Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
18359 commits 387 branches 195 tags 255 MiB
Commit graph

18359 commits

This branch
This branch
All branches
Author SHA1 Message Date
Arne Welzel
cc7dc60c1e EventRegistry/zeek.bif/init-bare: Add event metadata infrastructure 
Introduce a new EventMetadata module and members on EventMgr to register
event metadata types.
 2025-05-23 19:31:58 +02:00
Arne Welzel
fc96c81c70 EventMgr: Add CurrentEvent() accessor 
Avoid proliferation of accessors on EventMgr.
 2025-05-23 19:31:06 +02:00
zeek-bot
0864048c3f Update doc submodule [nomail] [skip ci] 2025-05-22 00:15:56 +00:00
Tim Wojtulewicz
25dd1a2702 Disable sqlite-cluster btest 
This test is being flaky on some platforms and still having problems
with executing pragmas at startup. Disable it for now until it can be
fixed.
 2025-05-21 15:42:29 -07:00
Tim Wojtulewicz
6b104f3e22 Merge remote-tracking branch 'origin/topic/timw/fix-sqlite-btest-output' 
* origin/topic/timw/fix-sqlite-btest-output:
  Update baseline of sqlite-basic btest after recent changes
 2025-05-21 12:47:16 -07:00
Tim Wojtulewicz
0c7ad126d6 Update baseline of sqlite-basic btest after recent changes 2025-05-21 11:01:54 -07:00
Tim Wojtulewicz
1862e66097 Merge remote-tracking branch 'origin/topic/timw/sqlite-cluster-test' 
* origin/topic/timw/sqlite-cluster-test:
  SQLite: Move integrity_check to pragma table
  SQLite: Add backend option for pragma timeout
  SQLite: Rename tuning_params to pragma_commands, move running pragmas to utility method
  SQLite: Retry pragma statements at startup to avoid contention
  SQLite: Check for locked database as well as busy databases
  SQLite: Fix some string-sizing issues
  SQLite: Run pragmas on connection before creating table
  SQLite: Add busy_timeout pragma to default options
  Prefix sqlite-based btests with sqlite- to match redis tests
  Add sqlite cluster storage btest
 2025-05-21 09:41:15 -07:00
Tim Wojtulewicz
a58128a45c SQLite: Move integrity_check to pragma table 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
78dffb1d6f SQLite: Add backend option for pragma timeout 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
f0e7b78554 SQLite: Rename tuning_params to pragma_commands, move running pragmas to utility method 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
53cb3c3681 SQLite: Retry pragma statements at startup to avoid contention 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
227d24b64d SQLite: Check for locked database as well as busy databases 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
1bff4c9537 SQLite: Fix some string-sizing issues 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
ac064bd6af SQLite: Run pragmas on connection before creating table 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
26cc6d4e7b SQLite: Add busy_timeout pragma to default options 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
e91421a8de Prefix sqlite-based btests with sqlite- to match redis tests 2025-05-21 09:38:27 -07:00
Tim Wojtulewicz
41bddae59f Add sqlite cluster storage btest 2025-05-21 09:38:27 -07:00
Arne Welzel
891338194f Merge remote-tracking branch 'origin/topic/awelzel/fixup-detect-sql-injection-zeekygen-comment' 
* origin/topic/awelzel/fixup-detect-sql-injection-zeekygen-comment:
  http/detect-sql-injection: Fix zeekygen comment
  btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled
 2025-05-21 13:39:07 +02:00
Arne Welzel
8d588a10a9 http/detect-sql-injection: Fix zeekygen comment 
Discarded extraneous Zeekygen comment: $src field; and always provides a victim IP address in the $dst field.
 2025-05-21 11:49:48 +02:00
Arne Welzel
aabd1e3825 btest/coverage/test-all-policy-zeekygen: Load test-all-policy with zeekygen enabled 
There should not be warnings produced. The default ZEEK_DISABLE_ZEEKYGEN=1
setting in the btest configuration hid some issues previously.
 2025-05-21 11:49:12 +02:00
zeek-bot
7d54a58a76 Update doc submodule [nomail] [skip ci] 2025-05-21 00:15:25 +00:00
Tim Wojtulewicz
c596556036 Merge remote-tracking branch 'origin/topic/timw/3913-parse-port-invalid-read' 
* origin/topic/timw/3913-parse-port-invalid-read:
  Add extra input files to ftp fuzzer corpus
  Use bool instead of int flag in FTP analyzer's parse_eftp method
  Fix undefined behavior in FTP analyzer's parse_port method
  Fix invalid-read in FTP analyzer's parse_port method
 2025-05-20 12:02:18 -07:00
Arne Welzel
ec744024d3 Merge remote-tracking branch 'origin/topic/awelzel/btest-cluster-layout-replacement' 
* origin/topic/awelzel/btest-cluster-layout-replacement:
  btest remaining: Use generic cluster-layout.zeek
  btest/frameworks/logging: Use generic cluster-layout.zeek
  btest/files/x509: Use generic cluster-layout.zeek
  btest/frameworks/notice: Use generic cluster-layout.zeek
  btest/policy: Use generic cluster-layout.zeek
  btest/frameworks/intel: Use generic cluster-layout.zeek
  btest/frameworks/sumstats: Use generic cluster-layout.zeek
  btest/frameworks/cluster: Use generic cluster-layout.zeek
  btest/frameworks/config: Use generic cluster-layout.zeek
  btest/broker: Use generic cluster-layout.zeek
  btest/cluster: Use generic cluster-layout.zeek
  testing/btest/Files: Add generic broker/cluster-layout.zeek
 2025-05-20 20:30:47 +02:00
Arne Welzel
00eabb6cbb btest remaining: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
9365f71965 btest/frameworks/logging: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
6c00c05249 btest/files/x509: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
d7b5955e5e btest/frameworks/notice: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
2a3f2d0004 btest/policy: Use generic cluster-layout.zeek 
Catch-all for cluster scripts in policy directory.
 2025-05-20 20:30:01 +02:00
Arne Welzel
00a12a4cc5 btest/frameworks/intel: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
4dec63936e btest/frameworks/sumstats: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
0a06a77c69 btest/frameworks/cluster: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
e114b0e371 btest/frameworks/config: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
f9ff396acf btest/broker: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
a15df5fc11 btest/cluster: Use generic cluster-layout.zeek 2025-05-20 20:30:01 +02:00
Arne Welzel
b3f53dc455 testing/btest/Files: Add generic broker/cluster-layout.zeek 
This is a cluster-layout.zeek template that can be copied into a testing
directory if needed. The idea is that a developer sets environment
variables within their btest and the Cluster::nodes variable is
implicitly extended by appropriate nodes.

