Mirror/zeek - git.uphillsecurity.com: We code.

mirror of https://github.com/zeek/zeek.git synced 2025-10-03 07:08:19 +00:00

Author	SHA1	Message	Date
Jon Siwek	f2574636b6	Merge branch 'master' into topic/jsiwek/faf-cleanup Conflicts: scripts/base/protocols/ftp/file-analysis.bro scripts/base/protocols/http/file-analysis.bro scripts/base/protocols/irc/file-analysis.bro scripts/base/protocols/smtp/file-analysis.bro src/file_analysis/File.cc src/file_analysis/File.h src/file_analysis/Manager.cc src/file_analysis/Manager.h testing/btest/Baseline/scripts.base.frameworks.file-analysis.logging/file_analysis.log testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-0.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-1.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-2.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-3.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7-1.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-BTsa70Ua9x7.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4-0.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-Rqjkzoroau4.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38-2.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-VLQvJybrm38.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk-3.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp-item-zrfwSs9K1yk.dat testing/btest/Baseline/scripts.base.protocols.ftp.ftp-extract/ftp.log testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3-0.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item-BFymS6bFgT3.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http-item.dat testing/btest/Baseline/scripts.base.protocols.http.http-extract-files/http.log testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb-0.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item-wqKMAamJVSb.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc-dcc-item.dat testing/btest/Baseline/scripts.base.protocols.irc.dcc-extract/irc.log testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-0.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-1.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3-1.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-Ltd7QO7jEv3.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb-0.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp-entity-cwR7l6Zctxb.dat testing/btest/Baseline/scripts.base.protocols.smtp.mime-extract/smtp_entities.log testing/btest/scripts/base/protocols/ftp/ftp-extract.bro testing/btest/scripts/base/protocols/http/http-extract-files.bro testing/btest/scripts/base/protocols/irc/dcc-extract.test testing/btest/scripts/base/protocols/smtp/mime-extract.test	2013-06-07 15:44:36 -05:00
Jon Siwek	f82167d067	Improve file analysis doxygen comments.	2013-05-23 10:22:49 -05:00
Jon Siwek	0ef074594d	Add input interface to forward data for file analysis. The new Input::add_analysis function is used to automatically forward input data on to the file analysis framework.	2013-05-21 10:29:22 -05:00
Jon Siwek	90fa331279	File analysis framework interface simplifications. - Remove script-layer data input interface (will be managed directly by input framework later). - Only track files internally by file id hash. Chance of collision too small to justify also tracking unique file string.	2013-05-20 12:02:48 -05:00
Robin Sommer	4ccd6d76fd	Fixing tests. Part of this involves making the file-analysis tests independent of specific hash values. I've done that only partially though.	2013-05-17 18:14:35 -07:00
Robin Sommer	eb637f9f3e	Merge remote-tracking branch 'origin/master' into topic/robin/plugins Thanks to git this merge was less troublesome that I was afraid it would be. Not all tests pass yet though (and file hashes have changed unfortunately). Conflicts: cmake doc/scripts/DocSourcesList.cmake scripts/base/init-bare.bro scripts/base/protocols/ftp/main.bro scripts/base/protocols/irc/dcc-send.bro scripts/test-all-policy.bro src/AnalyzerTags.h src/CMakeLists.txt src/analyzer/Analyzer.cc src/analyzer/protocol/file/File.cc src/analyzer/protocol/file/File.h src/analyzer/protocol/http/HTTP.cc src/analyzer/protocol/http/HTTP.h src/analyzer/protocol/mime/MIME.cc src/event.bif src/main.cc src/util-config.h.in testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log testing/btest/Baseline/istate.events-ssl/receiver.http.log testing/btest/Baseline/istate.events-ssl/sender.http.log testing/btest/Baseline/istate.events/receiver.http.log testing/btest/Baseline/istate.events/sender.http.log	2013-05-16 17:58:48 -07:00
Robin Sommer	7610aa31b6	Various smalle tweaks in preparation for merging.	2013-05-13 16:47:00 -07:00
Jon Siwek	0141f51801	FileAnalysis: load custom mime magic database just once. This works around a bug in libmagic since version 5.12 (current at time of writing is 5.14) -- second call to magic_load() w/ non-default database segfaults.	2013-04-29 12:49:22 -05:00
Jon Siwek	f07760ba00	FileAnalysis: add is_orig field to fa_file & Info.	2013-04-23 10:50:43 -05:00
Jon Siwek	b8c98b8bf7	FileAnalysis: change terminology s/action/analyzer	2013-04-11 14:53:54 -05:00
Jon Siwek	e81f2ae7b0	FileAnalysis: libmagic tweaks. Remove verbose file type detection and automatically strip out charset from mime type.	2013-04-11 13:11:46 -05:00
Jon Siwek	2fba37e277	FileAnalysis: add bif for setting timeout interval	2013-04-11 12:08:46 -05:00
Jon Siwek	e2fbee9054	FileAnalysis: add more params to some events.	2013-04-11 11:24:18 -05:00
Jon Siwek	d9321e2203	FileAnalysis: remove some file events. The file_new event now takes over the function of file_type, file_bof, and file_bof_buffer.	2013-04-10 14:34:23 -05:00
Jon Siwek	641154f8e8	FileAnalysis: checkpoint in middle of big reorganization. - FileAnalysis::Info is now just a record used for logging, the fa_file record type is defined in init-bare.bro as the analogue to a connection record. - Starting to transfer policy hook triggers and analyzer results to events.	2013-04-09 15:49:58 -05:00

15 commits