Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
19592 commits 387 branches 195 tags 255 MiB
Commit graph

122 commits

Author SHA1 Message Date
Tim Wojtulewicz
b592b6c998 Use .contains() instead of .find() or .count() 2025-09-02 16:42:52 +00:00
Tim Wojtulewicz
72c79006ac Switch to using std::ranges algorithms 2025-07-28 13:03:25 -07:00
Tim Wojtulewicz
0681ab9071 Fix clang-tidy modernize-use-transparent-functors findings 2025-06-06 11:43:06 -07:00
Tim Wojtulewicz
f3588657bf Fix clang-tidy modernize-loop-convert findings 2025-06-06 11:43:06 -07:00
Arne Welzel
9619cd0f17 Add missing copyright line to headers and cc files 2024-12-06 12:50:58 +01:00
Christian Kreibich
b24c5c0e46 Order rule traversal in RuleMatcher::Match() operations by Rule index 
This ordering fixes a test failure we're seeing on Alpine for the
signatures/tcp-end-of-match btest, since discrepancies in rule match traversal
could lead to discrepancies in corresponding event ordering.

It looks safe to rely on across platforms since the index is driven by signature
load order, which shouldn't deviate. If this somehow doesn't hold in the future,
we'll only wind up with a test failure, not incorrect match behavior.

(Correction to 2e03fbb8b0, which I pushed
accidentally.)
 2024-11-18 09:45:09 -08:00
Christian Kreibich
5e0e2a8bd8 Merge branch 'topic/christian/fix-rulematcher-iteration' 
* topic/christian/fix-rulematcher-iteration:
  Define ordering on Rule instances and use on sets in RuleMatcher
 2024-11-18 09:39:22 -08:00
Arne Welzel
a02ae82778 RuleMatcher: Move plugin/Manager.h include from .h to .cc 2024-11-15 16:00:23 +01:00
Christian Kreibich
2e03fbb8b0 Define ordering on Rule instances and use on sets in RuleMatcher 
Establishing reliable ordering fixes a test failure we're seeing on Alpine for
the signatures/tcp-end-of-match btest, since discrepancies in rule match
traversal could lead to discrepancies in corresponding event ordering.
 2024-11-14 20:03:07 -08:00
Arne Welzel
e443624c32 RuleMatcher: Use a single list for tracking pattern_matches 2024-11-04 16:17:49 +01:00
Arne Welzel
04872d4e78 signatures: Add data_end_offset to signature_match() and custom events 
This change tracks the current offset (number of bytes fed into matchers)
on the top-level RuleEndpointState such that we can compute the relative ending
for matched texts individually.

Additionally, it adds the data_end_offset as a new optional parameter to
signature_match().
 2024-10-30 13:29:58 +01:00
ronny8360988
5859e23198 Add pattern_end_offset to signature_state 
Add pattern_end_offset to signature_state

Update init-bare.zeek

Update RuleMatcher.cc

Update RuleMatcher.h

Update init-bare.zeek

clang format

clang format

clang format

Using Match Offsets List

Temp commit
 2024-10-30 12:32:00 +01:00
Tim Wojtulewicz
38dae684bd Constify classes in RuleMatcher, fixes c++20 build failure 2024-05-01 16:59:54 -07:00
Benjamin Bannier
f5a76c1aed Reformat Zeek in Spicy style 
This largely copies over Spicy's `.clang-format` configuration file. The
one place where we deviate is header include order since Zeek depends on
headers being included in a certain order.
 2023-10-30 09:40:55 +01:00
Josh Soref
cd201aa24e Spelling src 
These are non-functional changes.

