Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
17767 commits 387 branches 195 tags 255 MiB
Commit graph

3433 commits

Author SHA1 Message Date
Arne Welzel
9fa4d6f5ed pre-commit-config: Disable spicy-format 
This fails to install currently: bbannier/spicy-format#157
 2024-10-30 14:43:42 +01:00
Arne Welzel
fd0181c2cb Merge branch 'modbus-fc-fixes' of https://github.com/zambo99/zeek 
* 'modbus-fc-fixes' of https://github.com/zambo99/zeek:
  Fix issues with Modbus message logging
 2024-10-30 14:38:53 +01:00
Arne Welzel
00a0f9c920 Merge remote-tracking branch 'origin/topic/awelzel/data-end-offset-v1' 
* origin/topic/awelzel/data-end-offset-v1:
  signatures: Add data_end_offset to signature_match() and custom events
  Add pattern_end_offset to signature_state
 2024-10-30 14:34:08 +01:00
Johanna Amann
681fd37a6d Merge remote-tracking branch 'origin/topic/awelzel/skip-modbus-when-spicy-ssl-enabled' 
* origin/topic/awelzel/skip-modbus-when-spicy-ssl-enabled:
  modbus: Skip non-modbus traffic testing with Spicy SSL
  testing: Add have-spicy-ssl helper and update tests
 2024-10-30 11:48:15 +00:00
Arne Welzel
5200b84fb3 Merge branch 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek 
* 'sqli-spaces-encode-to-plus' of https://github.com/cooper-grill/zeek:
  account for spaces encoding to plus signs in sqli regex detection
 2024-10-29 14:08:39 +01:00
Arne Welzel
821218e7b2 Merge remote-tracking branch 'origin/topic/vern/CPP-when-capture-naming' 
* origin/topic/vern/CPP-when-capture-naming:
  fixed "-O gen-C++" naming of "when" captures to avoid ambiguities due to inlining
  Simplified & made more robust maintenance helper script for "-O gen-C++" testing
  "-a cpp" baseline updates to reflect recent BTest changes
 2024-10-29 13:50:56 +01:00
Christian Kreibich
66173633f4 Merge branch 'topic/christian/telemetry-make-bifs-primary' 
* topic/christian/telemetry-make-bifs-primary:
  Telemetry framework: move BIFs to the primary-bif stage
  Minor comment tweaks for init-frameworks-and-bifs.zeek
 2024-10-24 07:09:16 -07:00
Christian Kreibich
f2b4c9d553 Update broker submodule [nomail] 
This pulls in zeek/broker#424, zeek/broker#430, zeek/broker#431.
 2024-10-23 05:52:07 -07:00
Arne Welzel
daa358c840 Merge remote-tracking branch 'origin/topic/awelzel/3947-telemetry-hook-scrape' 
* origin/topic/awelzel/3947-telemetry-hook-scrape:
  btest/telemetry: Fix "Note compilable" typo
  misc/stats: Add zeek_net_timestamp_seconds
  telemetry/Manager: Remove variant include
  telemetry: Invoke Telemetry::sync() only at scrape/collection time
 2024-10-22 19:04:51 +02:00
Arne Welzel
d74b073852 Merge remote-tracking branch 'origin/topic/awelzel/3978-zeekjs-0.12.1-bump' 
* origin/topic/awelzel/3978-zeekjs-0.12.1-bump:
  Bump zeekjs to 0.12.1
 2024-10-22 11:25:05 +02:00
Arne Welzel
4763282f36 Merge branch 'modbus-fixes' of https://github.com/zambo99/zeek 
* 'modbus-fixes' of https://github.com/zambo99/zeek:
  Prevent non-Modbus on port 502 to be reported as Modbus
 2024-10-21 15:54:11 +02:00
Christian Kreibich
2e576b058d Merge branch 'topic/vern/script-opt-headers-factoring' 
* topic/vern/script-opt-headers-factoring:
  factored CPP source's main header into collection of per-source-file headers
  renamed script optimization Attrs.h header to prepare for factoring large Compile.h
  factored ZAM source's main header into collection of per-source-file headers
 2024-10-18 17:51:19 -07:00
Christian Kreibich
c28442a9a1 Merge remote-tracking branch 'origin/topic/bbannier/fix-docs-ci-again' 
* origin/topic/bbannier/fix-docs-ci-again:
  Fix installation of Python packages in generate docs CI job again
