 10:19:43 -07:00
Arne Welzel
cd8adb3da5 Expr: Fix folding of pattern values to support == and != 
The fatal error is actually triggered at runtime, so it's a bit
dangerous for users, but not sure there's many use-cases to
compare vectors of patterns.

Closes #4084
 2024-12-16 10:56:02 +01:00
Arne Welzel
7bdc856f0d QUIC/decrypt_crypto: Actually check if decryption was successful 
...and bail if it wasn't.

PCAP was produced using OSS-Fuzz input from issue 383379789.
 2024-12-15 20:39:26 -07:00
Arne Welzel
f10832d110 QUIC/decrypt_crypto: Limit payload_length to 10k 
Given we dynamically allocate memory for decryption, employ a limit
that is unlikely to be hit, but allows for large payloads produced
by the fuzzer or jumbo frames.
 2024-12-15 20:39:26 -07:00
Arne Welzel
15511e0fb5 QUIC/decrypt_crypto: Fix decrypting into too small stack buffer 
A QUIC initial packet larger than 1500 bytes could lead to crashes
due to the usage of a fixed size stack buffer for decryption.

Allocate the necessary memory dynamically on the heap instead.
 2024-12-15 20:39:26 -07:00
Tim Wojtulewicz
9a4791f9e9 Fix naming of zeromq package in Coverity workflow 2024-12-15 20:38:18 -07:00
Tim Wojtulewicz
ef35eadbd4 Fix naming of cppzmq-dev package in Coverity workflow 2024-12-15 20:36:47 -07:00
Tim Wojtulewicz
909a3d30b2 Merge branch 'topic/timw/coverity-build-failure' 
* topic/timw/coverity-build-failure:
  CI: Add missing packages to coverity workflow
 2024-12-13 16:46:36 -07:00
Tim Wojtulewicz
d702675aa6 CI: Add missing packages to coverity workflow 2024-12-13 13:58:55 -07:00
Tim Wojtulewicz
db3dcd5ff9 Start of 7.2.0 development 2024-12-13 13:38:53 -07:00
Tim Wojtulewicz
0890de2a3b Merge remote-tracking branch 'origin/topic/timw/update-all-submodules' 
* origin/topic/timw/update-all-submodules:
  Updating submodule(s) [nomail]
 2024-12-13 13:15:58 -07:00
Tim Wojtulewicz
0b301bbd26 Updating submodule(s) [nomail] 2024-12-13 12:18:00 -07:00
Tim Wojtulewicz
ee6d1374ba Merge remote-tracking branch 'origin/topic/vern/ZAM-assert-streamlining' 
* origin/topic/vern/ZAM-assert-streamlining:
  btest/supervisor: Bump one timeout to 30 seconds
  btest/cluster: Bump timeouts to 30 seconds
  btest/validate-ZAM: Update baseline, run always
 2024-12-13 12:17:45 -07:00
Tim Wojtulewicz
d788ab8f0e Merge remote-tracking branch 'origin/topic/vern/ZAM-assert-streamlining' 
* origin/topic/vern/ZAM-assert-streamlining:
  simplified ZAM instructions for executing "assert" statements
 2024-12-13 12:15:08 -07:00
Tim Wojtulewicz
ef98afb29e Merge remote-tracking branch 'origin/topic/awelzel/3287-push-rc-container-images' 
* origin/topic/awelzel/3287-push-rc-container-images:
  cirrus/container_image_manifest: match RC tags, too
  cirrus: Move additional tag "computation" into separate script
 2024-12-13 12:14:30 -07:00
Arne Welzel
a675aea6bb btest/supervisor: Bump one timeout to 30 seconds 2024-12-13 18:35:39 +01:00
Arne Welzel
21e33fdcd9 btest/cluster: Bump timeouts to 30 seconds 
ZAM startup may take a long time, particularly in CI environments, so
bump it up from 10 to 30 seconds.
 2024-12-13 18:28:43 +01:00
Arne Welzel
48b26f74f7 btest/validate-ZAM: Update baseline, run always 2024-12-13 18:25:28 +01:00
Tim Wojtulewicz
805e9db588 Merge remote-tracking branch 'origin/topic/vern/ZAM-tbl-iteration-memory-mgt-fix' 
* origin/topic/vern/ZAM-tbl-iteration-memory-mgt-fix:
  fix for memory management associated with ZAM table iteration
 2024-12-13 08:04:29 -07:00
Arne Welzel
522b03d362 cirrus/container_image_manifest: match RC tags, too 
The rest should just work, assuming VERSION files contain an
appropriate value. Add a check for that, too.
 2024-12-13 13:17:37 +01:00
Arne Welzel
eac91fdc24 cirrus: Move additional tag "computation" into separate script 
This allows for easier testing locally and maybe re-usability.
 2024-12-13 13:17:31 +01:00
Arne Welzel
8d09a404f2 Merge remote-tracking branch 'origin/topic/awelzel/zeekygen-disable-cluster-experimental' 
* origin/topic/awelzel/zeekygen-disable-cluster-experimental:
  zeekygen: Disable Cluster::Experimental module
 2024-12-13 12:59:33 +01:00
Arne Welzel
9c5c8b55cc Merge remote-tracking branch 'origin/topic/vern/CPP-standalone-fixes' 
* origin/topic/vern/CPP-standalone-fixes:
  BTest updates in support of compiling-scripts-to-C++
  -O gen-standalone-C++ fixes for recent more aggressive AST profiling
 2024-12-13 10:57:28 +01:00
Arne Welzel
38e77eace7 zeekygen: Disable Cluster::Experimental module 
The nodes-experimental/manager.zeek file ends up calling Broker::publish()
unconditionally, resulting in a warning. Skip running that code when
generating documentation.
 2024-12-13 10:03:44 +01:00
Vern Paxson
4b6cec4cd8 simplified ZAM instructions for executing "assert" statements 2024-12-12 22:40:49 -08:00
Christian Kreibich
94f64a6dc6 Merge remote-tracking branch 'origin/topic/vern/preen-btest-alternatives' 
* origin/topic/vern/preen-btest-alternatives:
  removed a bunch of no-longer used BTest alternatives and their associated baselines
 2024-12-12 20:11:56 -08:00
Vern Paxson
85ef6e0cb8 removed a bunch of no-longer used BTest alternatives and their associated baselines 2024-12-12 19:16:34 -08:00
Vern Paxson
f4421d81c2 fix for memory management associated with ZAM table iteration 2024-12-12 18:37:52 -08:00