* accounting
* activation
* actual
* added
* addresult
* aggregable
* aligned
* alternatively
* ambiguous
* analysis
* analyzer
* anticlimactic
* apparently
* application
* appropriate
* arithmetic
* assignment
* assigns
* associated
* authentication
* authoritative
* barrier
* boundary
* broccoli
* buffering
* caching
* called
* canonicalized
* capturing
* certificates
* ciphersuite
* columns
* communication
* comparison
* comparisons
* compilation
* component
* concatenating
* concatenation
* connection
* convenience
* correctly
* corresponding
* could
* counting
* data
* declared
* decryption
* defining
* dependent
* deprecated
* detached
* dictionary
* directional
* directly
* directory
* discarding
* disconnecting
* distinguishes
* documentation
* elsewhere
* emitted
* empty
* endianness
* endpoint
* enumerator
* essentially
* evaluated
* everything
* exactly
* execute
* explicit
* expressions
* facilitates
* fiddling
* filesystem
* flag
* flagged
* for
* fragments
* guarantee
* guaranteed
* happen
* happening
* hemisphere
* identifier
* identifies
* identify
* implementation
* implemented
* implementing
* including
* inconsistency
* indeterminate
* indices
* individual
* information
* initial
* initialization
* initialize
* initialized
* initializes
* instantiate
* instantiated
* instantiates
* interface
* internal
* interpreted
* interpreter
* into
* it
* iterators
* length
* likely
* log
* longer
* mainly
* mark
* maximum
* message
* minimum
* module
* must
* name
* namespace
* necessary
* nonexistent
* not
* notifications
* notifier
* number
* objects
* occurred
* operations
* original
* otherwise
* output
* overridden
* override
* overriding
* overwriting
* ownership
* parameters
* particular
* payload
* persistent
* potential
* precision
* preexisting
* preservation
* preserved
* primarily
* probably
* procedure
* proceed
* process
* processed
* processes
* processing
* propagate
* propagated
* prototype
* provides
* publishing
* purposes
* queue
* reached
* reason
* reassem
* reassemble
* reassembler
* recommend
* record
* reduction
* reference
* regularly
* representation
* request
* reserved
* retrieve
* returning
* separate
* should
* shouldn't
* significant
* signing
* simplified
* simultaneously
* single
* somebody
* sources
* specific
* specification
* specified
* specifies
* specify
* statement
* subdirectories
* succeeded
* successful
* successfully
* supplied
* synchronization
* tag
* temporarily
* terminating
* that
* the
* transmitted
* true
* truncated
* try
* understand
* unescaped
* unforwarding
* unknown
* unknowndata
* unspecified
* update
* usually
* which
* wildcard

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-11-09 12:08:15 -05:00
Tim Wojtulewicz
f67f6e4507 Code cleanup in RE_Matcher code 
- Use std::string in Specific_RE_Matcher instead of char*
- Change a couple of ints-as-bools to bools
 2022-08-02 11:31:57 -07:00
Tim Wojtulewicz
4d4c6280e9 Miscellaneous deprecations and renaming 2022-07-12 12:01:23 -07:00
Robin Sommer
fccb9ccab0
Re-instantiate providing location information to LoadFile hooks. 
#1835 subtly changed the semantics of the `LoadFile` plugin hook to no
longer have the current script location available for signature files
being loaded through `@load-sigs`. This was undocumented behavior, so
it's technically not a regression, but since at least one external
plugin is depending on it, this change restores the old behavior.
 2022-04-14 10:43:21 +02:00
Robin Sommer
34eaf42b92 Add new hook HookLoadFileExtended that allows plugins to supply Zeek script code to parse. 
The new hooks works similar to the existing `HookLoadFile` but,
additionally, allows the plugin to return a string that contains the
code to be used for the file being loaded. If the plugin does so, the
content of any actual file on disk will be ignored (in fact, there
doesn't even need to be a file on disk in that case). This works for
both Zeek scripts and signatures.

There's a new test that covers the new functionality, testing loading
both scripts and signatures from memory. I also manually tested that the
debugger integration works, but I don't see much of a way to add a
regression test for that part.

We keep the existing hook as well for backwards compatibility. We could
decide to deprecate it, but not sure that buys us much, so left that
out.

