Fixing one missing index adjustment (I believe ...)
BIT-757 #merged
* origin/topic/jsiwek/deprecation:
Fix typo.
Update documentation (broken links, outdated tests).
Update NEWS for deprecated/changed functions.
Deprecate split* family of BIFs.
Improve use of &deprecated on functions.
Add a new attribute: &deprecated.
These functions are now deprecated in favor of alternative versions that
return a vector of strings rather than a table of strings.
Deprecated functions:
- split: use split_string instead.
- split1: use split_string1 instead.
- split_all: use split_string_all instead.
- split_n: use split_string_n instead.
- cat_string_array: see join_string_vec instead.
- cat_string_array_n: see join_string_vec instead.
- join_string_array: see join_string_vec instead.
- sort_string_array: use sort instead instead.
- find_ip_addresses: use extract_ip_addresses instead.
Changed functions:
- has_valid_octets: uses a string_vec parameter instead of string_array.
Addresses BIT-924, BIT-757.
* origin/topic/robin/dnp3-merge-v4:
add test trace in which DNP3 packets are over UDP; update test scripts and baseline results
A bit more DNP3 tweaking.
remove redundnt codes; find a way to use the analyzer function, such as Weird; fix a small bug in ProcessData function in DNP3.cc; passed the test
Renameing the DNP3 TCP analyzer
quickly fix another bug; adding missing field of the declaration of dnp3_request_application_header and dnp3_response_application_header
Removing the debug printf in DNP3.cc
fixed the bug of deciding the size of object 1 varition 1 in DNP3
Fix some things in DNP3 UDP analyzer.
changed a bug, but still not working
modify DNP3.cc and DNP3.h to add DNP3_UDP_Analyzer; binpac unchanged
BIT-1231 #merged
- Use a boolean success instead of a result string
- Change the affected_rows response detail string to a "rows" count
- Fix the state tracking to log incomplete commands
Retrieval of extended alert information from sid-msg.map, gen-msg.map,
and classification.config files uses Bro's input framework, but since
the unified2 file analyzer also relies on the input framework,
coordination is needed to start analysis only after extended info has
been read at least once.
- Re-arrange how some fa_file fields (e.g. source, connection info, mime
type) get updated/set for consistency.
- Add more robust mechanisms for flushing the reassembly buffer.
The goal being to report all gaps and deliveries to file analyzers
regardless of the state of the reassembly buffer at the time it has to
be flushed.
- I've changed/extended the URI record fields a bit:
- path is always the full path including the full file name
- if there's no path, the field still still be set set "/".
- file_name is the full name including extenstion, and
file_base and file_ext split it out.
- Adding a test exercising a bunch of URLs.
* origin/fastpath:
for dh key exchanges, use p as the parameter for weak key exchanges. Y can be a few bytes smaller due to the modulo operation - this is ok.
* origin/topic/vladg/mysql:
Update baselines.
Fix a logic bug with handling quits after the cleanup.
Integrate MySQL with the software framework
A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
Move MySQL analyzer to the new plugin architecture.
Add a btest for the Wireshark sample MySQL PCAP
Add support for more commands, and support quit
Redo the response handling..
Whitespace/readability fixes.
Add memleak and auth btests.
Update baselines.
Get MySQL to compile and add basic v9 support.
MySQL analyzer
- Remove all of the x-c detections. Nearly all false
positives.
- Remove the back up TAR detections. Not very helpful.
- Remove one of the x-elc detections that was too loose
and caused many false positives.
* origin/topic/struck/BIT-1277:
[ADD] Added the feature to return 0 content to the python http test server and added functionality for post requests
[ADD] added baseline for the new active-http test and added a test to check for the content-length 0 fix.
[ADD] added baseline for the new exec test and added a test to check for the empty files fix.
[FIX] exec should write an empty string when file is empty instead of the filename
[FIX] Add files to result table even if the files are empty
BIT-1277 #merged
* origin/topic/johanna/ssl-resumption:
Update baseline of new SSL policy script for changes
update test baselines
Mark everything below 2048 bit as a weak key (Browsers will stop accepting 1024 bits soon, so we can be of that opinion too).
add information about server chosen protocol to ssl.log, if provided by alpn.
change SSL log to contain a boolean flag signaling if a session was resumed instead of the (usually not really that useful) session ID the client sent.
BIT-1279 #merged
- Change to the default BOF buffer size to 3000 (was 1024).
- Reorganized MS signatures into a separate file
- Improved lots of the signatures and added new ones.
- This moves the signatures out of the libmagic imported signatures
and into our own general.sig.
- Expand the detection to LZMA compressed flash files.
