Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
16860 commits 387 branches 195 tags 255 MiB
Commit graph

16860 commits

This branch
This branch
All branches
Author SHA1 Message Date
Johanna Amann
84c4d53a4e Spicy TLS - full test suite pass 
With this commit, the entire Zeek test suite passes using spicy TLS.
Tests that either use a SSLv2 handshake, or DTLS are skipped, as the
parser currently does not support either.

Similarly, tests that rely on behavior we cannot replicate (baseline,
hooks, exact error messages) are passed. Other than that, all the
TLS-based tests pass with 100% the exact same baseline results.

This necessitated a couple of small tweaks to the spicy file - the
testcases uncovered several small problems.

This commit also enables cirrus tests for Spicy SSL/TLS.
 2024-08-13 14:41:37 +01:00
Johanna Amann
1e282989fe Merge remote-tracking branch 'origin/master' into topic/johanna/spicy-tls 
* origin/master: (93 commits)
  spicyz: Add back message about removed support for port / ports in evt
  rule-parse: Remove id_to_str() lookup to squelch coverity warning
  Update doc submodule [nomail] [skip ci]
  Update zeekctl submodule [nomail]
  btest: Skip core.script-args under TSAN
  Update doc submodule [nomail] [skip ci]
  Update zeekctl submodule
  Add note to NEWS about the removal of OpaqueVal::DoSerialize and OpaqueVal::DoUnserialize
  Remove deprecated port/ports fields for spicy analyzers
  Remove deprecated Cluster::Node::interface field
  Remove deprecated signature definition format
  Return an error if GLOBAL:: prefix is used
  Remove deprecated BloomFilter serialization methods
  Remove deprecated OpaqueVal serialization methods
  Remove deprecated DECLARE_OPAQUE_VALUE macro
  Make TypePtr::Capture member variables private
  Remove deprecated Trigger constructor
  Remove deprecated Controller::auto_assign_ports and Controller::auto_assign_start_port
  Remove deprecated load-balacing policy script
  Remove deprecated prometheus telemetry policy script
  ...
 2024-08-13 10:37:52 +01:00
Arne Welzel
f943366e8e Merge remote-tracking branch 'origin/topic/awelzel/spicyz-add-back-port-ports-message' 
* origin/topic/awelzel/spicyz-add-back-port-ports-message:
  spicyz: Add back message about removed support for port / ports in evt
 2024-08-12 11:07:40 +02:00
Arne Welzel
a5aadc11db spicyz: Add back message about removed support for port / ports in evt 
spicy-dhcp, spicy-http and spicy-dns all have this still in their .evt files,
so it seems popular. Be more helpful than "unexpected token" to users.
 2024-08-12 09:45:56 +02:00
Arne Welzel
32cbe953ba Merge remote-tracking branch 'origin/topic/awelzel/rule-parse-fix-coverity-leak' 
* origin/topic/awelzel/rule-parse-fix-coverity-leak:
  rule-parse: Remove id_to_str() lookup to squelch coverity warning
 2024-08-09 20:57:40 +02:00
Arne Welzel
fa9dc159a2 rule-parse: Remove id_to_str() lookup to squelch coverity warning 
Coverity didn't like that id_to_str() allocates memory and we didn't
free it. Remote its usage wholesale.
 2024-08-09 09:49:43 +02:00
zeek-bot
371dcdc94e Update doc submodule [nomail] [skip ci] 2024-08-09 00:10:26 +00:00
Arne Welzel
159f40a4bf Merge remote-tracking branch 'upstream/topic/awelzel/3774-skip-script-args-test-under-tsan' 
* upstream/topic/awelzel/3774-skip-script-args-test-under-tsan:
  btest: Skip core.script-args under TSAN
 2024-08-08 18:53:23 +02:00
Tim Wojtulewicz
4298fe16ca Update zeekctl submodule [nomail] 2024-08-08 09:44:07 -07:00
Arne Welzel
3e6511af41 btest: Skip core.script-args under TSAN 
TSAN may re-execute the executable when the memory layout doesn't
fullfill requirements, causing argument confusion when that happens.

