Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 10:08:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
13262 commits 388 branches 195 tags 265 MiB
Commit graph

3882 commits

Author SHA1 Message Date
Johanna Amann
cd21b7f130 Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs. 
Returned dsa so far.

Bug found by Michał Purzyński
 2014-11-25 11:18:07 -08:00
Gilbert Clark
7eadcad674 Merge branch 'master' into topic/gilbert/plugin-api-tweak 
Conflicts:
	testing/btest/Baseline/plugins.api-version-mismatch/output
	testing/btest/Baseline/plugins.hooks/output
	testing/btest/plugins/api-version-mismatch.sh
 2014-11-24 16:21:23 -05:00
Robin Sommer
9d3cfaddaa Merge branch 'master' of https://github.com/anthonykasza/bro 
- I've changed/extended the URI record fields a bit:
        - path is always the full path including the full file name
        - if there's no path, the field still still be set set "/".
        - file_name is the full name including extenstion, and
          file_base and file_ext split it out.

    - Adding a test exercising a bunch of URLs.
 2014-11-18 12:21:06 -08:00
Jon Siwek
f214158cc5 BIT-1288: Improve coercion of &default expressions. 2014-11-18 12:40:16 -06:00
Robin Sommer
ee14b96a15 Merge remote-tracking branch 'origin/topic/struck/BIT-1287' 
* origin/topic/struck/BIT-1287:
  [ADD] builtin function enum_to_int()

BIT-1287 #merged
 2014-11-11 13:20:40 -08:00
Christian Struck
b36d5fc81b [ADD] builtin function enum_to_int() 
[ADD] added tests for the new enum_to_int function
 2014-11-10 18:24:27 -08:00
Seth Hall
e879aa78f5 Merge remote-tracking branch 'origin/topic/seth/mime-updates' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	scripts/base/init-bare.bro
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:42:34 -05:00
Seth Hall
842dfd8b4a Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:40:26 -05:00
Seth Hall
efdfef7970 Merge remote-tracking branch 'origin/master' into topic/seth/mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 10:57:57 -05:00
Vlad Grigorescu
e86fc160db Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-10-31 21:32:19 -04:00
Robin Sommer
78de5c17ef Merge remote-tracking branch 'origin/topic/jsiwek/bit-1176' 
* origin/topic/jsiwek/bit-1176:
  Fix segfault if when statement's RHS is unitialized.

BIT-1176 #merged
 2014-10-31 16:30:49 -07:00
Robin Sommer
2e7b732c4b Merge remote-tracking branch 'origin/topic/jsiwek/bit-1280' 
* origin/topic/jsiwek/bit-1280:
  BIT-1280: Fix checking vector indices via "in".

BIT-1280 #merged.
 2014-10-31 16:28:08 -07:00
Vlad Grigorescu
743d388be8 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-10-31 16:46:07 -04:00
Vlad Grigorescu
b484da1539 Update baselines. 2014-10-31 16:45:48 -04:00
Jon Siwek
2a181a88c5 Allow arbitrary when statement timeout expressions 
BIT-1284 #close
 2014-10-31 10:38:23 -05:00
Jon Siwek
1f7facda5b Fix segfault if when statement's RHS is unitialized. 
If it is ever assigned a value, the body of the when can be triggered as
usual.

Addresses BIT-1176.
 2014-10-30 12:19:25 -05:00
Jon Siwek
e5f75cde93 BIT-1280: Fix checking vector indices via "in". 
$ cat test.bro
local vec: vector of string = { "zero" };
vec[2] = "two";
print 0 in vec, 1 in vec, 2 in vec;

$ bro -b test.bro
T, F, T
 2014-10-28 14:21:16 -05:00
Vlad Grigorescu
b259a41ef2 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:24:31 -04:00
Robin Sommer
087a9f975d Adding missing baseline. 2014-10-24 15:34:06 -07:00
Robin Sommer
fb56d3f0bb Fixing unstable test. 2014-10-24 13:40:00 -07:00
Robin Sommer
4216a5eb1c Merge remote-tracking branch 'origin/topic/struck/BIT-1277' 
* origin/topic/struck/BIT-1277:
  [ADD] Added the feature to return 0 content to the python http test server and added functionality for post requests
  [ADD] added baseline for the new active-http test and added a test to check for the content-length 0 fix.
  [ADD] added baseline for the new exec test and added a test to check for the empty files fix.
  [FIX] exec should write an empty string when file is empty instead of the filename
  [FIX] Add files to result table even if the files are empty

