mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 06:38:20 +00:00
59 lines
1.3 KiB
Text
59 lines
1.3 KiB
Text
#
|
|
# @TEST-EXEC: zeek -b %INPUT
|
|
# @TEST-EXEC: btest-diff ssh.log
|
|
#
|
|
# Testing all possible types.
|
|
|
|
redef LogAscii::use_json = T;
|
|
|
|
|
|
module SSH;
|
|
|
|
export {
|
|
redef enum Log::ID += { LOG };
|
|
|
|
type Log: record {
|
|
s: string;
|
|
} &log;
|
|
}
|
|
|
|
event zeek_init()
|
|
{
|
|
Log::create_stream(SSH::LOG, [$columns=Log]);
|
|
|
|
# Strings taken from https://stackoverflow.com/a/3886015
|
|
|
|
# Valid ASCII and valid ASCII control characters
|
|
Log::write(SSH::LOG, [$s="a"]);
|
|
Log::write(SSH::LOG, [$s="\b\f\n\r\t\x00\x15"]);
|
|
|
|
# Valid 2 Octet Sequence
|
|
Log::write(SSH::LOG, [$s="\xc3\xb1"]);
|
|
|
|
# Invalid 2 Octet Sequence
|
|
Log::write(SSH::LOG, [$s="\xc3\x28"]);
|
|
|
|
# Invalid Sequence Identifier
|
|
Log::write(SSH::LOG, [$s="\xa0\xa1"]);
|
|
|
|
# Valid 3 Octet Sequence
|
|
Log::write(SSH::LOG, [$s="\xe2\x82\xa1"]);
|
|
|
|
# Invalid 3 Octet Sequence (in 2nd Octet)
|
|
Log::write(SSH::LOG, [$s="\xe2\x28\xa1"]);
|
|
|
|
# Invalid 3 Octet Sequence (in 3rd Octet)
|
|
Log::write(SSH::LOG, [$s="\xe2\x82\x28"]);
|
|
|
|
# Valid 4 Octet Sequence
|
|
Log::write(SSH::LOG, [$s="\xf0\x90\x8c\xbc"]);
|
|
|
|
# Invalid 4 Octet Sequence (in 2nd Octet)
|
|
Log::write(SSH::LOG, [$s="\xf0\x28\x8c\xbc"]);
|
|
|
|
# Invalid 4 Octet Sequence (in 3rd Octet)
|
|
Log::write(SSH::LOG, [$s="\xf0\x90\x28\xbc"]);
|
|
|
|
# Invalid 4 Octet Sequence (in 4th Octet)
|
|
Log::write(SSH::LOG, [$s="\xf0\x28\x8c\x28"]);
|
|
}
|