Closes #1757.
 2021-11-05 13:01:19 +01:00
Robin Sommer
1efaf8d7a4 Move logic to execute HookLoadFile for signatures into rule matcher code. 
This (1) fixes an issue where signature files supplied on the command
line wouldn't pass through the hooks, and (2) prepares for allowing
hooks to supply the content of a signature file directly.
 2021-11-05 12:58:38 +01:00
Tim Wojtulewicz
9af6b2f48d clang-format: Set penalty for breaking after assignment operator 2021-09-27 10:49:48 -07:00
Tim Wojtulewicz
4423574d26 clang-format: Set IndentCaseBlocks to false 2021-09-27 10:49:48 -07:00
Tim Wojtulewicz
9cb54f5d44 clang-format: Force zeek-config.h to be earlier in the config ordering 2021-09-25 11:52:55 -07:00
Tim Wojtulewicz
b2f171ec69 Reformat the world 2021-09-16 15:35:39 -07:00
Vern Paxson
62bab66114 migration to using new differentiated methods for setting record fields 2021-02-25 16:59:26 -08:00
Jon Siwek
8a8a983c49 Add missing zeek/ to header includes 
Related to https://github.com/zeek/zeek/pull/1377
 2021-01-29 19:16:29 -08:00
Tim Wojtulewicz
96d9115360 GH-1079: Use full paths starting with zeek/ when including files 2020-11-12 12:15:26 -07:00
Tim Wojtulewicz
fe0c22c789 Base: Clean up explicit uses of namespaces in places where they're not necessary. 
This commit covers all of the common and base classes.
 2020-08-24 12:07:00 -07:00
Tim Wojtulewicz
0ac3fafe13 Move zeek::net namespace to zeek::run_state namespace. 
This also moves all of the code from Net.{h,cc} to RunState.{h,cc} and marks Net.h as deprecated
 2020-08-20 16:11:47 -07:00
Tim Wojtulewicz
8d2d867a65 Move everything in util.h to zeek::util namespace. 
This commit includes renaming a number of methods prefixed with bro_ to be prefixed with zeek_.
 2020-08-20 16:00:33 -07:00
Tim Wojtulewicz
e7c6d51ae7 Move the functions and variables in Net.h to the zeek::net namespace. This includes moving network_time out of util.h. 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
914ffcadae Move arp, tcp, udp, pia, and stepping stone analyzers 2020-08-20 15:55:17 -07:00
Tim Wojtulewicz
886fc102b8 Move DebugLogger to zeek namespaces 2020-07-31 16:23:34 -04:00
Tim Wojtulewicz
910aa77d95 Move BroFile to zeek namespace, rename to File 2020-07-31 16:22:56 -04:00
Tim Wojtulewicz
bfab224d7c Move Reporter to zeek namespace 2020-07-31 16:22:41 -04:00
Tim Wojtulewicz
382812298d Move all of the rule matching code to zeek::detail 2020-07-31 16:22:04 -04:00
Tim Wojtulewicz
25c0fc7ab2 Move IP Addr/Prefix/Header classes into namespaces 2020-07-31 16:22:04 -04:00
Tim Wojtulewicz
9400b863ea Move all base analyzer classes to zeek::analyzer namespace 2020-07-31 16:21:46 -04:00
Tim Wojtulewicz
45d2c96643 Rename BroString files to ZeekString 2020-07-02 17:24:22 -07:00
Tim Wojtulewicz
736a3f53d4 Rename BroString to zeek::String 2020-07-02 16:15:01 -07:00
Tim Wojtulewicz
86fdf0eaa9 Mark global val_mgr as deprecated and fix uses of it to use namespaced version 2020-07-02 16:15:00 -07:00
Tim Wojtulewicz
58c6e10b62 Move BroString to zeek namespace 2020-06-30 21:12:26 -07:00
Tim Wojtulewicz
937a462e70 Move Frame and Scope to zeek::detail namespace 2020-06-30 20:51:53 -07:00
Tim Wojtulewicz
64332ca22c Move all Val classes to the zeek namespaces 2020-06-30 20:48:09 -07:00
Tim Wojtulewicz
9364e6a5b7 Move IntrusivePtr and utility methods to the zeek namespace 2020-06-30 20:19:12 -07:00
Tim Wojtulewicz
ed13972924 Move Type types to zeek namespace 2020-06-09 17:20:45 -07:00
Tim Wojtulewicz
c558d771e4 Remove IPAddr.h from Reporter.h 2020-06-01 15:00:39 -07:00
Jon Siwek
4debad8caf Switch zeek:🆔:lookup to zeek:🆔:find 
For parity with Scope since it now uses Find instead of Lookup
 2020-05-14 18:00:18 -07:00
Jon Siwek
a5762c12cc Move various elements into ID.h and zeek::id namespace 
* A handful of generic/useful/common global type pointers that used
  to be in NetVar.h

* Lookup functions that used to be Var.h
 2020-05-14 17:24:20 -07:00
Jon Siwek
9210d443d3 Trim the list of "global type pointers" from NetVar.h further 
Most of them are deprecated now, with usage sites now doing the lookup
themselves.
 2020-05-14 17:23:20 -07:00