Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-10 10:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
12680 commits 390 branches 195 tags 268 MiB
Commit graph

6667 commits

Author SHA1 Message Date
Seth Hall
842dfd8b4a Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/seth/files-reassembly-and-mime-updates 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-05 11:40:26 -05:00
Vlad Grigorescu
98c33139c5 Merge remote-tracking branch 'origin/master' into topic/vladg/smb 
Conflicts:
	testing/btest/Baseline/scripts.base.frameworks.file-analysis.http.multipart/out
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-11-04 13:17:18 -05:00
Vlad Grigorescu
0bd45d54c8 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 2014-11-04 13:12:12 -05:00
Vlad Grigorescu
e86fc160db Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-10-31 21:32:19 -04:00
Robin Sommer
5ef6dd0e3c Adding call to new binpac::init() function. 2014-10-31 17:44:58 -07:00
Robin Sommer
78de5c17ef Merge remote-tracking branch 'origin/topic/jsiwek/bit-1176' 
* origin/topic/jsiwek/bit-1176:
  Fix segfault if when statement's RHS is unitialized.

BIT-1176 #merged
 2014-10-31 16:30:49 -07:00
Robin Sommer
2e7b732c4b Merge remote-tracking branch 'origin/topic/jsiwek/bit-1280' 
* origin/topic/jsiwek/bit-1280:
  BIT-1280: Fix checking vector indices via "in".

BIT-1280 #merged.
 2014-10-31 16:28:08 -07:00
Vlad Grigorescu
743d388be8 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 2014-10-31 16:46:07 -04:00
Jon Siwek
3b4e5eda55 BIT-1283: Fix crash when using &encrypt. 2014-10-31 12:13:27 -05:00
Vlad Grigorescu
e2ad93c543 A bit of MySQL cleanup - removed unused events, consolidated similar events, fixed up main.bro a bit 2014-10-31 12:08:13 -04:00
Jon Siwek
2a181a88c5 Allow arbitrary when statement timeout expressions 
BIT-1284 #close
 2014-10-31 10:38:23 -05:00
Jon Siwek
dec96234e3 Fix some minor Coverity Scan complaints. 2014-10-30 13:26:34 -05:00
Jon Siwek
1f7facda5b Fix segfault if when statement's RHS is unitialized. 
If it is ever assigned a value, the body of the when can be triggered as
usual.

Addresses BIT-1176.
 2014-10-30 12:19:25 -05:00
Jon Siwek
432744fde4 Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  Fix checking of fwrite return values

Some didn't look quite right so fixed while merging: the return value of
fwrite is in terms of number of objects written, not number of bytes
written and some calls still mixed those up.
 2014-10-28 15:10:32 -05:00
Jon Siwek
e5f75cde93 BIT-1280: Fix checking vector indices via "in". 
$ cat test.bro
local vec: vector of string = { "zero" };
vec[2] = "two";
print 0 in vec, 1 in vec, 2 in vec;

$ bro -b test.bro
T, F, T
 2014-10-28 14:21:16 -05:00
Johanna Amann
ed73c83b61 Fix checking of fwrite return values 2014-10-28 07:20:26 -07:00
Vlad Grigorescu
bcdeef6012 Move Kerberos analyzer to the new plugin architecture. 2014-10-27 14:03:40 -04:00
Vlad Grigorescu
e6d6ba6ec6 Merge remote-tracking branch 'origin/master' into topic/vladg/kerberos 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:56:07 -04:00
Vlad Grigorescu
45d5080870 Move MySQL analyzer to the new plugin architecture. 2014-10-27 13:55:10 -04:00
Jon Siwek
e60ceea87c Fix errors/warnings when compiling with -std=c++11 
These are compatibility changes only.
 2014-10-27 12:54:17 -05:00
Vlad Grigorescu
b259a41ef2 Merge remote-tracking branch 'origin/master' into topic/vladg/mysql 
Conflicts:
	testing/btest/Baseline/coverage.bare-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/coverage.default-load-baseline/canonified_loaded_scripts.log
	testing/btest/Baseline/scripts.policy.misc.dump-events/all-events.log
 2014-10-27 13:24:31 -04:00
Robin Sommer
3e508d316a Plugins: Change order in which plugins' scripts are loaded at startup. 
We now load the top-level  __init__.bro before the internal bif.bro so
that the former can define types used by the latter.
 2014-10-23 14:22:26 -07:00
Robin Sommer
e3cd7b1615 Merge remote-tracking branch 'origin/topic/seth/dnp3-wrong-sizeof-argument' 
* origin/topic/seth/dnp3-wrong-sizeof-argument:
  Fix some Coverity warnings about the DNP3 analyzer.

The for loop seemed wrong, fixed. (Looks like we don't have a test
making sure the times there are (still) correct ...)

