Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-08 17:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
16055 commits 387 branches 195 tags 264 MiB
Commit graph

16055 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arne Welzel
8b04868de3 {http,smtp}/entities: Align header regexes with extract_filename_from_content_disposition() 2022-11-08 16:45:25 -07:00
Arne Welzel
6ef9423f3c analyzer/HTTP: Call TCP_ApplicationAnalyzer::Done() after RequestMade()/ReplyMade() 2022-11-08 16:44:42 -07:00
Arne Welzel
fa956efa79 file_analysis/Analyzer: Limit maximum number of violations 
Just the same as for protocol analyzers, prevent from violation event overload.
 2022-11-08 16:44:39 -07:00
Arne Welzel
e688bfcf73 test: Add btest verifying max_analyzer_violations functionality 
The pcap has been generated roughly based on the example found on wikipedia
with some added garbled response after the STAT command from the client.
 2022-11-08 16:44:34 -07:00
Arne Welzel
c58cdf407a analyzer: Cap analyzer violations at 1000 per analyzer instance 2022-11-08 16:44:30 -07:00
Tim Wojtulewicz
557ffe7bbc Report an error if a key is too big for a DictEntry 2022-11-08 16:44:29 -07:00
Tim Wojtulewicz
d19478f49f Use larger size variable for DictEntry key_size to avoid overflows with big keys 2022-11-08 16:44:29 -07:00
Arne Welzel
c132d140ae ftp: Limit pending commands to FTP::max_pending_commands (default 20) 2022-11-08 16:44:17 -07:00
Arne Welzel
d2689379bc Update baselines after AnalyzePacket changes 
Mainly, for bad headers we do not (can not) put addresses into
the log anymore. Some were rather obviously bogus previously
already.
 2022-11-08 16:44:15 -07:00
Arne Welzel
70c74e9d71 protocol/ip: Only attach IP_Hdr to Packet if valid 
Ensure packet->ip_hdr is not set (so no one can assume it's valid)
when AnalyzePacket() found something weird with the header.
 2022-11-08 16:44:04 -07:00
Vern Paxson
ee0a6f6835 Script optimization maintenance and updates: 
maintenance fixes for variadic run-time checks, '_' placeholder identifier
  "-O allow-cond" permits compiling scripts to C++ when influenced by @if conditionals
  more robust standalone compile-to-C++ properties
  fix for nested "when" statements
  test suite updates
 2022-11-08 11:56:32 -08:00
Robin Sommer
0ef709ae7c
Add some missing bits when flipping endpoints. 
Couple places missed flipping state.
 2022-11-08 13:25:20 +01:00
Josh Soref
6f30f8df7c spelling: successful 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:05:24 -05:00
Josh Soref
90f1da4fe7 spelling: deterministic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:05:24 -05:00
Josh Soref
34966a93ef spelling: canonicalize 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:05:24 -05:00
Josh Soref
b79dfafefb spelling: algorithm 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:05:24 -05:00
Josh Soref
8995db4cd3 spelling: variation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
711576c10f spelling: value 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
c22d4f5d8c spelling: session 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
4782193393 spelling: repetitions 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
683ef60823 spelling: params 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
e3d60ea268 spelling: further 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
015f27e345 spelling: confirm 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
075360773a spelling: channel 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
Josh Soref
38d6cdeb89 spelling: announcement 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-07 20:04:58 -05:00
zeek-bot
be5a30df7d Update doc submodule [nomail] [skip ci] 2022-11-08 00:44:27 +00:00
Robin Sommer
62a52be314
Bump documentation. 2022-11-07 11:48:35 +01:00
Robin Sommer
3a9320dab3
Merge remote-tracking branch 'origin/topic/awelzel/2528-cluster-layout-content-warning' 
* origin/topic/awelzel/2528-cluster-layout-content-warning:
  cluster: Add warning about cluster-layout.zeek content
 2022-11-07 11:28:57 +01:00
Robin Sommer
2a36441b8e
Merge remote-tracking branch 'origin/topic/awelzel/2483-builtin-plugin-includes' 
* origin/topic/awelzel/2483-builtin-plugin-includes:
  zeek-setup: Load builtin-plugins/__preload__.zeek before initializing bifs
  cmake: Introduce bro_PLUGIN_LINK_LIBS and add to link command.
  cmake: Do not use include_directories() for included plugins
  cmake: Bump submodule
 2022-11-07 11:25:03 +01:00
Dominik Charousset
c4d5e3cda7 Configure script: drop --with-caf, add -D option 2022-11-05 09:00:13 +01:00
zeek-bot
c71d2878c9 Update doc submodule [nomail] [skip ci] 2022-11-05 00:44:30 +00:00
Tim Wojtulewicz
2975468060 Merge remote-tracking branch 'origin/topic/awelzel/2540-fuzzer-zeekpath-builtin-plugins' 
* origin/topic/awelzel/2540-fuzzer-zeekpath-builtin-plugins:
  fuzzer-setup: Update ZEEKPATH to align with DEFAULT_ZEEKPATH
 2022-11-04 09:16:08 -07:00
Arne Welzel
15502f8e18 fuzzer-setup: Update ZEEKPATH to align with DEFAULT_ZEEKPATH 
The util-config.h file uses @DEFAULT_ZEEKPATH@ which includes the
builtin-plugins directory. Do the same change for the fuzzers so
that scripts from builtin plugins can be found.

