Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-04 15:48:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
2499 commits 385 branches 195 tags 258 MiB
Commit graph

639 commits

Author SHA1 Message Date
Jon Siwek
f302f2f3f2 Fix &default fields in records not being initialized in coerced assignments. 
Addresses #722
 2011-12-15 12:16:42 -06:00
Seth Hall
61aa592db5 A few updates for SQL injection detection. 
- The biggest change is the change in notice names from
	HTTP::SQL_Injection_Attack_Against to
	HTTP::SQL_Injection_Victim

- A few new SQL injection attacks in the tests that we need to
  support at some point.
 2011-12-12 14:26:54 -05:00
Bernhard Amann
dcc7fe3c38 start reworking interface of software framework. working apart from detect-webapps.bro, which direcly manipulates a no longer available interface... 2011-12-09 16:47:58 -08:00
Bernhard Amann
311cd1b116 after talking to seth - change host_a field in record back to host. 2011-12-08 14:25:46 -08:00
Jon Siwek
80b24513e7 Fix Broxygen confusing scoped id at start of line as function parameter. 2011-12-07 17:08:38 -06:00
Bernhard Amann
7e3ebc1817 forgotten policy files. 2011-12-07 15:03:36 -08:00
Bernhard Amann
89a29c3d7d Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-12-07 13:13:43 -08:00
Bernhard Amann
35fa52ea48 update baseline 2011-12-07 13:10:35 -08:00
Robin Sommer
f1e132cd1a Adding missing script. 2011-12-07 10:28:56 -08:00
Robin Sommer
3c2fa085d4 Adapting diff-all so that it expands globs in both current and 
baseline directory.

This way, it now spots if a Baseline file isn't produced anymore.

Closes #677.
 2011-12-07 10:03:44 -08:00
Bernhard Amann
9f32f68a13 make test more robust. 2011-12-06 10:50:36 -08:00
Bernhard Amann
4a690484ec make port annotation work and ascii input reader way more rebust with better error messages. 2011-12-06 10:42:37 -08:00
Bernhard Amann
949ec6897a Merge remote-tracking branch 'origin/master' into topic/bernhard/localnet 2011-12-03 20:15:05 -08:00
Robin Sommer
f59c766858 Portability fix for new patch. 2011-12-02 17:00:08 -08:00
Robin Sommer
1e45910b25 Merge remote-tracking branch 'origin/topic/jsiwek/bro-log-suffix' 
* origin/topic/jsiwek/bro-log-suffix:
  Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704)

Closes #704.
 2011-12-02 16:52:18 -08:00
Robin Sommer
03b7ebfb5b Merge remote-tracking branch 'origin/topic/jsiwek/fix-dns-double-free' 
* origin/topic/jsiwek/fix-dns-double-free:
  Fix double-free of DNS_Mgr_Request object (addresses #661)

Closes #661.
 2011-12-01 16:40:07 -08:00
Robin Sommer
df3ae4b30d Merge remote-tracking branch 'origin/topic/jsiwek/remote-log-peer' 
* origin/topic/jsiwek/remote-log-peer:
  Add a remote_log_peer event which contains an event_peer record param.

Closes #493.
 2011-12-01 16:02:11 -08:00
Jon Siwek
edc0a451f8 Teach LogWriterAscii to use BRO_LOG_SUFFIX env. var. (addresses #704) 2011-12-01 16:18:56 -06:00
Jon Siwek
0c8b5a712d Add a remote_log_peer event which contains an event_peer record param. 
Addresses #493.
 2011-12-01 14:07:08 -06:00
Jon Siwek
2913a990c4 Merge branch 'master' into fastpath 2011-12-01 09:12:42 -06:00
Jon Siwek
4444c56a94 Fix double-free of DNS_Mgr_Request object (addresses #661) 
In DNS::Resolve, they could be deleted once from where they were
stored in the nb_dns_info cookie and once again from where they
were stored in the DNS_Mgr::requests list.  Before commit
bd9c937236, they were only deleted
from the requests list, so this commit reverts to that behavior
without any leaks being reported by the core/leaks tests.
 2011-11-30 13:31:54 -06:00
Jon Siwek
9be652f8ff Rearrange packet filter and dpd documentation. 2011-11-30 10:13:20 -06:00
Seth Hall
bb47289bfa Some updates to the base DNS script. 
- Answers and TTLs are now vectors.

- The warning that was being generated (dns_reply_seen_after_done)
  from transaction ID reuse is fixed.

