Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-09 18:18:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
6022 commits 387 branches 195 tags 267 MiB
Commit graph

6022 commits

This branch
This branch
All branches
Author SHA1 Message Date
Seth Hall
379593c7fd Merge branch 'patch-1' of https://github.com/mpurzynski/bro 
- Adds version detection for Windows 10.
 2014-12-02 08:14:29 -05:00
Daniel Thayer
cc7286b628 Fix some "make doc" warnings and update some doc tests 2014-12-01 22:43:17 -06:00
Daniel Thayer
e4c9c58b9e Add man page for Bro 2014-12-01 20:58:37 -06:00
Jon Siwek
fe9e7d015e Update submodules/changes/version. 2014-12-01 12:17:34 -06:00
Jon Siwek
20ddf1e62f Merge branch 'master' of https://github.com/hillu/bro 
* 'master' of https://github.com/hillu/bro:
  BIFScanner: Make filename->symbol transformation more robust
 2014-12-01 12:08:07 -06:00
Jon Siwek
0a6b102e25 Merge remote-tracking branch 'origin/topic/johanna/ticket-1294' 
* origin/topic/johanna/ticket-1294:
  Do not change global event parameters in exec.bro

BIT-1294 #close
 2014-12-01 11:01:19 -06:00
Raúl Benencia
127a61597e Add/invoke "distclean" for testing directories. 
BIT-1292 #close
 2014-12-01 10:43:41 -06:00
Jon Siwek
b0383c22d6 Delete prebuilt python bytecode files from git. 
BIT-1291 #close
 2014-12-01 10:21:41 -06:00
Michal Purzynski
ebb2240e97 Update windows-version-detection.bro 2014-11-27 19:41:20 +01:00
Johanna Amann
5836feb64d Do not change global event parameters in exec.bro 
Addresses BIT-1294
 2014-11-27 10:00:48 -08:00
Hilko Bengen
fc71572aad BIFScanner: Make filename->symbol transformation more robust 
When trying to build bro from a path that contained a plus sign, an
invalid symbol name for the #ifdef guard was generated.
 2014-11-26 20:55:22 +01:00
Seth Hall
d17aedcc44 Merge remote-tracking branch 'origin/topic/vladg/cryptoapi' 
* origin/topic/vladg/cryptoapi:
  Add Windows detection based on CryptoAPI HTTP traffic as a software framework policy script.
 2014-11-26 12:20:05 -05:00
Robin Sommer
071834b948 Merge remote-tracking branch 'origin/topic/johanna/ssl-fail-earlier' 
BIT-1293 #merged

* origin/topic/johanna/ssl-fail-earlier:
  and just to be safe - also require the &if check in binpac
  make the SSL analyzer skip further processing once encountering situations which are very probably non-recoverable.
 2014-11-25 17:35:49 -08:00
Johanna Amann
d87476b403 and just to be safe - also require the &if check in binpac 2014-11-25 15:01:12 -08:00
Johanna Amann
529668670a make the SSL analyzer skip further processing once encountering 
situations which are very probably non-recoverable.

Current behavior could lead to us jumping in in the middle of an old
443 stream and interpreting some data as ssl before failing again.
 2014-11-25 14:57:10 -08:00
Robin Sommer
977446e7ee Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  make sslv2 protocol tests more strict - in its current state they triggered on http traffic over port 443 sometimes.
  Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs.
 2014-11-25 14:28:10 -08:00
Johanna Amann
1e2ba6ebfb make sslv2 protocol tests more strict - in its current state they triggered 
on http traffic over port 443 sometimes.

Sorry, no test because that specific traffic is a tad hard to get.

Found by Michał Purzyński.
 2014-11-25 13:11:06 -08:00
Johanna Amann
cd21b7f130 Fix x509 analyzer to correctly return ecdsa as the key_type for ecdsa certs. 
Returned dsa so far.

Bug found by Michał Purzyński
 2014-11-25 11:18:07 -08:00
Gilbert Clark
cda7c93704 More small fixes 2014-11-24 16:35:26 -05:00
Gilbert Clark
616ed22572 Small fixes 2014-11-24 16:30:12 -05:00
Gilbert Clark
7eadcad674 Merge branch 'master' into topic/gilbert/plugin-api-tweak 
Conflicts:
	testing/btest/Baseline/plugins.api-version-mismatch/output
	testing/btest/Baseline/plugins.hooks/output
	testing/btest/plugins/api-version-mismatch.sh
 2014-11-24 16:21:23 -05:00
Gilbert Clark
6055b56f5c Incremental 2014-11-24 14:28:17 -05:00
Jon Siwek
5436faed69 Disable verbose bison output. 
These logs aren't generally useful to build everytime, just when working
on and debugging one of the various grammars and at least I haven't
needed to look at them in years.  Also, Ninja builds don't seem to work
because of them (can probably improve the related CMake macros so the
verbose logs do play nice with Ninja, but doesn't seem worth effort
right now, see previous comment).
 2014-11-19 10:57:58 -06:00
Robin Sommer
9d3cfaddaa Merge branch 'master' of https://github.com/anthonykasza/bro 
- I've changed/extended the URI record fields a bit:
        - path is always the full path including the full file name
        - if there's no path, the field still still be set set "/".
        - file_name is the full name including extenstion, and
          file_base and file_ext split it out.