 2024-10-18 09:55:33 -07:00
Benjamin Bannier
cb612cd48a Merge branch 'topic/bbannier/fix-sphinx-build' 2024-10-15 17:12:22 +02:00
Benjamin Bannier
391fb4de07 Merge remote-tracking branch 'origin/topic/etyp/enshrine-event-order' 2024-10-15 09:57:36 +02:00
Christian Kreibich
1208555ee3 Merge remote-tracking branch 'origin/topic/vern/remove-teredo-gtpv1-script-opt-insts' 
* origin/topic/vern/remove-teredo-gtpv1-script-opt-insts:
  removed specialized ZAM instructions for GTPv1 and Teredo cleanup BiFs
 2024-10-09 15:36:52 -07:00
Christian Kreibich
2651de64bf Merge remote-tracking branch 'origin/topic/vern/script-opt-baselines.Oct24' 
* origin/topic/vern/script-opt-baselines.Oct24:
  -a zam baseline updates reflecting recent changes to main baselines
 2024-10-09 15:36:21 -07:00
Christian Kreibich
2a23e9fc19 Merge branch 'topic/awelzel/3957-raw-reader-spinning' 
* topic/awelzel/3957-raw-reader-spinning:
  input/Raw: Rework GetLine()
 2024-10-09 14:26:54 -07:00
Christian Kreibich
d70bb6a889 Merge branch 'topic/christian/bump-cluster-testing' 
* topic/christian/bump-cluster-testing:
  Bump zeek-testing-cluster to pull in a baseline update
 2024-10-04 12:45:22 -07:00
Arne Welzel
c826118385 Merge remote-tracking branch 'origin/topic/etyp/centos-missing-file-test-fail' 
* origin/topic/etyp/centos-missing-file-test-fail:
  Fix flaky `missing-file-initially` test
 2024-10-04 19:32:48 +02:00
Benjamin Bannier
ac5522f03a Merge branch 'topic/bbannier/spicyz-usage' 2024-10-04 13:34:49 +02:00
Arne Welzel
e118887771 Merge remote-tracking branch 'origin/topic/etyp/bg-test-nondeterminism' 
* origin/topic/etyp/bg-test-nondeterminism:
  Fix input error test nondeterminism
 2024-10-02 20:17:38 +02:00
Arne Welzel
6aeb302bfc Merge remote-tracking branch 'origin/topic/etyp/remove-duplicate-table-warns' 
* origin/topic/etyp/remove-duplicate-table-warns:
  Report suppressed warnings count
  Avoid duplicating warnings when reading table
 2024-10-01 11:52:02 +02:00
Christian Kreibich
b4c43e1607 Merge branch 'topic/vern/script-opt-maint.Sep24B' 
* topic/vern/script-opt-maint.Sep24B:
  factoring of logic used by ZAM's low-level optimizer when adjusting control flow info
  BTest baseline update for more complete function/lambda names
  tweak to -O gen-C++ maintenance script to avoid treating plugins as BTests
  fixed lambda hash collision bug due to function descriptions lacking full parameter information
  fixes (to avoid collisions) for AST profiling's function hash computations
  removed unused ZAM cast-to-any operation
  fixes for ZAM tracking the return type associated with function calls
  ZAM control-flow tracking now explicitly includes the ends of loops
  fix for ZAM identification of common subexpressions
  "-O dump-final-ZAM" option similar to "dump-ZAM" only prints final version of functions
  fix for setting object locations to avoid use-after-free situation
  extended "-O allow-cond" to apply to both gen-C++ and gen-standalone-C++
  -O gen-C++ fix for run-time warnings for "when" lambdas
  fix to -O gen-C++ for recent AST profiling changes for identifying function parameters
  fix to -O gen-C++ for dealing with "hidden" parameters
  tweak to prevent an incorrect warning for scripts compiled to C++
  fixed overly narrow Spicy test for manipulating packet analyzers
  fixed memory leak for recursive ZAM functions that exit via an exception
  remove unnecessary header include
 2024-09-27 15:20:21 -07:00
Arne Welzel
c36ae2f1a3 Merge branch 'pr/3946' 
* pr/3946:
  Honor no plaintext password logging for PASS cmd

Closes #3946 - squashed commits into a single one.
