Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18396 commits 387 branches 195 tags 255 MiB
Commit graph

5380 commits

Author SHA1 Message Date
Evan Typanski
aef9fe11dc spicy-redis: Abort parsing if server data comes first 
Redis seems to only want client data first to request server data. The
DPD signature seems to pick up on some cases where server data comes
first, but is otherwise "valid" RESP. See if this helps lower FP rates.
 2025-05-27 09:28:12 -04:00
Evan Typanski
7f28ec8bc5 spicy-redis: Add dpd signature and clean pcaps 2025-05-27 09:28:12 -04:00
Evan Typanski
f0e9f46c7c spicy-redis: Add some commands and touch up parsing 2025-05-27 09:28:12 -04:00
Evan Typanski
22bda56af3 spicy-redis: Add some script logic for logging 
Also "rebrands" from RESP to Redis.
 2025-05-27 09:28:12 -04:00
Evan Typanski
757cbbf902 spicy-redis: Separate client/server 
This makes the parser more official and splits the client/server out
from each other. Apparently they're different enough to be separate.
 2025-05-27 09:28:12 -04:00
Evan Typanski
f0f2969a66 spicy-redis: Touchup logging and Spicy issues 2025-05-27 09:28:12 -04:00
Evan Typanski
97d26a689d spicy-redis: Add synchronization and pipeline support 
Also adds some command support
 2025-05-27 09:28:12 -04:00
Evan Typanski
4210e62e57 spicy-redis: Begin Spicy Redis analyzer 2025-05-27 09:28:12 -04:00
Arne Welzel
277c3f5245 btest: Add test for Cluster::hello zero-timestamp 2025-05-26 16:08:27 +02:00
Tim Wojtulewicz
0fb4548ff0 Redis: return proper error if connection fails 2025-05-23 12:13:13 -07:00
Arne Welzel
d929392a76 Merge remote-tracking branch 'origin/topic/awelzel/4177-4178-custom-event-metadata-part-1' 
* origin/topic/awelzel/4177-4178-custom-event-metadata-part-1:
  Event: Move meta after args
  Event: Use IntrusivePtr to manage obj refcount
  btest/zam: Update for new EventMetadata bifs
  broker and cluster: Switch to new Enqueue() API
  Event/zeek.bif: Add EventMetadata current() and current_values() accessors
  Event: Deprecate default network timestamp metadata
  Event: Store timestamp in metadata vector
  EventRegistry/zeek.bif/init-bare: Add event metadata infrastructure
  EventMgr: Add CurrentEvent() accessor
 2025-05-23 21:02:28 +02:00
Arne Welzel
e4e9ec3e80 btest/zam: Update for new EventMetadata bifs 2025-05-23 19:32:50 +02:00
Arne Welzel
75aa6588fe Event/zeek.bif: Add EventMetadata current() and current_values() accessors 
...and basic smoke testing.
 2025-05-23 19:32:50 +02:00
Arne Welzel
53b0f0ad64 Event: Deprecate default network timestamp metadata 
This deprecates the Event constructor and the ``ts`` parameter of Enqueue()
Instead, versions are introduced that take a detail::MetadataVectorPtr which
can hold the network timestamp metadata and is meant to be allocated by the
caller instead of automatically during Enqueue() or within the Event
constructor.