BIT-1277 #merged
 2014-10-24 11:43:09 -07:00
Robin Sommer
3e508d316a Plugins: Change order in which plugins' scripts are loaded at startup. 
We now load the top-level  __init__.bro before the internal bif.bro so
that the former can define types used by the latter.
 2014-10-23 14:22:26 -07:00
Christian Struck
de33490586 [ADD] Added the feature to return 0 content to the python http test server and added functionality for post requests 2014-10-22 16:05:06 -07:00
Christian Struck
d17b3746cf [ADD] added baseline for the new active-http test and added a test to check for the content-length 0 fix. 2014-10-22 16:04:04 -07:00
Christian Struck
0a59772043 [ADD] added baseline for the new exec test and added a test to check for the empty files fix. 2014-10-22 16:02:19 -07:00
Johanna Amann
624aa3cac1 Update baseline of new SSL policy script for changes 2014-10-21 11:38:02 -07:00
Johanna Amann
ba3b35a612 Merge remote-tracking branch 'origin/master' into topic/johanna/ssl-resumption 2014-10-21 11:32:46 -07:00
Jon Siwek
02c86b2304 Merge branch 'master' into topic/jsiwek/bit-1235 2014-10-14 14:45:58 -05:00
Jon Siwek
191e5da74d Documentation fixes. 
BIT-1272 #close
 2014-10-14 14:43:08 -05:00
Jon Siwek
7ef1409b40 Change find-bro-logs unit test to follow symlinks. 2014-10-09 16:02:13 -05:00
Daniel Thayer
072dad6508 Add error checks and messages to a test script 2014-10-08 10:42:35 -05:00
Robin Sommer
f4f5cfd321 Further baseline normalization for plugin test portability. 2014-10-08 08:16:31 -07:00
Seth Hall
24a809b53e Merge remote-tracking branch 'origin/master' into topic/seth/mime-updates 2014-10-08 10:04:22 -04:00
Seth Hall
d77243823f Updates for file mime type identification. 
- Change to the default BOF buffer size to 3000 (was 1024).
 - Reorganized MS signatures into a separate file
 - Improved lots of the signatures and added new ones.
 2014-10-08 02:12:10 -04:00
Robin Sommer
81933d25a8 Fix for test portability. 2014-10-07 20:18:31 -07:00
Gilbert Clark
be5cb549a9 Re-updating plugin.hooks test to include new argument output (after merge). 2014-10-07 22:11:41 -04:00
Gilbert Clark
17e1d2a809 Merge branch 'master' into topic/gilbert/plugin-api-tweak 
Conflicts:
	testing/btest/Baseline/plugins.hooks/output
 2014-10-07 21:57:13 -04:00
Robin Sommer
91c218d44a Include plugin unit tests into the top-level btest configuration. 
Turns out they weren't part of it yet. Comes with some baseline updates.
 2014-10-07 15:33:18 -07:00
Robin Sommer
21a0e12d82 Merge remote-tracking branch 'origin/topic/jdopheid/BIT-1242' 
* origin/topic/jdopheid/BIT-1242:
  Improved the log file reference documentation
  Added missing log files prof, stderr, stdout
  Add a test that detects changes in the list of all Bro log files
  Broke down logs into grouped sections based on use & origin
  Adding deatils for modbus_register_change.log
  More updates to log files page: descriptions
  Changing name of file
  New page for List of Log files, linked to script-reference

Very nice. I've reorganized slightly more, mostly to shrink down the
"other" category: moved some of that into "Detection" and "Files" (the
latter is small, but will hopefully grow).

BIT-1242 #merged
 2014-10-07 14:35:19 -07:00
Gilbert Clark
70c7258dfa Updating tests and tweaking HookArgument to include Frame support. 
* Add frame support to HookArgument, since it's a new argument to HookCallFunction
* Fix test in api-version-mismatch to remove absolute paths from output
* Update test plugin to use new HookCallFunction interface
 2014-10-02 19:23:59 -04:00
Gilbert Clark
0104d7147d Merging master into branch. 
Merge branch 'master' into topic/gilbert/plugin-api-tweak
 2014-10-01 21:19:02 -04:00
Gilbert Clark
d639488d36 Incremental commit: implementing a wrapper for the Val class. 
Just a checkpoint: need to add / update tests to make sure things work as expected.  Should build / pass core btests, though.
 2014-09-27 08:03:30 -04:00
Daniel Thayer
6dc4863d81 Add a test that detects changes in the list of all Bro log files 2014-09-26 22:06:56 -05:00
Hui Lin
6e7a4a4fee Merge branch 'fastpath' of git://git.bro-ids.org/bro into fastpath 2014-09-26 14:48:58 -05:00
Hui Lin
f933899b17 adding a function in dnp3-analyzer.pac to translate the time stamp format 2014-09-26 14:47:51 -05:00
Seth Hall
cafd35e746 Updates the files event api and brings file reassembly up to master. 2014-09-26 00:40:37 -04:00
Robin Sommer
cce09b75de Changing prefix for packet sources/dumper from ':' to '%'. 
Addresses BIT-1249.
 2014-09-25 17:54:36 -07:00
Robin Sommer
a98dd29259 Merge remote-tracking branch 'origin/topic/jsiwek/missing-plugin' 
* origin/topic/jsiwek/missing-plugin:
  Improve error message when failing to activate a plugin.

BIT-1252 #merged
 2014-09-25 10:54:21 -07:00
Seth Hall
42b2d56279 Merge remote-tracking branch 'origin/master' into topic/seth/files-tracking 
Conflicts:
	scripts/base/frameworks/files/main.bro
	src/file_analysis/File.cc
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.actions.data_event/out
 2014-09-23 13:05:39 -04:00
Seth Hall
8d283db63b Adds a "node" field to Intel::Seen struture and intel.log. 
The intel framework can now indicate which node discovered a
hit on an intel item through the new "node" field in the
Intel::Seen data structure.  On clusters, this field will
contain the name of the node where the hit was seen.
 2014-09-23 12:23:39 -04:00