Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 06:38:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
zeek/testing
History
Johanna Amann 6023c8b906 SSH: make banner parsing more robust 
This change revamps SSH banner parsing.  The previous behavior was both
a bit too strict in some regards, and too permissive in other.

Specifically, clients are now required to send a line starting with
"SSH-" as the first line.  This is in line with the RFC, as well with
observed behavior. This also prevents the creation of `ssh.log` for
non-SSH traffic on port 22.

For the server side, we now accept text before the SSH banner. This
previously led to a protocol violation but is allowed by the spec.

New tests are added to cover these cases.
2025-03-18 16:19:33 +00:00
..
benchmark/broker
btest SSH: make banner parsing more robust 2025-03-18 16:19:33 +00:00
builtin-plugins Reformat Zeek in Spicy style 2023-10-30 09:40:55 +01:00
coverage Swap pre-commit yapf for ruff/ruff-format, fix findings 2024-12-11 11:08:37 -07:00
external SSH: make banner parsing more robust 2025-03-18 16:19:33 +00:00
scripts btest/dns_mgr: Update run-dnsmasq, use --host-record 2025-03-05 12:39:15 +01:00
.gitignore
CMakeLists.txt Integrate the Spicy plugin into Zeek proper. 2023-05-16 10:17:45 +02:00
Makefile
README

README 

This directory contains suites for testing for Zeek's correct
operation:

    btest/
        An ever-growing set of small unit tests testing Zeek's
        functionality.

    external/
        A framework for downloading additional test sets that run more
        complex Zeek configuration on larger traces files. Due to their
        size, these are not included directly. See the README for more
        information. 

    scripts/
        Helpers scripts used by some tests.