For example, using @TEST-PORT BROKER_LOGGER1_PORT will add an appropriate
logger-1 node to Cluster::nodes, based on the existence of the
BROKER_LOGGER1_PORT environment variable.
 2025-05-20 20:30:01 +02:00
Tim Wojtulewicz
9ae16a3db3 Add extra input files to ftp fuzzer corpus 2025-05-20 10:58:32 -07:00
Tim Wojtulewicz
517dfff529 Use bool instead of int flag in FTP analyzer's parse_eftp method 2025-05-20 10:58:32 -07:00
Tim Wojtulewicz
c0b09665b9 Fix undefined behavior in FTP analyzer's parse_port method 2025-05-20 10:58:32 -07:00
Tim Wojtulewicz
8596671dd5 Fix invalid-read in FTP analyzer's parse_port method 2025-05-20 10:58:32 -07:00
Arne Welzel
906b91dca8 Merge remote-tracking branch 'origin/topic/vern/http-sqli-replacement' 
* origin/topic/vern/http-sqli-replacement:
  site/local: Switch to detect-sql-injection
  Add a revised script for detecting HTTP SQL injection, deprecate original
 2025-05-20 16:26:13 +02:00
Arne Welzel
c687a24503 site/local: Switch to detect-sql-injection 2025-05-20 16:24:28 +02:00
Vern Paxson
dcd14f7a16 Add a revised script for detecting HTTP SQL injection, deprecate original 2025-05-20 16:24:20 +02:00
zeek-bot
a694781bad Update doc submodule [nomail] [skip ci] 2025-05-20 00:25:51 +00:00
Tim Wojtulewicz
ddeecabc1e Merge remote-tracking branch 'origin/topic/awelzel/event-trace-fix-operator-equals' 
* origin/topic/awelzel/event-trace-fix-operator-equals:
  EventTrace: Fix operator==() UBSAN downcast error
 2025-05-19 12:33:08 -07:00
Arne Welzel
1ed38e7342 EventTrace: Fix operator==() UBSAN downcast error 
New test triggered the following error:

    runtime error: downcast of address 0x57021a323ea0 which does not point to an object of type 'const FileVal' 0x57021a323ea0: note: object is of type 'zeek::FuncVal'
 2025-05-19 20:48:18 +02:00
Christian Kreibich
fdecfba6b4 Merge branch 'smoot-improve-from_json' of github.com:/stevesmoot/zeek 
* 'smoot-improve-from_json' of github.com:/stevesmoot/zeek:
  update baseline for zam
  Update src/zeek.bif
  Change from_json to return an error rather than print it.
 2025-05-19 11:06:29 -07:00
Arne Welzel
eb15997cc3 Merge remote-tracking branch 'origin/topic/awelzel/event-trace-mgr-destructor-fclose' 
* origin/topic/awelzel/event-trace-mgr-destructor-fclose:
  btest/core: Add event-trace test
  zeek-setup: Free event_trace_mgr after generating trace
  EventTraceMgr: Rename etm to event_trace_mgr
  EventTraceMgr: Move fclose() to destructor
 2025-05-19 20:02:12 +02:00
Tim Wojtulewicz
e21fb9c9c7 Update cmake submodule 2025-05-19 10:54:10 -07:00
Tim Wojtulewicz
cc79afd24f Merge remote-tracking branch 'origin/topic/timw/include-cleanup-part-2' 
* origin/topic/timw/include-cleanup-part-2:
  Remove unnecessary #includes in script_opt
  Remove unnecessary #includes in telemetry and supervisor
  Remove unnecessary #includes in cluster/broker/iosource/probabilistic/session
  Remove unnecessary #includes in zeekygen and base plugin files
  Remove unnecessary #includes in input/logging/threading
  Remove unnecessary #includes in analyzer/packet analyzer/file analyzer source files
  Remove unnecessary #includes in analyzer/packet analyzer/file analyzer headers
  Remove unnecessary #includes in base files in repo
 2025-05-19 10:26:05 -07:00
Tim Wojtulewicz
12356a6393 Remove unnecessary #includes in script_opt 2025-05-19 10:25:05 -07:00