BIT-1278 #merged
 2014-10-21 13:37:48 -07:00
Seth Hall
ab62a375ac Fix some Coverity warnings about the DNP3 analyzer. 2014-10-20 10:10:21 -04:00
Robin Sommer
53eb197b94 Merge remote-tracking branch 'origin/topic/jsiwek/bit-1235' 
* origin/topic/jsiwek/bit-1235:
  Improve multipart HTTP/MIME entity file analysis.

BIT-1235 #merged
 2014-10-16 06:59:50 -07:00
Jon Siwek
ccc88beeee Add error message for bad enum declaration syntax. 
BIT-1273 #close
 2014-10-15 10:23:19 -05:00
Jon Siwek
02c86b2304 Merge branch 'master' into topic/jsiwek/bit-1235 2014-10-14 14:45:58 -05:00
Vlad Grigorescu
9a73033b19 Redo DCE/RPC code. 2014-10-09 21:06:38 -04:00
Vlad Grigorescu
c4eb7e2377 Add support for TRANSACTION subcommands. 2014-10-08 18:01:55 -04:00
Vlad Grigorescu
466a1e55e8 Fix SMB string handling. 2014-10-08 17:23:32 -04:00
Vlad Grigorescu
f38a580c8c Add support for transaction2 Find_First2. 2014-10-08 16:29:51 -04:00
Vlad Grigorescu
261f6e8c45 Fix a segfault, and add script-level support for some more commands. 2014-10-08 12:06:33 -04:00
Vlad Grigorescu
e9c398a41c Merge remote-tracking branch 'origin/topic/seth/files-tracking' into topic/vladg/smb 2014-10-08 10:54:56 -04:00
Gilbert Clark
17e1d2a809 Merge branch 'master' into topic/gilbert/plugin-api-tweak 
Conflicts:
	testing/btest/Baseline/plugins.hooks/output
 2014-10-07 21:57:13 -04:00
Robin Sommer
38beb6632e Switching the prefix separator for packet source/dumper plugins once 
more, now to "::".

Addresses BIT-1267.
 2014-10-07 15:27:16 -07:00
Robin Sommer
56a2a1a1e5 Fix for allowing a packet source plugin to provide multiple prefixes 
with a colon.
 2014-10-07 15:26:30 -07:00
Vlad Grigorescu
0d615b0319 Add more SMB subcommands and arguments. Log SMB1 error messages too. 2014-10-07 17:32:01 -04:00
Vlad Grigorescu
a6de23aaa3 Refine transaction2 support, rewrite SMB scripts. 2014-10-07 16:31:02 -04:00
Vlad Grigorescu
06dffb592b Trivial: Clean up whitespace/make it more consistent. 2014-10-06 13:38:18 -04:00
Vlad Grigorescu
ad0ce3481d A couple more small fixes for NTLM. 2014-10-06 12:37:59 -04:00
Vlad Grigorescu
9a947eaffe Redo the NTLM parsing to correctly parse ASN.1. Previously, this was causing it to prematurely raise a protocol violation on many (most?) connections. 2014-10-03 19:19:07 -04:00
Jon Siwek
b3ff415120 Fix uninitialized router_list argument in dhcp_offer/dhcp_ack. 
BIT-1268 #close
 2014-10-03 09:43:44 -05:00
Gilbert Clark
619062fb55 Fixing logic errors in HandlePluginResult 2014-10-02 20:25:47 -04:00
Gilbert Clark
70c7258dfa Updating tests and tweaking HookArgument to include Frame support. 
* Add frame support to HookArgument, since it's a new argument to HookCallFunction
* Fix test in api-version-mismatch to remove absolute paths from output
* Update test plugin to use new HookCallFunction interface
 2014-10-02 19:23:59 -04:00
Jon Siwek
31b7e984d1 Fix packet sources being treated as idle when a packet is available. 
Addresses BIT-1266.
 2014-10-02 12:16:33 -05:00
Jon Siwek
9cd85be308 Fix regression causing the main loop to spin more frequently. 
Addresses BIT-1266.
 2014-10-02 11:33:37 -05:00
Gilbert Clark
0104d7147d Merging master into branch. 
Merge branch 'master' into topic/gilbert/plugin-api-tweak
 2014-10-01 21:19:02 -04:00
Robin Sommer
d9889d489f Fix to use length parameter in DNP3 time conversion correctly now. 2014-09-29 20:07:32 -07:00
Robin Sommer
64102e6f4f Merge remote-tracking branch 'origin/fastpath' 
* origin/fastpath:
  new ssl extension type from iana and a few other ssl const changes.
  adding a function in dnp3-analyzer.pac to translate the time stamp format
  Make unexpected pipe errors fatal as precaution.

I added a lenght parameter to the DNP3 time conversion function to not
accidentally run into trouble later if there were ever any other
buffers passed in.
 2014-09-29 17:07:51 -07:00
Jon Siwek
c7354c6fa0 Fix possible seg fault in TCP reassembler. 2014-09-29 10:43:05 -05:00