 2024-09-27 16:52:44 +02:00
Arne Welzel
989730c241 Merge remote-tracking branch 'origin/topic/awelzel/cluster-backends-pre-work-v1' 
* origin/topic/awelzel/cluster-backends-pre-work-v1:
  NEWS: Update
  scripts/base/cluster: Move active node management into node_down()
  logging/Manager: Extract another CreateWriter() helper
  logging/Manager: Extract path_func invocation into helper
  logging: Dedicated log flush timer
  all: Change to use Func::GetName()
  script_opt: Use Func::GetName()
  Func: Add std::string name accessors, deprecate const char* versions
  plugin/ComponentManager: Support lookup by EnumValPtr
 2024-09-27 15:37:47 +02:00
Arne Welzel
4aca6290a7 Merge remote-tracking branch 'origin/topic/awelzel/debug-stream-env' 
* origin/topic/awelzel/debug-stream-env:
  zeek-setup: Support enabling debug streams through env variable
 2024-09-27 15:00:04 +02:00
Tim Wojtulewicz
702fb031a4 Merge remote-tracking branch 'origin/topic/awelzel/3936-pop3-and-redis' 
* origin/topic/awelzel/3936-pop3-and-redis:
  pop3: Remove unused headers
  pop3: Prevent unbounded state growth
  btest/pop3: Add somewhat more elaborate testing
 2024-09-23 11:00:06 -07:00
Arne Welzel
b22ec06568 Merge remote-tracking branch 'origin/topic/etyp/enum-port-sizeof' 
* origin/topic/etyp/enum-port-sizeof:
  Add enum value negative check
  Fix port/enum values `SizeOf` not being a count
 2024-09-18 19:10:59 +02:00
Arne Welzel
5a26a39d06 Merge remote-tracking branch 'origin/topic/awelzel/teredo-gtpv1-conn-removal-hook' 
* origin/topic/awelzel/teredo-gtpv1-conn-removal-hook:
  btest: Update baselines for removal-hooks addition
  gtpv1: Replace connection_state_remove() with RemovalHook
  teredo: Replace connection_state_remove() with RemovalHook
  teredo: Move conn member from analyzer to encapsulation
 2024-09-17 18:51:44 +02:00
Arne Welzel
f24bc1ee88 Merge remote-tracking branch 'origin/topic/awelzel/prom-callbacks-2' 
* origin/topic/awelzel/prom-callbacks-2:
  Update broker submodule
  telemetry: Move callbacks to Zeek
  auxil/prometheus-cpp: Pin to 1.2.4
 2024-09-17 18:51:12 +02:00
Tim Wojtulewicz
ba91de59b0 Merge remote-tracking branch 'mp/topic/mp-corelight/update-docker-env-syntax' 
* mp/topic/mp-corelight/update-docker-env-syntax:
  Update Dockerfile to avoid LegacyKeyValueFormat warning
 2024-09-12 09:18:56 +02:00
Johanna Amann
899f7297d7 Merge remote-tracking branch 'origin/topic/timw/remove-negative-timestamp-test' 
* origin/topic/timw/remove-negative-timestamp-test:
  Remove core.negative-time btest
 2024-09-12 08:53:00 +02:00
Johanna Amann
a0ff0fb18b Merge remote-tracking branch 'origin/topic/johanna/reformat-spicy-ssl' 
* origin/topic/johanna/reformat-spicy-ssl:
  Bump spicy-format to 0.16.2
  Bump spicy-format to 0.16.1
  Spicy SSL: reformat with new version of spicy format
 2024-09-12 08:51:22 +02:00
Johanna Amann
743e2a3663 Merge remote-tracking branch 'origin/topic/johanna/spicy-tls' 
* origin/topic/johanna/spicy-tls: (31 commits)
  Spicy SSL: don't turn on compilation of Spicy SSL analyzer in all cases
  Spicy SSL analyzer - address feedback
  Spicy TLS: re-enable test and update test comments
  Spicy SSL: Skip private test suite for now.
  Spicy SSL - finish SSLv2 implementation
  Spicy TLS: SSLv2 client hello support.
  Spicy TLS - full test suite pass
  Spicy TLS - refactoring and partial connection fix
  Spicy SSL - run spicy-format
  Spicy-TLS: address review feedback re convert-functions
  Spicy TLS: address review feedback & run spicy-lint
  Spicy TLS: disable debug prints
  Add configure option to enable/disable spicy SSL
  Spicy TLS: inout/reference updates for recent spicy changes
  Spicy TLS: parse OCSP replies in TLS extension
  Spicy TLS: generate same file IDs as binpac analyzer
  Spicy TLS: skip CI; run performance tests
  Spicy TLS: fix parsing of no-extension hellos, port registration
  Spicy TLS: Re-enable starttls for RDP
  Spicy TLS: rename the analyzer to SSL
  ...