Closes #3774.
 2024-08-08 15:32:20 +02:00
Arne Welzel
39a9b64219 Merge remote-tracking branch 'origin/topic/timw/remove-cluster-interface-field-zeekctl' 
* origin/topic/timw/remove-cluster-interface-field-zeekctl:
  Update zeekctl submodule
 2024-08-08 10:44:51 +02:00
zeek-bot
80cf06cb79 Update doc submodule [nomail] [skip ci] 2024-08-08 00:23:28 +00:00
Tim Wojtulewicz
bd611945e5 Update zeekctl submodule 2024-08-07 16:03:12 -07:00
Tim Wojtulewicz
c56c7af44e Add note to NEWS about the removal of OpaqueVal::DoSerialize and OpaqueVal::DoUnserialize 2024-08-07 12:27:56 -07:00
Tim Wojtulewicz
6041f74601 Merge remote-tracking branch 'origin/topic/timw/7.1-deprecation-removal' 
* origin/topic/timw/7.1-deprecation-removal:
  Remove deprecated port/ports fields for spicy analyzers
  Remove deprecated Cluster::Node::interface field
  Remove deprecated signature definition format
  Return an error if GLOBAL:: prefix is used
  Remove deprecated BloomFilter serialization methods
  Remove deprecated OpaqueVal serialization methods
  Remove deprecated DECLARE_OPAQUE_VALUE macro
  Make TypePtr::Capture member variables private
  Remove deprecated Trigger constructor
  Remove deprecated Controller::auto_assign_ports and Controller::auto_assign_start_port
  Remove deprecated load-balacing policy script
  Remove deprecated prometheus telemetry policy script
  Remove deprecated policy/tuning/default package
  Remove deprecated time machine settings
  Remove deprecated json NullDoubleWriter class
  Remove deprecated modbus event definitions
  Remove Connection::AppendAddl
  Remove STMT_ANY statement type
  Remove EventRegistry::Used and EventRegistry::SetUsed
 2024-08-07 12:20:44 -07:00
Tim Wojtulewicz
15d404dd19 Remove deprecated port/ports fields for spicy analyzers 2024-08-07 11:58:22 -07:00
Tim Wojtulewicz
4e9d843cec Remove deprecated Cluster::Node::interface field 2024-08-07 11:58:22 -07:00
Tim Wojtulewicz
9142a48725 Remove deprecated signature definition format 2024-08-07 11:58:22 -07:00
Tim Wojtulewicz
2d68b1d834 Return an error if GLOBAL:: prefix is used 2024-08-07 11:58:22 -07:00
Tim Wojtulewicz
ca69d9fb8f Remove deprecated BloomFilter serialization methods 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
dd982ee6c4 Remove deprecated OpaqueVal serialization methods 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
cbe612400c Remove deprecated DECLARE_OPAQUE_VALUE macro 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
260a8afebe Make TypePtr::Capture member variables private 
The public versions were marked as deprecated for 7.0, and accessors
should be used to manage them now.
 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
a53cc4d01b Remove deprecated Trigger constructor 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
535df5e263 Remove deprecated Controller::auto_assign_ports and Controller::auto_assign_start_port 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
7a5b29ea81 Remove deprecated load-balacing policy script 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
1d0f01d6bc Remove deprecated prometheus telemetry policy script 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
85b4dc773e Remove deprecated policy/tuning/default package 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
a716903f3a Remove deprecated time machine settings 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
aba1f431cf Remove deprecated json NullDoubleWriter class 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
401a074036 Remove deprecated modbus event definitions 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
6bb00f9e01 Remove Connection::AppendAddl 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
1d4bd2c70a Remove STMT_ANY statement type 2024-08-07 11:58:21 -07:00
Tim Wojtulewicz
e2b03681d1 Remove EventRegistry::Used and EventRegistry::SetUsed 2024-08-07 11:58:21 -07:00
Arne Welzel
97fa7cdc0a Merge remote-tracking branch 'origin/topic/awelzel/ldap-fix-uint8-shift' 
* origin/topic/awelzel/ldap-fix-uint8-shift:
  ldap: Promote uint8 to uint64 before shifting
 2024-08-07 14:11:30 +02:00
Arne Welzel
2be39cf0d0 ldap: Promote uint8 to uint64 before shifting 
Relates to zeek/spicy#1829
 2024-08-07 13:47:12 +02:00
Arne Welzel
2c62ecf57d Merge remote-tracking branch 'origin/topic/awelzel/ci-ubuntu-24-new-ccache' 
* origin/topic/awelzel/ci-ubuntu-24-new-ccache:
  ci/ubuntu-24.04: Use ccache 4.10.2
 2024-08-07 11:43:33 +02:00
Arne Welzel
84c9daafd1 ci/ubuntu-24.04: Use ccache 4.10.2 
The ccache version shipped with Ubuntu 24.04 does not yet recognize
--fprofile-update=atomic, install one that does.

Now that the asan_sanitizer build also includes building Spicy and
running the spicyz test suite, ccache is quite important.