Fixes #2540
 2022-11-04 15:22:50 +01:00
Tim Wojtulewicz
254877879c Update cmake submodule to remove STATIC_KQUEUE variable 2022-11-03 13:50:44 -07:00
Tim Wojtulewicz
c853555bf4 Update docs submodule [nomail] [skip ci] 2022-11-03 10:42:43 -07:00
Tim Wojtulewicz
1a81e0d3a3 Merge branch 'topic/timw/lgtm-fixes' 
* topic/timw/lgtm-fixes:
  Add a missing deletion in ZAM code
  Add a couple of mising assignment operators to match copy constructors
  Fix a bunch of variable shadowing issues from LGTM
 2022-11-03 09:22:21 -07:00
Tim Wojtulewicz
c3ed97c04c Add a missing deletion in ZAM code 2022-11-03 09:21:18 -07:00
Tim Wojtulewicz
859588d710 Add a couple of mising assignment operators to match copy constructors 2022-11-03 09:21:18 -07:00
Tim Wojtulewicz
a61352c5dd Merge remote-tracking branch 'origin/topic/timw/display-cmake' 
* origin/topic/timw/display-cmake:
  Add configure --display-cmake argument
 2022-11-03 08:58:09 -07:00
Tim Wojtulewicz
68450eac47 Merge remote-tracking branch 'origin/topic/timw/update-dns-types' 
* origin/topic/timw/update-dns-types:
  Update external test hashes
  Update DNS type strings to match correct mappings
 2022-11-03 08:57:19 -07:00
Tim Wojtulewicz
3fafe5c19f Merge remote-tracking branch 'origin/topic/johanna/ubuntu2210ci' 
* origin/topic/johanna/ubuntu2210ci:
  Add Ubuntu 22.10 to ci
 2022-11-03 08:56:43 -07:00
Arne Welzel
28336709b8 cluster: Add warning about cluster-layout.zeek content 
Relates to #2528, #991.
 2022-11-03 14:02:43 +01:00
Johanna Amann
36484eaf34 Add Ubuntu 22.10 to ci 2022-11-03 10:08:12 +00:00
Tim Wojtulewicz
d65c75e2ad Merge remote-tracking branch 'jsoref/spelling-scripts' 
* jsoref/spelling-scripts:
  Spelling fixes: scripts
 2022-11-02 16:56:27 -07:00
Tim Wojtulewicz
66e818e69b Update external test hashes 2022-11-02 16:38:24 -07:00
Tim Wojtulewicz
e8dbfc1cb0 Fix a bunch of variable shadowing issues from LGTM 2022-11-02 15:54:51 -07:00
Josh Soref
21e0d777b3 Spelling fixes: scripts 
* accessing
* across
* adding
* additional
* addresses
* afterwards
* analyzer
* ancillary
* answer
* associated
* attempts
* because
* belonging
* buffer
* cleanup
* committed
* connects
* database
* destination
* destroy
* distinguished
* encoded
* entries
* entry
* hopefully
* image
* include
* incorrect
* information
* initial
* initiate
* interval
* into
* java
* negotiation
* nodes
* nonexistent
* ntlm
* occasional
* omitted
* otherwise
* ourselves
* paragraphs
* particular
* perform
* received
* receiver
* referring
* release
* repetitions
* request
* responded
* retrieval
* running
* search
* separate
* separator
* should
* synchronization
* target
* that
* the
* threshold
* timeout
* transaction
* transferred
* transmission
* triggered
* vetoes
* virtual

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-02 17:36:39 -04:00
Tim Wojtulewicz
c9610ec45b Update DNS type strings to match correct mappings 2022-11-02 14:22:46 -07:00
Tim Wojtulewicz
04ba6033c6 Add configure --display-cmake argument 2022-11-02 12:29:47 -07:00
Arne Welzel
d34167b2c4 zeek-setup: Load builtin-plugins/__preload__.zeek before initializing bifs 
Prevent errors as follows with the bro-http2 plugin.

    error in /mitrecnd_HTTP2.events.bif.zeek, line 95: identifier not defined: http2_stream_stat
    error in /mitrecnd_HTTP2.events.bif.zeek, line 363: identifier not defined: http2_settings
    internal error in /mitrecnd_HTTP2.events.bif.zeek, line 460: Failed to find type named: http2_settings_unrecognized_table
 2022-11-02 12:21:44 +01:00