The added test cases around function/event invocations report the
following flurry of errors when only the first one is relevant and
actionable. There's little use in reporting a mismatch with "error".
Squelch them.
error in <...>/function-invoke-mismatch-error.zeek, line 8: identifier not defined: MyEnumTypo
error in <...>/function-invoke-mismatch-error.zeek, line 12 and error: type mismatch (M::MY_ENUM_A and error)
error in <...>/function-invoke-mismatch-error.zeek, line 12: argument type mismatch in function call (M::to_string(M::MY_ENUM_A))
error in <...>/function-invoke-mismatch-error.zeek, line 16 and error: type mismatch (M::MY_ENUM_B and error)
error in <...>/function-invoke-mismatch-error.zeek, line 16: argument type mismatch in function call (M::to_string(M::MY_ENUM_B))
error in <...>/function-invoke-mismatch-error.zeek, line 20 and error: type mismatch (M::e and error)
error in <...>/function-invoke-mismatch-error.zeek, line 20: argument type mismatch in function call (M::to_string(M::e))
Record coercion also reports noisy errors when coercing to a type that
has errors for individual fields, type clashing with "error":
$ zeek language/record-field-error.zeek
error in ./language/record-coerce-error.zeek, line 8: identifier not defined: MyEnumTypo
error in ./language/record-coerce-error.zeek, line 19 and ./language/record-coerce-error.zeek, line 5: type clash for field "e" ((coerce [$e=MY_ENUM_B, $s=test] to MyRecord) and MyEnum)
This instantiates the SSL analyzer when the client requests SSL
so that Zeek now has a bit more visibility into encrypted MySQL
connections.
The pattern used is the same as in the IMAP, POP or XMPP analyzer.
* topic/awelzel/2696-mysql-analyzer-issues:
testing/mysql: Add traces recorded with a free-tier MySQL instance
MySQL: Fix endianness, introduce mysql_eof() event
Not sure this adds much more coverage then there was, but minimally
more recent software versions.
The instances/passwords were ephemeral, so hostname and password hashes
etc aren't useful to anyone.
We were parsing MySQL using bigendian even though the protocol is
specified as with "least significant byte first" [1]. This is most
problematic when parsing length encoded strings with 2 byte length
fields...
Further, I think, the EOF_Packet parsing was borked, either due to
testing the CLIENT_DEPRECATE_EOF with the wrong endianness, or due to
the workaround in Resultset processing raising mysql_ok(). Introduce a
new mysql_eof() that triggers for EOF_Packet's and remove the fake
mysql_ok() Resultset invocation to fix. Adapt the mysql script and tests
to account for the new event.
This is a quite backwards incompatible change on the event level, but
due to being quite buggy in general, doubt this matters to many.
I think there is more buried, but this fixes the violation of the simple
"SHOW ENGINE INNODB STATUS" and the existing tests continue to
succeed...
[1] https://dev.mysql.com/doc/dev/mysql-server/latest/page_protocol_basic_dt_integers.html
The script added as a test case reports the following messages *and*
dumps a core file. Printing the first error and a normal failure exit
seems sufficient. IMO triggering an abort() due to user scripting issues
is not something that Zeek should do
$ zeek ./identifier-not-defined-error.zeek
error in ./identifier-not-defined-error.zeek, line 10: identifier not defined: MyEnu
error in ./identifier-not-defined-error.zeek, line 10 and error: &default value has inconsistent type (M::MY_ENUM_A and error)
internal error in ./identifier-not-defined-error.zeek, line 11: type inconsistency in ZVal constructor
Aborted (core dumped)
Change is to skip certain checks when an error type is propagated.
The #124 PR introduced special treatment when HTTP version 0.9
was set. With #127, a reproducer that set HTTP/1.0 in the first
request was created and subsequent requests wouldn't reset to
HTTP version 0.9.
This is subtle, but doesn't seem like things fall apart.
Improves runtime from 20 seconds to 2 seconds for the given
reproducer.
Fixes#127.
These have been created artificially. The tests show that for an
invalid reply line without a numeric code, with a numeric code < 100
or a numeric code not followed by a space we now raise an analyzer
violation and disable the analyzer.
This improves runtime of the oss-fuzz generated traffic in #125.
Specifically, that reproducers included a 064- reply code that was
interpreted as needing to be continued.
Also, return after AnalyzerViolations() for server replies rather than
propagating bad replies them to script-land. This trusts server's to
generally behave according to specification.
* origin/topic/timw/2658-avoid-teredo-violations:
Update external testing repo commit hashes for Teredo changes
Update scripts.base.frameworks.analyzer.logging btest to use a different trace file
Update btest baselines due to reduced calls to UID::Set
Rework TeredoAnalzyer::DetectProtocol to not catch as many packets
Limit the number of tasks we run on PRs to only a subset instead of
the full set to reduce the amount of resources we use for PRs. Labeling
a PR with "fullci" can be used enable running all tasks.
This removes a total of 14 task execution from PRs by default at the cost of
needing to monitor master builds more closely for distro specific breakage.
This could probably be even be more advanced:
Leveraging changesIncludeOnly('scripts/*', 'testing/*'), we might be able to
limit to running a single Linux distro rather than a whole set of different
for simple script changes. For now I've left that out, however.
* origin/topic/vern/Jan23-C++-maint:
Maintenance updates for -O gen-C++ / -O gen-standalone-C++ fixes for using BiFs in standalone global initializations avoiding redundant global initializations updates to maintenance scripts and notes removal of an unused member variable