 2024-09-11 16:59:17 +02:00
Arne Welzel
ede4e661cd Merge remote-tracking branch 'origin/topic/awelzel/script-opt-less-includes' 
* origin/topic/awelzel/script-opt-less-includes:
  script_opt/ZAM/IterInfo.h: Add missing Dict.h dependency
  script_opt/ZAM: ZBody.h / Support.h: Cleanup includes, use forward declarations
  script_opt/ZAM/Profile: Remove Zeek header includes
  script_opt: Extend Support.h to break include dependencies
  script_opt: Do not include ZBody.h in ZAM/Validate.cc
 2024-09-09 13:25:33 +02:00
Arne Welzel
a339cfa4c0 Merge remote-tracking branch 'origin/topic/awelzel/3919-ldap-logs-missing' 
* origin/topic/awelzel/3919-ldap-logs-missing:
  btest/ldap: Add regression test for #3919
 2024-09-06 19:17:49 +02:00
Arne Welzel
b9ca50c6bb Merge remote-tracking branch 'origin/topic/awelzel/add-postgresql-parser' 
* origin/topic/awelzel/add-postgresql-parser:
  postgresql: Simplify SSL buffering and forwarding
  postgresql: Initial parser implementation
 2024-09-06 17:47:52 +02:00
Arne Welzel
2907d9feee Merge remote-tracking branch 'origin/topic/awelzel/add-spicy-format' 
* origin/topic/awelzel/add-spicy-format:
  testing/external: Update private baselines
  analyzer/syslog: Reformat with spicy-format
  analyzer/finger: Reformat with spicy-format
  scripts/spicy: Reformat with spicy-format
  pre-commit: Add spicy-format
 2024-09-05 19:19:49 +02:00
Tim Wojtulewicz
d4a646cd21 Merge remote-tracking branch 'origin/topic/timw/dns-opcode-check' 
* origin/topic/timw/dns-opcode-check:
  Check for netbios to avoid reporting extra bad DNS opcodes
  Add weird for unhandled opcodes in DNS analyzer
 2024-09-04 14:53:31 -07:00
Tim Wojtulewicz
cd10bd3747 Merge remote-tracking branch 'origin/topic/bbannier/bump-spicy' 
* origin/topic/bbannier/bump-spicy:
  Bump auxil/spicy to latest development snapshot
 2024-09-03 09:04:03 -07:00
Benjamin Bannier
dffef94d4d Merge branch 'topic/bbannier/bump-clang-format' 2024-09-03 10:18:39 +02:00
Arne Welzel
cdae755a0c Bump zeek-aux for zeek/zeek-aux#57 2024-09-03 10:03:22 +02:00
Arne Welzel
c27e18631c Merge branch 'fix-http-password-capture' of https://github.com/p-l-/zeek 
* 'fix-http-password-capture' of https://github.com/p-l-/zeek:
  http: fix password capture when enabled
 2024-08-30 18:56:48 +02:00
Arne Welzel
435770f99a Merge remote-tracking branch 'origin/topic/awelzel/no-broker-mgr-active' 
* origin/topic/awelzel/no-broker-mgr-active:
  RunState: Drop broker_mgr->Active() usage
 2024-08-30 15:39:06 +02:00
Johanna Amann
d89c0d1ef7 Merge remote-tracking branch 'origin/topic/johanna/fix-ssl2-client-hello-version-parsing' 
* origin/topic/johanna/fix-ssl2-client-hello-version-parsing:
  Fix parsing of version field in SSLv2 client hello
 2024-08-27 13:31:12 +01:00
Arne Welzel
45b33bf5c1 Merge remote-tracking branch 'origin/topic/awelzel/no-child-analyzer-on-finished-connections' 
* origin/topic/awelzel/no-child-analyzer-on-finished-connections:
  Analyzer: Do not add child analyzers when finished
 2024-08-23 14:19:00 +02:00
Arne Welzel
4a4cbf2576 Merge remote-tracking branch 'origin/topic/awelzel/tcp-reassembler-undelivered-data-match-bool-bool-bool-confusion' 
* origin/topic/awelzel/tcp-reassembler-undelivered-data-match-bool-bool-bool-confusion:
  TCP_Reassembler: Fix IsOrig() position in Match() call
 2024-08-23 09:41:07 +02:00
Johanna Amann
2f07ca9e7f Merge remote-tracking branch 'origin/topic/johanna/ssl-history-also-for-sslv2-not-only-for-things-that-use-the-more-modern-handshake' 
* origin/topic/johanna/ssl-history-also-for-sslv2-not-only-for-things-that-use-the-more-modern-handshake:
  Make ssl_history work for SSLv2 handshakes/connections
 2024-08-20 11:40:20 +01:00
Arne Welzel
5ac5f5f24f Merge remote-tracking branch 'origin/topic/awelzel/broker-deprecate-valp-list-interface' 
* origin/topic/awelzel/broker-deprecate-valp-list-interface:
  broker: Deprecate MakeEvent(ValPList*)
  Span: Remove deduction guideline for Iter, Iter, include cleanup
 2024-08-20 10:11:11 +02:00