This also introduces a BifConst ``EventMetadata::add_network_timestamp`` to
opt-in adding network timestamps to events globally. It's disabled by
default as there are not a lot of known use cases that need this.
 2025-05-23 19:32:23 +02:00
Arne Welzel
cc7dc60c1e EventRegistry/zeek.bif/init-bare: Add event metadata infrastructure 
Introduce a new EventMetadata module and members on EventMgr to register
event metadata types.
 2025-05-23 19:31:58 +02:00
Tim Wojtulewicz
25f144381c SQLite: Fix typo in variable name causing pragmas not to retry on busy 2025-05-22 10:23:17 -07:00
Tim Wojtulewicz
25dd1a2702 Disable sqlite-cluster btest 
This test is being flaky on some platforms and still having problems
with executing pragmas at startup. Disable it for now until it can be
fixed.
 2025-05-21 15:42:29 -07:00
Tim Wojtulewicz
0c7ad126d6 Update baseline of sqlite-basic btest after recent changes 2025-05-21 11:01:54 -07:00
Tim Wojtulewicz
a58128a45c SQLite: Move integrity_check to pragma table 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
78dffb1d6f SQLite: Add backend option for pragma timeout 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
f0e7b78554 SQLite: Rename tuning_params to pragma_commands, move running pragmas to utility method 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
26cc6d4e7b SQLite: Add busy_timeout pragma to default options 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
e91421a8de Prefix sqlite-based btests with sqlite- to match redis tests 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
41bddae59f Add sqlite cluster storage btest 2025-05-21 09:38:27 -07:00
Arne Welzel
aabd1e3825 btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled 
There should not be warnings produced. The default ZEEK_DISABLE_ZEEKYGEN=1
setting in the btest configuration hid some issues previously.
 2025-05-21 11:49:12 +02:00
Arne Welzel
00eabb6cbb btest remaining: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
9365f71965 btest/frameworks/logging: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
6c00c05249 btest/files/x509: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
d7b5955e5e btest/frameworks/notice: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
2a3f2d0004 btest/policy: Use generic cluster-layout.zeek 
Catch-all for cluster scripts in policy directory.
 2025-05-20 20:30:01 +02:00
Arne Welzel
00a12a4cc5 btest/frameworks/intel: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
4dec63936e btest/frameworks/sumstats: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
0a06a77c69 btest/frameworks/cluster: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
e114b0e371 btest/frameworks/config: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
f9ff396acf btest/broker: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
a15df5fc11 btest/cluster: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
b3f53dc455 testing/btest/Files: Add generic broker/cluster-layout.zeek 
This is a cluster-layout.zeek template that can be copied into a testing
directory if needed. The idea is that a developer sets environment
variables within their btest and the Cluster::nodes variable is
implicitly extended by appropriate nodes.

For example, using @TEST-PORT BROKER_LOGGER1_PORT will add an appropriate
logger-1 node to Cluster::nodes, based on the existence of the
BROKER_LOGGER1_PORT environment variable.
 2025-05-20 20:30:01 +02:00
Arne Welzel
906b91dca8 Merge remote-tracking branch 'origin/topic/vern/http-sqli-replacement' 
* origin/topic/vern/http-sqli-replacement:
  site/local: Switch to detect-sql-injection
  Add a revised script for detecting HTTP SQL injection, deprecate original
 2025-05-20 16:26:13 +02:00
Arne Welzel
c687a24503 site/local: Switch to detect-sql-injection 2025-05-20 16:24:28 +02:00
Vern Paxson
dcd14f7a16 Add a revised script for detecting HTTP SQL injection, deprecate original 2025-05-20 16:24:20 +02:00
Christian Kreibich
fdecfba6b4 Merge branch 'smoot-improve-from_json' of github.com:/stevesmoot/zeek 
* 'smoot-improve-from_json' of github.com:/stevesmoot/zeek:
  update baseline for zam
  Update src/zeek.bif
  Change from_json to return an error rather than print it.
 2025-05-19 11:06:29 -07:00
Arne Welzel
eb15997cc3 Merge remote-tracking branch 'origin/topic/awelzel/event-trace-mgr-destructor-fclose' 
* origin/topic/awelzel/event-trace-mgr-destructor-fclose:
  btest/core: Add event-trace test
  zeek-setup: Free event_trace_mgr after generating trace
  EventTraceMgr: Rename etm to event_trace_mgr
  EventTraceMgr: Move fclose() to destructor
 2025-05-19 20:02:12 +02:00
Tim Wojtulewicz
456c1fa42c Remove unnecessary #includes in analyzer/packet analyzer/file analyzer headers 2025-05-19 10:25:05 -07:00
Arne Welzel
000cc50813 btest/core: Add event-trace test 2025-05-19 18:23:08 +02:00
Tim Wojtulewicz
e618d00326 Remove including <cinttypes> from util.h 2025-05-16 10:14:37 -07:00
Tim Wojtulewicz
c659592773 Reduce includes in plugin/Component.h 2025-05-16 10:14:37 -07:00
Tim Wojtulewicz
648f0f0623 Use quotes instead of <> for zeek includes 2025-05-16 10:14:36 -07:00
Jan Grashoefer
84cc4b890d Add STLS command to POP3 DPD signature 2025-05-14 16:37:25 +02:00
Arne Welzel
2255fa23b8 Merge remote-tracking branch 'origin/topic/vern/zam-aggr-change-in-loop' 
* origin/topic/vern/zam-aggr-change-in-loop:
  fix for ZAM optimization when an aggregate is modified inside of a loop
 2025-05-13 19:50:56 +02:00
Arne Welzel
6d2bd93f1f btest/cluster/websocket: Update tests for new event signature 2025-05-13 18:26:03 +02:00