Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
7128 commits 386 branches 195 tags 256 MiB
Commit graph

10 commits

Author SHA1 Message Date
Johanna Amann
5dd19f84a7 Add parsing of signed certificate timestamps out of X.509 certs. 
This is a tiny bit evil because it uses parts of the SSL protocol
analyzer in the X.509 certificate parser. Which is the fault of the
protocol, which replicates the functionality.
 2017-02-07 13:31:21 -08:00
Seth Hall
2d1f007186 Extend file extraction log. 
- New fields: extracted_cutoff and extracted_size.
   These fields will be null if the file isn't extracted.

 - Extended the extraction test to test the files log too.
 2017-01-25 01:16:46 -05:00
Johanna Amann
e9a87566ef Fix parsing of x509 pre-y2k dates 
There was a bug in the new parsing code, introduced in
708ede22c6 which parses validity times
incorrectly if they are before the year 2000. What happens in this case
is that the 2-digit year will be interpreted to be in the 21st century
(1999 will be parsed as 2099, e.g.).
 2016-04-26 12:30:28 -07:00
Seth Hall
adcc978f14 Add a file entropy test. 2016-04-13 00:44:02 -04:00
Vlad Grigorescu
0199ac5ece Add a btest for the PE analyzer. 2015-04-19 20:27:24 -04:00
Jon Siwek
a3d78cc830 Revert "Workaround race condition in unified2 file module." 
This reverts commit 1a03a95f35.
 2015-01-05 14:51:58 -06:00
Jon Siwek
1a03a95f35 Workaround race condition in unified2 file module. 
This makes the unit test pass consistently, but need to see about
fixing it in the unified2 file module directly.
 2014-12-17 09:57:06 -06:00
Seth Hall
cafd35e746 Updates the files event api and brings file reassembly up to master. 2014-09-26 00:40:37 -04:00
Jon Siwek
89ae4ffd05 Add options to limit extracted file sizes w/ 100MB default. 2013-08-22 16:37:58 -05:00
Seth Hall
f7c6dd7f7e Finished work on unified2 analyzer. 2013-08-13 03:21:43 -04:00