    - Adding a test exercising a bunch of URLs.
 2014-11-18 12:21:06 -08:00
Robin Sommer
bf35ed699c Merge remote-tracking branch 'origin/topic/jsiwek/bit-1288' 
* origin/topic/jsiwek/bit-1288:
  BIT-1288: Improve coercion of &default expressions.

BIT-1288 #merged
 2014-11-18 11:09:33 -08:00
Robin Sommer
3868cbd88e Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  for dh key exchanges, use p as the parameter for weak key exchanges. Y can be a few bytes smaller due to the modulo operation - this is ok.
 2014-11-18 10:53:38 -08:00
Jon Siwek
f214158cc5 BIT-1288: Improve coercion of &default expressions. 2014-11-18 12:40:16 -06:00
Johanna Amann
f99bc98800 for dh key exchanges, use p as the parameter for weak key exchanges. 
Y can be a few bytes smaller due to the modulo operation - this is ok.
 2014-11-17 09:51:47 -08:00
Robin Sommer
08d843c258 Updating submodule(s). 
[nomail]
 2014-11-11 13:47:37 -08:00
Robin Sommer
7b58293dbb Updating submodule(s). 
[nomail]
 2014-11-11 13:23:02 -08:00
Robin Sommer
ee14b96a15 Merge remote-tracking branch 'origin/topic/struck/BIT-1287' 
* origin/topic/struck/BIT-1287:
  [ADD] builtin function enum_to_int()

BIT-1287 #merged
 2014-11-11 13:20:40 -08:00
Robin Sommer
557218895e Removing method from SSL analyzer that's no longer used. 2014-11-11 11:51:04 -08:00
Robin Sommer
e8e81043a1 Merge remote-tracking branch 'origin/topic/vladg/mysql' 
* origin/topic/vladg/mysql:
  Update baselines.
  Fix a logic bug with handling quits after the cleanup.
  Integrate MySQL with the software framework
  A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit
  Move MySQL analyzer to the new plugin architecture.
  Add a btest for the Wireshark sample MySQL PCAP
  Add support for more commands, and support quit
  Redo the response handling..
  Whitespace/readability fixes.
  Add memleak and auth btests.
  Update baselines.
  Get MySQL to compile and add basic v9 support.
  MySQL analyzer
 2014-11-11 11:49:26 -08:00
Christian Struck
b36d5fc81b [ADD] builtin function enum_to_int() 
[ADD] added tests for the new enum_to_int function
 2014-11-10 18:24:27 -08:00
akasza
ea79c07730 uri parsing complete 2014-11-06 19:52:03 -08:00
akasza
69ce4d3038 uri_decompose complete, need btests 2014-11-06 19:47:28 -08:00
akasza
3c42350e77 uri parsing function 2014-11-05 20:44:03 -08:00
Seth Hall
e879aa78f5 Merge remote-tracking branch 'origin/topic/seth/mime-updates' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	scripts/base/init-bare.bro
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events-no-args.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:42:34 -05:00
Seth Hall
842dfd8b4a Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:40:26 -05:00
Seth Hall
7ee34981aa Improve TAR file detection and other small changes. 
- Remove all of the x-c detections.  Nearly all false
    positives.

  - Remove the back up TAR detections.  Not very helpful.

  - Remove one of the x-elc detections that was too loose
    and caused many false positives.
 2014-11-05 11:31:48 -05:00
Seth Hall
efdfef7970 Merge remote-tracking branch 'origin/master' into topic/seth/mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 10:57:57 -05:00
Seth Hall
7a52b8eb56 Merge remote-tracking branch 'origin/topic/vladg/cryptoapi' 
* origin/topic/vladg/cryptoapi:
  Add Windows detection based on CryptoAPI HTTP traffic as a software framework policy script.
 2014-11-05 09:47:17 -05:00
Vlad Grigorescu
31baaf6499 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-11-04 13:18:56 -05:00
Vlad Grigorescu
7e0599039b Merge branch 'topic/vladg/cryptoapi' into topic/vladg/kerberos 2014-11-04 13:13:34 -05:00
Vlad Grigorescu
0bd45d54c8 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 2014-11-04 13:12:12 -05:00
Robin Sommer
9045288ad3 Merge remote-tracking branch 'origin/fastpath' 2014-11-03 18:55:42 -08:00
Vlad Grigorescu
d600d41a55 Add Windows detection based on CryptoAPI HTTP traffic as a software framework policy script. 2014-11-03 13:52:58 -05:00
Jon Siwek
25a58f501b Updating submodule(s). 
[nomail]
 2014-11-03 10:19:48 -06:00
Johanna Amann
705989da39 add new curves from draft-ietf-tls-negotiated-ff-dhe 2014-11-01 19:37:27 -07:00
Vlad Grigorescu
e86fc160db Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-10-31 21:32:19 -04:00