Reference ccache/ccache#1408 and zeek/zeek#3777.
 2024-08-07 11:36:00 +02:00
Arne Welzel
b0df736ba7 Merge remote-tracking branch 'origin/topic/awelzel/threading-manager-metrics-follow-up' 
* origin/topic/awelzel/threading-manager-metrics-follow-up:
  telemetry/Manager: Check RegisterFd() return value
  telemetry/Manager: Track sent_in and sent_out totals without callback
  threading/Manager: Switch inf bucket from infinity() to max()
  threading/Manager: "lt" to "le" and do not break
 2024-08-07 10:55:13 +02:00
Arne Welzel
4fe9580a7e telemetry/Manager: Check RegisterFd() return value 
Please coverity.
 2024-08-07 09:48:29 +02:00
zeek-bot
60bdaffe0b Update doc submodule [nomail] [skip ci] 2024-08-07 00:20:16 +00:00
Arne Welzel
c845c7cce0 Merge remote-tracking branch 'origin/topic/awelzel/3860-ldap-fuzzer' 
* origin/topic/awelzel/3860-ldap-fuzzer:
  Bump auxil/spicy to latest development snapshot
  spicy/runtime-support: Switch ParameterMismatch::_fmt to static
  coverage/lcov_html: Ignore testing/btest/.tmp
  cirrus: Do not disable Spicy for sanitizer builds
  ldap: Avoid unset m$opcode
  fuzzers: Add LDAP fuzzing
 2024-08-06 20:09:09 +02:00
Arne Welzel
821d460c2e Bump auxil/spicy to latest development snapshot 2024-08-06 18:20:09 +02:00
Arne Welzel
9f5f8b809a spicy/runtime-support: Switch ParameterMismatch::_fmt to static 
UBSAN's vptr sanitize isn't happy with the call to _fmt()
in its member initializer list.

    $ zeek -r Traces/ssh/single-conn.trace .tmp/spicy.event-args-mismatch/test.hlto .tmp/spicy.event-args-mismatch/event-args-mismatch.zeek
    <...>/src/include/zeek/spicy/runtime-support.h:80:29: runtime error: member call on address 0x511000369540 which does not point to an object of type 'zeek::spicy::rt::ParameterMismatch'
    0x511000369540: note: object has invalid vptr
     00 00 00 00  be be be be be be be be  be be be be be be be be  be be be be be be be be  be be be be
                  ^~~~~~~~~~~~~~~~~~~~~~~
                  invalid vptr
        #0 0x7f9c9977b019 in zeek::spicy::rt::ParameterMismatch::ParameterMismatch(std::basic_string_view<char, std::char_traits<char>>, zeek::IntrusivePtr<zeek::Type> const&, std::basic_string_view<char, std::char_traits<char>>) <...>/src/include/zeek/spicy/runtime-support.h:80:29
         #1 0x7f9c9977a6a2 in zeek::spicy::rt::to_val(hilti::rt::Bytes const&, zeek::IntrusivePtr<zeek::Type> const&) <...>/src/include/zeek/spicy/runtime-support.h:562:15
 2024-08-06 18:20:09 +02:00
Arne Welzel
11bc233f45 coverage/lcov_html: Ignore testing/btest/.tmp 
gcda/gcno files in the btest/.tmp directory are from .htlo files
referencing ephemeral cc files. No need to include these.
 2024-08-06 18:20:09 +02:00
Arne Welzel
f1167fc87f cirrus: Do not disable Spicy for sanitizer builds 2024-08-06 18:20:09 +02:00
Arne Welzel
83a2eb3665 ldap: Avoid unset m$opcode 
Initial fuzzing caused a bind response to arrive before a bind request,
resulting in an unset field expression error:

    expression error in base/protocols/ldap/main.zeek, line 270: field value missing (LDAP::m$opcode)

Prevent this by ensuring m$opcode is set and raising instead.
 2024-08-06 18:20:09 +02:00
Arne Welzel
92d4e50b48 fuzzers: Add LDAP fuzzing 
LDAP supports both, UDP and TCP as separate analyzers. The corpus
is identical, however. Started to hit the TLS analyzer fairly
quickly, too.

Closes #3860
 2024-08-06 18:20:09 +02:00
Tim Wojtulewicz
d52ec28c89 Merge remote-tracking branch 'origin/topic/timw/dont-install-empty-zam-dirs' 
* origin/topic/timw/dont-install-empty-zam-dirs:
  Don't install empty ZAM directories
 2024-08-06 09:02:31 -07:00
Arne Welzel
bd8c5b7bbb Merge remote-tracking branch 'upstream/topic/awelzel/fix-btest-spicy-replaces-conflicts' 
* upstream/topic/awelzel/fix-btest-spicy-replaces-conflicts:
  btest/spicy: Make replaces-conflicts trigger replaces code path
 2024-08-06 12:03:18 +02:00