- Updated the single failing btest baseline.
 2011-11-30 10:19:41 -05:00
Robin Sommer
ebd15cf12e Fixing ASCII logger to escape the unset-field place-holder if written 
out literally.
 2011-11-29 17:01:47 -08:00
Bernhard Amann
a68e6b9fa4 allow sets to be read from files, convenience function for reading a file once, 
bug in destructor that could lead to a segfault.
 2011-11-29 15:05:09 -08:00
Bernhard Amann
4975584e01 change Log enum to Input enum. 2011-11-28 13:45:00 -08:00
Bernhard Amann
3c40f00a53 make filters pointers (for inheritance) 2011-11-22 16:09:13 -08:00
Bernhard Amann
3035eb2b21 fix a little bug that prevented several simultaneous filters from working. 2011-11-21 19:30:16 -08:00
Bernhard Amann
53af0544cc re-enable table events 2011-11-21 19:03:35 -08:00
Bernhard Amann
77a517f2b5 camel-casing for types 2011-11-21 15:45:27 -08:00
Bernhard Amann
92b3723b09 add very basic predicate test. 2011-11-21 15:36:03 -08:00
Bernhard Amann
bfe90199bd Merge remote-tracking branch 'origin/master' into topic/bernhard/input 2011-11-21 15:21:20 -08:00
Bernhard Amann
18591b53d4 rename filter to tablefilter in preparation of event filters... 2011-11-21 15:20:52 -08:00
Bernhard Amann
f0e5303330 make want_record field for tablefilter work... 2011-11-21 15:09:00 -08:00
Bernhard Amann
029871e48c first test. 2011-11-20 13:42:02 -08:00
Jon Siwek
305621672f Teach Broxygen the .. bro:see:: directive 2011-11-19 07:19:57 -06:00
Robin Sommer
0b8428d1bb Merge branch 'master' into topic/robin/pp-alarms 2011-11-17 15:26:15 -08:00
Jon Siwek
5227eb73c8 Teach Broxygen :bro:see: role for referencing any identifier in Bro domain. 2011-11-17 16:55:51 -06:00
Robin Sommer
7696c8b365 Merge remote-tracking branch 'origin/topic/jsiwek/require-libmagic-libz' 
* origin/topic/jsiwek/require-libmagic-libz:
  Promote libz and libmagic to required dependencies.

Conflicts:
	doc/quickstart.rst

Closes #674
 2011-11-15 17:08:24 -08:00
Robin Sommer
8de3614afa Merge remote-tracking branch 'origin/topic/jsiwek/custom-b64-alphabet' 
* origin/topic/jsiwek/custom-b64-alphabet:
  Add decode_base64_custom BiF to allow alternate base64 alphabets.

Simplified the code a little bit.

Closes #670.
 2011-11-15 17:03:23 -08:00
Robin Sommer
dacc019f1f Adding test for alarm mail. 
Can't test all the functionality, so skipping DNS lookup and the
actual mailing via sendmail.
 2011-11-15 08:51:48 -08:00
Seth Hall
d14349a6f8 Merge remote-tracking branch 'origin/master' into fastpath 2011-11-14 16:06:44 -05:00
Seth Hall
b12d2c768e Tiny bugfix for http file extraction along with test. 2011-11-14 15:24:15 -05:00
Jon Siwek
5865bf3850 Add decode_base64_custom BiF to allow alternate base64 alphabets. 
Addresses #670
 2011-11-11 13:48:11 -06:00
Jon Siwek
d750c3ba74 Promote libz and libmagic to required dependencies. 2011-11-11 12:39:00 -06:00
Robin Sommer
9aef0c0f5a Fixing packet filter test. 
Adapting the IPv6 one as well, though I believe that's already
broken anyway ...
 2011-11-03 17:42:06 -07:00
Robin Sommer
5b79d2b15f Baseline updates. 
Also a small tweak to the genDocSourcesList.sh as I was seein
non-consistent output order.
 2011-10-26 15:27:03 -07:00
Seth Hall
098134d2fa Updated unit test baselines. 
- Some (all?) of the DNS servers aren't being detected
  anymore because the test tracefile isn't long enough.
  Logging servers is delayed a 5 minutes in case a better
  result comes in.
 2011-10-26 09:36:04 -04:00
Robin Sommer
4cdff8ffd8 Extending .gitignore other external test-suites as well. 2011-10-25 16:33:17 -07:00
Seth Hall
3d6d75b647 Updating test baselines for recent changes. 2011-10-25 14:51:32 -04:00